[Pkg-libvirt-commits] [SCM] libgtk-vnc Debian packaging branch, master, updated. debian/0.4.1-4
Guido Günther
agx at sigxcpu.org
Fri Sep 17 15:38:56 UTC 2010
The following commit has been merged in the master branch:
commit 6f211c33c2ce5d88170fa4032cd8da86c648d4d9
Author: Guido Günther <agx at sigxcpu.org>
Date: Fri Sep 17 13:10:51 2010 +0200
New patch 0003-Fix-auth-subtype-choosing-logic-in-vncdisplay.patch
Fix auth subtype choosing logic in vncdisplay
Closes: #596287
Thanks: Daniel P. Berrange
diff --git a/debian/patches/0003-Fix-auth-subtype-choosing-logic-in-vncdisplay.patch b/debian/patches/0003-Fix-auth-subtype-choosing-logic-in-vncdisplay.patch
new file mode 100644
index 0000000..0842248
--- /dev/null
+++ b/debian/patches/0003-Fix-auth-subtype-choosing-logic-in-vncdisplay.patch
@@ -0,0 +1,192 @@
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx at sigxcpu.org>
+Date: Fri, 17 Sep 2010 13:08:03 +0200
+Subject: [PATCH] Fix auth subtype choosing logic in vncdisplay
+
+Origin: upstream, http://git.gnome.org/browse/gtk-vnc/commit/?id=6800dd5d7f665a3587f5f6eb4b44efee361d142c
+Closes: #596287
+---
+ src/vncconnection.c | 5 ++-
+ src/vncdisplay.c | 82 +++++++++++++++++++++++++++++++++++++++-----------
+ 2 files changed, 68 insertions(+), 19 deletions(-)
+
+diff --git a/src/vncconnection.c b/src/vncconnection.c
+index a4a9835..def69d5 100644
+--- a/src/vncconnection.c
++++ b/src/vncconnection.c
+@@ -3675,7 +3675,7 @@ static gboolean vnc_connection_perform_auth_tls(VncConnection *conn)
+
+ if (priv->has_error)
+ return FALSE;
+- vnc_connection_choose_auth(conn, VNC_AUTH_CHOOSE_TYPE, nauth, auth);
++ vnc_connection_choose_auth(conn, VNC_AUTH_CHOOSE_SUBTYPE, nauth, auth);
+ if (priv->has_error)
+ return FALSE;
+
+@@ -4669,6 +4669,7 @@ static int vnc_connection_best_path(char **buf,
+ }
+ g_free(tmp);
+ }
++ VNC_DEBUG("Failed to find certificate %s/%s", basedir, basefile);
+ return -1;
+ }
+
+@@ -4690,6 +4691,8 @@ static gboolean vnc_connection_set_credential_x509(VncConnection *conn,
+ #else
+ char *dirs[] = { sysdir };
+ #endif
++ for (int i = 0 ; i < sizeof(dirs)/sizeof(dirs[0]) ; i++)
++ VNC_DEBUG("Searching for certs in %s", dirs[i]);
+
+ if (vnc_connection_best_path(&priv->cred_x509_cacert, "CA", "cacert.pem",
+ dirs, sizeof(dirs)/sizeof(dirs[0])) < 0)
+diff --git a/src/vncdisplay.c b/src/vncdisplay.c
+index 175456a..3c72a45 100644
+--- a/src/vncdisplay.c
++++ b/src/vncdisplay.c
+@@ -84,6 +84,7 @@ struct _VncDisplayPrivate
+ gboolean force_size;
+
+ GSList *preferable_auths;
++ GSList *preferable_vencrypt_subauths;
+ const guint8 const *keycode_map;
+
+ VncGrabSequence *vncgrabseq; /* the configured key sequence */
+@@ -1113,7 +1114,7 @@ static void on_auth_cred(VncConnection *conn G_GNUC_UNUSED,
+ g_signal_emit(G_OBJECT(obj), signals[VNC_AUTH_CREDENTIAL], 0, creds);
+ }
+
+-static void on_auth_choose_type(VncConnection *conn G_GNUC_UNUSED,
++static void on_auth_choose_type(VncConnection *conn,
+ GValueArray *types,
+ gpointer opaque)
+ {
+@@ -1122,8 +1123,11 @@ static void on_auth_choose_type(VncConnection *conn G_GNUC_UNUSED,
+ GSList *l;
+ guint i;
+
+- if (!types->n_values)
++ if (!types->n_values) {
++ VNC_DEBUG("No auth types available to choose from");
++ vnc_connection_shutdown(conn);
+ return;
++ }
+
+ for (l = priv->preferable_auths; l; l=l->next) {
+ int pref = GPOINTER_TO_UINT (l->data);
+@@ -1131,17 +1135,18 @@ static void on_auth_choose_type(VncConnection *conn G_GNUC_UNUSED,
+ for (i=0; i< types->n_values; i++) {
+ GValue *type = g_value_array_get_nth(types, i);
+ if (pref == g_value_get_enum(type)) {
+- vnc_connection_set_auth_type(priv->conn, pref);
++ vnc_connection_set_auth_type(conn, pref);
+ return;
+ }
+ }
+ }
+
+- GValue *type = g_value_array_get_nth(types, 0);
+- vnc_connection_set_auth_type(priv->conn, g_value_get_enum(type));
++ /* No sub-auth matching our supported auth so have to give up */
++ VNC_DEBUG("No preferred auth type found");
++ vnc_connection_shutdown(conn);
+ }
+
+-static void on_auth_choose_subtype(VncConnection *conn G_GNUC_UNUSED,
++static void on_auth_choose_subtype(VncConnection *conn,
+ unsigned int type,
+ GValueArray *subtypes,
+ gpointer opaque)
+@@ -1151,25 +1156,41 @@ static void on_auth_choose_subtype(VncConnection *conn G_GNUC_UNUSED,
+ GSList *l;
+ guint i;
+
+- if (!subtypes->n_values)
++ if (!subtypes->n_values) {
++ VNC_DEBUG("No subtypes available to choose from");
++ vnc_connection_shutdown(conn);
+ return;
++ }
+
+ if (type == VNC_CONNECTION_AUTH_TLS) {
+- for (l = priv->preferable_auths; l; l=l->next) {
+- int pref = GPOINTER_TO_UINT (l->data);
+-
+- for (i=0; i< subtypes->n_values; i++) {
+- GValue *subtype = g_value_array_get_nth(subtypes, i);
+- if (pref == g_value_get_enum(subtype)) {
+- vnc_connection_set_auth_type(priv->conn, pref);
+- return;
+- }
++ l = priv->preferable_auths;
++ } else if (type == VNC_CONNECTION_AUTH_VENCRYPT) {
++ l = priv->preferable_vencrypt_subauths;
++ } else {
++ VNC_DEBUG("Unexpected stackable auth type %d", type);
++ vnc_connection_shutdown(conn);
++ return;
++ }
++
++ for (; l; l=l->next) {
++ int pref = GPOINTER_TO_UINT (l->data);
++
++ /* Don't want to recursively do the same major auth */
++ if (pref == type)
++ continue;
++
++ for (i=0; i< subtypes->n_values; i++) {
++ GValue *subtype = g_value_array_get_nth(subtypes, i);
++ if (pref == g_value_get_enum(subtype)) {
++ vnc_connection_set_auth_subtype(conn, pref);
++ return;
+ }
+ }
+ }
+
+- GValue *subtype = g_value_array_get_nth(subtypes, 0);
+- vnc_connection_set_auth_subtype(priv->conn, g_value_get_enum(subtype));
++ /* No sub-auth matching our supported auth so have to give up */
++ VNC_DEBUG("No preferred auth subtype found");
++ vnc_connection_shutdown(conn);
+ }
+
+ static void on_auth_failure(VncConnection *conn G_GNUC_UNUSED,
+@@ -1523,6 +1544,7 @@ static void vnc_display_finalize (GObject *obj)
+ }
+
+ g_slist_free (priv->preferable_auths);
++ g_slist_free (priv->preferable_vencrypt_subauths);
+
+ vnc_display_keyval_free_entries();
+
+@@ -1906,6 +1928,30 @@ static void vnc_display_init(VncDisplay *display)
+ */
+ priv->preferable_auths = g_slist_append (priv->preferable_auths, GUINT_TO_POINTER (VNC_CONNECTION_AUTH_NONE));
+
++
++ /* Prefered order for VeNCrypt subtypes */
++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_X509SASL));
++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_X509PLAIN));
++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_X509VNC));
++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_X509NONE));
++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_TLSSASL));
++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_TLSPLAIN));
++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_TLSVNC));
++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_TLSNONE));
++ /*
++ * Refuse fully cleartext passwords
++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_PLAIN));
++ */
++
+ priv->conn = vnc_connection_new();
+
+ g_signal_connect(G_OBJECT(priv->conn), "vnc-cursor-changed",
+--
diff --git a/debian/patches/series b/debian/patches/series
index 0452e4a..b315146 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
0001-fix-build-with-xulrunner-1.9.1.patch
0002-Reset-xmit_buffer-fields-to-fix-reconnect.patch
+0003-Fix-auth-subtype-choosing-logic-in-vncdisplay.patch
--
libgtk-vnc Debian packaging
More information about the Pkg-libvirt-commits
mailing list