blob: 874c346f335eb6caba71d810c4fca384b87ca5d8 [file] [log] [blame]
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +00001/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved.
Adam Tkacdf799702010-04-28 15:45:53 +00002 * Copyright (C) 2010 TigerVNC Team
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +00003 *
4 * This is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This software is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this software; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17 * USA.
18 */
Adam Tkacdf799702010-04-28 15:45:53 +000019
20#ifdef HAVE_CONFIG_H
21#include <config.h>
22#endif
23
Adam Tkac1d15e2d2010-04-23 14:06:38 +000024#include <assert.h>
25#include <stdlib.h>
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +000026#include <string.h>
27#ifdef _WIN32
28#define strcasecmp _stricmp
29#endif
Adam Tkacc210e8a2010-04-23 14:09:16 +000030#include <rfb/CSecurityNone.h>
Adam Tkac707d3612010-07-20 15:16:10 +000031#include <rfb/CSecurityStack.h>
Adam Tkacb10489b2010-04-23 14:16:04 +000032#include <rfb/CSecurityVeNCrypt.h>
Adam Tkacc210e8a2010-04-23 14:09:16 +000033#include <rfb/CSecurityVncAuth.h>
Adam Tkac8c048382010-09-02 12:37:00 +000034#include <rfb/CSecurityPlain.h>
Adam Tkac1d15e2d2010-04-23 14:06:38 +000035#include <rdr/Exception.h>
36#include <rfb/LogWriter.h>
Adam Tkacb6eb3992010-04-23 14:05:00 +000037#include <rfb/Security.h>
Adam Tkac1d15e2d2010-04-23 14:06:38 +000038#include <rfb/SSecurityNone.h>
Adam Tkac707d3612010-07-20 15:16:10 +000039#include <rfb/SSecurityStack.h>
Adam Tkac1d15e2d2010-04-23 14:06:38 +000040#include <rfb/SSecurityVncAuth.h>
Adam Tkacdfe19cf2010-04-23 14:14:11 +000041#include <rfb/SSecurityVeNCrypt.h>
Adam Tkac707d3612010-07-20 15:16:10 +000042#ifdef HAVE_GNUTLS
Adam Tkac3c5be392010-07-21 09:27:34 +000043#include <rfb/CSecurityTLS.h>
Adam Tkac21b61a52010-07-21 09:19:00 +000044#include <rfb/SSecurityTLS.h>
Adam Tkacdf799702010-04-28 15:45:53 +000045#endif
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +000046#include <rfb/util.h>
47
Adam Tkac1d15e2d2010-04-23 14:06:38 +000048using namespace rdr;
49using namespace rfb;
50using namespace std;
51
52static LogWriter vlog("Security");
53
Adam Tkacb10489b2010-04-23 14:16:04 +000054UserPasswdGetter *CSecurity::upg = NULL;
55
Adam Tkacfb993152010-08-12 14:17:28 +000056StringParameter Security::secTypesViewer
Adam Tkaca6578bf2010-04-23 14:07:41 +000057("SecurityTypes",
58 "Specify which security scheme to use (None, VncAuth)",
Adam Tkac80fb7ef2010-08-12 14:24:43 +000059#ifdef HAVE_GNUTLS
Adam Tkac8c048382010-09-02 12:37:00 +000060 "VeNCrypt,X509Plain,TLSPlain,X509Vnc,TLSVnc,X509None,TLSNone,VncAuth,None",
Adam Tkac80fb7ef2010-08-12 14:24:43 +000061#else
62 "VncAuth,None",
63#endif
64ConfViewer);
Adam Tkaca6578bf2010-04-23 14:07:41 +000065
Adam Tkacfb993152010-08-12 14:17:28 +000066StringParameter Security::secTypesServer
67("SecurityTypes",
68 "Specify which security scheme to use (None, VncAuth)",
Adam Tkac80fb7ef2010-08-12 14:24:43 +000069#ifdef HAVE_GNUTLS
70 "VeNCrypt,TLSVnc,VncAuth",
71#else
72 "VncAuth",
73#endif
74ConfServer);
Adam Tkacfb993152010-08-12 14:17:28 +000075
76Security::Security(SecurityClassType secClassType)
Adam Tkac1d15e2d2010-04-23 14:06:38 +000077{
Adam Tkacfb993152010-08-12 14:17:28 +000078 char *secTypesStr;
79
80 switch (secClassType) {
81 case SecurityViewer:
82 secTypesStr = secTypesViewer.getData();
83 break;
84 case SecurityServer:
85 secTypesStr = secTypesServer.getData();
86 break;
87 };
Adam Tkac1d15e2d2010-04-23 14:06:38 +000088
89 enabledSecTypes = parseSecTypes(secTypesStr);
90
91 delete secTypesStr;
92}
93
Adam Tkac0c77e512010-07-20 15:10:16 +000094const std::list<rdr::U8> Security::GetEnabledSecTypes(void)
Adam Tkac1d15e2d2010-04-23 14:06:38 +000095{
Adam Tkac0c77e512010-07-20 15:10:16 +000096 list<rdr::U8> result;
97 list<U32>::iterator i;
98
99 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
100 if (*i < 0x100)
101 result.push_back(*i);
102
103 return result;
104}
105
106const std::list<rdr::U32> Security::GetEnabledExtSecTypes(void)
107{
108 list<rdr::U32> result;
109 list<U32>::iterator i;
110
111 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
Adam Tkac95e2fe82010-08-12 13:54:59 +0000112 if (*i != secTypeVeNCrypt) /* Do not include VeNCrypt type to avoid loops */
Adam Tkac0c77e512010-07-20 15:10:16 +0000113 result.push_back(*i);
114
115 return result;
116}
117
118void Security::EnableSecType(U32 secType)
119{
120 list<U32>::iterator i;
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000121
122 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
123 if (*i == secType)
124 return;
125
126 enabledSecTypes.push_back(secType);
127}
128
Adam Tkac0c77e512010-07-20 15:10:16 +0000129bool Security::IsSupported(U32 secType)
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000130{
Adam Tkac0c77e512010-07-20 15:10:16 +0000131 list<U32>::iterator i;
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000132
133 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
134 if (*i == secType)
135 return true;
136
137 return false;
138}
139
Adam Tkac0c77e512010-07-20 15:10:16 +0000140SSecurity* Security::GetSSecurity(U32 secType)
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000141{
142 if (!IsSupported(secType))
143 goto bail;
144
145 switch (secType) {
146 case secTypeNone: return new SSecurityNone();
147 case secTypeVncAuth: return new SSecurityVncAuth();
Adam Tkaca0325932010-07-20 15:14:08 +0000148 case secTypeVeNCrypt: return new SSecurityVeNCrypt(this);
Adam Tkac707d3612010-07-20 15:16:10 +0000149#ifdef HAVE_GNUTLS
150 case secTypeTLSNone:
Adam Tkac21b61a52010-07-21 09:19:00 +0000151 return new SSecurityStack(secTypeTLSNone, new SSecurityTLS(true));
Adam Tkac707d3612010-07-20 15:16:10 +0000152 case secTypeTLSVnc:
Adam Tkac21b61a52010-07-21 09:19:00 +0000153 return new SSecurityStack(secTypeTLSVnc, new SSecurityTLS(true), new SSecurityVncAuth());
Adam Tkac5bf73fb2010-07-21 09:08:24 +0000154 case secTypeX509None:
Adam Tkac21b61a52010-07-21 09:19:00 +0000155 return new SSecurityStack(secTypeX509None, new SSecurityTLS(false));
Adam Tkac5bf73fb2010-07-21 09:08:24 +0000156 case secTypeX509Vnc:
Adam Tkac21b61a52010-07-21 09:19:00 +0000157 return new SSecurityStack(secTypeX509None, new SSecurityTLS(false), new SSecurityVncAuth());
Adam Tkacdf799702010-04-28 15:45:53 +0000158#endif
Adam Tkacc210e8a2010-04-23 14:09:16 +0000159 }
160
161bail:
162 throw Exception("Security type not supported");
163}
164
Adam Tkac0c77e512010-07-20 15:10:16 +0000165CSecurity* Security::GetCSecurity(U32 secType)
Adam Tkacc210e8a2010-04-23 14:09:16 +0000166{
Adam Tkacb10489b2010-04-23 14:16:04 +0000167 assert (CSecurity::upg != NULL); /* (upg == NULL) means bug in the viewer */
Adam Tkacc210e8a2010-04-23 14:09:16 +0000168
169 if (!IsSupported(secType))
170 goto bail;
171
172 switch (secType) {
173 case secTypeNone: return new CSecurityNone();
Adam Tkacb10489b2010-04-23 14:16:04 +0000174 case secTypeVncAuth: return new CSecurityVncAuth();
Adam Tkaca0325932010-07-20 15:14:08 +0000175 case secTypeVeNCrypt: return new CSecurityVeNCrypt(this);
Adam Tkac8c048382010-09-02 12:37:00 +0000176 case secTypePlain: return new CSecurityPlain();
Adam Tkac707d3612010-07-20 15:16:10 +0000177#ifdef HAVE_GNUTLS
178 case secTypeTLSNone:
179 return new CSecurityStack(secTypeTLSNone, "TLS with no password",
Adam Tkac3c5be392010-07-21 09:27:34 +0000180 new CSecurityTLS(true));
Adam Tkac707d3612010-07-20 15:16:10 +0000181 case secTypeTLSVnc:
182 return new CSecurityStack(secTypeTLSVnc, "TLS with VNCAuth",
Adam Tkac3c5be392010-07-21 09:27:34 +0000183 new CSecurityTLS(true), new CSecurityVncAuth());
Adam Tkac8c048382010-09-02 12:37:00 +0000184 case secTypeTLSPlain:
185 return new CSecurityStack(secTypeTLSPlain, "TLS with Username/Password",
186 new CSecurityTLS(true), new CSecurityPlain());
Adam Tkacf5f6a002010-07-21 09:09:19 +0000187 case secTypeX509None:
188 return new CSecurityStack(secTypeX509None, "X509 with no password",
Adam Tkac3c5be392010-07-21 09:27:34 +0000189 new CSecurityTLS(false));
Adam Tkacf5f6a002010-07-21 09:09:19 +0000190 case secTypeX509Vnc:
191 return new CSecurityStack(secTypeX509None, "X509 with VNCAuth",
Adam Tkac3c5be392010-07-21 09:27:34 +0000192 new CSecurityTLS(false), new CSecurityVncAuth());
Adam Tkac8c048382010-09-02 12:37:00 +0000193 case secTypeX509Plain:
194 return new CSecurityStack(secTypeX509Plain, "X509 with Username/Password",
195 new CSecurityTLS(false), new CSecurityPlain());
Adam Tkacdf799702010-04-28 15:45:53 +0000196#endif
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000197 }
198
199bail:
200 throw Exception("Security type not supported");
201}
202
Adam Tkac0c77e512010-07-20 15:10:16 +0000203rdr::U32 rfb::secTypeNum(const char* name)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000204{
205 if (strcasecmp(name, "None") == 0) return secTypeNone;
206 if (strcasecmp(name, "VncAuth") == 0) return secTypeVncAuth;
207 if (strcasecmp(name, "Tight") == 0) return secTypeTight;
208 if (strcasecmp(name, "RA2") == 0) return secTypeRA2;
209 if (strcasecmp(name, "RA2ne") == 0) return secTypeRA2ne;
210 if (strcasecmp(name, "SSPI") == 0) return secTypeSSPI;
Adam Tkacdfe19cf2010-04-23 14:14:11 +0000211 if (strcasecmp(name, "SSPIne") == 0) return secTypeSSPIne;
212 if (strcasecmp(name, "VeNCrypt") == 0) return secTypeVeNCrypt;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000213
214 /* VeNCrypt subtypes */
Adam Tkac957a5ae2010-07-20 15:12:41 +0000215 if (strcasecmp(name, "Plain") == 0) return secTypePlain;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000216 if (strcasecmp(name, "TLSNone") == 0) return secTypeTLSNone;
217 if (strcasecmp(name, "TLSVnc") == 0) return secTypeTLSVnc;
Adam Tkac957a5ae2010-07-20 15:12:41 +0000218 if (strcasecmp(name, "TLSPlain") == 0) return secTypeTLSPlain;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000219 if (strcasecmp(name, "X509None") == 0) return secTypeX509None;
220 if (strcasecmp(name, "X509Vnc") == 0) return secTypeX509Vnc;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000221 if (strcasecmp(name, "X509Plain") == 0) return secTypeX509Plain;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000222
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000223 return secTypeInvalid;
224}
225
Adam Tkac0c77e512010-07-20 15:10:16 +0000226const char* rfb::secTypeName(rdr::U32 num)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000227{
228 switch (num) {
229 case secTypeNone: return "None";
230 case secTypeVncAuth: return "VncAuth";
231 case secTypeTight: return "Tight";
232 case secTypeRA2: return "RA2";
233 case secTypeRA2ne: return "RA2ne";
234 case secTypeSSPI: return "SSPI";
235 case secTypeSSPIne: return "SSPIne";
Adam Tkacdfe19cf2010-04-23 14:14:11 +0000236 case secTypeVeNCrypt: return "VeNCrypt";
Adam Tkacb3e60c62010-07-20 15:10:59 +0000237
238 /* VeNCrypt subtypes */
Adam Tkac957a5ae2010-07-20 15:12:41 +0000239 case secTypePlain: return "Plain";
Adam Tkacb3e60c62010-07-20 15:10:59 +0000240 case secTypeTLSNone: return "TLSNone";
241 case secTypeTLSVnc: return "TLSVnc";
Adam Tkacb3e60c62010-07-20 15:10:59 +0000242 case secTypeTLSPlain: return "TLSPlain";
243 case secTypeX509None: return "X509None";
244 case secTypeX509Vnc: return "X509Vnc";
245 case secTypeX509Plain: return "X509Plain";
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000246 default: return "[unknown secType]";
247 }
248}
249
Adam Tkac0c77e512010-07-20 15:10:16 +0000250std::list<rdr::U32> rfb::parseSecTypes(const char* types_)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000251{
Adam Tkac0c77e512010-07-20 15:10:16 +0000252 std::list<rdr::U32> result;
Adam Tkacd36b6262009-09-04 10:57:20 +0000253 CharArray types(strDup(types_)), type;
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000254 while (types.buf) {
255 strSplit(types.buf, ',', &type.buf, &types.buf);
Adam Tkac0c77e512010-07-20 15:10:16 +0000256 rdr::U32 typeNum = secTypeNum(type.buf);
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000257 if (typeNum != secTypeInvalid)
258 result.push_back(typeNum);
259 }
260 return result;
261}