#ifndef WINVNCCONF_AUTHENTICATION
#define WINVNCCONF_AUTHENTICATION
+#include <windows.h>
+#include <commctrl.h>
+
+#ifdef HAVE_GNUTLS
+#include <assert.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#define CHECK(x) assert((x)>=0)
+#endif
+
#include <vncconfig/PasswordDialog.h>
#include <rfb_win32/Registry.h>
#include <rfb_win32/SecurityPage.h>
#include <rfb/Security.h>
#include <rfb/SecurityServer.h>
#include <rfb/SSecurityVncAuth.h>
+#include <rfb/SSecurityTLS.h>
#include <rfb/Password.h>
static rfb::BoolParameter queryOnlyIfLoggedOn("QueryOnlyIfLoggedOn",
bool onCommand(int id, int cmd) {
SecurityPage::onCommand(id, cmd);
- setChanged(true);
+ setChanged(true);
if (id == IDC_AUTH_VNC_PASSWD) {
PasswordDialog passwdDlg(regKey, registryInsecure);
passwdDlg.showDialog(handle);
+ } else if (id == IDC_LOAD_CERT) {
+ const TCHAR* title = _T("X509Cert");
+ const TCHAR* filter =
+ _T("X.509 Certificates (*.crt;*.cer;*.pem)\0*.crt;*.cer;*.pem\0All\0*.*\0");
+ showFileChooser(regKey, title, filter, handle);
+ } else if (id == IDC_LOAD_CERTKEY) {
+ const TCHAR* title = _T("X509Key");
+ const TCHAR* filter = _T("X.509 Keys (*.key;*.pem)\0*.key;*.pem\0All\0*.*\0");
+ showFileChooser(regKey, title, filter, handle);
} else if (id == IDC_QUERY_LOGGED_ON) {
enableItem(IDC_QUERY_LOGGED_ON, enableQueryOnlyIfLoggedOn());
}
regKey.setBinary(_T("Password"), 0, 0);
}
+#ifdef HAVE_GNUTLS
+ if (isItemChecked(IDC_ENC_X509)) {
+ gnutls_certificate_credentials_t xcred;
+ CHECK(gnutls_global_init());
+ CHECK(gnutls_certificate_allocate_credentials(&xcred));
+ int ret = gnutls_certificate_set_x509_key_file (xcred,
+ regKey.getString("X509Cert"),
+ regKey.getString("X509Key"),
+ GNUTLS_X509_FMT_PEM);
+ if (ret >= 0) {
+ SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Cert"));
+ SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Key"));
+ } else {
+ if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
+ MsgBox(0, _T("Private key does not match certificate.\n")
+ _T("X.509 security types will not be enabled!"),
+ MB_ICONWARNING | MB_OK);
+ } else if (ret == GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE) {
+ MsgBox(0, _T("Unsupported certificate type.\n")
+ _T("X.509 security types will not be enabled!"),
+ MB_ICONWARNING | MB_OK);
+ } else {
+ MsgBox(0, _T("Unknown error while importing X.509 certificate or private key.\n")
+ _T("X.509 security types will not be enabled!"),
+ MB_ICONWARNING | MB_OK);
+ }
+ }
+ gnutls_global_deinit();
+ }
+#endif
+
regKey.setString(_T("SecurityTypes"), security->ToString());
regKey.setBool(_T("QueryConnect"), isItemChecked(IDC_QUERY_CONNECT));
regKey.setBool(_T("QueryOnlyIfLoggedOn"), isItemChecked(IDC_QUERY_LOGGED_ON));
private:
inline void modifyAuthMethod(int enc_idc, int auth_idc, bool enable)
{
- setItemChecked(enc_idc, enable);
- setItemChecked(auth_idc, enable);
+ setItemChecked(enc_idc, enable);
+ setItemChecked(auth_idc, enable);
+ }
+ inline bool showFileChooser(const RegKey& rk,
+ const char* title,
+ const char* filter,
+ HWND hwnd)
+ {
+ OPENFILENAME ofn;
+ char filename[MAX_PATH];
+
+ ZeroMemory(&ofn, sizeof(ofn));
+ ZeroMemory(&filename, sizeof(filename));
+ filename[0] = '\0';
+ ofn.lStructSize = sizeof(ofn);
+ ofn.hwndOwner = hwnd;
+ ofn.lpstrFile = filename;
+ ofn.nMaxFile = sizeof(filename);
+ ofn.lpstrFilter = (char*)filter;
+ ofn.nFilterIndex = 1;
+ ofn.lpstrFileTitle = NULL;
+ ofn.nMaxFileTitle = 0;
+ ofn.lpstrTitle = (char*)title;
+ ofn.lpstrInitialDir = NULL;
+ ofn.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST;
+
+ if (GetOpenFileName(&ofn)==TRUE) {
+ regKey.setString(title, filename);
+ return true;
+ }
+ return false;
}
};
projects / tigervnc.git / commitdiff