libvncclient: fix ARD auth CI regressions

Author: Chapoly1305

include/rfb/rfbclient.h

@@ -407,11 +407,6 @@ typedef struct _rfbClient {
 	 * Set by function SetClientAuthSchemes() */
 	uint32_t *clientAuthSchemes;
 
-	/** Optional configuration for ARD Kerberos auth. */
-	char *ardAuthRealm;
-	char *ardAuthClientPrincipal;
-	char *ardAuthServicePrincipal;
-
 	/** When the server is a repeater, this specifies the final destination */
 	char *destHost;
 	int destPort;
@@ -506,10 +501,16 @@ typedef struct _rfbClient {
 	 */
         GotXCutTextUTF8Proc GotXCutTextUTF8;
 
-        /* flag to indicate wheter updateRect is managed by lib or user */
-        rfbBool isUpdateRectManagedByLib;
+	        /* flag to indicate wheter updateRect is managed by lib or user */
+	        rfbBool isUpdateRectManagedByLib;
 
-        GetX509CertFingerprintMismatchDecisionProc GetX509CertFingerprintMismatchDecision;
+	        GetX509CertFingerprintMismatchDecisionProc GetX509CertFingerprintMismatchDecision;
+
+	/** Optional configuration for ARD Kerberos auth.
+	 * Appended here to preserve offsets of pre-existing public struct fields. */
+	char *ardAuthRealm;
+	char *ardAuthClientPrincipal;
+	char *ardAuthServicePrincipal;
 } rfbClient;
 
 /* cursor.c */

src/libvncclient/ardauth.c

@@ -10,7 +10,7 @@
 #include <GSS/GSS.h>
 #endif
 
-#if defined(__has_include)
+#if defined(__APPLE__) && defined(LIBVNCSERVER_HAVE_LIBSSL) && defined(__has_include)
 #if __has_include(<openssl/bn.h>)
 #include <openssl/bn.h>
 #define LIBVNCCLIENT_APPLE_HAS_OPENSSL_BN 1
@@ -148,11 +148,19 @@ static rfbBool ConsumeRSASRPServerFinalIfPresent(rfbClient *client) {
     int wm = WaitForMessage(client, 1500000);
     ssize_t r;
 
-    if (wm <= 0)
-        return TRUE;
-    r = recv(client->sock, (char *)hdr, sizeof(hdr), MSG_PEEK);
-    if (r < 4)
+    if (wm < 0)
+        return FALSE;
+    if (wm == 0)
         return TRUE;
+    if (client->buffered >= sizeof(hdr)) {
+        memcpy(hdr, client->bufoutptr, sizeof(hdr));
+    } else {
+        if (client->buffered > 0 || client->tlsSession || client->saslconn)
+            return TRUE;
+        r = recv(client->sock, (char *)hdr, sizeof(hdr), MSG_PEEK);
+        if (r < (ssize_t)sizeof(hdr))
+            return TRUE;
+    }
     n = ReadBEU32(hdr);
     if (n < 16 || n > 4096)
         return TRUE;
@@ -1059,15 +1067,9 @@ static rfbBool HandleARDAuthDirectSRP(rfbClient *client) {
     return ok;
 }
 
+#if defined(__APPLE__)
 static rfbBool ImportKerberosName(const char *value, gss_const_OID oid,
                                   gss_name_t *out_name, const char *what) {
-#if !defined(__APPLE__)
-    (void)value;
-    (void)oid;
-    (void)out_name;
-    (void)what;
-    return FALSE;
-#else
     OM_uint32 major = 0;
     OM_uint32 minor = 0;
     gss_buffer_desc buf = GSS_C_EMPTY_BUFFER;
@@ -1086,8 +1088,8 @@ static rfbBool ImportKerberosName(const char *value, gss_const_OID oid,
         return FALSE;
     }
     return TRUE;
-#endif
 }
+#endif
 
 static rfbBool WriteLengthPrefixedBlob(rfbClient *client, const uint8_t *buf,
                                        size_t len, const char *what) {

src/libvncclient/rfbclient.c

@@ -131,13 +131,11 @@ SupportsARDAuthScheme(uint8_t authScheme)
 #if defined(__APPLE__)
 	case rfbARDAuthKerberosGSSAPI:
 		return TRUE;
-#if defined(__has_include)
-#if __has_include(<openssl/bn.h>)
+#if defined(LIBVNCSERVER_HAVE_LIBSSL)
 	case rfbARDAuthRSASRP:
 	case rfbARDAuthDirectSRP:
 		return TRUE;
 #endif
-#endif
 #endif
 	default:
 		return FALSE;

test/ardauthprobe.c

@@ -111,7 +111,7 @@ int main(int argc, char **argv) {
     int init_argc = 2;
     char *init_argv[3] = {NULL, NULL, NULL};
 
-    if (argc < 3 || strcmp(argv[1], "-auth") != 0 ||
+    if (argc < 4 || strcmp(argv[1], "-auth") != 0 ||
         !ParseAuthType(argv[2], &auth_types[0])) {
         fprintf(stderr, "usage: %s -auth <security-type> <host[:port]>\n",
                 argv[0]);