Strongly bind security objects to connection object

There is already an implicit connection between them, so let's make
it explicit. This allows easy lookup outside of the processMsg() function.
diff --git a/common/rfb/CConnection.cxx b/common/rfb/CConnection.cxx
index d7a9d85..fb95377 100644
--- a/common/rfb/CConnection.cxx
+++ b/common/rfb/CConnection.cxx
@@ -235,14 +235,14 @@
   }
 
   state_ = RFBSTATE_SECURITY;
-  csecurity = security.GetCSecurity(secType);
+  csecurity = security.GetCSecurity(this, secType);
   processSecurityMsg();
 }
 
 void CConnection::processSecurityMsg()
 {
   vlog.debug("processing security message");
-  if (csecurity->processMsg(this)) {
+  if (csecurity->processMsg()) {
     state_ = RFBSTATE_SECURITY_RESULT;
     processSecurityResultMsg();
   }
diff --git a/common/rfb/CSecurity.h b/common/rfb/CSecurity.h
index 4bf4b38..2e703c6 100644
--- a/common/rfb/CSecurity.h
+++ b/common/rfb/CSecurity.h
@@ -44,8 +44,9 @@
   class CConnection;
   class CSecurity {
   public:
+    CSecurity(CConnection* cc) { this->cc = cc; }
     virtual ~CSecurity() {}
-    virtual bool processMsg(CConnection* cc)=0;
+    virtual bool processMsg() = 0;
     virtual int getType() const = 0;
     virtual const char* description() const = 0;
     virtual bool isSecure() const { return false; }
@@ -55,6 +56,9 @@
      * It MUST be set by viewer.
      */
     static UserPasswdGetter *upg;
+
+  protected:
+    CConnection* cc;
   };
 }
 #endif
diff --git a/common/rfb/CSecurityNone.h b/common/rfb/CSecurityNone.h
index a7db6e0..d07815f 100644
--- a/common/rfb/CSecurityNone.h
+++ b/common/rfb/CSecurityNone.h
@@ -29,7 +29,8 @@
 
   class CSecurityNone : public CSecurity {
   public:
-    virtual bool processMsg(CConnection* cc) { return true; }
+    CSecurityNone(CConnection* cc) : CSecurity(cc) {}
+    virtual bool processMsg() { return true; }
     virtual int getType() const {return secTypeNone;}
     virtual const char* description() const {return "No Encryption";}
   };
diff --git a/common/rfb/CSecurityPlain.cxx b/common/rfb/CSecurityPlain.cxx
index 8e383c3..b2fb736 100644
--- a/common/rfb/CSecurityPlain.cxx
+++ b/common/rfb/CSecurityPlain.cxx
@@ -26,7 +26,7 @@
 
 using namespace rfb;
 
-bool CSecurityPlain::processMsg(CConnection* cc)
+bool CSecurityPlain::processMsg()
 {
    rdr::OutStream* os = cc->getOutStream();
 
diff --git a/common/rfb/CSecurityPlain.h b/common/rfb/CSecurityPlain.h
index fb0d7a5..4ea8c9d 100644
--- a/common/rfb/CSecurityPlain.h
+++ b/common/rfb/CSecurityPlain.h
@@ -26,8 +26,8 @@
 
   class CSecurityPlain : public CSecurity {
   public:
-    CSecurityPlain() {}
-    virtual bool processMsg(CConnection* cc);
+    CSecurityPlain(CConnection* cc) : CSecurity(cc) {}
+    virtual bool processMsg();
     virtual int getType() const { return secTypePlain; }
     virtual const char* description() const { return "ask for username and password"; }
   };
diff --git a/common/rfb/CSecurityStack.cxx b/common/rfb/CSecurityStack.cxx
index 47c3f6d..55f3133 100644
--- a/common/rfb/CSecurityStack.cxx
+++ b/common/rfb/CSecurityStack.cxx
@@ -21,9 +21,9 @@
 
 using namespace rfb;
 
-CSecurityStack::CSecurityStack(int Type, const char*Name, CSecurity* s0,
-			       CSecurity* s1)
-  :name(Name),type(Type)
+CSecurityStack::CSecurityStack(CConnection* cc, int Type, const char* Name,
+                               CSecurity* s0, CSecurity* s1)
+  : CSecurity(cc), name(Name), type(Type)
 {
   state = 0;
   state0 = s0;
@@ -38,12 +38,12 @@
     delete state1;
 }
 
-bool CSecurityStack::processMsg(CConnection* cc)
+bool CSecurityStack::processMsg()
 {
   bool res=true;
   if (state == 0) {
     if (state0)
-      res = state0->processMsg(cc);
+      res = state0->processMsg();
 
     if (!res)
       return res;
@@ -53,7 +53,7 @@
 
   if (state == 1) {
     if(state1)
-      res = state1->processMsg(cc);
+      res = state1->processMsg();
 
     if(!res)
       return res;
diff --git a/common/rfb/CSecurityStack.h b/common/rfb/CSecurityStack.h
index a16003f..4be507e 100644
--- a/common/rfb/CSecurityStack.h
+++ b/common/rfb/CSecurityStack.h
@@ -27,9 +27,10 @@
 
   class CSecurityStack : public CSecurity {
   public:
-    CSecurityStack(int Type, const char *Name, CSecurity* s0 = 0, CSecurity* s1 = 0);
+    CSecurityStack(CConnection* cc, int Type, const char *Name,
+                   CSecurity* s0 = NULL, CSecurity* s1 = NULL);
     ~CSecurityStack();
-    virtual bool processMsg(CConnection* cc);
+    virtual bool processMsg();
     virtual int getType() const {return type;};
     virtual const char* description() const {return name;}
     virtual bool isSecure() const;
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index c90f49e..b943c10 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -67,8 +67,9 @@
 
 static LogWriter vlog("TLS");
 
-CSecurityTLS::CSecurityTLS(bool _anon) : session(0), anon_cred(0),
-						 cert_cred(0), anon(_anon), fis(0), fos(0)
+CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon)
+  : CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL),
+    anon(_anon), fis(NULL), fos(NULL)
 {
   cafile = X509CA.getData();
   crlfile = X509CRL.getData();
@@ -137,7 +138,7 @@
   gnutls_global_deinit();
 }
 
-bool CSecurityTLS::processMsg(CConnection* cc)
+bool CSecurityTLS::processMsg()
 {
   rdr::InStream* is = cc->getInStream();
   rdr::OutStream* os = cc->getOutStream();
diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h
index e726d1e..6791a4a 100644
--- a/common/rfb/CSecurityTLS.h
+++ b/common/rfb/CSecurityTLS.h
@@ -42,9 +42,9 @@
   class UserMsgBox;
   class CSecurityTLS : public CSecurity {
   public:
-    CSecurityTLS(bool _anon);
+    CSecurityTLS(CConnection* cc, bool _anon);
     virtual ~CSecurityTLS();
-    virtual bool processMsg(CConnection* cc);
+    virtual bool processMsg();
     virtual int getType() const { return anon ? secTypeTLSNone : secTypeX509None; }
     virtual const char* description() const
       { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; }
diff --git a/common/rfb/CSecurityVeNCrypt.cxx b/common/rfb/CSecurityVeNCrypt.cxx
index f9597cc..22201dd 100644
--- a/common/rfb/CSecurityVeNCrypt.cxx
+++ b/common/rfb/CSecurityVeNCrypt.cxx
@@ -36,7 +36,8 @@
 
 static LogWriter vlog("CVeNCrypt");
 
-CSecurityVeNCrypt::CSecurityVeNCrypt(SecurityClient* sec) : csecurity(NULL), security(sec)
+CSecurityVeNCrypt::CSecurityVeNCrypt(CConnection* cc, SecurityClient* sec)
+  : CSecurity(cc), csecurity(NULL), security(sec)
 {
   haveRecvdMajorVersion = false;
   haveRecvdMinorVersion = false;
@@ -59,7 +60,7 @@
 	delete[] availableTypes;
 }
 
-bool CSecurityVeNCrypt::processMsg(CConnection* cc)
+bool CSecurityVeNCrypt::processMsg()
 {
   InStream* is = cc->getInStream();
   OutStream* os = cc->getOutStream();
@@ -171,7 +172,7 @@
       if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt)
 	throw AuthFailureException("No valid VeNCrypt sub-type");
 
-      csecurity = security->GetCSecurity(chosenType);
+      csecurity = security->GetCSecurity(cc, chosenType);
 
       /* send chosen type to server */
       os->writeU32(chosenType);
@@ -188,7 +189,7 @@
     throw AuthFailureException("The server reported 0 VeNCrypt sub-types");
   }
 
-  return csecurity->processMsg(cc);
+  return csecurity->processMsg();
 }
 
 const char* CSecurityVeNCrypt::description() const
diff --git a/common/rfb/CSecurityVeNCrypt.h b/common/rfb/CSecurityVeNCrypt.h
index 6d978c7..d015e8f 100644
--- a/common/rfb/CSecurityVeNCrypt.h
+++ b/common/rfb/CSecurityVeNCrypt.h
@@ -34,9 +34,9 @@
   class CSecurityVeNCrypt : public CSecurity {
   public:
 
-    CSecurityVeNCrypt(SecurityClient* sec);
+    CSecurityVeNCrypt(CConnection* cc, SecurityClient* sec);
     ~CSecurityVeNCrypt();
-    virtual bool processMsg(CConnection* cc);// { return true; }
+    virtual bool processMsg();
     int getType() const {return chosenType;}
     virtual const char* description() const;
     virtual bool isSecure() const;
diff --git a/common/rfb/CSecurityVncAuth.cxx b/common/rfb/CSecurityVncAuth.cxx
index 46463e0..6a87498 100644
--- a/common/rfb/CSecurityVncAuth.cxx
+++ b/common/rfb/CSecurityVncAuth.cxx
@@ -40,7 +40,7 @@
 
 static const int vncAuthChallengeSize = 16;
 
-bool CSecurityVncAuth::processMsg(CConnection* cc)
+bool CSecurityVncAuth::processMsg()
 {
   rdr::InStream* is = cc->getInStream();
   rdr::OutStream* os = cc->getOutStream();
diff --git a/common/rfb/CSecurityVncAuth.h b/common/rfb/CSecurityVncAuth.h
index 391ed23..2da9817 100644
--- a/common/rfb/CSecurityVncAuth.h
+++ b/common/rfb/CSecurityVncAuth.h
@@ -25,9 +25,9 @@
 
   class CSecurityVncAuth : public CSecurity {
   public:
-    CSecurityVncAuth(void) {}
+    CSecurityVncAuth(CConnection* cc) : CSecurity(cc) {}
     virtual ~CSecurityVncAuth() {}
-    virtual bool processMsg(CConnection* cc);
+    virtual bool processMsg();
     virtual int getType() const {return secTypeVncAuth;};
     virtual const char* description() const {return "No Encryption";}
   };
diff --git a/common/rfb/SConnection.cxx b/common/rfb/SConnection.cxx
index ae43254..efc26ac 100644
--- a/common/rfb/SConnection.cxx
+++ b/common/rfb/SConnection.cxx
@@ -156,7 +156,7 @@
     os->writeU32(*i);
     if (*i == secTypeNone) os->flush();
     state_ = RFBSTATE_SECURITY;
-    ssecurity = security.GetSSecurity(*i);
+    ssecurity = security.GetSSecurity(this, *i);
     processSecurityMsg();
     return;
   }
@@ -199,7 +199,7 @@
 
   try {
     state_ = RFBSTATE_SECURITY;
-    ssecurity = security.GetSSecurity(secType);
+    ssecurity = security.GetSSecurity(this, secType);
   } catch (rdr::Exception& e) {
     throwConnFailedException("%s", e.str());
   }
@@ -211,7 +211,7 @@
 {
   vlog.debug("processing security message");
   try {
-    bool done = ssecurity->processMsg(this);
+    bool done = ssecurity->processMsg();
     if (done) {
       state_ = RFBSTATE_QUERYING;
       setAccessRights(ssecurity->getAccessRights());
diff --git a/common/rfb/SSecurity.h b/common/rfb/SSecurity.h
index 0280574..8ae7902 100644
--- a/common/rfb/SSecurity.h
+++ b/common/rfb/SSecurity.h
@@ -52,8 +52,9 @@
 
   class SSecurity {
   public:
+    SSecurity(SConnection* sc) { this->sc = sc; }
     virtual ~SSecurity() {}
-    virtual bool processMsg(SConnection* sc)=0;
+    virtual bool processMsg() = 0;
     virtual int getType() const = 0;
 
     // getUserName() gets the name of the user attempting authentication.  The
@@ -63,6 +64,9 @@
     virtual const char* getUserName() const = 0;
 
     virtual SConnection::AccessRights getAccessRights() const { return SConnection::AccessDefault; }
+
+  protected:
+    SConnection* sc;
   };
 
 }
diff --git a/common/rfb/SSecurityNone.h b/common/rfb/SSecurityNone.h
index 5c19f29..f14d83a 100644
--- a/common/rfb/SSecurityNone.h
+++ b/common/rfb/SSecurityNone.h
@@ -28,7 +28,8 @@
 
   class SSecurityNone : public SSecurity {
   public:
-    virtual bool processMsg(SConnection* sc) { return true; }
+    SSecurityNone(SConnection* sc) : SSecurity(sc) {}
+    virtual bool processMsg() { return true; }
     virtual int getType() const {return secTypeNone;}
     virtual const char* getUserName() const {return 0;}
   };
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
index fc9dff2..6d48b65 100644
--- a/common/rfb/SSecurityPlain.cxx
+++ b/common/rfb/SSecurityPlain.cxx
@@ -60,7 +60,7 @@
   return false;
 }
 
-SSecurityPlain::SSecurityPlain()
+SSecurityPlain::SSecurityPlain(SConnection* sc) : SSecurity(sc)
 {
 #ifdef HAVE_PAM
   valid = new UnixPasswordValidator();
@@ -73,7 +73,7 @@
   state = 0;
 }
 
-bool SSecurityPlain::processMsg(SConnection* sc)
+bool SSecurityPlain::processMsg()
 {
   rdr::InStream* is = sc->getInStream();
   char* pw;
diff --git a/common/rfb/SSecurityPlain.h b/common/rfb/SSecurityPlain.h
index 4bf42b7..4b12da0 100644
--- a/common/rfb/SSecurityPlain.h
+++ b/common/rfb/SSecurityPlain.h
@@ -47,8 +47,8 @@
 
   class SSecurityPlain : public SSecurity {
   public:
-    SSecurityPlain();
-    virtual bool processMsg(SConnection* sc);
+    SSecurityPlain(SConnection* sc);
+    virtual bool processMsg();
     virtual int getType() const { return secTypePlain; };
     virtual const char* getUserName() const { return username.buf; }
 
diff --git a/common/rfb/SSecurityStack.cxx b/common/rfb/SSecurityStack.cxx
index 478ce4f..74509e7 100644
--- a/common/rfb/SSecurityStack.cxx
+++ b/common/rfb/SSecurityStack.cxx
@@ -20,8 +20,11 @@
 
 using namespace rfb;
 
-SSecurityStack::SSecurityStack(int Type, SSecurity* s0, SSecurity* s1)
-  :state(0), state0(s0), state1(s1), type(Type) {}
+SSecurityStack::SSecurityStack(SConnection* sc, int Type,
+                               SSecurity* s0, SSecurity* s1)
+  : SSecurity(sc), state(0), state0(s0), state1(s1), type(Type)
+{
+}
 
 SSecurityStack::~SSecurityStack()
 {
@@ -31,13 +34,13 @@
     delete state1;
 }
 
-bool SSecurityStack::processMsg(SConnection* cc)
+bool SSecurityStack::processMsg()
 {
   bool res = true;
 
   if (state == 0) {
     if (state0)
-      res = state0->processMsg(cc);
+      res = state0->processMsg();
     if (!res)
       return res;
     state++;
@@ -45,7 +48,7 @@
 
   if (state == 1) {
     if (state1)
-      res = state1->processMsg(cc);
+      res = state1->processMsg();
     if (!res)
       return res;
     state++;
diff --git a/common/rfb/SSecurityStack.h b/common/rfb/SSecurityStack.h
index dd743d2..8b412bd 100644
--- a/common/rfb/SSecurityStack.h
+++ b/common/rfb/SSecurityStack.h
@@ -26,9 +26,10 @@
 
   class SSecurityStack : public SSecurity {
   public:
-    SSecurityStack(int Type, SSecurity* s0 = 0, SSecurity* s1 = 0);
+    SSecurityStack(SConnection* sc, int Type,
+                   SSecurity* s0 = NULL, SSecurity* s1 = NULL);
     ~SSecurityStack();
-    virtual bool processMsg(SConnection* cc);
+    virtual bool processMsg();
     virtual int getType() const { return type; };
     virtual const char* getUserName() const;
     virtual SConnection::AccessRights getAccessRights() const;
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index 5576a06..72b83db 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -49,9 +49,9 @@
 
 static LogWriter vlog("TLS");
 
-SSecurityTLS::SSecurityTLS(bool _anon) : session(0), dh_params(0),
-						 anon_cred(0), cert_cred(0),
-						 anon(_anon), fis(0), fos(0)
+SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon)
+  : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL),
+    cert_cred(NULL), anon(_anon), fis(NULL), fos(NULL)
 {
   certfile = X509_CertFile.getData();
   keyfile = X509_KeyFile.getData();
@@ -106,7 +106,7 @@
   gnutls_global_deinit();
 }
 
-bool SSecurityTLS::processMsg(SConnection *sc)
+bool SSecurityTLS::processMsg()
 {
   rdr::InStream* is = sc->getInStream();
   rdr::OutStream* os = sc->getOutStream();
diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
index 30242a2..e137b28 100644
--- a/common/rfb/SSecurityTLS.h
+++ b/common/rfb/SSecurityTLS.h
@@ -40,9 +40,9 @@
 
   class SSecurityTLS : public SSecurity {
   public:
-    SSecurityTLS(bool _anon);
+    SSecurityTLS(SConnection* sc, bool _anon);
     virtual ~SSecurityTLS();
-    virtual bool processMsg(SConnection* sc);
+    virtual bool processMsg();
     virtual const char* getUserName() const {return 0;}
     virtual int getType() const { return anon ? secTypeTLSNone : secTypeX509None;}
 
diff --git a/common/rfb/SSecurityVeNCrypt.cxx b/common/rfb/SSecurityVeNCrypt.cxx
index ce6c71b..d522ef6 100644
--- a/common/rfb/SSecurityVeNCrypt.cxx
+++ b/common/rfb/SSecurityVeNCrypt.cxx
@@ -38,7 +38,8 @@
 
 static LogWriter vlog("SVeNCrypt");
 
-SSecurityVeNCrypt::SSecurityVeNCrypt(SecurityServer *sec) : security(sec)
+SSecurityVeNCrypt::SSecurityVeNCrypt(SConnection* sc, SecurityServer *sec)
+  : SSecurity(sc), security(sec)
 {
   ssecurity = NULL;
   haveSentVersion = false;
@@ -63,7 +64,7 @@
   }
 }
 
-bool SSecurityVeNCrypt::processMsg(SConnection* sc)
+bool SSecurityVeNCrypt::processMsg()
 {
   rdr::InStream* is = sc->getInStream();
   rdr::OutStream* os = sc->getOutStream();
@@ -166,11 +167,11 @@
     if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt)
       throw AuthFailureException("No valid VeNCrypt sub-type");
 
-    ssecurity = security->GetSSecurity(chosenType);
+    ssecurity = security->GetSSecurity(sc, chosenType);
   }
 
   /* continue processing the messages */
-  return ssecurity->processMsg(sc);
+  return ssecurity->processMsg();
 }
 
 const char* SSecurityVeNCrypt::getUserName() const
diff --git a/common/rfb/SSecurityVeNCrypt.h b/common/rfb/SSecurityVeNCrypt.h
index f9c753f..06758b8 100644
--- a/common/rfb/SSecurityVeNCrypt.h
+++ b/common/rfb/SSecurityVeNCrypt.h
@@ -36,9 +36,9 @@
 
   class SSecurityVeNCrypt : public SSecurity {
   public:
-    SSecurityVeNCrypt(SecurityServer *sec);
+    SSecurityVeNCrypt(SConnection* sc, SecurityServer *sec);
     ~SSecurityVeNCrypt();
-    virtual bool processMsg(SConnection* sc);// { return true; }
+    virtual bool processMsg();
     virtual int getType() const { return chosenType; }
     virtual const char* getUserName() const;
     virtual SConnection::AccessRights getAccessRights() const;
diff --git a/common/rfb/SSecurityVncAuth.cxx b/common/rfb/SSecurityVncAuth.cxx
index 05488f6..882f0b0 100644
--- a/common/rfb/SSecurityVncAuth.cxx
+++ b/common/rfb/SSecurityVncAuth.cxx
@@ -48,8 +48,9 @@
 ("Password", "Obfuscated binary encoding of the password which clients must supply to "
  "access the server", &SSecurityVncAuth::vncAuthPasswdFile);
 
-SSecurityVncAuth::SSecurityVncAuth(void)
-  : sentChallenge(false), responsePos(0), pg(&vncAuthPasswd), accessRights(0)
+SSecurityVncAuth::SSecurityVncAuth(SConnection* sc)
+  : SSecurity(sc), sentChallenge(false), responsePos(0),
+    pg(&vncAuthPasswd), accessRights(0)
 {
 }
 
@@ -70,7 +71,7 @@
   return memcmp(response, expectedResponse, vncAuthChallengeSize) == 0;
 }
 
-bool SSecurityVncAuth::processMsg(SConnection* sc)
+bool SSecurityVncAuth::processMsg()
 {
   rdr::InStream* is = sc->getInStream();
   rdr::OutStream* os = sc->getOutStream();
diff --git a/common/rfb/SSecurityVncAuth.h b/common/rfb/SSecurityVncAuth.h
index a1d1747..fe00b03 100644
--- a/common/rfb/SSecurityVncAuth.h
+++ b/common/rfb/SSecurityVncAuth.h
@@ -51,8 +51,8 @@
 
   class SSecurityVncAuth : public SSecurity {
   public:
-    SSecurityVncAuth(void);
-    virtual bool processMsg(SConnection* sc);
+    SSecurityVncAuth(SConnection* sc);
+    virtual bool processMsg();
     virtual int getType() const {return secTypeVncAuth;}
     virtual const char* getUserName() const {return 0;}
     virtual SConnection::AccessRights getAccessRights() const { return accessRights; }
diff --git a/common/rfb/SecurityClient.cxx b/common/rfb/SecurityClient.cxx
index 9bd780f..23c1d67 100644
--- a/common/rfb/SecurityClient.cxx
+++ b/common/rfb/SecurityClient.cxx
@@ -55,7 +55,7 @@
 #endif
 ConfViewer);
 
-CSecurity* SecurityClient::GetCSecurity(U32 secType)
+CSecurity* SecurityClient::GetCSecurity(CConnection* cc, U32 secType)
 {
   assert (CSecurity::upg != NULL); /* (upg == NULL) means bug in the viewer */
 #ifdef HAVE_GNUTLS
@@ -66,29 +66,39 @@
     goto bail;
 
   switch (secType) {
-  case secTypeNone: return new CSecurityNone();
-  case secTypeVncAuth: return new CSecurityVncAuth();
-  case secTypeVeNCrypt: return new CSecurityVeNCrypt(this);
-  case secTypePlain: return new CSecurityPlain();
+  case secTypeNone: return new CSecurityNone(cc);
+  case secTypeVncAuth: return new CSecurityVncAuth(cc);
+  case secTypeVeNCrypt: return new CSecurityVeNCrypt(cc, this);
+  case secTypePlain: return new CSecurityPlain(cc);
 #ifdef HAVE_GNUTLS
   case secTypeTLSNone:
-    return new CSecurityStack(secTypeTLSNone, "TLS with no password",
-			      new CSecurityTLS(true));
+    return new CSecurityStack(cc, secTypeTLSNone,
+                              "TLS with no password",
+                              new CSecurityTLS(cc, true));
   case secTypeTLSVnc:
-    return new CSecurityStack(secTypeTLSVnc, "TLS with VNCAuth",
-			      new CSecurityTLS(true), new CSecurityVncAuth());
+    return new CSecurityStack(cc, secTypeTLSVnc,
+                              "TLS with VNCAuth",
+                              new CSecurityTLS(cc, true),
+                              new CSecurityVncAuth(cc));
   case secTypeTLSPlain:
-    return new CSecurityStack(secTypeTLSPlain, "TLS with Username/Password",
-			      new CSecurityTLS(true), new CSecurityPlain());
+    return new CSecurityStack(cc, secTypeTLSPlain,
+                              "TLS with Username/Password",
+                              new CSecurityTLS(cc, true),
+                              new CSecurityPlain(cc));
   case secTypeX509None:
-    return new CSecurityStack(secTypeX509None, "X509 with no password",
-			      new CSecurityTLS(false));
+    return new CSecurityStack(cc, secTypeX509None,
+                              "X509 with no password",
+                              new CSecurityTLS(cc, false));
   case secTypeX509Vnc:
-    return new CSecurityStack(secTypeX509Vnc, "X509 with VNCAuth",
-			      new CSecurityTLS(false), new CSecurityVncAuth());
+    return new CSecurityStack(cc, secTypeX509Vnc,
+                              "X509 with VNCAuth",
+                              new CSecurityTLS(cc, false),
+                              new CSecurityVncAuth(cc));
   case secTypeX509Plain:
-    return new CSecurityStack(secTypeX509Plain, "X509 with Username/Password",
-			      new CSecurityTLS(false), new CSecurityPlain());
+    return new CSecurityStack(cc, secTypeX509Plain,
+                              "X509 with Username/Password",
+                              new CSecurityTLS(cc, false),
+                              new CSecurityPlain(cc));
 #endif
   }
 
diff --git a/common/rfb/SecurityClient.h b/common/rfb/SecurityClient.h
index b8ad831..3074a87 100644
--- a/common/rfb/SecurityClient.h
+++ b/common/rfb/SecurityClient.h
@@ -33,7 +33,7 @@
     SecurityClient(void) : Security(secTypes) {}
 
     /* Create client side CSecurity class instance */
-    CSecurity* GetCSecurity(rdr::U32 secType);
+    CSecurity* GetCSecurity(CConnection* cc, rdr::U32 secType);
 
     static void setDefaults(void);
 
diff --git a/common/rfb/SecurityServer.cxx b/common/rfb/SecurityServer.cxx
index e0aee13..97b133c 100644
--- a/common/rfb/SecurityServer.cxx
+++ b/common/rfb/SecurityServer.cxx
@@ -49,29 +49,29 @@
 #endif
 ConfServer);
 
-SSecurity* SecurityServer::GetSSecurity(U32 secType)
+SSecurity* SecurityServer::GetSSecurity(SConnection* sc, U32 secType)
 {
   if (!IsSupported(secType))
     goto bail;
 
   switch (secType) {
-  case secTypeNone: return new SSecurityNone();
-  case secTypeVncAuth: return new SSecurityVncAuth();
-  case secTypeVeNCrypt: return new SSecurityVeNCrypt(this);
-  case secTypePlain: return new SSecurityPlain();
+  case secTypeNone: return new SSecurityNone(sc);
+  case secTypeVncAuth: return new SSecurityVncAuth(sc);
+  case secTypeVeNCrypt: return new SSecurityVeNCrypt(sc, this);
+  case secTypePlain: return new SSecurityPlain(sc);
 #ifdef HAVE_GNUTLS
   case secTypeTLSNone:
-    return new SSecurityStack(secTypeTLSNone, new SSecurityTLS(true));
+    return new SSecurityStack(sc, secTypeTLSNone, new SSecurityTLS(sc, true));
   case secTypeTLSVnc:
-    return new SSecurityStack(secTypeTLSVnc, new SSecurityTLS(true), new SSecurityVncAuth());
+    return new SSecurityStack(sc, secTypeTLSVnc, new SSecurityTLS(sc, true), new SSecurityVncAuth(sc));
   case secTypeTLSPlain:
-    return new SSecurityStack(secTypeTLSPlain, new SSecurityTLS(true), new SSecurityPlain());
+    return new SSecurityStack(sc, secTypeTLSPlain, new SSecurityTLS(sc, true), new SSecurityPlain(sc));
   case secTypeX509None:
-    return new SSecurityStack(secTypeX509None, new SSecurityTLS(false));
+    return new SSecurityStack(sc, secTypeX509None, new SSecurityTLS(sc, false));
   case secTypeX509Vnc:
-    return new SSecurityStack(secTypeX509None, new SSecurityTLS(false), new SSecurityVncAuth());
+    return new SSecurityStack(sc, secTypeX509None, new SSecurityTLS(sc, false), new SSecurityVncAuth(sc));
   case secTypeX509Plain:
-    return new SSecurityStack(secTypeX509Plain, new SSecurityTLS(false), new SSecurityPlain());
+    return new SSecurityStack(sc, secTypeX509Plain, new SSecurityTLS(sc, false), new SSecurityPlain(sc));
 #endif
   }
 
diff --git a/common/rfb/SecurityServer.h b/common/rfb/SecurityServer.h
index 019d67f..354f642 100644
--- a/common/rfb/SecurityServer.h
+++ b/common/rfb/SecurityServer.h
@@ -24,7 +24,8 @@
 #include <rfb/Security.h>
 
 namespace rfb {
-  
+
+  class SConnection;
   class SSecurity;
 
   class SecurityServer : public Security {
@@ -32,7 +33,7 @@
     SecurityServer(void) : Security(secTypes) {}
 
     /* Create server side SSecurity class instance */
-    SSecurity* GetSSecurity(rdr::U32 secType);
+    SSecurity* GetSSecurity(SConnection* sc, rdr::U32 secType);
 
     static StringParameter secTypes;
   };