From 5522d61b7a7325bdcad49aa8ee878c05ddd0c241 Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Wed, 11 Aug 2010 15:28:01 +0000 Subject: [PATCH] [Cleanup] Ensure all files use LF as newline control character, not CR+LF. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4119 3789f03b-4d11-0410-bbf8-ca57d06f2519 --- common/rfb/CSecurityStack.h | 86 +++---- common/rfb/CSecurityTLS.h | 148 ++++++------ common/rfb/CSecurityVeNCrypt.cxx | 386 +++++++++++++++---------------- common/rfb/CSecurityVeNCrypt.h | 124 +++++----- common/rfb/SSecurityPlain.cxx | 194 ++++++++-------- common/rfb/SSecurityPlain.h | 120 +++++----- common/rfb/SSecurityStack.h | 82 +++---- common/rfb/SSecurityVeNCrypt.cxx | 346 +++++++++++++-------------- common/rfb/SSecurityVeNCrypt.h | 108 ++++----- 9 files changed, 797 insertions(+), 797 deletions(-) diff --git a/common/rfb/CSecurityStack.h b/common/rfb/CSecurityStack.h index a5205d79..a76b3fe3 100644 --- a/common/rfb/CSecurityStack.h +++ b/common/rfb/CSecurityStack.h @@ -1,43 +1,43 @@ -/* Copyright (C) 2005 Martin Koegler - * Copyright (C) 2006 OCCAM Financial Technology - * Copyright (C) 2010 TigerVNC Team - * - * This is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this software; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - * USA. - */ -#ifndef __RFB_CSECURITYSTACK_H__ -#define __RFB_CSECURITYSTACK_H__ - -#include -#include - -namespace rfb { - - class CSecurityStack : public CSecurity { - public: - CSecurityStack(int Type, const char *Name, CSecurity* s0 = 0, CSecurity* s1 = 0); - ~CSecurityStack(); - virtual bool processMsg(CConnection* cc); - virtual int getType() const {return type;}; - virtual const char* description() const {return name;} - protected: - int state; - CSecurity* state0; - CSecurity* state1; - const char* name; - int type; - }; -} -#endif +/* Copyright (C) 2005 Martin Koegler + * Copyright (C) 2006 OCCAM Financial Technology + * Copyright (C) 2010 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +#ifndef __RFB_CSECURITYSTACK_H__ +#define __RFB_CSECURITYSTACK_H__ + +#include +#include + +namespace rfb { + + class CSecurityStack : public CSecurity { + public: + CSecurityStack(int Type, const char *Name, CSecurity* s0 = 0, CSecurity* s1 = 0); + ~CSecurityStack(); + virtual bool processMsg(CConnection* cc); + virtual int getType() const {return type;}; + virtual const char* description() const {return name;} + protected: + int state; + CSecurity* state0; + CSecurity* state1; + const char* name; + int type; + }; +} +#endif diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h index de8615ae..1ff7ac0d 100644 --- a/common/rfb/CSecurityTLS.h +++ b/common/rfb/CSecurityTLS.h @@ -1,74 +1,74 @@ -/* - * Copyright (C) 2004 Red Hat Inc. - * Copyright (C) 2005 Martin Koegler - * Copyright (C) 2010 TigerVNC Team - * - * This is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this software; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - * USA. - */ - -#ifndef __C_SECURITY_TLS_H__ -#define __C_SECURITY_TLS_H__ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#ifndef HAVE_GNUTLS -#error "This header should not be compiled without HAVE_GNUTLS defined" -#endif - -#include -#include -#include -#include -#include -#include - -namespace rfb { - class CSecurityTLS : public CSecurity { - public: - CSecurityTLS(bool _anon); - virtual ~CSecurityTLS(); - virtual bool processMsg(CConnection* cc); - virtual int getType() const { return anon ? secTypeTLSNone : secTypeX509None; } - virtual const char* description() const - { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } - - static StringParameter x509ca; - static StringParameter x509crl; - - protected: - void shutdown(); - void freeResources(); - void setParam(); - void checkSession(); - CConnection *client; - - private: - static void initGlobal(); - - gnutls_session session; - gnutls_anon_client_credentials anon_cred; - gnutls_certificate_credentials cert_cred; - bool anon; - - char *cafile, *crlfile; - rdr::InStream* fis; - rdr::OutStream* fos; - }; -} - -#endif +/* + * Copyright (C) 2004 Red Hat Inc. + * Copyright (C) 2005 Martin Koegler + * Copyright (C) 2010 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __C_SECURITY_TLS_H__ +#define __C_SECURITY_TLS_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifndef HAVE_GNUTLS +#error "This header should not be compiled without HAVE_GNUTLS defined" +#endif + +#include +#include +#include +#include +#include +#include + +namespace rfb { + class CSecurityTLS : public CSecurity { + public: + CSecurityTLS(bool _anon); + virtual ~CSecurityTLS(); + virtual bool processMsg(CConnection* cc); + virtual int getType() const { return anon ? secTypeTLSNone : secTypeX509None; } + virtual const char* description() const + { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } + + static StringParameter x509ca; + static StringParameter x509crl; + + protected: + void shutdown(); + void freeResources(); + void setParam(); + void checkSession(); + CConnection *client; + + private: + static void initGlobal(); + + gnutls_session session; + gnutls_anon_client_credentials anon_cred; + gnutls_certificate_credentials cert_cred; + bool anon; + + char *cafile, *crlfile; + rdr::InStream* fis; + rdr::OutStream* fos; + }; +} + +#endif diff --git a/common/rfb/CSecurityVeNCrypt.cxx b/common/rfb/CSecurityVeNCrypt.cxx index 2d91190f..3b77ed1a 100644 --- a/common/rfb/CSecurityVeNCrypt.cxx +++ b/common/rfb/CSecurityVeNCrypt.cxx @@ -1,193 +1,193 @@ -/* - * Copyright (C) 2006 OCCAM Financial Technology - * Copyright (C) 2005-2006 Martin Koegler - * Copyright (C) 2010 TigerVNC Team - * - * This is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this software; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - * USA. - */ -// -// CSecurityVeNCrypt -// - -#include -#include -#include -#include -#include -#include -#include - -using namespace rfb; -using namespace rdr; -using namespace std; - -static LogWriter vlog("CVeNCrypt"); - -CSecurityVeNCrypt::CSecurityVeNCrypt(Security* sec) : csecurity(NULL), security(sec) -{ - haveRecvdMajorVersion = false; - haveRecvdMinorVersion = false; - haveSentVersion = false; - haveAgreedVersion = false; - haveListOfTypes = false; - haveNumberOfTypes = false; - haveChosenType = false; - majorVersion = 0; - minorVersion = 0; - chosenType = secTypeVeNCrypt; - nAvailableTypes = 0; - availableTypes = NULL; - iAvailableType = 0; -} - -CSecurityVeNCrypt::~CSecurityVeNCrypt() -{ - if (availableTypes) - delete[] availableTypes; -} - -bool CSecurityVeNCrypt::processMsg(CConnection* cc) -{ - InStream* is = cc->getInStream(); - OutStream* os = cc->getOutStream(); - - /* get major, minor versions, send what we can support (or 0.0 for can't support it) */ - if (!haveRecvdMajorVersion) { - majorVersion = is->readU8(); - haveRecvdMajorVersion = true; - - return false; - } - - if (!haveRecvdMinorVersion) { - minorVersion = is->readU8(); - haveRecvdMinorVersion = true; - } - - /* major version in upper 8 bits and minor version in lower 8 bits */ - U16 Version = (((U16) majorVersion) << 8) | ((U16) minorVersion); - - if (!haveSentVersion) { - /* Currently we don't support former VeNCrypt 0.1 */ - if (Version >= 0x0002) { - majorVersion = 0; - minorVersion = 2; - os->writeU8(majorVersion); - os->writeU8(minorVersion); - os->flush(); - } else { - /* Send 0.0 to indicate no support */ - majorVersion = 0; - minorVersion = 0; - os->writeU8(0); - os->writeU8(0); - os->flush(); - throw AuthFailureException("The server reported an unsupported VeNCrypt version"); - } - - haveSentVersion = true; - return false; - } - - /* Check that the server is OK */ - if (!haveAgreedVersion) { - if (is->readU8()) - throw AuthFailureException("The server reported it could not support the " - "VeNCrypt version"); - - haveAgreedVersion = true; - return false; - } - - /* get a number of types */ - if (!haveNumberOfTypes) { - nAvailableTypes = is->readU8(); - iAvailableType = 0; - - if (!nAvailableTypes) - throw AuthFailureException("The server reported no VeNCrypt sub-types"); - - availableTypes = new rdr::U32[nAvailableTypes]; - haveNumberOfTypes = true; - return false; - } - - if (nAvailableTypes) { - /* read in the types possible */ - if (!haveListOfTypes) { - if (is->checkNoWait(4)) { - availableTypes[iAvailableType++] = is->readU32(); - haveListOfTypes = (iAvailableType >= nAvailableTypes); - vlog.debug("Server offers security type %s (%d)", - secTypeName(availableTypes[iAvailableType - 1]), - availableTypes[iAvailableType - 1]); - - if (!haveListOfTypes) - return false; - - } else - return false; - } - - /* make a choice and send it to the server, meanwhile set up the stack */ - if (!haveChosenType) { - chosenType = secTypeInvalid; - U8 i; - list::iterator j; - list preferredList; - - /* Try preferred choice */ - preferredList = security->GetEnabledExtSecTypes(); - - for (j = preferredList.begin(); j != preferredList.end(); j++) { - for (i = 0; i < nAvailableTypes; i++) { - if (*j == availableTypes[i]) { - chosenType = *j; - break; - } - } - - if (chosenType != secTypeInvalid) - break; - } - - vlog.debug("Choosing security type %s (%d)", secTypeName(chosenType), - chosenType); - - /* Set up the stack according to the chosen type: */ - if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt) - throw AuthFailureException("No valid VeNCrypt sub-type"); - - csecurity = security->GetCSecurity(chosenType); - - /* send chosen type to server */ - os->writeU32(chosenType); - os->flush(); - - haveChosenType = true; - } - } else { - /* - * Server told us that there are 0 types it can support - this should not - * happen, since if the server supports 0 sub-types, it doesn't support - * this security type - */ - throw AuthFailureException("The server reported 0 VeNCrypt sub-types"); - } - - return csecurity->processMsg(cc); -} - +/* + * Copyright (C) 2006 OCCAM Financial Technology + * Copyright (C) 2005-2006 Martin Koegler + * Copyright (C) 2010 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +// +// CSecurityVeNCrypt +// + +#include +#include +#include +#include +#include +#include +#include + +using namespace rfb; +using namespace rdr; +using namespace std; + +static LogWriter vlog("CVeNCrypt"); + +CSecurityVeNCrypt::CSecurityVeNCrypt(Security* sec) : csecurity(NULL), security(sec) +{ + haveRecvdMajorVersion = false; + haveRecvdMinorVersion = false; + haveSentVersion = false; + haveAgreedVersion = false; + haveListOfTypes = false; + haveNumberOfTypes = false; + haveChosenType = false; + majorVersion = 0; + minorVersion = 0; + chosenType = secTypeVeNCrypt; + nAvailableTypes = 0; + availableTypes = NULL; + iAvailableType = 0; +} + +CSecurityVeNCrypt::~CSecurityVeNCrypt() +{ + if (availableTypes) + delete[] availableTypes; +} + +bool CSecurityVeNCrypt::processMsg(CConnection* cc) +{ + InStream* is = cc->getInStream(); + OutStream* os = cc->getOutStream(); + + /* get major, minor versions, send what we can support (or 0.0 for can't support it) */ + if (!haveRecvdMajorVersion) { + majorVersion = is->readU8(); + haveRecvdMajorVersion = true; + + return false; + } + + if (!haveRecvdMinorVersion) { + minorVersion = is->readU8(); + haveRecvdMinorVersion = true; + } + + /* major version in upper 8 bits and minor version in lower 8 bits */ + U16 Version = (((U16) majorVersion) << 8) | ((U16) minorVersion); + + if (!haveSentVersion) { + /* Currently we don't support former VeNCrypt 0.1 */ + if (Version >= 0x0002) { + majorVersion = 0; + minorVersion = 2; + os->writeU8(majorVersion); + os->writeU8(minorVersion); + os->flush(); + } else { + /* Send 0.0 to indicate no support */ + majorVersion = 0; + minorVersion = 0; + os->writeU8(0); + os->writeU8(0); + os->flush(); + throw AuthFailureException("The server reported an unsupported VeNCrypt version"); + } + + haveSentVersion = true; + return false; + } + + /* Check that the server is OK */ + if (!haveAgreedVersion) { + if (is->readU8()) + throw AuthFailureException("The server reported it could not support the " + "VeNCrypt version"); + + haveAgreedVersion = true; + return false; + } + + /* get a number of types */ + if (!haveNumberOfTypes) { + nAvailableTypes = is->readU8(); + iAvailableType = 0; + + if (!nAvailableTypes) + throw AuthFailureException("The server reported no VeNCrypt sub-types"); + + availableTypes = new rdr::U32[nAvailableTypes]; + haveNumberOfTypes = true; + return false; + } + + if (nAvailableTypes) { + /* read in the types possible */ + if (!haveListOfTypes) { + if (is->checkNoWait(4)) { + availableTypes[iAvailableType++] = is->readU32(); + haveListOfTypes = (iAvailableType >= nAvailableTypes); + vlog.debug("Server offers security type %s (%d)", + secTypeName(availableTypes[iAvailableType - 1]), + availableTypes[iAvailableType - 1]); + + if (!haveListOfTypes) + return false; + + } else + return false; + } + + /* make a choice and send it to the server, meanwhile set up the stack */ + if (!haveChosenType) { + chosenType = secTypeInvalid; + U8 i; + list::iterator j; + list preferredList; + + /* Try preferred choice */ + preferredList = security->GetEnabledExtSecTypes(); + + for (j = preferredList.begin(); j != preferredList.end(); j++) { + for (i = 0; i < nAvailableTypes; i++) { + if (*j == availableTypes[i]) { + chosenType = *j; + break; + } + } + + if (chosenType != secTypeInvalid) + break; + } + + vlog.debug("Choosing security type %s (%d)", secTypeName(chosenType), + chosenType); + + /* Set up the stack according to the chosen type: */ + if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt) + throw AuthFailureException("No valid VeNCrypt sub-type"); + + csecurity = security->GetCSecurity(chosenType); + + /* send chosen type to server */ + os->writeU32(chosenType); + os->flush(); + + haveChosenType = true; + } + } else { + /* + * Server told us that there are 0 types it can support - this should not + * happen, since if the server supports 0 sub-types, it doesn't support + * this security type + */ + throw AuthFailureException("The server reported 0 VeNCrypt sub-types"); + } + + return csecurity->processMsg(cc); +} + diff --git a/common/rfb/CSecurityVeNCrypt.h b/common/rfb/CSecurityVeNCrypt.h index 1385f585..c04d1bf2 100644 --- a/common/rfb/CSecurityVeNCrypt.h +++ b/common/rfb/CSecurityVeNCrypt.h @@ -1,62 +1,62 @@ -/* - * Copyright (C) 2005-2006 Martin Koegler - * Copyright (C) 2006 OCCAM Financial Technology - * Copyright (C) 2010 TigerVNC Team - * - * This is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this software; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - * USA. - */ -// -// CSecurityVeNCrypt -// - -#ifndef __CSECURITYVENCRYPT_H__ -#define __CSECURITYVENCRYPT_H__ - -#include -#include -#include - -namespace rfb { - - class CSecurityVeNCrypt : public CSecurity { - public: - - CSecurityVeNCrypt(Security* sec); - ~CSecurityVeNCrypt(); - virtual bool processMsg(CConnection* cc);// { return true; } - int getType() const {return chosenType;} - virtual const char* description() const { return secTypeName(chosenType); } - - static StringParameter secTypesStr; - protected: - CSecurity *csecurity; - Security *security; - bool haveRecvdMajorVersion; - bool haveRecvdMinorVersion; - bool haveSentVersion; - bool haveAgreedVersion; - bool haveListOfTypes; - bool haveNumberOfTypes; - bool haveChosenType; - rdr::U8 majorVersion, minorVersion; - rdr::U32 chosenType; - rdr::U8 nAvailableTypes; - rdr::U32 *availableTypes; - rdr::U8 iAvailableType; - const char* desc; - }; -} -#endif +/* + * Copyright (C) 2005-2006 Martin Koegler + * Copyright (C) 2006 OCCAM Financial Technology + * Copyright (C) 2010 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +// +// CSecurityVeNCrypt +// + +#ifndef __CSECURITYVENCRYPT_H__ +#define __CSECURITYVENCRYPT_H__ + +#include +#include +#include + +namespace rfb { + + class CSecurityVeNCrypt : public CSecurity { + public: + + CSecurityVeNCrypt(Security* sec); + ~CSecurityVeNCrypt(); + virtual bool processMsg(CConnection* cc);// { return true; } + int getType() const {return chosenType;} + virtual const char* description() const { return secTypeName(chosenType); } + + static StringParameter secTypesStr; + protected: + CSecurity *csecurity; + Security *security; + bool haveRecvdMajorVersion; + bool haveRecvdMinorVersion; + bool haveSentVersion; + bool haveAgreedVersion; + bool haveListOfTypes; + bool haveNumberOfTypes; + bool haveChosenType; + rdr::U8 majorVersion, minorVersion; + rdr::U32 chosenType; + rdr::U8 nAvailableTypes; + rdr::U32 *availableTypes; + rdr::U8 iAvailableType; + const char* desc; + }; +} +#endif diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx index 04eabe0d..6d0c67e9 100644 --- a/common/rfb/SSecurityPlain.cxx +++ b/common/rfb/SSecurityPlain.cxx @@ -1,97 +1,97 @@ -/* Copyright (C) 2005 Martin Koegler - * Copyright (C) 2006 OCCAM Financial Technology - * - * This is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this software; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - * USA. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include - -using namespace rfb; - -StringParameter PasswordValidator::plainUsers -("PlainUsers", - "Users permitted to access via Plain security type (including TLSPlain, X509Plain etc.)", - ""); - -bool PasswordValidator::validUser(const char* username) -{ - CharArray users(strDup(plainUsers.getValueStr())), user; - while (users.buf) { - strSplit(users.buf, ',', &user.buf, &users.buf); -#ifdef WIN32 - if(0==stricmp(user.buf, "*")) - return true; - if(0==stricmp(user.buf, username)) - return true; -#else - if(!strcmp (user.buf, "*")) - return true; - if(!strcmp (user.buf, username)) - return true; -#endif - } - return false; -} - -SSecurityPlain::SSecurityPlain(PasswordValidator* _valid) -{ - valid=_valid; - state=0; -} - -bool SSecurityPlain::processMsg(SConnection* sc) -{ - rdr::InStream* is = sc->getInStream(); - char* pw; - char *uname; - CharArray password; - - if(state==0) - { - if(!is->checkNoWait(8)) - return false; - ulen=is->readU32(); - plen=is->readU32(); - state=1; - } - if(state==1) - { - if(is->checkNoWait(ulen+plen+2)) - return false; - state=2; - pw=new char[plen+1]; - uname=new char[ulen+1]; - username.replaceBuf(uname); - password.replaceBuf(pw); - is->readBytes(uname,ulen); - is->readBytes(pw,plen); - pw[plen]=0; - uname[ulen]=0; - plen=0; - if(!valid->validate(sc,uname,pw)) - throw AuthFailureException("invalid password or username"); - return true; - } - return true; -} - +/* Copyright (C) 2005 Martin Koegler + * Copyright (C) 2006 OCCAM Financial Technology + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +using namespace rfb; + +StringParameter PasswordValidator::plainUsers +("PlainUsers", + "Users permitted to access via Plain security type (including TLSPlain, X509Plain etc.)", + ""); + +bool PasswordValidator::validUser(const char* username) +{ + CharArray users(strDup(plainUsers.getValueStr())), user; + while (users.buf) { + strSplit(users.buf, ',', &user.buf, &users.buf); +#ifdef WIN32 + if(0==stricmp(user.buf, "*")) + return true; + if(0==stricmp(user.buf, username)) + return true; +#else + if(!strcmp (user.buf, "*")) + return true; + if(!strcmp (user.buf, username)) + return true; +#endif + } + return false; +} + +SSecurityPlain::SSecurityPlain(PasswordValidator* _valid) +{ + valid=_valid; + state=0; +} + +bool SSecurityPlain::processMsg(SConnection* sc) +{ + rdr::InStream* is = sc->getInStream(); + char* pw; + char *uname; + CharArray password; + + if(state==0) + { + if(!is->checkNoWait(8)) + return false; + ulen=is->readU32(); + plen=is->readU32(); + state=1; + } + if(state==1) + { + if(is->checkNoWait(ulen+plen+2)) + return false; + state=2; + pw=new char[plen+1]; + uname=new char[ulen+1]; + username.replaceBuf(uname); + password.replaceBuf(pw); + is->readBytes(uname,ulen); + is->readBytes(pw,plen); + pw[plen]=0; + uname[ulen]=0; + plen=0; + if(!valid->validate(sc,uname,pw)) + throw AuthFailureException("invalid password or username"); + return true; + } + return true; +} + diff --git a/common/rfb/SSecurityPlain.h b/common/rfb/SSecurityPlain.h index f7a9c3dd..f170bd5b 100644 --- a/common/rfb/SSecurityPlain.h +++ b/common/rfb/SSecurityPlain.h @@ -1,60 +1,60 @@ -/* Copyright (C) 2005 Martin Koegler - * Copyright (C) 2006 OCCAM Financial Technology - * Copyright (C) 2010 TigerVNC Team - * - * This is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this software; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - * USA. - */ -#ifndef __RFB_SSECURITYPLAIN_H__ -#define __RFB_SSECURITYPLAIN_H__ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#include - -namespace rfb { - - class PasswordValidator { - public: - // validate username / password combination - bool validate(SConnection* sc, const char *username, const char *password) { return validUser(username) ? validateInternal(sc, username, password) : false; }; - static StringParameter plainUsers; - protected: - virtual bool validateInternal(SConnection* sc, const char *username, const char *password)=0; - static bool validUser(const char* username); - }; - - class SSecurityPlain : public SSecurity { - public: - SSecurityPlain(PasswordValidator* valid); - virtual bool processMsg(SConnection* sc); - virtual int getType() const {return secTypePlain;}; - virtual const char* getUserName() const { return username.buf; } - - private: - PasswordValidator* valid; - unsigned int ulen,plen,state; - CharArray username; - }; - -} -#endif - +/* Copyright (C) 2005 Martin Koegler + * Copyright (C) 2006 OCCAM Financial Technology + * Copyright (C) 2010 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +#ifndef __RFB_SSECURITYPLAIN_H__ +#define __RFB_SSECURITYPLAIN_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +namespace rfb { + + class PasswordValidator { + public: + // validate username / password combination + bool validate(SConnection* sc, const char *username, const char *password) { return validUser(username) ? validateInternal(sc, username, password) : false; }; + static StringParameter plainUsers; + protected: + virtual bool validateInternal(SConnection* sc, const char *username, const char *password)=0; + static bool validUser(const char* username); + }; + + class SSecurityPlain : public SSecurity { + public: + SSecurityPlain(PasswordValidator* valid); + virtual bool processMsg(SConnection* sc); + virtual int getType() const {return secTypePlain;}; + virtual const char* getUserName() const { return username.buf; } + + private: + PasswordValidator* valid; + unsigned int ulen,plen,state; + CharArray username; + }; + +} +#endif + diff --git a/common/rfb/SSecurityStack.h b/common/rfb/SSecurityStack.h index 0630dacd..c80a3b9f 100644 --- a/common/rfb/SSecurityStack.h +++ b/common/rfb/SSecurityStack.h @@ -1,41 +1,41 @@ -/* Copyright (C) 2005 Martin Koegler - * Copyright (C) 2006 OCCAM Financial Technology - * Copyright (C) 2010 TigerVNC Team - * - * This is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this software; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - * USA. - */ -#ifndef __RFB_SSECURITYSTACK_H__ -#define __RFB_SSECURITYSTACK_H__ - -#include - -namespace rfb { - - class SSecurityStack : public SSecurity { - public: - SSecurityStack(int Type, SSecurity* s0 = 0, SSecurity* s1 = 0); - ~SSecurityStack(); - virtual bool processMsg(SConnection* cc); - virtual int getType() const { return type; }; - virtual const char* getUserName() const; - protected: - short state; - SSecurity* state0; - SSecurity* state1; - int type; - }; -} -#endif +/* Copyright (C) 2005 Martin Koegler + * Copyright (C) 2006 OCCAM Financial Technology + * Copyright (C) 2010 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +#ifndef __RFB_SSECURITYSTACK_H__ +#define __RFB_SSECURITYSTACK_H__ + +#include + +namespace rfb { + + class SSecurityStack : public SSecurity { + public: + SSecurityStack(int Type, SSecurity* s0 = 0, SSecurity* s1 = 0); + ~SSecurityStack(); + virtual bool processMsg(SConnection* cc); + virtual int getType() const { return type; }; + virtual const char* getUserName() const; + protected: + short state; + SSecurity* state0; + SSecurity* state1; + int type; + }; +} +#endif diff --git a/common/rfb/SSecurityVeNCrypt.cxx b/common/rfb/SSecurityVeNCrypt.cxx index ac4f16f3..f094c8d0 100644 --- a/common/rfb/SSecurityVeNCrypt.cxx +++ b/common/rfb/SSecurityVeNCrypt.cxx @@ -1,173 +1,173 @@ -/* - * Copyright (C) 2005-2006 Martin Koegler - * Copyright (C) 2006 OCCAM Financial Technology - * Copyright (C) 2010 TigerVNC Team - * - * This is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this software; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - * USA. - */ -/* - * SSecurityVeNCrypt - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#include - -using namespace rfb; -using namespace rdr; -using namespace std; - -static LogWriter vlog("SVeNCrypt"); - -SSecurityVeNCrypt::SSecurityVeNCrypt(Security *sec) : security(sec) -{ - ssecurity = NULL; - haveSentVersion = false; - haveRecvdMajorVersion = false; - haveRecvdMinorVersion = false; - majorVersion = 0; - minorVersion = 0; - haveSentTypes = false; - haveChosenType = false; - chosenType = secTypeVeNCrypt; - numTypes = 0; - subTypes = NULL; -} - -SSecurityVeNCrypt::~SSecurityVeNCrypt() -{ - if (subTypes) { - delete [] subTypes; - subTypes = NULL; - } -} - -bool SSecurityVeNCrypt::processMsg(SConnection* sc) -{ - rdr::InStream* is = sc->getInStream(); - rdr::OutStream* os = sc->getOutStream(); - rdr::U8 i; - - /* VeNCrypt initialization */ - - /* Send the highest version we can support */ - if (!haveSentVersion) { - os->writeU8(0); - os->writeU8(2); - haveSentVersion = true; - os->flush(); - - return false; - } - - /* Receive back highest version that client can support (up to and including ours) */ - if (!haveRecvdMajorVersion) { - majorVersion = is->readU8(); - haveRecvdMajorVersion = true; - - return false; - } - - if (!haveRecvdMinorVersion) { - minorVersion = is->readU8(); - haveRecvdMinorVersion = true; - - /* WORD value with major version in upper 8 bits and minor version in lower 8 bits */ - U16 Version = (((U16)majorVersion) << 8) | ((U16)minorVersion); - - switch (Version) { - case 0x0000: /* 0.0 - The client cannot support us! */ - case 0x0001: /* 0.1 Legacy VeNCrypt, not supported */ - os->writeU8(0xFF); /* This is not OK */ - os->flush(); - throw AuthFailureException("The client cannot support the server's " - "VeNCrypt version"); - - case 0x0002: /* 0.2 */ - os->writeU8(0); /* OK */ - break; - - default: - os->writeU8(0xFF); /* Not OK */ - os->flush(); - throw AuthFailureException("The client returned an unsupported VeNCrypt version"); - } - } - - /* - * send number of supported VeNCrypt authentication types (U8) followed - * by authentication types (U32s) - */ - if (!haveSentTypes) { - list listSubTypes; - - listSubTypes = security->GetEnabledExtSecTypes(); - - numTypes = listSubTypes.size(); - subTypes = new U32[numTypes]; - - for (i = 0; i < numTypes; i++) { - subTypes[i] = listSubTypes.front(); - listSubTypes.pop_front(); - } - - if (numTypes) { - os->writeU8(numTypes); - for (i = 0; i < numTypes; i++) - os->writeU32(subTypes[i]); - - os->flush(); - haveSentTypes = true; - return false; - } else - throw AuthFailureException("There are no VeNCrypt sub-types to send to the client"); - } - - /* get type back from client (must be one of the ones we sent) */ - if (!haveChosenType) { - is->check(4); - chosenType = is->readU32(); - - for (i = 0; i < numTypes; i++) { - if (chosenType == subTypes[i]) { - haveChosenType = true; - break; - } - } - - if (!haveChosenType) - chosenType = secTypeInvalid; - - vlog.debug("Choosing security type %s (%d)", secTypeName(chosenType), - chosenType); - - /* Set up the stack according to the chosen type */ - if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt) - throw AuthFailureException("No valid VeNCrypt sub-type"); - - ssecurity = security->GetSSecurity(chosenType); - } - - /* continue processing the messages */ - return ssecurity->processMsg(sc); -} - +/* + * Copyright (C) 2005-2006 Martin Koegler + * Copyright (C) 2006 OCCAM Financial Technology + * Copyright (C) 2010 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +/* + * SSecurityVeNCrypt + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +using namespace rfb; +using namespace rdr; +using namespace std; + +static LogWriter vlog("SVeNCrypt"); + +SSecurityVeNCrypt::SSecurityVeNCrypt(Security *sec) : security(sec) +{ + ssecurity = NULL; + haveSentVersion = false; + haveRecvdMajorVersion = false; + haveRecvdMinorVersion = false; + majorVersion = 0; + minorVersion = 0; + haveSentTypes = false; + haveChosenType = false; + chosenType = secTypeVeNCrypt; + numTypes = 0; + subTypes = NULL; +} + +SSecurityVeNCrypt::~SSecurityVeNCrypt() +{ + if (subTypes) { + delete [] subTypes; + subTypes = NULL; + } +} + +bool SSecurityVeNCrypt::processMsg(SConnection* sc) +{ + rdr::InStream* is = sc->getInStream(); + rdr::OutStream* os = sc->getOutStream(); + rdr::U8 i; + + /* VeNCrypt initialization */ + + /* Send the highest version we can support */ + if (!haveSentVersion) { + os->writeU8(0); + os->writeU8(2); + haveSentVersion = true; + os->flush(); + + return false; + } + + /* Receive back highest version that client can support (up to and including ours) */ + if (!haveRecvdMajorVersion) { + majorVersion = is->readU8(); + haveRecvdMajorVersion = true; + + return false; + } + + if (!haveRecvdMinorVersion) { + minorVersion = is->readU8(); + haveRecvdMinorVersion = true; + + /* WORD value with major version in upper 8 bits and minor version in lower 8 bits */ + U16 Version = (((U16)majorVersion) << 8) | ((U16)minorVersion); + + switch (Version) { + case 0x0000: /* 0.0 - The client cannot support us! */ + case 0x0001: /* 0.1 Legacy VeNCrypt, not supported */ + os->writeU8(0xFF); /* This is not OK */ + os->flush(); + throw AuthFailureException("The client cannot support the server's " + "VeNCrypt version"); + + case 0x0002: /* 0.2 */ + os->writeU8(0); /* OK */ + break; + + default: + os->writeU8(0xFF); /* Not OK */ + os->flush(); + throw AuthFailureException("The client returned an unsupported VeNCrypt version"); + } + } + + /* + * send number of supported VeNCrypt authentication types (U8) followed + * by authentication types (U32s) + */ + if (!haveSentTypes) { + list listSubTypes; + + listSubTypes = security->GetEnabledExtSecTypes(); + + numTypes = listSubTypes.size(); + subTypes = new U32[numTypes]; + + for (i = 0; i < numTypes; i++) { + subTypes[i] = listSubTypes.front(); + listSubTypes.pop_front(); + } + + if (numTypes) { + os->writeU8(numTypes); + for (i = 0; i < numTypes; i++) + os->writeU32(subTypes[i]); + + os->flush(); + haveSentTypes = true; + return false; + } else + throw AuthFailureException("There are no VeNCrypt sub-types to send to the client"); + } + + /* get type back from client (must be one of the ones we sent) */ + if (!haveChosenType) { + is->check(4); + chosenType = is->readU32(); + + for (i = 0; i < numTypes; i++) { + if (chosenType == subTypes[i]) { + haveChosenType = true; + break; + } + } + + if (!haveChosenType) + chosenType = secTypeInvalid; + + vlog.debug("Choosing security type %s (%d)", secTypeName(chosenType), + chosenType); + + /* Set up the stack according to the chosen type */ + if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt) + throw AuthFailureException("No valid VeNCrypt sub-type"); + + ssecurity = security->GetSSecurity(chosenType); + } + + /* continue processing the messages */ + return ssecurity->processMsg(sc); +} + diff --git a/common/rfb/SSecurityVeNCrypt.h b/common/rfb/SSecurityVeNCrypt.h index 37ff9096..d7090914 100644 --- a/common/rfb/SSecurityVeNCrypt.h +++ b/common/rfb/SSecurityVeNCrypt.h @@ -1,54 +1,54 @@ -/* - * Copyright (C) 2005-2006 Martin Koegler - * Copyright (C) 2006 OCCAM Financial Technology - * Copyright (C) 2010 TigerVNC Team - * - * This is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this software; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - * USA. - */ -// -// SSecurityVeNCrypt -// - -#ifndef __SSECURITYVENCRYPT_H__ -#define __SSECURITYVENCRYPT_H__ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include - -namespace rfb { - - class SSecurityVeNCrypt : public SSecurity { - public: - SSecurityVeNCrypt(Security *sec); - ~SSecurityVeNCrypt(); - virtual bool processMsg(SConnection* sc);// { return true; } - virtual int getType() const { return secTypeVeNCrypt; } - virtual const char* getUserName() const { return NULL; } - - protected: - SSecurity *ssecurity; - Security *security; - bool haveSentVersion, haveRecvdMajorVersion, haveRecvdMinorVersion; - bool haveSentTypes, haveChosenType; - rdr::U8 majorVersion, minorVersion, numTypes; - rdr::U32 *subTypes, chosenType; - }; -} -#endif +/* + * Copyright (C) 2005-2006 Martin Koegler + * Copyright (C) 2006 OCCAM Financial Technology + * Copyright (C) 2010 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +// +// SSecurityVeNCrypt +// + +#ifndef __SSECURITYVENCRYPT_H__ +#define __SSECURITYVENCRYPT_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +namespace rfb { + + class SSecurityVeNCrypt : public SSecurity { + public: + SSecurityVeNCrypt(Security *sec); + ~SSecurityVeNCrypt(); + virtual bool processMsg(SConnection* sc);// { return true; } + virtual int getType() const { return secTypeVeNCrypt; } + virtual const char* getUserName() const { return NULL; } + + protected: + SSecurity *ssecurity; + Security *security; + bool haveSentVersion, haveRecvdMajorVersion, haveRecvdMinorVersion; + bool haveSentTypes, haveChosenType; + rdr::U8 majorVersion, minorVersion, numTypes; + rdr::U32 *subTypes, chosenType; + }; +} +#endif -- 2.39.5