[Development] Implement VeNCrypt type support on client side. Currently only
TLSNone and TLSVnc VeNCrypt subtypes are implemented.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4046 3789f03b-4d11-0410-bbf8-ca57d06f2519
diff --git a/common/rfb/CSecurity.h b/common/rfb/CSecurity.h
index 90a01d7..36da5c7 100644
--- a/common/rfb/CSecurity.h
+++ b/common/rfb/CSecurity.h
@@ -38,6 +38,8 @@
#ifndef __RFB_CSECURITY_H__
#define __RFB_CSECURITY_H__
+#include <rfb/UserPasswdGetter.h>
+
namespace rfb {
class CConnection;
class CSecurity {
@@ -47,6 +49,12 @@
virtual void destroy() { delete this; }
virtual int getType() const = 0;
virtual const char* description() const = 0;
+
+ /*
+ * Use variable directly instead of dumb get/set methods.
+ * It MUST be set by viewer.
+ */
+ static UserPasswdGetter *upg;
};
}
#endif
diff --git a/common/rfb/CSecurityStack.cxx b/common/rfb/CSecurityStack.cxx
new file mode 100644
index 0000000..cfc60fd
--- /dev/null
+++ b/common/rfb/CSecurityStack.cxx
@@ -0,0 +1,65 @@
+/* Copyright (C) 2005 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+#include <rfb/CSecurityStack.h>
+
+using namespace rfb;
+
+CSecurityStack::CSecurityStack(int Type, const char*Name, CSecurity* s0,
+ CSecurity* s1)
+ :name(Name),type(Type)
+{
+ state = 0;
+ state0 = s0;
+ state1 = s1;
+}
+
+CSecurityStack::~CSecurityStack()
+{
+ if (state0)
+ delete state0;
+ if (state1)
+ delete state1;
+}
+
+bool CSecurityStack::processMsg(CConnection* cc)
+{
+ bool res=true;
+ if (state == 0) {
+ if (state0)
+ res = state0->processMsg(cc);
+
+ if (!res)
+ return res;
+
+ state++;
+ }
+
+ if (state == 1) {
+ if(state1)
+ res = state1->processMsg(cc);
+
+ if(!res)
+ return res;
+
+ state++;
+ }
+
+ return res;
+}
diff --git a/common/rfb/CSecurityStack.h b/common/rfb/CSecurityStack.h
new file mode 100644
index 0000000..a5205d7
--- /dev/null
+++ b/common/rfb/CSecurityStack.h
@@ -0,0 +1,43 @@
+/* Copyright (C) 2005 Martin Koegler
+ * Copyright (C) 2006 OCCAM Financial Technology
+ * Copyright (C) 2010 TigerVNC Team
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+#ifndef __RFB_CSECURITYSTACK_H__
+#define __RFB_CSECURITYSTACK_H__
+
+#include <rfb/CSecurity.h>
+#include <rfb/Security.h>
+
+namespace rfb {
+
+ class CSecurityStack : public CSecurity {
+ public:
+ CSecurityStack(int Type, const char *Name, CSecurity* s0 = 0, CSecurity* s1 = 0);
+ ~CSecurityStack();
+ virtual bool processMsg(CConnection* cc);
+ virtual int getType() const {return type;};
+ virtual const char* description() const {return name;}
+ protected:
+ int state;
+ CSecurity* state0;
+ CSecurity* state1;
+ const char* name;
+ int type;
+ };
+}
+#endif
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
new file mode 100644
index 0000000..6bd2fa7
--- /dev/null
+++ b/common/rfb/CSecurityTLS.cxx
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2004 Red Hat Inc.
+ * Copyright (C) 2005 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_GNUTLS
+
+#include <rfb/CSecurityTLS.h>
+
+
+using namespace rfb;
+
+CSecurityTLS::CSecurityTLS() : anon_cred(0)
+{
+}
+
+CSecurityTLS::~CSecurityTLS()
+{
+ shutdown();
+ if (anon_cred)
+ gnutls_anon_free_client_credentials (anon_cred);
+}
+
+
+void CSecurityTLS::freeResources()
+{
+ if (anon_cred)
+ gnutls_anon_free_client_credentials(anon_cred);
+ anon_cred=0;
+ }
+
+void CSecurityTLS::setParam(gnutls_session session)
+{
+ int kx_priority[] = { GNUTLS_KX_ANON_DH, 0 };
+ gnutls_kx_set_priority(session, kx_priority);
+
+ gnutls_anon_allocate_client_credentials(&anon_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
+}
+
+void CSecurityTLS::checkSession(gnutls_session session)
+{
+
+}
+
+#endif /* HAVE_GNUTLS */
diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h
new file mode 100644
index 0000000..a2bcc57
--- /dev/null
+++ b/common/rfb/CSecurityTLS.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2004 Red Hat Inc.
+ * Copyright (C) 2005 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+#ifndef __C_SECURITY_TLS_H__
+#define __C_SECURITY_TLS_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_GNUTLS
+
+#include <rfb/CSecurityTLSBase.h>
+#include <rfb/SSecurityVeNCrypt.h>
+
+namespace rfb {
+ class CSecurityTLS : public CSecurityTLSBase {
+ public:
+ CSecurityTLS();
+ virtual ~CSecurityTLS();
+ virtual int getType() const { return secTypeTLSNone; };
+ virtual const char* description() const { return "TLS Encryption without VncAuth"; }
+ protected:
+ virtual void freeResources();
+ virtual void setParam(gnutls_session session);
+ virtual void checkSession(gnutls_session session);
+
+ private:
+ gnutls_anon_client_credentials anon_cred;
+ };
+}
+
+#endif /* HAVE_GNUTLS */
+
+#endif /* __C_SECURITY_TLS_H__ */
diff --git a/common/rfb/CSecurityTLSBase.cxx b/common/rfb/CSecurityTLSBase.cxx
new file mode 100644
index 0000000..0755f36
--- /dev/null
+++ b/common/rfb/CSecurityTLSBase.cxx
@@ -0,0 +1,139 @@
+/*
+ * Copyright (C) 2004 Red Hat Inc.
+ * Copyright (C) 2005 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_GNUTLS
+
+#include <rfb/CSecurityTLSBase.h>
+#include <rfb/CConnection.h>
+#include <rfb/LogWriter.h>
+#include <rfb/Exception.h>
+#include <rdr/TLSInStream.h>
+#include <rdr/TLSOutStream.h>
+
+#define TLS_DEBUG
+
+using namespace rfb;
+
+static LogWriter vlog("TLS");
+
+#ifdef TLS_DEBUG
+static void debug_log(int level, const char* str)
+{
+ vlog.debug(str);
+}
+#endif
+
+void CSecurityTLSBase::initGlobal()
+{
+ static bool globalInitDone = false;
+
+ if (!globalInitDone) {
+ gnutls_global_init();
+
+#ifdef TLS_DEBUG
+ gnutls_global_set_log_level(10);
+ gnutls_global_set_log_function(debug_log);
+#endif
+
+ globalInitDone = true;
+ }
+}
+
+CSecurityTLSBase::CSecurityTLSBase() : session(0)
+{
+ fis = 0;
+ fos = 0;
+}
+
+void CSecurityTLSBase::shutdown()
+{
+ if(session)
+ ;//gnutls_bye(session, GNUTLS_SHUT_RDWR);
+}
+
+
+CSecurityTLSBase::~CSecurityTLSBase()
+{
+ if (session) {
+ //gnutls_bye(session, GNUTLS_SHUT_RDWR);
+ gnutls_deinit (session);
+ session = 0;
+ }
+ if (fis)
+ delete fis;
+ if (fos)
+ delete fos;
+ /* FIXME: should be doing gnutls_global_deinit() at some point */
+}
+
+bool CSecurityTLSBase::processMsg(CConnection* cc)
+{
+ rdr::InStream* is = cc->getInStream();
+ rdr::OutStream* os = cc->getOutStream();
+ client = cc;
+
+ initGlobal();
+
+ if (!session) {
+ if (!is->checkNoWait(1))
+ return false;
+
+ if (is->readU8() == 0)
+ return true;
+
+ gnutls_init(&session, GNUTLS_CLIENT);
+ gnutls_set_default_priority(session);
+
+ setParam(session);
+
+ gnutls_transport_set_pull_function(session, rdr::gnutls_InStream_pull);
+ gnutls_transport_set_push_function(session, rdr::gnutls_OutStream_push);
+ gnutls_transport_set_ptr2(session,
+ (gnutls_transport_ptr) is,
+ (gnutls_transport_ptr) os);
+ }
+
+ int err;
+ err = gnutls_handshake(session);
+ if (err != GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(err))
+ return false;
+
+ if (err != GNUTLS_E_SUCCESS) {
+ vlog.error("TLS Handshake failed: %s\n", gnutls_strerror (err));
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+ freeResources();
+ gnutls_deinit(session);
+ session = 0;
+ throw AuthFailureException("TLS Handshake failed");
+ }
+ checkSession(session);
+
+ cc->setStreams(fis = new rdr::TLSInStream(is, session),
+ fos = new rdr::TLSOutStream(os, session));
+
+ return true;
+}
+
+#endif /* HAVE_GNUTLS */
diff --git a/common/rfb/CSecurityTLSBase.h b/common/rfb/CSecurityTLSBase.h
new file mode 100644
index 0000000..3839ebc
--- /dev/null
+++ b/common/rfb/CSecurityTLSBase.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2004 Red Hat Inc.
+ * Copyright (C) 2005 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+#ifndef __C_SECURITY_TLSBASE_H__
+#define __C_SECURITY_TLSBASE_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_GNUTLS
+
+#include <rfb/CSecurity.h>
+#include <rfb/Security.h>
+#include <rdr/InStream.h>
+#include <rdr/OutStream.h>
+#include <gnutls/gnutls.h>
+
+namespace rfb {
+ class CSecurityTLSBase : public CSecurity {
+ public:
+ CSecurityTLSBase();
+ virtual ~CSecurityTLSBase();
+ virtual bool processMsg(CConnection* cc);
+
+ protected:
+ void shutdown();
+ virtual void freeResources() = 0;
+ virtual void setParam(gnutls_session session) = 0;
+ virtual void checkSession(gnutls_session session) = 0;
+ CConnection *client;
+
+ private:
+ static void initGlobal();
+
+ gnutls_session session;
+ rdr::InStream* fis;
+ rdr::OutStream* fos;
+ };
+}
+
+#endif /* HAVE_GNUTLS */
+
+#endif
diff --git a/common/rfb/CSecurityVeNCrypt.cxx b/common/rfb/CSecurityVeNCrypt.cxx
new file mode 100644
index 0000000..12eed8f
--- /dev/null
+++ b/common/rfb/CSecurityVeNCrypt.cxx
@@ -0,0 +1,220 @@
+/*
+ * Copyright (C) 2006 OCCAM Financial Technology
+ * Copyright (C) 2005-2006 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+//
+// CSecurityVeNCrypt
+//
+
+#include <rfb/Exception.h>
+#include <rdr/InStream.h>
+#include <rdr/OutStream.h>
+#include <rfb/CConnection.h>
+#include <rfb/CSecurityTLS.h>
+#include <rfb/CSecurityVeNCrypt.h>
+#include <rfb/CSecurityVncAuth.h>
+#include <rfb/SSecurityVeNCrypt.h>
+#include <list>
+
+using namespace rfb;
+using namespace rdr;
+using namespace std;
+
+CSecurityVeNCrypt::CSecurityVeNCrypt(void) : csecurityStack(NULL)
+{
+ haveRecvdMajorVersion = false;
+ haveRecvdMinorVersion = false;
+ haveSentVersion = false;
+ haveAgreedVersion = false;
+ haveListOfTypes = false;
+ haveNumberOfTypes = false;
+ haveChosenType = false;
+ majorVersion = 0;
+ minorVersion = 0;
+ chosenType = secTypeVeNCrypt;
+ nAvailableTypes = 0;
+ availableTypes = NULL;
+ iAvailableType = 0;
+}
+
+CSecurityVeNCrypt::~CSecurityVeNCrypt()
+{
+ if (availableTypes)
+ delete[] availableTypes;
+}
+
+bool CSecurityVeNCrypt::processMsg(CConnection* cc)
+{
+ InStream* is = cc->getInStream();
+ OutStream* os = cc->getOutStream();
+
+ /* get major, minor versions, send what we can support (or 0.0 for can't support it) */
+ if (!haveRecvdMajorVersion) {
+ majorVersion = is->readU8();
+ haveRecvdMajorVersion = true;
+
+ return false;
+ }
+
+ if (!haveRecvdMinorVersion) {
+ minorVersion = is->readU8();
+ haveRecvdMinorVersion = true;
+ }
+
+ /* major version in upper 8 bits and minor version in lower 8 bits */
+ U16 Version = (((U16) majorVersion) << 8) | ((U16) minorVersion);
+
+ if (!haveSentVersion) {
+ /* Currently we don't support former VeNCrypt 0.1 */
+ if (Version >= 0x0002) {
+ majorVersion = 0;
+ minorVersion = 2;
+ os->writeU8(majorVersion);
+ os->writeU8(minorVersion);
+ os->flush();
+ } else {
+ /* Send 0.0 to indicate no support */
+ majorVersion = 0;
+ minorVersion = 0;
+ os->writeU8(0);
+ os->writeU8(0);
+ os->flush();
+ throw AuthFailureException("The server reported an unsupported VeNCrypt version");
+ }
+
+ haveSentVersion = true;
+ return false;
+ }
+
+ /* Check that the server is OK */
+ if (!haveAgreedVersion) {
+ if (is->readU8())
+ throw AuthFailureException("The server reported it could not support the "
+ "VeNCrypt version");
+
+ haveAgreedVersion = true;
+ return false;
+ }
+
+ /* get a number of types */
+ if (!haveNumberOfTypes) {
+ nAvailableTypes = is->readU8();
+ iAvailableType = 0;
+
+ if (!nAvailableTypes)
+ throw AuthFailureException("The server reported no VeNCrypt sub-types");
+
+ availableTypes = new rdr::U32[nAvailableTypes];
+ haveNumberOfTypes = true;
+ return false;
+ }
+
+ if (nAvailableTypes) {
+ /* read in the types possible */
+ if (!haveListOfTypes) {
+ if (is->checkNoWait(4)) {
+ availableTypes[iAvailableType++] = is->readU32();
+ haveListOfTypes = (iAvailableType >= nAvailableTypes);
+
+ if (!haveListOfTypes)
+ return false;
+
+ } else
+ return false;
+ }
+
+ /* make a choice and send it to the server, meanwhile set up the stack */
+ if (!haveChosenType) {
+ chosenType = 0;
+ U8 i;
+ list<U32>::iterator j;
+ list<U32> preferredList;
+
+ /* Try preferred choice */
+ SSecurityVeNCrypt::getSecTypes(&preferredList);
+
+ for (j = preferredList.begin(); j != preferredList.end(); j++) {
+ for (i = 0; i < nAvailableTypes; i++) {
+ if (*j == availableTypes[i]) {
+ chosenType = *j;
+ break;
+ }
+ }
+
+ if (chosenType)
+ break;
+ }
+
+ /* Set up the stack according to the chosen type: */
+ switch (chosenType) {
+ case secTypeTLSNone:
+ case secTypeTLSVnc:
+ case secTypeTLSPlain:
+ case secTypeX509None:
+ case secTypeX509Vnc:
+ case secTypeX509Plain:
+ csecurityStack = CSecurityVeNCrypt::getCSecurityStack(chosenType);
+ break;
+
+ case secTypeInvalid:
+ case secTypeVeNCrypt: /* would cause looping */
+ default:
+ throw AuthFailureException("No valid VeNCrypt sub-type");
+ }
+
+ /* send chosen type to server */
+ os->writeU32(chosenType);
+ os->flush();
+
+ haveChosenType = true;
+ }
+ } else {
+ /*
+ * Server told us that there are 0 types it can support - this should not
+ * happen, since if the server supports 0 sub-types, it doesn't support
+ * this security type
+ */
+ throw AuthFailureException("The server reported 0 VeNCrypt sub-types");
+ }
+
+ return csecurityStack->processMsg(cc);
+}
+
+CSecurityStack* CSecurityVeNCrypt::getCSecurityStack(int secType)
+{
+ switch (secType) {
+ case secTypeTLSNone:
+ return new CSecurityStack(secTypeTLSNone, "TLS with no password",
+ new CSecurityTLS());
+ case secTypeTLSVnc:
+ return new CSecurityStack(secTypeTLSVnc, "TLS with VNCAuth",
+ new CSecurityTLS(), new CSecurityVncAuth());
+#if 0
+ /* Following subtypes are not implemented, yet */
+ case secTypeTLSPlain:
+ case secTypeX509None:
+ case secTypeX509Vnc:
+ case secTypeX509Plain:
+#endif
+ default:
+ throw Exception("Unsupported VeNCrypt subtype");
+ }
+
+ return NULL; /* not reached */
+}
diff --git a/common/rfb/CSecurityVeNCrypt.h b/common/rfb/CSecurityVeNCrypt.h
new file mode 100644
index 0000000..b466ba7
--- /dev/null
+++ b/common/rfb/CSecurityVeNCrypt.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2005-2006 Martin Koegler
+ * Copyright (C) 2006 OCCAM Financial Technology
+ * Copyright (C) 2010 TigerVNC Team
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+//
+// CSecurityVeNCrypt
+//
+
+#ifndef __CSECURITYVENCRYPT_H__
+#define __CSECURITYVENCRYPT_H__
+
+#include <rfb/CSecurity.h>
+#include <rfb/CSecurityStack.h>
+#include <rfb/Security.h>
+#include <rdr/types.h>
+
+namespace rfb {
+
+ class CSecurityVeNCrypt : public CSecurity {
+ public:
+
+ CSecurityVeNCrypt(void);
+ ~CSecurityVeNCrypt();
+ virtual bool processMsg(CConnection* cc);// { return true; }
+ int getType() const {return chosenType;}
+ virtual const char* description() const { return secTypeName(chosenType); }
+
+ static StringParameter secTypesStr;
+ protected:
+ static CSecurityStack* getCSecurityStack(int secType);
+
+ CSecurityStack *csecurityStack;
+ bool haveRecvdMajorVersion;
+ bool haveRecvdMinorVersion;
+ bool haveSentVersion;
+ bool haveAgreedVersion;
+ bool haveListOfTypes;
+ bool haveNumberOfTypes;
+ bool haveChosenType;
+ rdr::U8 majorVersion, minorVersion;
+ rdr::U32 chosenType;
+ rdr::U8 nAvailableTypes;
+ rdr::U32 *availableTypes;
+ rdr::U8 iAvailableType;
+ const char* desc;
+ };
+}
+#endif
diff --git a/common/rfb/CSecurityVncAuth.cxx b/common/rfb/CSecurityVncAuth.cxx
index ba5a30b..5b53c60 100644
--- a/common/rfb/CSecurityVncAuth.cxx
+++ b/common/rfb/CSecurityVncAuth.cxx
@@ -24,10 +24,10 @@
#include <string.h>
#include <stdio.h>
#include <rfb/CConnection.h>
-#include <rfb/UserPasswdGetter.h>
#include <rfb/Password.h>
#include <rfb/CSecurityVncAuth.h>
#include <rfb/util.h>
+#include <rfb/Security.h>
extern "C" {
#include <rfb/d3des.h>
}
@@ -37,16 +37,6 @@
static const int vncAuthChallengeSize = 16;
-
-CSecurityVncAuth::CSecurityVncAuth(UserPasswdGetter* upg_)
- : upg(upg_)
-{
-}
-
-CSecurityVncAuth::~CSecurityVncAuth()
-{
-}
-
bool CSecurityVncAuth::processMsg(CConnection* cc)
{
rdr::InStream* is = cc->getInStream();
@@ -56,7 +46,7 @@
rdr::U8 challenge[vncAuthChallengeSize];
is->readBytes(challenge, vncAuthChallengeSize);
PlainPasswd passwd;
- upg->getUserPasswd(0, &passwd.buf);
+ (CSecurity::upg)->getUserPasswd(0, &passwd.buf);
// Calculate the correct response
rdr::U8 key[8];
diff --git a/common/rfb/CSecurityVncAuth.h b/common/rfb/CSecurityVncAuth.h
index 820222f..391ed23 100644
--- a/common/rfb/CSecurityVncAuth.h
+++ b/common/rfb/CSecurityVncAuth.h
@@ -23,17 +23,13 @@
namespace rfb {
- class UserPasswdGetter;
-
class CSecurityVncAuth : public CSecurity {
public:
- CSecurityVncAuth(UserPasswdGetter* pg);
- virtual ~CSecurityVncAuth();
+ CSecurityVncAuth(void) {}
+ virtual ~CSecurityVncAuth() {}
virtual bool processMsg(CConnection* cc);
virtual int getType() const {return secTypeVncAuth;};
virtual const char* description() const {return "No Encryption";}
- private:
- UserPasswdGetter* upg;
};
}
#endif
diff --git a/common/rfb/Makefile.am b/common/rfb/Makefile.am
index ee797a8..e936a4f 100644
--- a/common/rfb/Makefile.am
+++ b/common/rfb/Makefile.am
@@ -4,6 +4,8 @@
CMsgHandler.h CMsgReader.h CMsgReaderV3.h CMsgWriter.h \
CMsgWriterV3.h ColourCube.h ColourMap.h ComparingUpdateTracker.h \
Configuration.h ConnParams.h CSecurity.h CSecurityNone.h \
+ CSecurityStack.h CSecurityTLS.h CSecurityTLSBase.h \
+ CSecurityVeNCrypt.h \
CSecurityVncAuth.h Cursor.h Decoder.h d3des.h Encoder.h \
encodings.h Exception.h hextileConstants.h hextileDecode.h \
HextileDecoder.h hextileEncodeBetter.h hextileEncode.h \
@@ -15,7 +17,7 @@
ScaledPixelBuffer.h ScaleFilters.h SConnection.h ScreenSet.h \
screenTypes.h SDesktop.h ServerCore.h SMsgHandler.h \
SMsgReader.h SMsgReaderV3.h SMsgWriter.h SMsgWriterV3.h \
- Security.h SSecurity.h SSecurityNone.h SSecurityPlain.h \
+ SSecurity.h SSecurityNone.h SSecurityPlain.h \
SSecurityStack.h SSecurityTLS.h SSecurityTLSBase.h SSecurityVeNCrypt.h \
SSecurityVncAuth.h Threading.h tightDecode.h \
TightDecoder.h tightEncode.h TightEncoder.h TightPalette.h Timer.h \
@@ -26,6 +28,8 @@
librfb_la_SOURCES = $(HDRS) Blacklist.cxx CConnection.cxx CMsgHandler.cxx \
CMsgReader.cxx CMsgReaderV3.cxx CMsgWriter.cxx CMsgWriterV3.cxx \
+ CSecurityStack.cxx CSecurityTLS.cxx CSecurityTLSBase.cxx \
+ CSecurityVeNCrypt.cxx \
CSecurityVncAuth.cxx CapsContainer.cxx CapsList.cxx \
ComparingUpdateTracker.cxx Configuration.cxx ConnParams.cxx \
Cursor.cxx Decoder.cxx d3des.c Encoder.cxx \
diff --git a/common/rfb/SSecurityVeNCrypt.cxx b/common/rfb/SSecurityVeNCrypt.cxx
index fc83148..926edaa 100644
--- a/common/rfb/SSecurityVeNCrypt.cxx
+++ b/common/rfb/SSecurityVeNCrypt.cxx
@@ -54,7 +54,7 @@
("VeNCryptTypes",
"Specify which security scheme to use for VeNCrypt connections (TLSNone, "
"TLSVnc, TLSPlain, X509None, X509Vnc, X509Plain)",
- "TLSVnc,TLSPlain,X509Vnc,X509Plain", ConfServer);
+ "TLSVnc,TLSPlain,X509Vnc,X509Plain");
SSecurityVeNCrypt::SSecurityVeNCrypt(void)
{
diff --git a/common/rfb/SSecurityVeNCrypt.h b/common/rfb/SSecurityVeNCrypt.h
index 3d1e0e0..526dad1 100644
--- a/common/rfb/SSecurityVeNCrypt.h
+++ b/common/rfb/SSecurityVeNCrypt.h
@@ -49,14 +49,13 @@
static StringParameter X509_CertFile, X509_KeyFile, secTypesStr;
- protected:
- static SSecurityStack* getSSecurityStack(int secType);
-
/* XXX Derive Security class and merge those functions appropriately ? */
static void getSecTypes(std::list<rdr::U32>* secTypes);
static rdr::U32 secTypeNum(const char *name);
static char* secTypeName(rdr::U32 num);
static std::list<rdr::U32> parseSecTypes(const char *types);
+ protected:
+ static SSecurityStack* getSSecurityStack(int secType);
SSecurityStack *ssecurityStack;
bool haveSentVersion, haveRecvdMajorVersion, haveRecvdMinorVersion;
diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx
index 589eaa6..eb99f7c 100644
--- a/common/rfb/Security.cxx
+++ b/common/rfb/Security.cxx
@@ -22,6 +22,7 @@
#define strcasecmp _stricmp
#endif
#include <rfb/CSecurityNone.h>
+#include <rfb/CSecurityVeNCrypt.h>
#include <rfb/CSecurityVncAuth.h>
#include <rdr/Exception.h>
#include <rfb/LogWriter.h>
@@ -37,12 +38,14 @@
static LogWriter vlog("Security");
+UserPasswdGetter *CSecurity::upg = NULL;
+
StringParameter Security::secTypes
("SecurityTypes",
"Specify which security scheme to use (None, VncAuth)",
- "VncAuth", ConfServer);
+ "VncAuth");
-Security::Security(void) : upg(NULL)
+Security::Security(void)
{
char *secTypesStr = secTypes.getData();
@@ -88,16 +91,17 @@
throw Exception("Security type not supported");
}
-CSecurity* Security::GetCSecurity(rdr::U8 secType)
+CSecurity* Security::GetCSecurity(U8 secType)
{
- assert (upg != NULL); /* (upg == NULL) means bug in the viewer */
+ assert (CSecurity::upg != NULL); /* (upg == NULL) means bug in the viewer */
if (!IsSupported(secType))
goto bail;
switch (secType) {
case secTypeNone: return new CSecurityNone();
- case secTypeVncAuth: return new CSecurityVncAuth(upg);
+ case secTypeVncAuth: return new CSecurityVncAuth();
+ case secTypeVeNCrypt: return new CSecurityVeNCrypt();
}
bail:
diff --git a/common/rfb/Security.h b/common/rfb/Security.h
index 3231f1f..f4c9681 100644
--- a/common/rfb/Security.h
+++ b/common/rfb/Security.h
@@ -26,7 +26,6 @@
#include <rfb/Configuration.h>
#include <rfb/CSecurity.h>
#include <rfb/SSecurity.h>
-#include <rfb/UserPasswdGetter.h>
#include <list>
@@ -82,7 +81,6 @@
* Use variable directly instead of dumb get/set methods. It is used
* only in viewer-side code and MUST be set by viewer.
*/
- UserPasswdGetter *upg;
private:
std::list<rdr::U8> enabledSecTypes;
};