blob: 6175ec1ce7bcc05bd1b0e38d81dcec613f04aa71 [file] [log] [blame]
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +00001/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved.
Adam Tkacdf799702010-04-28 15:45:53 +00002 * Copyright (C) 2010 TigerVNC Team
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +00003 *
4 * This is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This software is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this software; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17 * USA.
18 */
Adam Tkacdf799702010-04-28 15:45:53 +000019
20#ifdef HAVE_CONFIG_H
21#include <config.h>
22#endif
23
Adam Tkac1d15e2d2010-04-23 14:06:38 +000024#include <assert.h>
25#include <stdlib.h>
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +000026#include <string.h>
27#ifdef _WIN32
28#define strcasecmp _stricmp
29#endif
Adam Tkacc210e8a2010-04-23 14:09:16 +000030#include <rfb/CSecurityNone.h>
Adam Tkacb10489b2010-04-23 14:16:04 +000031#include <rfb/CSecurityVeNCrypt.h>
Adam Tkacc210e8a2010-04-23 14:09:16 +000032#include <rfb/CSecurityVncAuth.h>
Adam Tkac1d15e2d2010-04-23 14:06:38 +000033#include <rdr/Exception.h>
34#include <rfb/LogWriter.h>
Adam Tkacb6eb3992010-04-23 14:05:00 +000035#include <rfb/Security.h>
Adam Tkac1d15e2d2010-04-23 14:06:38 +000036#include <rfb/SSecurityNone.h>
Adam Tkac1d15e2d2010-04-23 14:06:38 +000037#include <rfb/SSecurityVncAuth.h>
Adam Tkacdf799702010-04-28 15:45:53 +000038#ifdef HAVE_GNUTLS
Adam Tkacdfe19cf2010-04-23 14:14:11 +000039#include <rfb/SSecurityVeNCrypt.h>
Adam Tkacdf799702010-04-28 15:45:53 +000040#endif
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +000041#include <rfb/util.h>
42
Adam Tkac1d15e2d2010-04-23 14:06:38 +000043using namespace rdr;
44using namespace rfb;
45using namespace std;
46
47static LogWriter vlog("Security");
48
Adam Tkacb10489b2010-04-23 14:16:04 +000049UserPasswdGetter *CSecurity::upg = NULL;
50
Adam Tkaca6578bf2010-04-23 14:07:41 +000051StringParameter Security::secTypes
52("SecurityTypes",
53 "Specify which security scheme to use (None, VncAuth)",
Adam Tkacb10489b2010-04-23 14:16:04 +000054 "VncAuth");
Adam Tkaca6578bf2010-04-23 14:07:41 +000055
Adam Tkacb10489b2010-04-23 14:16:04 +000056Security::Security(void)
Adam Tkac1d15e2d2010-04-23 14:06:38 +000057{
Adam Tkaca6578bf2010-04-23 14:07:41 +000058 char *secTypesStr = secTypes.getData();
Adam Tkac1d15e2d2010-04-23 14:06:38 +000059
60 enabledSecTypes = parseSecTypes(secTypesStr);
61
62 delete secTypesStr;
63}
64
Adam Tkac0c77e512010-07-20 15:10:16 +000065const std::list<rdr::U8> Security::GetEnabledSecTypes(void)
Adam Tkac1d15e2d2010-04-23 14:06:38 +000066{
Adam Tkac0c77e512010-07-20 15:10:16 +000067 list<rdr::U8> result;
68 list<U32>::iterator i;
69
70 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
71 if (*i < 0x100)
72 result.push_back(*i);
73
74 return result;
75}
76
77const std::list<rdr::U32> Security::GetEnabledExtSecTypes(void)
78{
79 list<rdr::U32> result;
80 list<U32>::iterator i;
81
82 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
83 if (*i >= 0x100)
84 result.push_back(*i);
85
86 return result;
87}
88
89void Security::EnableSecType(U32 secType)
90{
91 list<U32>::iterator i;
Adam Tkac1d15e2d2010-04-23 14:06:38 +000092
93 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
94 if (*i == secType)
95 return;
96
97 enabledSecTypes.push_back(secType);
98}
99
Adam Tkac0c77e512010-07-20 15:10:16 +0000100bool Security::IsSupported(U32 secType)
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000101{
Adam Tkac0c77e512010-07-20 15:10:16 +0000102 list<U32>::iterator i;
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000103
104 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
105 if (*i == secType)
106 return true;
107
108 return false;
109}
110
Adam Tkac0c77e512010-07-20 15:10:16 +0000111SSecurity* Security::GetSSecurity(U32 secType)
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000112{
113 if (!IsSupported(secType))
114 goto bail;
115
116 switch (secType) {
117 case secTypeNone: return new SSecurityNone();
118 case secTypeVncAuth: return new SSecurityVncAuth();
Adam Tkacdf799702010-04-28 15:45:53 +0000119#ifdef HAVE_GNUTLS
Adam Tkacdfe19cf2010-04-23 14:14:11 +0000120 case secTypeVeNCrypt: return new SSecurityVeNCrypt();
Adam Tkacdf799702010-04-28 15:45:53 +0000121#endif
Adam Tkacc210e8a2010-04-23 14:09:16 +0000122 }
123
124bail:
125 throw Exception("Security type not supported");
126}
127
Adam Tkac0c77e512010-07-20 15:10:16 +0000128CSecurity* Security::GetCSecurity(U32 secType)
Adam Tkacc210e8a2010-04-23 14:09:16 +0000129{
Adam Tkacb10489b2010-04-23 14:16:04 +0000130 assert (CSecurity::upg != NULL); /* (upg == NULL) means bug in the viewer */
Adam Tkacc210e8a2010-04-23 14:09:16 +0000131
132 if (!IsSupported(secType))
133 goto bail;
134
135 switch (secType) {
136 case secTypeNone: return new CSecurityNone();
Adam Tkacb10489b2010-04-23 14:16:04 +0000137 case secTypeVncAuth: return new CSecurityVncAuth();
Adam Tkacdf799702010-04-28 15:45:53 +0000138#ifdef HAVE_GNUTLS
Adam Tkacb10489b2010-04-23 14:16:04 +0000139 case secTypeVeNCrypt: return new CSecurityVeNCrypt();
Adam Tkacdf799702010-04-28 15:45:53 +0000140#endif
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000141 }
142
143bail:
144 throw Exception("Security type not supported");
145}
146
Adam Tkac0c77e512010-07-20 15:10:16 +0000147rdr::U32 rfb::secTypeNum(const char* name)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000148{
149 if (strcasecmp(name, "None") == 0) return secTypeNone;
150 if (strcasecmp(name, "VncAuth") == 0) return secTypeVncAuth;
151 if (strcasecmp(name, "Tight") == 0) return secTypeTight;
152 if (strcasecmp(name, "RA2") == 0) return secTypeRA2;
153 if (strcasecmp(name, "RA2ne") == 0) return secTypeRA2ne;
154 if (strcasecmp(name, "SSPI") == 0) return secTypeSSPI;
Adam Tkacdfe19cf2010-04-23 14:14:11 +0000155 if (strcasecmp(name, "SSPIne") == 0) return secTypeSSPIne;
156 if (strcasecmp(name, "VeNCrypt") == 0) return secTypeVeNCrypt;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000157
158 /* VeNCrypt subtypes */
159 if (strcasecmp(name, "TLSNone") == 0) return secTypeTLSNone;
160 if (strcasecmp(name, "TLSVnc") == 0) return secTypeTLSVnc;
161#if 0 /* Currently not implemented */
162 if (strcasecmp(name, "X509None") == 0) return secTypeX509None;
163 if (strcasecmp(name, "X509Vnc") == 0) return secTypeX509Vnc;
164 if (strcasecmp(name, "TLSPlain") == 0) return secTypeTLSPlain;
165 if (strcasecmp(name, "X509Plain") == 0) return secTypeX509Plain;
166#endif
167
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000168 return secTypeInvalid;
169}
170
Adam Tkac0c77e512010-07-20 15:10:16 +0000171const char* rfb::secTypeName(rdr::U32 num)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000172{
173 switch (num) {
174 case secTypeNone: return "None";
175 case secTypeVncAuth: return "VncAuth";
176 case secTypeTight: return "Tight";
177 case secTypeRA2: return "RA2";
178 case secTypeRA2ne: return "RA2ne";
179 case secTypeSSPI: return "SSPI";
180 case secTypeSSPIne: return "SSPIne";
Adam Tkacdfe19cf2010-04-23 14:14:11 +0000181 case secTypeVeNCrypt: return "VeNCrypt";
Adam Tkacb3e60c62010-07-20 15:10:59 +0000182
183 /* VeNCrypt subtypes */
184 case secTypeTLSNone: return "TLSNone";
185 case secTypeTLSVnc: return "TLSVnc";
186#if 0 /* Currently not implemented */
187 case secTypePlain: return "Plain";
188 case secTypeTLSPlain: return "TLSPlain";
189 case secTypeX509None: return "X509None";
190 case secTypeX509Vnc: return "X509Vnc";
191 case secTypeX509Plain: return "X509Plain";
192#endif
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000193 default: return "[unknown secType]";
194 }
195}
196
Adam Tkac0c77e512010-07-20 15:10:16 +0000197std::list<rdr::U32> rfb::parseSecTypes(const char* types_)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000198{
Adam Tkac0c77e512010-07-20 15:10:16 +0000199 std::list<rdr::U32> result;
Adam Tkacd36b6262009-09-04 10:57:20 +0000200 CharArray types(strDup(types_)), type;
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000201 while (types.buf) {
202 strSplit(types.buf, ',', &type.buf, &types.buf);
Adam Tkac0c77e512010-07-20 15:10:16 +0000203 rdr::U32 typeNum = secTypeNum(type.buf);
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000204 if (typeNum != secTypeInvalid)
205 result.push_back(typeNum);
206 }
207 return result;
208}