char *auth_path = "/";
char *auth_perm = "Sys.Console";
+uint16_t screen_width = 744;
+uint16_t screen_height = 400;
+
int use_x509 = 1;
static char *
}
#endif
-#define DH_BITS 1024
+#define DH_BITS 2048
static gnutls_dh_params_t dh_params;
typedef struct {
return NULL;
}
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+ gnutls_anon_set_server_known_dh_params(anon_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
gnutls_anon_set_server_dh_params(anon_cred, dh_params);
+#endif
return anon_cred;
}
gnutls_certificate_free_credentials(x509_cred);
return NULL;
}
-
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+ /* only available since GnuTLS 3.5.6, on previous versions see
+ * gnutls_certificate_set_dh_params(). */
+ gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
gnutls_certificate_set_dh_params (x509_cred, dh_params);
+#endif
return x509_cred;
}
return;
}
- /* optimize for speed */
- static const int cipher_priority_performance[] = {
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_3DES_CBC, 0
- };
-
- if ((ret = gnutls_cipher_set_priority(sd->session, cipher_priority_performance)) < 0) {
- rfbLog("gnutls_cipher_set_priority failed: %s\n", gnutls_strerror(ret));
- sd->session = NULL;
- rfbCloseClient(cl);
- return;
- }
-
- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
- if ((ret = gnutls_kx_set_priority(sd->session, use_x509 ? kx_x509 : kx_anon)) < 0) {
- rfbLog("gnutls_kx_set_priority failed: %s\n", gnutls_strerror(ret));
- sd->session = NULL;
- rfbCloseClient(cl);
- return;
- }
-
- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
- if ((ret = gnutls_certificate_type_set_priority(sd->session, cert_type_priority)) < 0) {
- rfbLog("gnutls_certificate_type_set_priority failed: %s\n",
- gnutls_strerror(ret));
- sd->session = NULL;
- rfbCloseClient(cl);
- return;
- }
-
- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
- if ((ret = gnutls_protocol_set_priority(sd->session, protocol_priority)) < 0) {
- rfbLog("gnutls_protocol_set_priority failed: %s\n",
- gnutls_strerror(ret));
+ static const char *priority_str_x509 = "NORMAL";
+ static const char *priority_str_anon = "NORMAL:+ANON-ECDH:+ANON-DH";
+ if ((ret = gnutls_priority_set_direct(sd->session, use_x509 ? priority_str_x509 : priority_str_anon, NULL)) < 0) {
+ rfbLog("gnutls_priority_set_direct failed: %s\n", gnutls_strerror(ret));
sd->session = NULL;
rfbCloseClient(cl);
return;
}
break;
} else if (ch == ';') {
+ vt->esc_has_par = 1;
vt->esc_count++;
break;
} else {
if (vt->esc_buf[0] == 0) {
vt->esc_buf[0] = 1;
}
- vt->cy -= vt->esc_buf[0];
- if (vt->cy < 0) {
- vt->cy = 0;
- }
+ vncterm_gotoxy (vt, vt->cx, vt->cy - vt->esc_buf[0]);
break;
case 'B':
case 'e':
if (vt->esc_buf[0] == 0) {
vt->esc_buf[0] = 1;
}
- vt->cy += vt->esc_buf[0];
- if (vt->cy >= vt->height) {
- vt->cy = vt->height - 1;
- }
+ vncterm_gotoxy (vt, vt->cx, vt->cy + vt->esc_buf[0]);
break;
case 'C':
case 'a':
if (vt->esc_buf[0] == 0) {
vt->esc_buf[0] = 1;
}
- vt->cx += vt->esc_buf[0];
- if (vt->cx >= vt->width) {
- vt->cx = vt->width - 1;
- }
+ vncterm_gotoxy (vt, vt->cx + vt->esc_buf[0], vt->cy);
break;
case 'D':
/* move cursor left */
if (vt->esc_buf[0] == 0) {
vt->esc_buf[0] = 1;
}
- vt->cx -= vt->esc_buf[0];
- if (vt->cx < 0) {
- vt->cx = 0;
- }
+ vncterm_gotoxy (vt, vt->cx - vt->esc_buf[0], vt->cy);
break;
case 'G':
case '`':
vt->utf_char = (vt->utf_char << 6) | (c & 0x3f);
vt->utf_count--;
if (vt->utf_count == 0) {
- tc = vt->utf_char;
+ if (vt->utf_char <= USHRT_MAX) {
+ tc = vt->utf_char;
+ } else {
+ tc = 0;
+ }
} else {
continue;
}
return RFB_CLIENT_ACCEPT;
}
+static char *vncticket = NULL;
+
vncTerm *
create_vncterm (int argc, char** argv, int maxx, int maxy)
{
rfbScreenInfoPtr screen = rfbGetScreen (&argc, argv, maxx, maxy, 8, 1, 1);
screen->frameBuffer=(char*)calloc(maxx*maxy, 1);
+ char **passwds = calloc(sizeof(char**), 2);
+
vncTerm *vt = (vncTerm *)calloc (sizeof(vncTerm), 1);
rfbColourMap *cmap =&screen->colourMap;
//screen->autoPort = 1;
- rfbRegisterSecurityHandler(&VncSecurityHandlerVencrypt);
+ if (vncticket) {
+ passwds[0] = vncticket;
+ passwds[1] = NULL;
+
+ screen->authPasswdData = (void *)passwds;
+ screen->passwordCheck = rfbCheckPasswordByList;
+ } else {
+ rfbRegisterSecurityHandler(&VncSecurityHandlerVencrypt);
+ }
rfbInitServer(screen);
struct timeval tv, tv1;
time_t elapsed, cur_time;
struct winsize dimensions;
+ unsigned long width = 0;
+ unsigned long height = 0;
if (gnutls_global_init () < 0) {
fprintf(stderr, "gnutls_global_init failed\n");
if (!strcmp (argv[i], "-timeout")) {
CHECK_ARGC (argc, argv, i);
idle_timeout = atoi(argv[i+1]);
- rfbPurgeArguments(&argc, &i, 2, argv);
- }
- if (!strcmp (argv[i], "-authpath")) {
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-authpath")) {
CHECK_ARGC (argc, argv, i);
auth_path = argv[i+1];
- rfbPurgeArguments(&argc, &i, 2, argv);
- }
- if (!strcmp (argv[i], "-perm")) {
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-perm")) {
CHECK_ARGC (argc, argv, i);
auth_perm = argv[i+1];
- rfbPurgeArguments(&argc, &i, 2, argv);
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-width")) {
+ CHECK_ARGC (argc, argv, i);
+ errno = 0;
+ width = strtoul(argv[i+1], NULL, 10);
+ if (errno == 0 && width >= 16 && width < 0xFFFF) {
+ screen_width = width;
+ }
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-height")) {
+ CHECK_ARGC (argc, argv, i);
+ errno = 0;
+ height = strtoul(argv[i+1], NULL, 10);
+ if (errno == 0 && height >= 32 && height < 0xFFFF) {
+ screen_height = height;
+ }
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-notls")) {
+ rfbPurgeArguments(&argc, &i, 1, argv); i--;
+ if ((vncticket = getenv("PVE_VNC_TICKET")) == NULL) {
+ fprintf(stderr, "missing env PVE_VNC_TICKET (-notls)\n");
+ exit(-1);
+ }
}
}
+ unsetenv("PVE_VNC_TICKET"); // do not expose this to child
+
#ifdef DEBUG
rfbLogEnable (1);
gnutls_global_set_log_level(10);
rfbLogEnable (0);
#endif
- vncTerm *vt = create_vncterm (argc, argv, 745, 400);
+ vncTerm *vt = create_vncterm (argc, argv, screen_width, screen_height);
setlocale(LC_ALL, ""); // set from environment
dimensions.ws_col = vt->width;
dimensions.ws_row = vt->height;
- setsid ();
-
setenv ("TERM", TERM, 1);
pid = forkpty (&master, ptyname, NULL, &dimensions);
projects / vncterm.git / blobdiff