commit daf3d88aa1b554c5d6d41116c51517d30cb7c4b7
author Pierre Ossman <ossman@cendio.se> Fri Sep 01 11:14:35 2017 +0200
committer Pierre Ossman <ossman@cendio.se> Fri Sep 01 11:14:35 2017 +0200
tree c8c8ca00aa1a07fe00d05f88ea96ebe1498eff1c
parent 10a48102a4a892daee8ea325f008fccf9663b236

Display security state when asking for password

Indicate to the user how secure the transport channel is so they
can avoid entering their password for untrusted sites.

common/rfb/CConnection.h

diff --git a/common/rfb/CConnection.h b/common/rfb/CConnection.h
index e0a000f..e29c033 100644
--- a/common/rfb/CConnection.h
+++ b/common/rfb/CConnection.h
@@ -134,6 +134,8 @@
     // Identities, to determine the unique(ish) name of the server.
     const char* getServerName() const { return serverName.buf; }
 
+    bool isSecure() const { return csecurity ? csecurity->isSecure() : false; }
+
     enum stateEnum {
       RFBSTATE_UNINITIALISED,
       RFBSTATE_PROTOCOL_VERSION,

common/rfb/CSecurity.h

diff --git a/common/rfb/CSecurity.h b/common/rfb/CSecurity.h
index 36da5c7..3fedc50 100644
--- a/common/rfb/CSecurity.h
+++ b/common/rfb/CSecurity.h
@@ -49,6 +49,7 @@
     virtual void destroy() { delete this; }
     virtual int getType() const = 0;
     virtual const char* description() const = 0;
+    virtual bool isSecure() const { return false; }
 
     /*
      * Use variable directly instead of dumb get/set methods.

common/rfb/CSecurityPlain.cxx

diff --git a/common/rfb/CSecurityPlain.cxx b/common/rfb/CSecurityPlain.cxx
index 0320ce2..8e383c3 100644
--- a/common/rfb/CSecurityPlain.cxx
+++ b/common/rfb/CSecurityPlain.cxx
@@ -33,7 +33,7 @@
   CharArray username;
   CharArray password;
 
-  (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf);
+  (CSecurity::upg)->getUserPasswd(cc->isSecure(), &username.buf, &password.buf);
 
   // Return the response to the server
   os->writeU32(strlen(username.buf));

common/rfb/CSecurityStack.cxx

diff --git a/common/rfb/CSecurityStack.cxx b/common/rfb/CSecurityStack.cxx
index cfc60fd..47c3f6d 100644
--- a/common/rfb/CSecurityStack.cxx
+++ b/common/rfb/CSecurityStack.cxx
@@ -63,3 +63,12 @@
 
   return res;
 }
+
+bool CSecurityStack::isSecure() const
+{
+  if (state0 && state0->isSecure())
+    return true;
+  if (state == 1 && state1 && state1->isSecure())
+    return true;
+  return false;
+}

common/rfb/CSecurityStack.h

diff --git a/common/rfb/CSecurityStack.h b/common/rfb/CSecurityStack.h
index a76b3fe..a16003f 100644
--- a/common/rfb/CSecurityStack.h
+++ b/common/rfb/CSecurityStack.h
@@ -32,6 +32,7 @@
     virtual bool processMsg(CConnection* cc);
     virtual int getType() const {return type;};
     virtual const char* description() const {return name;}
+    virtual bool isSecure() const;
   protected:
     int state;
     CSecurity* state0;

common/rfb/CSecurityTLS.h

diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h
index 57d964d..e726d1e 100644
--- a/common/rfb/CSecurityTLS.h
+++ b/common/rfb/CSecurityTLS.h
@@ -48,6 +48,7 @@
     virtual int getType() const { return anon ? secTypeTLSNone : secTypeX509None; }
     virtual const char* description() const
       { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; }
+    virtual bool isSecure() const { return !anon; }
     static void setDefaults();
 
     static StringParameter X509CA;

common/rfb/CSecurityVeNCrypt.cxx

diff --git a/common/rfb/CSecurityVeNCrypt.cxx b/common/rfb/CSecurityVeNCrypt.cxx
index a15da4a..4a25245 100644
--- a/common/rfb/CSecurityVeNCrypt.cxx
+++ b/common/rfb/CSecurityVeNCrypt.cxx
@@ -191,3 +191,9 @@
   return csecurity->processMsg(cc);
 }
 
+bool CSecurityVeNCrypt::isSecure() const
+{
+  if (csecurity && csecurity->isSecure())
+    return true;
+  return false;
+}

common/rfb/CSecurityVeNCrypt.h

diff --git a/common/rfb/CSecurityVeNCrypt.h b/common/rfb/CSecurityVeNCrypt.h
index 55d0744..1ff0c02 100644
--- a/common/rfb/CSecurityVeNCrypt.h
+++ b/common/rfb/CSecurityVeNCrypt.h
@@ -39,6 +39,7 @@
     virtual bool processMsg(CConnection* cc);// { return true; }
     int getType() const {return chosenType;}
     virtual const char* description() const { return secTypeName(chosenType); }
+    virtual bool isSecure() const;
 
   protected:
     CSecurity *csecurity;

common/rfb/CSecurityVncAuth.cxx

diff --git a/common/rfb/CSecurityVncAuth.cxx b/common/rfb/CSecurityVncAuth.cxx
index f44e56e..46463e0 100644
--- a/common/rfb/CSecurityVncAuth.cxx
+++ b/common/rfb/CSecurityVncAuth.cxx
@@ -49,7 +49,7 @@
   rdr::U8 challenge[vncAuthChallengeSize];
   is->readBytes(challenge, vncAuthChallengeSize);
   PlainPasswd passwd;
-  (CSecurity::upg)->getUserPasswd(0, &passwd.buf);
+  (CSecurity::upg)->getUserPasswd(cc->isSecure(), 0, &passwd.buf);
 
   // Calculate the correct response
   rdr::U8 key[8];

common/rfb/UserPasswdGetter.h

diff --git a/common/rfb/UserPasswdGetter.h b/common/rfb/UserPasswdGetter.h
index 18b0bae..13493e4 100644
--- a/common/rfb/UserPasswdGetter.h
+++ b/common/rfb/UserPasswdGetter.h
@@ -24,7 +24,7 @@
     // dialog, getpass(), etc.  The user buffer pointer can be null, in which
     // case no user name will be retrieved.  The caller MUST delete [] the
     // result(s).
-    virtual void getUserPasswd(char** user, char** password)=0;
+    virtual void getUserPasswd(bool secure, char** user, char** password)=0;
   };
 }
 #endif