git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4119 3789f03b-4d11-0410-bbf8-ca57d06f2519tags/v1.0.90
@@ -1,43 +1,43 @@ | |||
/* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef __RFB_CSECURITYSTACK_H__ | |||
#define __RFB_CSECURITYSTACK_H__ | |||
#include <rfb/CSecurity.h> | |||
#include <rfb/Security.h> | |||
namespace rfb { | |||
class CSecurityStack : public CSecurity { | |||
public: | |||
CSecurityStack(int Type, const char *Name, CSecurity* s0 = 0, CSecurity* s1 = 0); | |||
~CSecurityStack(); | |||
virtual bool processMsg(CConnection* cc); | |||
virtual int getType() const {return type;}; | |||
virtual const char* description() const {return name;} | |||
protected: | |||
int state; | |||
CSecurity* state0; | |||
CSecurity* state1; | |||
const char* name; | |||
int type; | |||
}; | |||
} | |||
#endif | |||
/* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef __RFB_CSECURITYSTACK_H__ | |||
#define __RFB_CSECURITYSTACK_H__ | |||
#include <rfb/CSecurity.h> | |||
#include <rfb/Security.h> | |||
namespace rfb { | |||
class CSecurityStack : public CSecurity { | |||
public: | |||
CSecurityStack(int Type, const char *Name, CSecurity* s0 = 0, CSecurity* s1 = 0); | |||
~CSecurityStack(); | |||
virtual bool processMsg(CConnection* cc); | |||
virtual int getType() const {return type;}; | |||
virtual const char* description() const {return name;} | |||
protected: | |||
int state; | |||
CSecurity* state0; | |||
CSecurity* state1; | |||
const char* name; | |||
int type; | |||
}; | |||
} | |||
#endif |
@@ -1,74 +1,74 @@ | |||
/* | |||
* Copyright (C) 2004 Red Hat Inc. | |||
* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef __C_SECURITY_TLS_H__ | |||
#define __C_SECURITY_TLS_H__ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#ifndef HAVE_GNUTLS | |||
#error "This header should not be compiled without HAVE_GNUTLS defined" | |||
#endif | |||
#include <rfb/CSecurity.h> | |||
#include <rfb/SSecurityVeNCrypt.h> | |||
#include <rfb/Security.h> | |||
#include <rdr/InStream.h> | |||
#include <rdr/OutStream.h> | |||
#include <gnutls/gnutls.h> | |||
namespace rfb { | |||
class CSecurityTLS : public CSecurity { | |||
public: | |||
CSecurityTLS(bool _anon); | |||
virtual ~CSecurityTLS(); | |||
virtual bool processMsg(CConnection* cc); | |||
virtual int getType() const { return anon ? secTypeTLSNone : secTypeX509None; } | |||
virtual const char* description() const | |||
{ return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } | |||
static StringParameter x509ca; | |||
static StringParameter x509crl; | |||
protected: | |||
void shutdown(); | |||
void freeResources(); | |||
void setParam(); | |||
void checkSession(); | |||
CConnection *client; | |||
private: | |||
static void initGlobal(); | |||
gnutls_session session; | |||
gnutls_anon_client_credentials anon_cred; | |||
gnutls_certificate_credentials cert_cred; | |||
bool anon; | |||
char *cafile, *crlfile; | |||
rdr::InStream* fis; | |||
rdr::OutStream* fos; | |||
}; | |||
} | |||
#endif | |||
/* | |||
* Copyright (C) 2004 Red Hat Inc. | |||
* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef __C_SECURITY_TLS_H__ | |||
#define __C_SECURITY_TLS_H__ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#ifndef HAVE_GNUTLS | |||
#error "This header should not be compiled without HAVE_GNUTLS defined" | |||
#endif | |||
#include <rfb/CSecurity.h> | |||
#include <rfb/SSecurityVeNCrypt.h> | |||
#include <rfb/Security.h> | |||
#include <rdr/InStream.h> | |||
#include <rdr/OutStream.h> | |||
#include <gnutls/gnutls.h> | |||
namespace rfb { | |||
class CSecurityTLS : public CSecurity { | |||
public: | |||
CSecurityTLS(bool _anon); | |||
virtual ~CSecurityTLS(); | |||
virtual bool processMsg(CConnection* cc); | |||
virtual int getType() const { return anon ? secTypeTLSNone : secTypeX509None; } | |||
virtual const char* description() const | |||
{ return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } | |||
static StringParameter x509ca; | |||
static StringParameter x509crl; | |||
protected: | |||
void shutdown(); | |||
void freeResources(); | |||
void setParam(); | |||
void checkSession(); | |||
CConnection *client; | |||
private: | |||
static void initGlobal(); | |||
gnutls_session session; | |||
gnutls_anon_client_credentials anon_cred; | |||
gnutls_certificate_credentials cert_cred; | |||
bool anon; | |||
char *cafile, *crlfile; | |||
rdr::InStream* fis; | |||
rdr::OutStream* fos; | |||
}; | |||
} | |||
#endif |
@@ -1,193 +1,193 @@ | |||
/* | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2005-2006 Martin Koegler | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
// | |||
// CSecurityVeNCrypt | |||
// | |||
#include <rfb/Exception.h> | |||
#include <rdr/InStream.h> | |||
#include <rdr/OutStream.h> | |||
#include <rfb/CConnection.h> | |||
#include <rfb/CSecurityVeNCrypt.h> | |||
#include <rfb/LogWriter.h> | |||
#include <list> | |||
using namespace rfb; | |||
using namespace rdr; | |||
using namespace std; | |||
static LogWriter vlog("CVeNCrypt"); | |||
CSecurityVeNCrypt::CSecurityVeNCrypt(Security* sec) : csecurity(NULL), security(sec) | |||
{ | |||
haveRecvdMajorVersion = false; | |||
haveRecvdMinorVersion = false; | |||
haveSentVersion = false; | |||
haveAgreedVersion = false; | |||
haveListOfTypes = false; | |||
haveNumberOfTypes = false; | |||
haveChosenType = false; | |||
majorVersion = 0; | |||
minorVersion = 0; | |||
chosenType = secTypeVeNCrypt; | |||
nAvailableTypes = 0; | |||
availableTypes = NULL; | |||
iAvailableType = 0; | |||
} | |||
CSecurityVeNCrypt::~CSecurityVeNCrypt() | |||
{ | |||
if (availableTypes) | |||
delete[] availableTypes; | |||
} | |||
bool CSecurityVeNCrypt::processMsg(CConnection* cc) | |||
{ | |||
InStream* is = cc->getInStream(); | |||
OutStream* os = cc->getOutStream(); | |||
/* get major, minor versions, send what we can support (or 0.0 for can't support it) */ | |||
if (!haveRecvdMajorVersion) { | |||
majorVersion = is->readU8(); | |||
haveRecvdMajorVersion = true; | |||
return false; | |||
} | |||
if (!haveRecvdMinorVersion) { | |||
minorVersion = is->readU8(); | |||
haveRecvdMinorVersion = true; | |||
} | |||
/* major version in upper 8 bits and minor version in lower 8 bits */ | |||
U16 Version = (((U16) majorVersion) << 8) | ((U16) minorVersion); | |||
if (!haveSentVersion) { | |||
/* Currently we don't support former VeNCrypt 0.1 */ | |||
if (Version >= 0x0002) { | |||
majorVersion = 0; | |||
minorVersion = 2; | |||
os->writeU8(majorVersion); | |||
os->writeU8(minorVersion); | |||
os->flush(); | |||
} else { | |||
/* Send 0.0 to indicate no support */ | |||
majorVersion = 0; | |||
minorVersion = 0; | |||
os->writeU8(0); | |||
os->writeU8(0); | |||
os->flush(); | |||
throw AuthFailureException("The server reported an unsupported VeNCrypt version"); | |||
} | |||
haveSentVersion = true; | |||
return false; | |||
} | |||
/* Check that the server is OK */ | |||
if (!haveAgreedVersion) { | |||
if (is->readU8()) | |||
throw AuthFailureException("The server reported it could not support the " | |||
"VeNCrypt version"); | |||
haveAgreedVersion = true; | |||
return false; | |||
} | |||
/* get a number of types */ | |||
if (!haveNumberOfTypes) { | |||
nAvailableTypes = is->readU8(); | |||
iAvailableType = 0; | |||
if (!nAvailableTypes) | |||
throw AuthFailureException("The server reported no VeNCrypt sub-types"); | |||
availableTypes = new rdr::U32[nAvailableTypes]; | |||
haveNumberOfTypes = true; | |||
return false; | |||
} | |||
if (nAvailableTypes) { | |||
/* read in the types possible */ | |||
if (!haveListOfTypes) { | |||
if (is->checkNoWait(4)) { | |||
availableTypes[iAvailableType++] = is->readU32(); | |||
haveListOfTypes = (iAvailableType >= nAvailableTypes); | |||
vlog.debug("Server offers security type %s (%d)", | |||
secTypeName(availableTypes[iAvailableType - 1]), | |||
availableTypes[iAvailableType - 1]); | |||
if (!haveListOfTypes) | |||
return false; | |||
} else | |||
return false; | |||
} | |||
/* make a choice and send it to the server, meanwhile set up the stack */ | |||
if (!haveChosenType) { | |||
chosenType = secTypeInvalid; | |||
U8 i; | |||
list<U32>::iterator j; | |||
list<U32> preferredList; | |||
/* Try preferred choice */ | |||
preferredList = security->GetEnabledExtSecTypes(); | |||
for (j = preferredList.begin(); j != preferredList.end(); j++) { | |||
for (i = 0; i < nAvailableTypes; i++) { | |||
if (*j == availableTypes[i]) { | |||
chosenType = *j; | |||
break; | |||
} | |||
} | |||
if (chosenType != secTypeInvalid) | |||
break; | |||
} | |||
vlog.debug("Choosing security type %s (%d)", secTypeName(chosenType), | |||
chosenType); | |||
/* Set up the stack according to the chosen type: */ | |||
if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt) | |||
throw AuthFailureException("No valid VeNCrypt sub-type"); | |||
csecurity = security->GetCSecurity(chosenType); | |||
/* send chosen type to server */ | |||
os->writeU32(chosenType); | |||
os->flush(); | |||
haveChosenType = true; | |||
} | |||
} else { | |||
/* | |||
* Server told us that there are 0 types it can support - this should not | |||
* happen, since if the server supports 0 sub-types, it doesn't support | |||
* this security type | |||
*/ | |||
throw AuthFailureException("The server reported 0 VeNCrypt sub-types"); | |||
} | |||
return csecurity->processMsg(cc); | |||
} | |||
/* | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2005-2006 Martin Koegler | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
// | |||
// CSecurityVeNCrypt | |||
// | |||
#include <rfb/Exception.h> | |||
#include <rdr/InStream.h> | |||
#include <rdr/OutStream.h> | |||
#include <rfb/CConnection.h> | |||
#include <rfb/CSecurityVeNCrypt.h> | |||
#include <rfb/LogWriter.h> | |||
#include <list> | |||
using namespace rfb; | |||
using namespace rdr; | |||
using namespace std; | |||
static LogWriter vlog("CVeNCrypt"); | |||
CSecurityVeNCrypt::CSecurityVeNCrypt(Security* sec) : csecurity(NULL), security(sec) | |||
{ | |||
haveRecvdMajorVersion = false; | |||
haveRecvdMinorVersion = false; | |||
haveSentVersion = false; | |||
haveAgreedVersion = false; | |||
haveListOfTypes = false; | |||
haveNumberOfTypes = false; | |||
haveChosenType = false; | |||
majorVersion = 0; | |||
minorVersion = 0; | |||
chosenType = secTypeVeNCrypt; | |||
nAvailableTypes = 0; | |||
availableTypes = NULL; | |||
iAvailableType = 0; | |||
} | |||
CSecurityVeNCrypt::~CSecurityVeNCrypt() | |||
{ | |||
if (availableTypes) | |||
delete[] availableTypes; | |||
} | |||
bool CSecurityVeNCrypt::processMsg(CConnection* cc) | |||
{ | |||
InStream* is = cc->getInStream(); | |||
OutStream* os = cc->getOutStream(); | |||
/* get major, minor versions, send what we can support (or 0.0 for can't support it) */ | |||
if (!haveRecvdMajorVersion) { | |||
majorVersion = is->readU8(); | |||
haveRecvdMajorVersion = true; | |||
return false; | |||
} | |||
if (!haveRecvdMinorVersion) { | |||
minorVersion = is->readU8(); | |||
haveRecvdMinorVersion = true; | |||
} | |||
/* major version in upper 8 bits and minor version in lower 8 bits */ | |||
U16 Version = (((U16) majorVersion) << 8) | ((U16) minorVersion); | |||
if (!haveSentVersion) { | |||
/* Currently we don't support former VeNCrypt 0.1 */ | |||
if (Version >= 0x0002) { | |||
majorVersion = 0; | |||
minorVersion = 2; | |||
os->writeU8(majorVersion); | |||
os->writeU8(minorVersion); | |||
os->flush(); | |||
} else { | |||
/* Send 0.0 to indicate no support */ | |||
majorVersion = 0; | |||
minorVersion = 0; | |||
os->writeU8(0); | |||
os->writeU8(0); | |||
os->flush(); | |||
throw AuthFailureException("The server reported an unsupported VeNCrypt version"); | |||
} | |||
haveSentVersion = true; | |||
return false; | |||
} | |||
/* Check that the server is OK */ | |||
if (!haveAgreedVersion) { | |||
if (is->readU8()) | |||
throw AuthFailureException("The server reported it could not support the " | |||
"VeNCrypt version"); | |||
haveAgreedVersion = true; | |||
return false; | |||
} | |||
/* get a number of types */ | |||
if (!haveNumberOfTypes) { | |||
nAvailableTypes = is->readU8(); | |||
iAvailableType = 0; | |||
if (!nAvailableTypes) | |||
throw AuthFailureException("The server reported no VeNCrypt sub-types"); | |||
availableTypes = new rdr::U32[nAvailableTypes]; | |||
haveNumberOfTypes = true; | |||
return false; | |||
} | |||
if (nAvailableTypes) { | |||
/* read in the types possible */ | |||
if (!haveListOfTypes) { | |||
if (is->checkNoWait(4)) { | |||
availableTypes[iAvailableType++] = is->readU32(); | |||
haveListOfTypes = (iAvailableType >= nAvailableTypes); | |||
vlog.debug("Server offers security type %s (%d)", | |||
secTypeName(availableTypes[iAvailableType - 1]), | |||
availableTypes[iAvailableType - 1]); | |||
if (!haveListOfTypes) | |||
return false; | |||
} else | |||
return false; | |||
} | |||
/* make a choice and send it to the server, meanwhile set up the stack */ | |||
if (!haveChosenType) { | |||
chosenType = secTypeInvalid; | |||
U8 i; | |||
list<U32>::iterator j; | |||
list<U32> preferredList; | |||
/* Try preferred choice */ | |||
preferredList = security->GetEnabledExtSecTypes(); | |||
for (j = preferredList.begin(); j != preferredList.end(); j++) { | |||
for (i = 0; i < nAvailableTypes; i++) { | |||
if (*j == availableTypes[i]) { | |||
chosenType = *j; | |||
break; | |||
} | |||
} | |||
if (chosenType != secTypeInvalid) | |||
break; | |||
} | |||
vlog.debug("Choosing security type %s (%d)", secTypeName(chosenType), | |||
chosenType); | |||
/* Set up the stack according to the chosen type: */ | |||
if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt) | |||
throw AuthFailureException("No valid VeNCrypt sub-type"); | |||
csecurity = security->GetCSecurity(chosenType); | |||
/* send chosen type to server */ | |||
os->writeU32(chosenType); | |||
os->flush(); | |||
haveChosenType = true; | |||
} | |||
} else { | |||
/* | |||
* Server told us that there are 0 types it can support - this should not | |||
* happen, since if the server supports 0 sub-types, it doesn't support | |||
* this security type | |||
*/ | |||
throw AuthFailureException("The server reported 0 VeNCrypt sub-types"); | |||
} | |||
return csecurity->processMsg(cc); | |||
} | |||
@@ -1,62 +1,62 @@ | |||
/* | |||
* Copyright (C) 2005-2006 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
// | |||
// CSecurityVeNCrypt | |||
// | |||
#ifndef __CSECURITYVENCRYPT_H__ | |||
#define __CSECURITYVENCRYPT_H__ | |||
#include <rfb/CSecurity.h> | |||
#include <rfb/Security.h> | |||
#include <rdr/types.h> | |||
namespace rfb { | |||
class CSecurityVeNCrypt : public CSecurity { | |||
public: | |||
CSecurityVeNCrypt(Security* sec); | |||
~CSecurityVeNCrypt(); | |||
virtual bool processMsg(CConnection* cc);// { return true; } | |||
int getType() const {return chosenType;} | |||
virtual const char* description() const { return secTypeName(chosenType); } | |||
static StringParameter secTypesStr; | |||
protected: | |||
CSecurity *csecurity; | |||
Security *security; | |||
bool haveRecvdMajorVersion; | |||
bool haveRecvdMinorVersion; | |||
bool haveSentVersion; | |||
bool haveAgreedVersion; | |||
bool haveListOfTypes; | |||
bool haveNumberOfTypes; | |||
bool haveChosenType; | |||
rdr::U8 majorVersion, minorVersion; | |||
rdr::U32 chosenType; | |||
rdr::U8 nAvailableTypes; | |||
rdr::U32 *availableTypes; | |||
rdr::U8 iAvailableType; | |||
const char* desc; | |||
}; | |||
} | |||
#endif | |||
/* | |||
* Copyright (C) 2005-2006 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
// | |||
// CSecurityVeNCrypt | |||
// | |||
#ifndef __CSECURITYVENCRYPT_H__ | |||
#define __CSECURITYVENCRYPT_H__ | |||
#include <rfb/CSecurity.h> | |||
#include <rfb/Security.h> | |||
#include <rdr/types.h> | |||
namespace rfb { | |||
class CSecurityVeNCrypt : public CSecurity { | |||
public: | |||
CSecurityVeNCrypt(Security* sec); | |||
~CSecurityVeNCrypt(); | |||
virtual bool processMsg(CConnection* cc);// { return true; } | |||
int getType() const {return chosenType;} | |||
virtual const char* description() const { return secTypeName(chosenType); } | |||
static StringParameter secTypesStr; | |||
protected: | |||
CSecurity *csecurity; | |||
Security *security; | |||
bool haveRecvdMajorVersion; | |||
bool haveRecvdMinorVersion; | |||
bool haveSentVersion; | |||
bool haveAgreedVersion; | |||
bool haveListOfTypes; | |||
bool haveNumberOfTypes; | |||
bool haveChosenType; | |||
rdr::U8 majorVersion, minorVersion; | |||
rdr::U32 chosenType; | |||
rdr::U8 nAvailableTypes; | |||
rdr::U32 *availableTypes; | |||
rdr::U8 iAvailableType; | |||
const char* desc; | |||
}; | |||
} | |||
#endif |
@@ -1,97 +1,97 @@ | |||
/* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#include <rfb/SSecurityPlain.h> | |||
#include <rfb/SConnection.h> | |||
#include <rfb/Exception.h> | |||
#include <rdr/InStream.h> | |||
using namespace rfb; | |||
StringParameter PasswordValidator::plainUsers | |||
("PlainUsers", | |||
"Users permitted to access via Plain security type (including TLSPlain, X509Plain etc.)", | |||
""); | |||
bool PasswordValidator::validUser(const char* username) | |||
{ | |||
CharArray users(strDup(plainUsers.getValueStr())), user; | |||
while (users.buf) { | |||
strSplit(users.buf, ',', &user.buf, &users.buf); | |||
#ifdef WIN32 | |||
if(0==stricmp(user.buf, "*")) | |||
return true; | |||
if(0==stricmp(user.buf, username)) | |||
return true; | |||
#else | |||
if(!strcmp (user.buf, "*")) | |||
return true; | |||
if(!strcmp (user.buf, username)) | |||
return true; | |||
#endif | |||
} | |||
return false; | |||
} | |||
SSecurityPlain::SSecurityPlain(PasswordValidator* _valid) | |||
{ | |||
valid=_valid; | |||
state=0; | |||
} | |||
bool SSecurityPlain::processMsg(SConnection* sc) | |||
{ | |||
rdr::InStream* is = sc->getInStream(); | |||
char* pw; | |||
char *uname; | |||
CharArray password; | |||
if(state==0) | |||
{ | |||
if(!is->checkNoWait(8)) | |||
return false; | |||
ulen=is->readU32(); | |||
plen=is->readU32(); | |||
state=1; | |||
} | |||
if(state==1) | |||
{ | |||
if(is->checkNoWait(ulen+plen+2)) | |||
return false; | |||
state=2; | |||
pw=new char[plen+1]; | |||
uname=new char[ulen+1]; | |||
username.replaceBuf(uname); | |||
password.replaceBuf(pw); | |||
is->readBytes(uname,ulen); | |||
is->readBytes(pw,plen); | |||
pw[plen]=0; | |||
uname[ulen]=0; | |||
plen=0; | |||
if(!valid->validate(sc,uname,pw)) | |||
throw AuthFailureException("invalid password or username"); | |||
return true; | |||
} | |||
return true; | |||
} | |||
/* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#include <rfb/SSecurityPlain.h> | |||
#include <rfb/SConnection.h> | |||
#include <rfb/Exception.h> | |||
#include <rdr/InStream.h> | |||
using namespace rfb; | |||
StringParameter PasswordValidator::plainUsers | |||
("PlainUsers", | |||
"Users permitted to access via Plain security type (including TLSPlain, X509Plain etc.)", | |||
""); | |||
bool PasswordValidator::validUser(const char* username) | |||
{ | |||
CharArray users(strDup(plainUsers.getValueStr())), user; | |||
while (users.buf) { | |||
strSplit(users.buf, ',', &user.buf, &users.buf); | |||
#ifdef WIN32 | |||
if(0==stricmp(user.buf, "*")) | |||
return true; | |||
if(0==stricmp(user.buf, username)) | |||
return true; | |||
#else | |||
if(!strcmp (user.buf, "*")) | |||
return true; | |||
if(!strcmp (user.buf, username)) | |||
return true; | |||
#endif | |||
} | |||
return false; | |||
} | |||
SSecurityPlain::SSecurityPlain(PasswordValidator* _valid) | |||
{ | |||
valid=_valid; | |||
state=0; | |||
} | |||
bool SSecurityPlain::processMsg(SConnection* sc) | |||
{ | |||
rdr::InStream* is = sc->getInStream(); | |||
char* pw; | |||
char *uname; | |||
CharArray password; | |||
if(state==0) | |||
{ | |||
if(!is->checkNoWait(8)) | |||
return false; | |||
ulen=is->readU32(); | |||
plen=is->readU32(); | |||
state=1; | |||
} | |||
if(state==1) | |||
{ | |||
if(is->checkNoWait(ulen+plen+2)) | |||
return false; | |||
state=2; | |||
pw=new char[plen+1]; | |||
uname=new char[ulen+1]; | |||
username.replaceBuf(uname); | |||
password.replaceBuf(pw); | |||
is->readBytes(uname,ulen); | |||
is->readBytes(pw,plen); | |||
pw[plen]=0; | |||
uname[ulen]=0; | |||
plen=0; | |||
if(!valid->validate(sc,uname,pw)) | |||
throw AuthFailureException("invalid password or username"); | |||
return true; | |||
} | |||
return true; | |||
} | |||
@@ -1,60 +1,60 @@ | |||
/* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef __RFB_SSECURITYPLAIN_H__ | |||
#define __RFB_SSECURITYPLAIN_H__ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#include <rfb/SConnection.h> | |||
#include <rfb/SSecurity.h> | |||
#include <rfb/SSecurityVeNCrypt.h> | |||
#include <rfb/util.h> | |||
#include <rfb/Configuration.h> | |||
namespace rfb { | |||
class PasswordValidator { | |||
public: | |||
// validate username / password combination | |||
bool validate(SConnection* sc, const char *username, const char *password) { return validUser(username) ? validateInternal(sc, username, password) : false; }; | |||
static StringParameter plainUsers; | |||
protected: | |||
virtual bool validateInternal(SConnection* sc, const char *username, const char *password)=0; | |||
static bool validUser(const char* username); | |||
}; | |||
class SSecurityPlain : public SSecurity { | |||
public: | |||
SSecurityPlain(PasswordValidator* valid); | |||
virtual bool processMsg(SConnection* sc); | |||
virtual int getType() const {return secTypePlain;}; | |||
virtual const char* getUserName() const { return username.buf; } | |||
private: | |||
PasswordValidator* valid; | |||
unsigned int ulen,plen,state; | |||
CharArray username; | |||
}; | |||
} | |||
#endif | |||
/* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef __RFB_SSECURITYPLAIN_H__ | |||
#define __RFB_SSECURITYPLAIN_H__ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#include <rfb/SConnection.h> | |||
#include <rfb/SSecurity.h> | |||
#include <rfb/SSecurityVeNCrypt.h> | |||
#include <rfb/util.h> | |||
#include <rfb/Configuration.h> | |||
namespace rfb { | |||
class PasswordValidator { | |||
public: | |||
// validate username / password combination | |||
bool validate(SConnection* sc, const char *username, const char *password) { return validUser(username) ? validateInternal(sc, username, password) : false; }; | |||
static StringParameter plainUsers; | |||
protected: | |||
virtual bool validateInternal(SConnection* sc, const char *username, const char *password)=0; | |||
static bool validUser(const char* username); | |||
}; | |||
class SSecurityPlain : public SSecurity { | |||
public: | |||
SSecurityPlain(PasswordValidator* valid); | |||
virtual bool processMsg(SConnection* sc); | |||
virtual int getType() const {return secTypePlain;}; | |||
virtual const char* getUserName() const { return username.buf; } | |||
private: | |||
PasswordValidator* valid; | |||
unsigned int ulen,plen,state; | |||
CharArray username; | |||
}; | |||
} | |||
#endif | |||
@@ -1,41 +1,41 @@ | |||
/* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef __RFB_SSECURITYSTACK_H__ | |||
#define __RFB_SSECURITYSTACK_H__ | |||
#include <rfb/SSecurity.h> | |||
namespace rfb { | |||
class SSecurityStack : public SSecurity { | |||
public: | |||
SSecurityStack(int Type, SSecurity* s0 = 0, SSecurity* s1 = 0); | |||
~SSecurityStack(); | |||
virtual bool processMsg(SConnection* cc); | |||
virtual int getType() const { return type; }; | |||
virtual const char* getUserName() const; | |||
protected: | |||
short state; | |||
SSecurity* state0; | |||
SSecurity* state1; | |||
int type; | |||
}; | |||
} | |||
#endif | |||
/* Copyright (C) 2005 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef __RFB_SSECURITYSTACK_H__ | |||
#define __RFB_SSECURITYSTACK_H__ | |||
#include <rfb/SSecurity.h> | |||
namespace rfb { | |||
class SSecurityStack : public SSecurity { | |||
public: | |||
SSecurityStack(int Type, SSecurity* s0 = 0, SSecurity* s1 = 0); | |||
~SSecurityStack(); | |||
virtual bool processMsg(SConnection* cc); | |||
virtual int getType() const { return type; }; | |||
virtual const char* getUserName() const; | |||
protected: | |||
short state; | |||
SSecurity* state0; | |||
SSecurity* state1; | |||
int type; | |||
}; | |||
} | |||
#endif |
@@ -1,173 +1,173 @@ | |||
/* | |||
* Copyright (C) 2005-2006 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
/* | |||
* SSecurityVeNCrypt | |||
*/ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#include <rfb/SSecurityVeNCrypt.h> | |||
#include <rfb/Exception.h> | |||
#include <rfb/LogWriter.h> | |||
#include <rdr/InStream.h> | |||
#include <rdr/OutStream.h> | |||
using namespace rfb; | |||
using namespace rdr; | |||
using namespace std; | |||
static LogWriter vlog("SVeNCrypt"); | |||
SSecurityVeNCrypt::SSecurityVeNCrypt(Security *sec) : security(sec) | |||
{ | |||
ssecurity = NULL; | |||
haveSentVersion = false; | |||
haveRecvdMajorVersion = false; | |||
haveRecvdMinorVersion = false; | |||
majorVersion = 0; | |||
minorVersion = 0; | |||
haveSentTypes = false; | |||
haveChosenType = false; | |||
chosenType = secTypeVeNCrypt; | |||
numTypes = 0; | |||
subTypes = NULL; | |||
} | |||
SSecurityVeNCrypt::~SSecurityVeNCrypt() | |||
{ | |||
if (subTypes) { | |||
delete [] subTypes; | |||
subTypes = NULL; | |||
} | |||
} | |||
bool SSecurityVeNCrypt::processMsg(SConnection* sc) | |||
{ | |||
rdr::InStream* is = sc->getInStream(); | |||
rdr::OutStream* os = sc->getOutStream(); | |||
rdr::U8 i; | |||
/* VeNCrypt initialization */ | |||
/* Send the highest version we can support */ | |||
if (!haveSentVersion) { | |||
os->writeU8(0); | |||
os->writeU8(2); | |||
haveSentVersion = true; | |||
os->flush(); | |||
return false; | |||
} | |||
/* Receive back highest version that client can support (up to and including ours) */ | |||
if (!haveRecvdMajorVersion) { | |||
majorVersion = is->readU8(); | |||
haveRecvdMajorVersion = true; | |||
return false; | |||
} | |||
if (!haveRecvdMinorVersion) { | |||
minorVersion = is->readU8(); | |||
haveRecvdMinorVersion = true; | |||
/* WORD value with major version in upper 8 bits and minor version in lower 8 bits */ | |||
U16 Version = (((U16)majorVersion) << 8) | ((U16)minorVersion); | |||
switch (Version) { | |||
case 0x0000: /* 0.0 - The client cannot support us! */ | |||
case 0x0001: /* 0.1 Legacy VeNCrypt, not supported */ | |||
os->writeU8(0xFF); /* This is not OK */ | |||
os->flush(); | |||
throw AuthFailureException("The client cannot support the server's " | |||
"VeNCrypt version"); | |||
case 0x0002: /* 0.2 */ | |||
os->writeU8(0); /* OK */ | |||
break; | |||
default: | |||
os->writeU8(0xFF); /* Not OK */ | |||
os->flush(); | |||
throw AuthFailureException("The client returned an unsupported VeNCrypt version"); | |||
} | |||
} | |||
/* | |||
* send number of supported VeNCrypt authentication types (U8) followed | |||
* by authentication types (U32s) | |||
*/ | |||
if (!haveSentTypes) { | |||
list<U32> listSubTypes; | |||
listSubTypes = security->GetEnabledExtSecTypes(); | |||
numTypes = listSubTypes.size(); | |||
subTypes = new U32[numTypes]; | |||
for (i = 0; i < numTypes; i++) { | |||
subTypes[i] = listSubTypes.front(); | |||
listSubTypes.pop_front(); | |||
} | |||
if (numTypes) { | |||
os->writeU8(numTypes); | |||
for (i = 0; i < numTypes; i++) | |||
os->writeU32(subTypes[i]); | |||
os->flush(); | |||
haveSentTypes = true; | |||
return false; | |||
} else | |||
throw AuthFailureException("There are no VeNCrypt sub-types to send to the client"); | |||
} | |||
/* get type back from client (must be one of the ones we sent) */ | |||
if (!haveChosenType) { | |||
is->check(4); | |||
chosenType = is->readU32(); | |||
for (i = 0; i < numTypes; i++) { | |||
if (chosenType == subTypes[i]) { | |||
haveChosenType = true; | |||
break; | |||
} | |||
} | |||
if (!haveChosenType) | |||
chosenType = secTypeInvalid; | |||
vlog.debug("Choosing security type %s (%d)", secTypeName(chosenType), | |||
chosenType); | |||
/* Set up the stack according to the chosen type */ | |||
if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt) | |||
throw AuthFailureException("No valid VeNCrypt sub-type"); | |||
ssecurity = security->GetSSecurity(chosenType); | |||
} | |||
/* continue processing the messages */ | |||
return ssecurity->processMsg(sc); | |||
} | |||
/* | |||
* Copyright (C) 2005-2006 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
/* | |||
* SSecurityVeNCrypt | |||
*/ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#include <rfb/SSecurityVeNCrypt.h> | |||
#include <rfb/Exception.h> | |||
#include <rfb/LogWriter.h> | |||
#include <rdr/InStream.h> | |||
#include <rdr/OutStream.h> | |||
using namespace rfb; | |||
using namespace rdr; | |||
using namespace std; | |||
static LogWriter vlog("SVeNCrypt"); | |||
SSecurityVeNCrypt::SSecurityVeNCrypt(Security *sec) : security(sec) | |||
{ | |||
ssecurity = NULL; | |||
haveSentVersion = false; | |||
haveRecvdMajorVersion = false; | |||
haveRecvdMinorVersion = false; | |||
majorVersion = 0; | |||
minorVersion = 0; | |||
haveSentTypes = false; | |||
haveChosenType = false; | |||
chosenType = secTypeVeNCrypt; | |||
numTypes = 0; | |||
subTypes = NULL; | |||
} | |||
SSecurityVeNCrypt::~SSecurityVeNCrypt() | |||
{ | |||
if (subTypes) { | |||
delete [] subTypes; | |||
subTypes = NULL; | |||
} | |||
} | |||
bool SSecurityVeNCrypt::processMsg(SConnection* sc) | |||
{ | |||
rdr::InStream* is = sc->getInStream(); | |||
rdr::OutStream* os = sc->getOutStream(); | |||
rdr::U8 i; | |||
/* VeNCrypt initialization */ | |||
/* Send the highest version we can support */ | |||
if (!haveSentVersion) { | |||
os->writeU8(0); | |||
os->writeU8(2); | |||
haveSentVersion = true; | |||
os->flush(); | |||
return false; | |||
} | |||
/* Receive back highest version that client can support (up to and including ours) */ | |||
if (!haveRecvdMajorVersion) { | |||
majorVersion = is->readU8(); | |||
haveRecvdMajorVersion = true; | |||
return false; | |||
} | |||
if (!haveRecvdMinorVersion) { | |||
minorVersion = is->readU8(); | |||
haveRecvdMinorVersion = true; | |||
/* WORD value with major version in upper 8 bits and minor version in lower 8 bits */ | |||
U16 Version = (((U16)majorVersion) << 8) | ((U16)minorVersion); | |||
switch (Version) { | |||
case 0x0000: /* 0.0 - The client cannot support us! */ | |||
case 0x0001: /* 0.1 Legacy VeNCrypt, not supported */ | |||
os->writeU8(0xFF); /* This is not OK */ | |||
os->flush(); | |||
throw AuthFailureException("The client cannot support the server's " | |||
"VeNCrypt version"); | |||
case 0x0002: /* 0.2 */ | |||
os->writeU8(0); /* OK */ | |||
break; | |||
default: | |||
os->writeU8(0xFF); /* Not OK */ | |||
os->flush(); | |||
throw AuthFailureException("The client returned an unsupported VeNCrypt version"); | |||
} | |||
} | |||
/* | |||
* send number of supported VeNCrypt authentication types (U8) followed | |||
* by authentication types (U32s) | |||
*/ | |||
if (!haveSentTypes) { | |||
list<U32> listSubTypes; | |||
listSubTypes = security->GetEnabledExtSecTypes(); | |||
numTypes = listSubTypes.size(); | |||
subTypes = new U32[numTypes]; | |||
for (i = 0; i < numTypes; i++) { | |||
subTypes[i] = listSubTypes.front(); | |||
listSubTypes.pop_front(); | |||
} | |||
if (numTypes) { | |||
os->writeU8(numTypes); | |||
for (i = 0; i < numTypes; i++) | |||
os->writeU32(subTypes[i]); | |||
os->flush(); | |||
haveSentTypes = true; | |||
return false; | |||
} else | |||
throw AuthFailureException("There are no VeNCrypt sub-types to send to the client"); | |||
} | |||
/* get type back from client (must be one of the ones we sent) */ | |||
if (!haveChosenType) { | |||
is->check(4); | |||
chosenType = is->readU32(); | |||
for (i = 0; i < numTypes; i++) { | |||
if (chosenType == subTypes[i]) { | |||
haveChosenType = true; | |||
break; | |||
} | |||
} | |||
if (!haveChosenType) | |||
chosenType = secTypeInvalid; | |||
vlog.debug("Choosing security type %s (%d)", secTypeName(chosenType), | |||
chosenType); | |||
/* Set up the stack according to the chosen type */ | |||
if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt) | |||
throw AuthFailureException("No valid VeNCrypt sub-type"); | |||
ssecurity = security->GetSSecurity(chosenType); | |||
} | |||
/* continue processing the messages */ | |||
return ssecurity->processMsg(sc); | |||
} | |||
@@ -1,54 +1,54 @@ | |||
/* | |||
* Copyright (C) 2005-2006 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
// | |||
// SSecurityVeNCrypt | |||
// | |||
#ifndef __SSECURITYVENCRYPT_H__ | |||
#define __SSECURITYVENCRYPT_H__ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#include <rfb/SSecurityStack.h> | |||
#include <rfb/SConnection.h> | |||
namespace rfb { | |||
class SSecurityVeNCrypt : public SSecurity { | |||
public: | |||
SSecurityVeNCrypt(Security *sec); | |||
~SSecurityVeNCrypt(); | |||
virtual bool processMsg(SConnection* sc);// { return true; } | |||
virtual int getType() const { return secTypeVeNCrypt; } | |||
virtual const char* getUserName() const { return NULL; } | |||
protected: | |||
SSecurity *ssecurity; | |||
Security *security; | |||
bool haveSentVersion, haveRecvdMajorVersion, haveRecvdMinorVersion; | |||
bool haveSentTypes, haveChosenType; | |||
rdr::U8 majorVersion, minorVersion, numTypes; | |||
rdr::U32 *subTypes, chosenType; | |||
}; | |||
} | |||
#endif | |||
/* | |||
* Copyright (C) 2005-2006 Martin Koegler | |||
* Copyright (C) 2006 OCCAM Financial Technology | |||
* Copyright (C) 2010 TigerVNC Team | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
// | |||
// SSecurityVeNCrypt | |||
// | |||
#ifndef __SSECURITYVENCRYPT_H__ | |||
#define __SSECURITYVENCRYPT_H__ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#include <rfb/SSecurityStack.h> | |||
#include <rfb/SConnection.h> | |||
namespace rfb { | |||
class SSecurityVeNCrypt : public SSecurity { | |||
public: | |||
SSecurityVeNCrypt(Security *sec); | |||
~SSecurityVeNCrypt(); | |||
virtual bool processMsg(SConnection* sc);// { return true; } | |||
virtual int getType() const { return secTypeVeNCrypt; } | |||
virtual const char* getUserName() const { return NULL; } | |||
protected: | |||
SSecurity *ssecurity; | |||
Security *security; | |||
bool haveSentVersion, haveRecvdMajorVersion, haveRecvdMinorVersion; | |||
bool haveSentTypes, haveChosenType; | |||
rdr::U8 majorVersion, minorVersion, numTypes; | |||
rdr::U32 *subTypes, chosenType; | |||
}; | |||
} | |||
#endif |