KASM-2034 Update noVNC commit

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "kasmweb"]
 	path = kasmweb
 	url = https://github.com/kasmtech/noVNC.git
-	branch = master
+	branch = bugfix/KASM-2034_mobile_audio

builder/README.md

@@ -79,25 +79,6 @@ packages installed with XFCE.
 ```
 builder/test-deb-barebones ubuntu focal
 ```
-
-# Preparing a release
-
-Deb and rpm packages need their versions bumped to the new release version. It
-can be done with:
-
-```
-builder/bump-package-version 0.9.4-beta
-```
-
-This will update corresponding package files, use `git diff` to see changes.
-
-If you've ran the command and curious about Debian version specifics, here's an
-explanation:
-Deb version will be `0.9.4~beta-1`. `~` (and not `-`) is required by packaging
-guidelines, and `-1` is Debian package revision for `0.9.4` upstream release. If
-a Debian-specific patch was later added on top of `0.9.4`, it'd be `-2` for the
-next Debian version. Rpm has a corresponding revision in its .spec file.
-
 # CI development
 
 S3 upload code is extracted to various files in `.ci`. It's possible to iterate

builder/bump-package-version

@@ -1,41 +0,0 @@
-#!/usr/bin/env bash
-
-set -eo pipefail
-
-update_version_to_meet_packaging_standards() {
-  new_version=$(echo "$new_version" |
-    sed -e 's/\([0-9]\)-\([a-zA-Z]\)/\1~\2/')
-}
-
-add_debian_revision_to_new_version() {
-  echo "$new_version-1"
-}
-
-bump_rpm() {
-  sed -i "s/^Version:.\+/Version:        $new_version/" centos/kasmvncserver.spec
-}
-
-bump_deb() {
-  local image="debbump_package_version:dev"
-  local L_UID=$(id -u)
-  local L_GID=$(id -g)
-  local debian_version=$(add_debian_revision_to_new_version)
-
-  docker build -t "$image" -f builder/dockerfile.bump-package-version .
-  docker run --rm -v "$PWD":/src --user "$L_UID:$L_GID" \
-    "$image" /bin/bash -c \
-    "cd /src && builder/bump-package-version-inside-docker-deb $debian_version"
-}
-
-new_version="$1"
-
-if [[ -z "$new_version" ]]; then
-  echo >&2 "Usage: $(basename "$0") <new_version>"
-  exit 1
-fi
-
-cd "$(dirname "$0")/.."
-
-update_version_to_meet_packaging_standards
-bump_rpm
-bump_deb

builder/bump-package-version-inside-docker-deb

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-new_version="$1"
-
-update_version() {
-  dch --newversion $new_version 'New upstream release.'
-}
-
-mark_as_released() {
-  dch --release ""
-}
-
-update_version
-mark_as_released

builder/dockerfile.bump-package-version

@@ -1,6 +0,0 @@
-FROM debian:buster
-
-ENV DEBEMAIL="Kasm Technologies LLC <info@kasmweb.com>"
-
-RUN apt-get update && \
-      apt-get -y install vim devscripts

common/network/Blacklist.cxx

@@ -1,82 +0,0 @@
-/* Copyright (C) 2021 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <arpa/inet.h>
-#include <errno.h>
-#include <netinet/tcp.h>
-#include <netdb.h>
-#include <pthread.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include <map>
-#include <string>
-
-#include <network/Blacklist.h>
-#include <rfb/Blacklist.h>
-
-static std::map<std::string, unsigned> hits;
-static std::map<std::string, time_t> blacklist;
-
-static pthread_mutex_t hitmutex = PTHREAD_MUTEX_INITIALIZER;
-static pthread_mutex_t blmutex = PTHREAD_MUTEX_INITIALIZER;
-
-unsigned char bl_isBlacklisted(const char *addr) {
-	const unsigned char count = blacklist.count(addr);
-	if (!count)
-		return 0;
-
-	const time_t now = time(NULL);
-	const unsigned timeout = rfb::Blacklist::initialTimeout;
-
-	if (pthread_mutex_lock(&blmutex))
-		abort();
-
-	if (now - timeout > blacklist[addr]) {
-		blacklist.erase(addr);
-		pthread_mutex_unlock(&blmutex);
-
-		if (pthread_mutex_lock(&hitmutex))
-			abort();
-		hits.erase(addr);
-		pthread_mutex_unlock(&hitmutex);
-		return 0;
-	} else {
-		blacklist[addr] = now;
-		pthread_mutex_unlock(&blmutex);
-		return 1;
-	}
-}
-
-void bl_addFailure(const char *addr) {
-	if (pthread_mutex_lock(&hitmutex))
-		abort();
-	const unsigned num = ++hits[addr];
-	pthread_mutex_unlock(&hitmutex);
-
-	if (num >= (unsigned) rfb::Blacklist::threshold) {
-		if (pthread_mutex_lock(&blmutex))
-			abort();
-		blacklist[addr] = time(NULL);
-		pthread_mutex_unlock(&blmutex);
-	}
-}

common/network/Blacklist.h

@@ -1,33 +0,0 @@
-/* Copyright (C) 2021 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifndef __NETWORK_BLACKLIST_H__
-#define __NETWORK_BLACKLIST_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-unsigned char bl_isBlacklisted(const char *);
-void bl_addFailure(const char *);
-
-#ifdef __cplusplus
-} // extern C
-#endif
-
-#endif // __NETWORK_TCP_SOCKET_H__

common/network/CMakeLists.txt

@@ -2,7 +2,6 @@ include_directories(${CMAKE_SOURCE_DIR}/common ${CMAKE_SOURCE_DIR}/unix/kasmvncp
 
 set(NETWORK_SOURCES
   GetAPIMessager.cxx
-  Blacklist.cxx
   Socket.cxx
   TcpSocket.cxx
   websocket.c

common/network/websocket.c

@@ -32,7 +32,6 @@
 #include <openssl/sha.h> /* sha1 hash */
 #include "websocket.h"
 #include "kasmpasswd.h"
-#include <network/Blacklist.h>
 
 /*
  * Global state
@@ -1204,7 +1203,7 @@ nope:
     return 1;
 }
 
-ws_ctx_t *do_handshake(int sock, const char *ip) {
+ws_ctx_t *do_handshake(int sock) {
     char handshake[4096], response[4096], sha1[29], trailer[17];
     char *scheme, *pre;
     headers_t *headers;
@@ -1272,20 +1271,10 @@ ws_ctx_t *do_handshake(int sock, const char *ip) {
         usleep(10);
     }
 
-    if (bl_isBlacklisted(ip)) {
-        wserr("IP %s is blacklisted, dropping\n", ip);
-        sprintf(response, "HTTP/1.1 401 Forbidden\r\n"
-                          "\r\n");
-        ws_send(ws_ctx, response, strlen(response));
-        free_ws_ctx(ws_ctx);
-        return NULL;
-    }
-
     unsigned char owner = 0;
     if (!settings.disablebasicauth) {
         const char *hdr = strstr(handshake, "Authorization: Basic ");
         if (!hdr) {
-            bl_addFailure(ip);
             handler_emsg("BasicAuth required, but client didn't send any. 401 Unauth\n");
             sprintf(response, "HTTP/1.1 401 Unauthorized\r\n"
                               "WWW-Authenticate: Basic realm=\"Websockify\"\r\n"
@@ -1299,7 +1288,6 @@ ws_ctx_t *do_handshake(int sock, const char *ip) {
         const char *end = strchr(hdr, '\r');
         if (!end || end - hdr > 256) {
             handler_emsg("Client sent invalid BasicAuth, dropping connection\n");
-            bl_addFailure(ip);
             free_ws_ctx(ws_ctx);
             return NULL;
         }
@@ -1369,7 +1357,6 @@ ws_ctx_t *do_handshake(int sock, const char *ip) {
 
         if (len <= 0 || strcmp(authbuf, response)) {
             handler_emsg("BasicAuth user/pw did not match\n");
-            bl_addFailure(ip);
             sprintf(response, "HTTP/1.1 401 Forbidden\r\n"
                               "\r\n");
             ws_send(ws_ctx, response, strlen(response));
@@ -1458,7 +1445,7 @@ void *subthread(void *ptr) {
 
     ws_ctx_t *ws_ctx;
 
-    ws_ctx = do_handshake(csock, pass->ip);
+    ws_ctx = do_handshake(csock);
     if (ws_ctx == NULL) {
         handler_msg("No connection after handshake\n");
         goto out;   // Child process exits