Ubuntu
gtk-vnc package

Merge lp:~cyphermox/ubuntu/maverick/gtk-vnc/lp634571 into lp:ubuntu/maverick/gtk-vnc

  1. Maverick (10.10)
  2. lp634571
  3. Merge into maverick
Proposed by Mathieu Trudel-Lapierre
Status: Merged
Merged at revision: 34
Proposed branch: lp:~cyphermox/ubuntu/maverick/gtk-vnc/lp634571
Merge into: lp:ubuntu/maverick/gtk-vnc
Diff against target: 222 lines (+202/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/lp634571_auth_subtype_logic_fix.patch (+193/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~cyphermox/ubuntu/maverick/gtk-vnc/lp634571
Reviewer Review Type Date Requested Status
Martin Pitt Approve
Review via email: mp+37432@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Martin Pitt (pitti) wrote :

Thanks! I'll merge this.

Mathieu, please use the correct changelog syntax for closing bugs (LP: #xxxxx), I'll fix that in the merge.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2010-09-13 10:28:02 +0000
3+++ debian/changelog 2010-10-04 04:31:43 +0000
4@@ -1,3 +1,11 @@
5+gtk-vnc (0.4.1-3ubuntu2) UNRELEASED; urgency=low
6+
7+ * Cherry-pick git commit 6800dd5 to fix authentication issues (LP: 634571)
8+ - update debian/patches/series
9+ - add debian/patches/lp634571_auth_subtype_logic_fix.patch
10+
11+ -- Mathieu Trudel-Lapierre <mathieu-tl@ubuntu.com> Mon, 04 Oct 2010 00:09:33 -0400
12+
13 gtk-vnc (0.4.1-3ubuntu1) maverick; urgency=low
14
15 * Merge with Debian unstable, remaining Ubuntu changes:
16
17=== added file 'debian/patches/lp634571_auth_subtype_logic_fix.patch'
18--- debian/patches/lp634571_auth_subtype_logic_fix.patch 1970-01-01 00:00:00 +0000
19+++ debian/patches/lp634571_auth_subtype_logic_fix.patch 2010-10-04 04:31:43 +0000
20@@ -0,0 +1,193 @@
21+From 6800dd5d7f665a3587f5f6eb4b44efee361d142c Mon Sep 17 00:00:00 2001
22+From: Daniel P. Berrange <berrange@redhat.com>
23+Date: Fri, 17 Sep 2010 10:41:29 +0000
24+Subject: Fix auth subtype choosing logic in vncdisplay
25+
26+The method for choosing auth subtypes was rather flawed. Rewrite
27+it to work correctly. Introduce an explicit list of vencrypt
28+subtypes, since these are distinct from main subtypes. Improve
29+debug logging in auth choice code.
30+
31+* src/vncdisplay.c: Fix auth type choice
32+* src/vncconnection.c: Improve auth debugging & invoke correct
33+ signal for auth subtype choice
34+---
35+Index: gtk-vnc-0.4.1/src/vncconnection.c
36+===================================================================
37+--- gtk-vnc-0.4.1.orig/src/vncconnection.c 2010-10-04 00:11:36.487734999 -0400
38++++ gtk-vnc-0.4.1/src/vncconnection.c 2010-10-04 00:11:36.517734999 -0400
39+@@ -3675,7 +3675,7 @@
40+
41+ if (priv->has_error)
42+ return FALSE;
43+- vnc_connection_choose_auth(conn, VNC_AUTH_CHOOSE_TYPE, nauth, auth);
44++ vnc_connection_choose_auth(conn, VNC_AUTH_CHOOSE_SUBTYPE, nauth, auth);
45+ if (priv->has_error)
46+ return FALSE;
47+
48+@@ -4669,6 +4669,7 @@
49+ }
50+ g_free(tmp);
51+ }
52++ VNC_DEBUG("Failed to find certificate %s/%s", basedir, basefile);
53+ return -1;
54+ }
55+
56+@@ -4690,6 +4691,8 @@
57+ #else
58+ char *dirs[] = { sysdir };
59+ #endif
60++ for (int i = 0 ; i < sizeof(dirs)/sizeof(dirs[0]) ; i++)
61++ VNC_DEBUG("Searching for certs in %s", dirs[i]);
62+
63+ if (vnc_connection_best_path(&priv->cred_x509_cacert, "CA", "cacert.pem",
64+ dirs, sizeof(dirs)/sizeof(dirs[0])) < 0)
65+Index: gtk-vnc-0.4.1/src/vncdisplay.c
66+===================================================================
67+--- gtk-vnc-0.4.1.orig/src/vncdisplay.c 2010-10-04 00:11:25.857735000 -0400
68++++ gtk-vnc-0.4.1/src/vncdisplay.c 2010-10-04 00:11:36.517734999 -0400
69+@@ -84,6 +84,7 @@
70+ gboolean force_size;
71+
72+ GSList *preferable_auths;
73++ GSList *preferable_vencrypt_subauths;
74+ const guint8 const *keycode_map;
75+
76+ VncGrabSequence *vncgrabseq; /* the configured key sequence */
77+@@ -1113,7 +1114,7 @@
78+ g_signal_emit(G_OBJECT(obj), signals[VNC_AUTH_CREDENTIAL], 0, creds);
79+ }
80+
81+-static void on_auth_choose_type(VncConnection *conn G_GNUC_UNUSED,
82++static void on_auth_choose_type(VncConnection *conn,
83+ GValueArray *types,
84+ gpointer opaque)
85+ {
86+@@ -1122,8 +1123,11 @@
87+ GSList *l;
88+ guint i;
89+
90+- if (!types->n_values)
91++ if (!types->n_values) {
92++ VNC_DEBUG("No auth types available to choose from");
93++ vnc_connection_shutdown(conn);
94+ return;
95++ }
96+
97+ for (l = priv->preferable_auths; l; l=l->next) {
98+ int pref = GPOINTER_TO_UINT (l->data);
99+@@ -1131,17 +1135,18 @@
100+ for (i=0; i< types->n_values; i++) {
101+ GValue *type = g_value_array_get_nth(types, i);
102+ if (pref == g_value_get_enum(type)) {
103+- vnc_connection_set_auth_type(priv->conn, pref);
104++ vnc_connection_set_auth_type(conn, pref);
105+ return;
106+ }
107+ }
108+ }
109+
110+- GValue *type = g_value_array_get_nth(types, 0);
111+- vnc_connection_set_auth_type(priv->conn, g_value_get_enum(type));
112++ /* No sub-auth matching our supported auth so have to give up */
113++ VNC_DEBUG("No preferred auth type found");
114++ vnc_connection_shutdown(conn);
115+ }
116+
117+-static void on_auth_choose_subtype(VncConnection *conn G_GNUC_UNUSED,
118++static void on_auth_choose_subtype(VncConnection *conn,
119+ unsigned int type,
120+ GValueArray *subtypes,
121+ gpointer opaque)
122+@@ -1151,25 +1156,41 @@
123+ GSList *l;
124+ guint i;
125+
126+- if (!subtypes->n_values)
127++ if (!subtypes->n_values) {
128++ VNC_DEBUG("No subtypes available to choose from");
129++ vnc_connection_shutdown(conn);
130+ return;
131++ }
132+
133+ if (type == VNC_CONNECTION_AUTH_TLS) {
134+- for (l = priv->preferable_auths; l; l=l->next) {
135+- int pref = GPOINTER_TO_UINT (l->data);
136++ l = priv->preferable_auths;
137++ } else if (type == VNC_CONNECTION_AUTH_VENCRYPT) {
138++ l = priv->preferable_vencrypt_subauths;
139++ } else {
140++ VNC_DEBUG("Unexpected stackable auth type %d", type);
141++ vnc_connection_shutdown(conn);
142++ return;
143++ }
144+
145+- for (i=0; i< subtypes->n_values; i++) {
146+- GValue *subtype = g_value_array_get_nth(subtypes, i);
147+- if (pref == g_value_get_enum(subtype)) {
148+- vnc_connection_set_auth_type(priv->conn, pref);
149+- return;
150+- }
151++ for (; l; l=l->next) {
152++ int pref = GPOINTER_TO_UINT (l->data);
153++
154++ /* Don't want to recursively do the same major auth */
155++ if (pref == type)
156++ continue;
157++
158++ for (i=0; i< subtypes->n_values; i++) {
159++ GValue *subtype = g_value_array_get_nth(subtypes, i);
160++ if (pref == g_value_get_enum(subtype)) {
161++ vnc_connection_set_auth_subtype(conn, pref);
162++ return;
163+ }
164+ }
165+ }
166+
167+- GValue *subtype = g_value_array_get_nth(subtypes, 0);
168+- vnc_connection_set_auth_subtype(priv->conn, g_value_get_enum(subtype));
169++ /* No sub-auth matching our supported auth so have to give up */
170++ VNC_DEBUG("No preferred auth subtype found");
171++ vnc_connection_shutdown(conn);
172+ }
173+
174+ static void on_auth_failure(VncConnection *conn G_GNUC_UNUSED,
175+@@ -1523,6 +1544,7 @@
176+ }
177+
178+ g_slist_free (priv->preferable_auths);
179++ g_slist_free (priv->preferable_vencrypt_subauths);
180+
181+ vnc_display_keyval_free_entries();
182+
183+@@ -1906,6 +1928,30 @@
184+ */
185+ priv->preferable_auths = g_slist_append (priv->preferable_auths, GUINT_TO_POINTER (VNC_CONNECTION_AUTH_NONE));
186+
187++
188++ /* Prefered order for VeNCrypt subtypes */
189++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
190++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_X509SASL));
191++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
192++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_X509PLAIN));
193++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
194++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_X509VNC));
195++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
196++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_X509NONE));
197++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
198++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_TLSSASL));
199++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
200++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_TLSPLAIN));
201++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
202++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_TLSVNC));
203++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
204++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_TLSNONE));
205++ /*
206++ * Refuse fully cleartext passwords
207++ priv->preferable_vencrypt_subauths = g_slist_append(priv->preferable_vencrypt_subauths,
208++ GUINT_TO_POINTER(VNC_CONNECTION_AUTH_VENCRYPT_PLAIN));
209++ */
210++
211+ priv->conn = vnc_connection_new();
212+
213+ g_signal_connect(G_OBJECT(priv->conn), "vnc-cursor-changed",
214
215=== modified file 'debian/patches/series'
216--- debian/patches/series 2010-09-13 10:28:02 +0000
217+++ debian/patches/series 2010-10-04 04:31:43 +0000
218@@ -2,3 +2,4 @@
219 0002-Reset-xmit_buffer-fields-to-fix-reconnect.patch
220 0002-use-stdint.patch
221 0003-fix-build-with-xulrunner-1.9.2.patch
222+lp634571_auth_subtype_logic_fix.patch

Subscribers

People subscribed via source and target branches