Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_tigervnc / f5f6a00dfb329b5e4b8c8349f8cac8b0036abbc9 / . / common / rfb / Security.cxx
blob: 37ecc1533f3a54eb61792d3ce711942ba013a864 [file] [log] [blame]
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]1/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved.
Adam Tkacdf799702010-04-28 15:45:53 +0000[diff] [blame]2 * Copyright (C) 2010 TigerVNC Team
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]3 *
4 * This is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This software is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this software; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17 * USA.
18 */
Adam Tkacdf799702010-04-28 15:45:53 +0000[diff] [blame]19
20#ifdef HAVE_CONFIG_H
21#include <config.h>
22#endif
23
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]24#include <assert.h>
25#include <stdlib.h>
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]26#include <string.h>
27#ifdef _WIN32
28#define strcasecmp _stricmp
29#endif
Adam Tkacc210e8a2010-04-23 14:09:16 +0000[diff] [blame]30#include <rfb/CSecurityNone.h>
Adam Tkac707d3612010-07-20 15:16:10 +0000[diff] [blame]31#include <rfb/CSecurityStack.h>
Adam Tkacb10489b2010-04-23 14:16:04 +0000[diff] [blame]32#include <rfb/CSecurityVeNCrypt.h>
Adam Tkacc210e8a2010-04-23 14:09:16 +0000[diff] [blame]33#include <rfb/CSecurityVncAuth.h>
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]34#include <rdr/Exception.h>
35#include <rfb/LogWriter.h>
Adam Tkacb6eb3992010-04-23 14:05:00 +0000[diff] [blame]36#include <rfb/Security.h>
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]37#include <rfb/SSecurityNone.h>
Adam Tkac707d3612010-07-20 15:16:10 +0000[diff] [blame]38#include <rfb/SSecurityStack.h>
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]39#include <rfb/SSecurityVncAuth.h>
Adam Tkacdfe19cf2010-04-23 14:14:11 +0000[diff] [blame]40#include <rfb/SSecurityVeNCrypt.h>
Adam Tkac707d3612010-07-20 15:16:10 +0000[diff] [blame]41#ifdef HAVE_GNUTLS
42#include <rfb/CSecurityTLS.h>
Adam Tkacf5f6a002010-07-21 09:09:19 +0000[diff] [blame^]43#include <rfb/CSecurityX509.h>
Adam Tkac707d3612010-07-20 15:16:10 +0000[diff] [blame]44#include <rfb/SSecurityTLS.h>
Adam Tkac5bf73fb2010-07-21 09:08:24 +0000[diff] [blame]45#include <rfb/SSecurityX509.h>
Adam Tkacdf799702010-04-28 15:45:53 +0000[diff] [blame]46#endif
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]47#include <rfb/util.h>
48
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]49using namespace rdr;
50using namespace rfb;
51using namespace std;
52
53static LogWriter vlog("Security");
54
Adam Tkacb10489b2010-04-23 14:16:04 +0000[diff] [blame]55UserPasswdGetter *CSecurity::upg = NULL;
56
Adam Tkaca6578bf2010-04-23 14:07:41 +0000[diff] [blame]57StringParameter Security::secTypes
58("SecurityTypes",
59 "Specify which security scheme to use (None, VncAuth)",
Adam Tkacb10489b2010-04-23 14:16:04 +0000[diff] [blame]60 "VncAuth");
Adam Tkaca6578bf2010-04-23 14:07:41 +0000[diff] [blame]61
Adam Tkacb10489b2010-04-23 14:16:04 +0000[diff] [blame]62Security::Security(void)
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]63{
Adam Tkaca6578bf2010-04-23 14:07:41 +0000[diff] [blame]64 char *secTypesStr = secTypes.getData();
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]65
66 enabledSecTypes = parseSecTypes(secTypesStr);
67
68 delete secTypesStr;
69}
70
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]71const std::list<rdr::U8> Security::GetEnabledSecTypes(void)
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]72{
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]73 list<rdr::U8> result;
74 list<U32>::iterator i;
75
76 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
77 if (*i < 0x100)
78 result.push_back(*i);
79
80 return result;
81}
82
83const std::list<rdr::U32> Security::GetEnabledExtSecTypes(void)
84{
85 list<rdr::U32> result;
86 list<U32>::iterator i;
87
88 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
89 if (*i >= 0x100)
90 result.push_back(*i);
91
92 return result;
93}
94
95void Security::EnableSecType(U32 secType)
96{
97 list<U32>::iterator i;
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]98
99 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
100 if (*i == secType)
101 return;
102
103 enabledSecTypes.push_back(secType);
104}
105
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]106bool Security::IsSupported(U32 secType)
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]107{
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]108 list<U32>::iterator i;
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]109
110 for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
111 if (*i == secType)
112 return true;
113
114 return false;
115}
116
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]117SSecurity* Security::GetSSecurity(U32 secType)
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]118{
119 if (!IsSupported(secType))
120 goto bail;
121
122 switch (secType) {
123 case secTypeNone: return new SSecurityNone();
124 case secTypeVncAuth: return new SSecurityVncAuth();
Adam Tkaca0325932010-07-20 15:14:08 +0000[diff] [blame]125 case secTypeVeNCrypt: return new SSecurityVeNCrypt(this);
Adam Tkac707d3612010-07-20 15:16:10 +0000[diff] [blame]126#ifdef HAVE_GNUTLS
127 case secTypeTLSNone:
128 return new SSecurityStack(secTypeTLSNone, new SSecurityTLS());
129 case secTypeTLSVnc:
130 return new SSecurityStack(secTypeTLSVnc, new SSecurityTLS(), new SSecurityVncAuth());
Adam Tkac5bf73fb2010-07-21 09:08:24 +0000[diff] [blame]131 case secTypeX509None:
132 return new SSecurityStack(secTypeX509None, new SSecurityX509());
133 case secTypeX509Vnc:
134 return new SSecurityStack(secTypeX509None, new SSecurityX509(), new SSecurityVncAuth());
Adam Tkacdf799702010-04-28 15:45:53 +0000[diff] [blame]135#endif
Adam Tkacc210e8a2010-04-23 14:09:16 +0000[diff] [blame]136 }
137
138bail:
139 throw Exception("Security type not supported");
140}
141
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]142CSecurity* Security::GetCSecurity(U32 secType)
Adam Tkacc210e8a2010-04-23 14:09:16 +0000[diff] [blame]143{
Adam Tkacb10489b2010-04-23 14:16:04 +0000[diff] [blame]144 assert (CSecurity::upg != NULL); /* (upg == NULL) means bug in the viewer */
Adam Tkacc210e8a2010-04-23 14:09:16 +0000[diff] [blame]145
146 if (!IsSupported(secType))
147 goto bail;
148
149 switch (secType) {
150 case secTypeNone: return new CSecurityNone();
Adam Tkacb10489b2010-04-23 14:16:04 +0000[diff] [blame]151 case secTypeVncAuth: return new CSecurityVncAuth();
Adam Tkaca0325932010-07-20 15:14:08 +0000[diff] [blame]152 case secTypeVeNCrypt: return new CSecurityVeNCrypt(this);
Adam Tkac707d3612010-07-20 15:16:10 +0000[diff] [blame]153#ifdef HAVE_GNUTLS
154 case secTypeTLSNone:
155 return new CSecurityStack(secTypeTLSNone, "TLS with no password",
156 new CSecurityTLS());
157 case secTypeTLSVnc:
158 return new CSecurityStack(secTypeTLSVnc, "TLS with VNCAuth",
159 new CSecurityTLS(), new CSecurityVncAuth());
Adam Tkacf5f6a002010-07-21 09:09:19 +0000[diff] [blame^]160 case secTypeX509None:
161 return new CSecurityStack(secTypeX509None, "X509 with no password",
162 new CSecurityX509());
163 case secTypeX509Vnc:
164 return new CSecurityStack(secTypeX509None, "X509 with VNCAuth",
165 new CSecurityX509(), new CSecurityVncAuth());
Adam Tkacdf799702010-04-28 15:45:53 +0000[diff] [blame]166#endif
Adam Tkac1d15e2d2010-04-23 14:06:38 +0000[diff] [blame]167 }
168
169bail:
170 throw Exception("Security type not supported");
171}
172
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]173rdr::U32 rfb::secTypeNum(const char* name)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]174{
175 if (strcasecmp(name, "None") == 0) return secTypeNone;
176 if (strcasecmp(name, "VncAuth") == 0) return secTypeVncAuth;
177 if (strcasecmp(name, "Tight") == 0) return secTypeTight;
178 if (strcasecmp(name, "RA2") == 0) return secTypeRA2;
179 if (strcasecmp(name, "RA2ne") == 0) return secTypeRA2ne;
180 if (strcasecmp(name, "SSPI") == 0) return secTypeSSPI;
Adam Tkacdfe19cf2010-04-23 14:14:11 +0000[diff] [blame]181 if (strcasecmp(name, "SSPIne") == 0) return secTypeSSPIne;
182 if (strcasecmp(name, "VeNCrypt") == 0) return secTypeVeNCrypt;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000[diff] [blame]183
184 /* VeNCrypt subtypes */
Adam Tkac957a5ae2010-07-20 15:12:41 +0000[diff] [blame]185 if (strcasecmp(name, "Plain") == 0) return secTypePlain;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000[diff] [blame]186 if (strcasecmp(name, "TLSNone") == 0) return secTypeTLSNone;
187 if (strcasecmp(name, "TLSVnc") == 0) return secTypeTLSVnc;
Adam Tkac957a5ae2010-07-20 15:12:41 +0000[diff] [blame]188 if (strcasecmp(name, "TLSPlain") == 0) return secTypeTLSPlain;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000[diff] [blame]189 if (strcasecmp(name, "X509None") == 0) return secTypeX509None;
190 if (strcasecmp(name, "X509Vnc") == 0) return secTypeX509Vnc;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000[diff] [blame]191 if (strcasecmp(name, "X509Plain") == 0) return secTypeX509Plain;
Adam Tkacb3e60c62010-07-20 15:10:59 +0000[diff] [blame]192
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]193 return secTypeInvalid;
194}
195
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]196const char* rfb::secTypeName(rdr::U32 num)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]197{
198 switch (num) {
199 case secTypeNone: return "None";
200 case secTypeVncAuth: return "VncAuth";
201 case secTypeTight: return "Tight";
202 case secTypeRA2: return "RA2";
203 case secTypeRA2ne: return "RA2ne";
204 case secTypeSSPI: return "SSPI";
205 case secTypeSSPIne: return "SSPIne";
Adam Tkacdfe19cf2010-04-23 14:14:11 +0000[diff] [blame]206 case secTypeVeNCrypt: return "VeNCrypt";
Adam Tkacb3e60c62010-07-20 15:10:59 +0000[diff] [blame]207
208 /* VeNCrypt subtypes */
Adam Tkac957a5ae2010-07-20 15:12:41 +0000[diff] [blame]209 case secTypePlain: return "Plain";
Adam Tkacb3e60c62010-07-20 15:10:59 +0000[diff] [blame]210 case secTypeTLSNone: return "TLSNone";
211 case secTypeTLSVnc: return "TLSVnc";
Adam Tkacb3e60c62010-07-20 15:10:59 +0000[diff] [blame]212 case secTypeTLSPlain: return "TLSPlain";
213 case secTypeX509None: return "X509None";
214 case secTypeX509Vnc: return "X509Vnc";
215 case secTypeX509Plain: return "X509Plain";
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]216 default: return "[unknown secType]";
217 }
218}
219
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]220std::list<rdr::U32> rfb::parseSecTypes(const char* types_)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]221{
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]222 std::list<rdr::U32> result;
Adam Tkacd36b6262009-09-04 10:57:20 +0000[diff] [blame]223 CharArray types(strDup(types_)), type;
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]224 while (types.buf) {
225 strSplit(types.buf, ',', &type.buf, &types.buf);
Adam Tkac0c77e512010-07-20 15:10:16 +0000[diff] [blame]226 rdr::U32 typeNum = secTypeNum(type.buf);
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +0000[diff] [blame]227 if (typeNum != secTypeInvalid)
228 result.push_back(typeNum);
229 }
230 return result;
231}