diff --git a/common/network/websocket.c b/common/network/websocket.c
index 2325cb9..52c5183 100644
--- a/common/network/websocket.c
+++ b/common/network/websocket.c
@@ -46,6 +46,9 @@ settings_t settings;
extern int wakeuppipe[2];
+extern char *extra_headers;
+extern unsigned extra_headers_len;
+
void traffic(const char * token) {
/*if ((settings.verbose) && (! settings.daemon)) {
fprintf(stdout, "%s", token);
@@ -836,7 +839,8 @@ static void dirlisting(ws_ctx_t *ws_ctx, const char fullpath[], const char path[
"Location: %s/\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
- "\r\n", path);
+ "%s"
+ "\r\n", path, extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(301, wsthread_handler_id, 0, origip, ip, user, 1, path, strlen(buf));
return;
@@ -850,7 +854,9 @@ static void dirlisting(ws_ctx_t *ws_ctx, const char fullpath[], const char path[
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/html\r\n"
- "\r\nDirectory Listing%s
", path);
+ "%s"
+ "\r\nDirectory Listing%s
",
+ extra_headers ? extra_headers : "", path);
ws_send(ws_ctx, buf, strlen(buf));
unsigned totallen = strlen(buf);
@@ -937,8 +943,9 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
"Connection: close\r\n"
"Content-type: %s\r\n"
"Content-length: %lu\r\n"
+ "%s"
"\r\n",
- name2mime(path), filesize);
+ name2mime(path), filesize, extra_headers ? extra_headers : "");
const unsigned hdrlen = strlen(buf);
ws_send(ws_ctx, buf, hdrlen);
@@ -958,8 +965,9 @@ nope:
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
+ "%s"
"\r\n"
- "404");
+ "404", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(404, wsthread_handler_id, 0, origip, ip, user, 1, path, strlen(buf));
}
@@ -999,14 +1007,16 @@ notfound:
}
static void send403(ws_ctx_t *ws_ctx, const char * const origip, const char * const ip) {
- const char response[] = "HTTP/1.1 403 Forbidden\r\n"
- "Server: KasmVNC/4.0\r\n"
- "Connection: close\r\n"
- "Content-type: text/plain\r\n"
- "\r\n"
- "403 Forbidden";
- ws_send(ws_ctx, response, strlen(response));
- weblog(403, wsthread_handler_id, 0, origip, ip, "-", 1, "-", strlen(response));
+ char buf[4096];
+ sprintf(buf, "HTTP/1.1 403 Forbidden\r\n"
+ "Server: KasmVNC/4.0\r\n"
+ "Connection: close\r\n"
+ "Content-type: text/plain\r\n"
+ "%s"
+ "\r\n"
+ "403 Forbidden", extra_headers ? extra_headers : "");
+ ws_send(ws_ctx, buf, strlen(buf));
+ weblog(403, wsthread_handler_id, 0, origip, ip, "-", 1, "-", strlen(buf));
}
static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in, const char * const user,
@@ -1079,8 +1089,9 @@ static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in, const char * cons
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
+ "%s"
"\r\n"
- "200 OK");
+ "200 OK", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 0, path, strlen(buf));
@@ -1117,8 +1128,9 @@ static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in, const char * cons
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
+ "%s"
"\r\n"
- "200 OK");
+ "200 OK", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 0, path, strlen(buf));
@@ -1171,8 +1183,9 @@ static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in, const char * cons
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
+ "%s"
"\r\n"
- "200 OK");
+ "200 OK", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 0, path, strlen(buf));
@@ -1187,8 +1200,9 @@ nope:
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
+ "%s"
"\r\n"
- "400 Bad Request");
+ "400 Bad Request", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(400, wsthread_handler_id, 0, origip, ip, user, 0, path, strlen(buf));
return 1;
@@ -1273,7 +1287,8 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: %u\r\n"
- "\r\n", len);
+ "%s"
+ "\r\n", len, extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
ws_send(ws_ctx, staging, len);
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf) + len);
@@ -1286,7 +1301,8 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
"Connection: close\r\n"
"Content-type: image/jpeg\r\n"
"Content-length: %u\r\n"
- "\r\n", len);
+ "%s"
+ "\r\n", len, extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
ws_send(ws_ctx, staging, len);
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf) + len);
@@ -1356,8 +1372,9 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
+ "%s"
"\r\n"
- "200 OK");
+ "200 OK", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
@@ -1385,8 +1402,9 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
+ "%s"
"\r\n"
- "200 OK");
+ "200 OK", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
@@ -1440,8 +1458,9 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
+ "%s"
"\r\n"
- "200 OK");
+ "200 OK", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
@@ -1455,7 +1474,8 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: %lu\r\n"
- "\r\n", strlen(statbuf));
+ "%s"
+ "\r\n", strlen(statbuf), extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
ws_send(ws_ctx, statbuf, strlen(statbuf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf) + strlen(statbuf));
@@ -1471,7 +1491,8 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: %lu\r\n"
- "\r\n", strlen(ptr));
+ "%s"
+ "\r\n", strlen(ptr), extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
ws_send(ws_ctx, ptr, strlen(ptr));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf) + strlen(ptr));
@@ -1553,7 +1574,8 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: %lu\r\n"
- "\r\n", strlen(statbuf));
+ "%s"
+ "\r\n", strlen(statbuf), extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
ws_send(ws_ctx, statbuf, strlen(statbuf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf) + strlen(statbuf));
@@ -1568,8 +1590,9 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
+ "%s"
"\r\n"
- "200 OK");
+ "200 OK", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
@@ -1585,8 +1608,9 @@ nope:
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
+ "%s"
"\r\n"
- "400 Bad Request");
+ "400 Bad Request", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(400, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
return 1;
@@ -1596,8 +1620,9 @@ timeout:
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
+ "%s"
"\r\n"
- "503 Service Unavailable");
+ "503 Service Unavailable", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
weblog(503, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
return 1;
@@ -1723,7 +1748,8 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
wserr("Authentication attempt failed, BasicAuth required, but client didn't send any\n");
sprintf(response, "HTTP/1.1 401 Unauthorized\r\n"
"WWW-Authenticate: Basic realm=\"Websockify\"\r\n"
- "\r\n");
+ "%s"
+ "\r\n", extra_headers ? extra_headers : "");
ws_send(ws_ctx, response, strlen(response));
weblog(401, wsthread_handler_id, 0, origip, ip, "-", 1, url, strlen(response));
free_ws_ctx(ws_ctx);
@@ -1805,7 +1831,8 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
wserr("Authentication attempt failed, wrong password for user %s\n", inuser);
bl_addFailure(ip);
sprintf(response, "HTTP/1.1 401 Forbidden\r\n"
- "\r\n");
+ "%s"
+ "\r\n", extra_headers ? extra_headers : "");
ws_send(ws_ctx, response, strlen(response));
weblog(401, wsthread_handler_id, 0, origip, ip, inuser, 1, url, strlen(response));
free_ws_ctx(ws_ctx);
@@ -1829,8 +1856,9 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
+ "%s"
"\r\n"
- "401 Unauthorized");
+ "401 Unauthorized", extra_headers ? extra_headers : "");
ws_send(ws_ctx, response, strlen(response));
weblog(401, wsthread_handler_id, 0, origip, ip, inuser, 1, url, strlen(response));
goto done;
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
index a24d51f..0689367 100644
--- a/unix/xserver/hw/vnc/Xvnc.man
+++ b/unix/xserver/hw/vnc/Xvnc.man
@@ -110,6 +110,11 @@ Run a mini-HTTP server which serves files from the given directory. Normally
the directory will contain the kasmweb client. It will use the websocket port.
.
.TP
+.B \-http-header \fIheader=val\fP
+Append this header to all HTTP responses (file and API). May be given multiple
+times.
+.
+.TP
.B \-rfbauth \fIpasswd-file\fP, \-PasswordFile \fIpasswd-file\fP
Password file for VNC authentication. There is no default, you should
specify the password file explicitly. Password file should be created with
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
index 6cc834d..5f293f9 100644
--- a/unix/xserver/hw/vnc/xvnc.c
+++ b/unix/xserver/hw/vnc/xvnc.c
@@ -155,6 +155,49 @@ static char displayNumStr[16];
static int vncVerbose = DEFAULT_LOG_VERBOSITY;
+char *extra_headers = NULL;
+unsigned extra_headers_len = 0;
+
+static unsigned
+add_extra_headers(const char * const arg)
+{
+ unsigned i, found = 0;
+ const char *sep;
+ for (i = 0; arg[i]; i++) {
+ if (arg[i] == '=') {
+ found++;
+ sep = &arg[i];
+ }
+ }
+ if (found != 1)
+ return 0;
+
+ const unsigned len = strlen(arg);
+ if (len < 3)
+ return 0;
+
+ if (arg[0] == '=' || arg[len - 1] == '=')
+ return 0;
+
+ extra_headers = realloc(extra_headers, extra_headers_len + 4 + len);
+ extra_headers[extra_headers_len] = '\0';
+
+ char tmp[len + 3];
+ const unsigned firstlen = sep - arg;
+
+ memcpy(tmp, arg, firstlen);
+ tmp[firstlen] = ':';
+ tmp[firstlen + 1] = ' ';
+ memcpy(&tmp[firstlen + 2], sep + 1, len - firstlen - 1);
+ tmp[len + 1] = '\r';
+ tmp[len + 2] = '\n';
+
+ memcpy(&extra_headers[extra_headers_len], tmp, len + 3);
+ extra_headers_len += len + 3;
+ extra_headers[extra_headers_len] = '\0';
+
+ return 1;
+}
static void
vncPrintBanner(void)
@@ -319,6 +362,7 @@ void ddxUseMsg(void)
ErrorF("-depth D set screen 0's depth\n");
ErrorF("-pixelformat fmt set pixel format (rgbNNN or bgrNNN)\n");
ErrorF("-inetd has been launched from inetd\n");
+ ErrorF("-http-header name=val append this header to all HTTP responses\n");
ErrorF("-noclipboard disable clipboard settings modification via vncconfig utility\n");
ErrorF("-verbose [n] verbose startup messages\n");
ErrorF("-quiet minimal startup messages\n");
@@ -530,6 +574,17 @@ ddxProcessArgument(int argc, char *argv[], int i)
return 2;
}
+ if (strcmp(argv[i], "-http-header") == 0)
+ {
+ fail_unless_args(argc, i, 1);
+ ++i;
+ if (!add_extra_headers(argv[i])) {
+ ErrorF("Invalid argument\n");
+ return 0;
+ }
+ return 2;
+ }
+
if (strcmp(argv[i], "-pixelformat") == 0)
{
char rgbbgr[4];