|
|
@@ -54,12 +54,6 @@ StringParameter SSecurityVeNCrypt::X509_KeyFile |
|
|
|
"specifies path to the key of the x509 certificate in PEM format",
|
|
|
|
"", ConfServer);
|
|
|
|
|
|
|
|
StringParameter SSecurityVeNCrypt::secTypesStr
|
|
|
|
("VeNCryptTypes",
|
|
|
|
"Specify which security scheme to use for VeNCrypt connections (TLSNone, "
|
|
|
|
"TLSVnc, TLSPlain, X509None, X509Vnc, X509Plain)",
|
|
|
|
"TLSVnc,TLSPlain,X509Vnc,X509Plain");
|
|
|
|
|
|
|
|
SSecurityVeNCrypt::SSecurityVeNCrypt(Security *sec) : security(sec)
|
|
|
|
{
|
|
|
|
ssecurity = NULL;
|
|
|
@@ -141,7 +135,8 @@ bool SSecurityVeNCrypt::processMsg(SConnection* sc) |
|
|
|
*/
|
|
|
|
if (!haveSentTypes) {
|
|
|
|
list<U32> listSubTypes;
|
|
|
|
SSecurityVeNCrypt::getSecTypes(&listSubTypes);
|
|
|
|
|
|
|
|
listSubTypes = security->GetEnabledExtSecTypes();
|
|
|
|
|
|
|
|
numTypes = listSubTypes.size();
|
|
|
|
subTypes = new U32[numTypes];
|
|
|
@@ -180,22 +175,12 @@ bool SSecurityVeNCrypt::processMsg(SConnection* sc) |
|
|
|
|
|
|
|
vlog.debug("Choosing security type %s (%d)", secTypeName(chosenType),
|
|
|
|
chosenType);
|
|
|
|
|
|
|
|
/* Set up the stack according to the chosen type */
|
|
|
|
switch(chosenType) {
|
|
|
|
case secTypeTLSNone:
|
|
|
|
case secTypeTLSVnc:
|
|
|
|
case secTypeTLSPlain:
|
|
|
|
case secTypeX509None:
|
|
|
|
case secTypeX509Vnc:
|
|
|
|
case secTypeX509Plain:
|
|
|
|
ssecurity = SSecurityVeNCrypt::getSSecurityStack(chosenType);
|
|
|
|
break;
|
|
|
|
case secTypeInvalid:
|
|
|
|
case secTypeVeNCrypt: /* This would cause looping */
|
|
|
|
default:
|
|
|
|
if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt)
|
|
|
|
throw AuthFailureException("No valid VeNCrypt sub-type");
|
|
|
|
}
|
|
|
|
|
|
|
|
ssecurity = SSecurityVeNCrypt::getSSecurityStack(chosenType);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* continue processing the messages */
|
|
|
@@ -221,68 +206,3 @@ SSecurityStack* SSecurityVeNCrypt::getSSecurityStack(int secType) |
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void SSecurityVeNCrypt::getSecTypes(list<U32>* secTypes)
|
|
|
|
{
|
|
|
|
CharArray types;
|
|
|
|
|
|
|
|
types.buf = SSecurityVeNCrypt::secTypesStr.getData();
|
|
|
|
list<U32> configured = SSecurityVeNCrypt::parseSecTypes(types.buf);
|
|
|
|
list<U32>::iterator i;
|
|
|
|
for (i = configured.begin(); i != configured.end(); i++)
|
|
|
|
secTypes->push_back(*i);
|
|
|
|
}
|
|
|
|
|
|
|
|
U32 SSecurityVeNCrypt::secTypeNum(const char *name)
|
|
|
|
{
|
|
|
|
if (strcasecmp(name, "TLSNone") == 0)
|
|
|
|
return secTypeTLSNone;
|
|
|
|
if (strcasecmp(name, "TLSVnc") == 0)
|
|
|
|
return secTypeTLSVnc;
|
|
|
|
if (strcasecmp(name, "TLSPlain") == 0)
|
|
|
|
return secTypeTLSPlain;
|
|
|
|
if (strcasecmp(name, "X509None") == 0)
|
|
|
|
return secTypeX509None;
|
|
|
|
if (strcasecmp(name, "X509Vnc") == 0)
|
|
|
|
return secTypeX509Vnc;
|
|
|
|
if (strcasecmp(name, "X509Plain") == 0)
|
|
|
|
return secTypeX509Plain;
|
|
|
|
|
|
|
|
return secTypeInvalid;
|
|
|
|
}
|
|
|
|
|
|
|
|
char* SSecurityVeNCrypt::secTypeName(U32 num)
|
|
|
|
{
|
|
|
|
switch (num) {
|
|
|
|
case secTypePlain:
|
|
|
|
return "Plain";
|
|
|
|
case secTypeTLSNone:
|
|
|
|
return "TLSNone";
|
|
|
|
case secTypeTLSVnc:
|
|
|
|
return "TLSVnc";
|
|
|
|
case secTypeTLSPlain:
|
|
|
|
return "TLSPlain";
|
|
|
|
case secTypeX509None:
|
|
|
|
return "X509None";
|
|
|
|
case secTypeX509Vnc:
|
|
|
|
return "X509Vnc";
|
|
|
|
case secTypeX509Plain:
|
|
|
|
return "X509Plain";
|
|
|
|
default:
|
|
|
|
return "[unknown secType]";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
list<U32> SSecurityVeNCrypt::parseSecTypes(const char *secTypes)
|
|
|
|
{
|
|
|
|
list<U32> result;
|
|
|
|
CharArray types(strDup(secTypes)), type;
|
|
|
|
while (types.buf) {
|
|
|
|
strSplit(types.buf, ',', &type.buf, &types.buf);
|
|
|
|
int typeNum = SSecurityVeNCrypt::secTypeNum(type.buf);
|
|
|
|
if (typeNum != secTypeInvalid)
|
|
|
|
result.push_back(typeNum);
|
|
|
|
}
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
|