Indicate to the user how secure the transport channel is so they can avoid entering their password for untrusted sites.tags/v1.8.90
@@ -134,6 +134,8 @@ namespace rfb { | |||
// Identities, to determine the unique(ish) name of the server. | |||
const char* getServerName() const { return serverName.buf; } | |||
bool isSecure() const { return csecurity ? csecurity->isSecure() : false; } | |||
enum stateEnum { | |||
RFBSTATE_UNINITIALISED, | |||
RFBSTATE_PROTOCOL_VERSION, |
@@ -49,6 +49,7 @@ namespace rfb { | |||
virtual void destroy() { delete this; } | |||
virtual int getType() const = 0; | |||
virtual const char* description() const = 0; | |||
virtual bool isSecure() const { return false; } | |||
/* | |||
* Use variable directly instead of dumb get/set methods. |
@@ -33,7 +33,7 @@ bool CSecurityPlain::processMsg(CConnection* cc) | |||
CharArray username; | |||
CharArray password; | |||
(CSecurity::upg)->getUserPasswd(&username.buf, &password.buf); | |||
(CSecurity::upg)->getUserPasswd(cc->isSecure(), &username.buf, &password.buf); | |||
// Return the response to the server | |||
os->writeU32(strlen(username.buf)); |
@@ -63,3 +63,12 @@ bool CSecurityStack::processMsg(CConnection* cc) | |||
return res; | |||
} | |||
bool CSecurityStack::isSecure() const | |||
{ | |||
if (state0 && state0->isSecure()) | |||
return true; | |||
if (state == 1 && state1 && state1->isSecure()) | |||
return true; | |||
return false; | |||
} |
@@ -32,6 +32,7 @@ namespace rfb { | |||
virtual bool processMsg(CConnection* cc); | |||
virtual int getType() const {return type;}; | |||
virtual const char* description() const {return name;} | |||
virtual bool isSecure() const; | |||
protected: | |||
int state; | |||
CSecurity* state0; |
@@ -48,6 +48,7 @@ namespace rfb { | |||
virtual int getType() const { return anon ? secTypeTLSNone : secTypeX509None; } | |||
virtual const char* description() const | |||
{ return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } | |||
virtual bool isSecure() const { return !anon; } | |||
static void setDefaults(); | |||
static StringParameter X509CA; |
@@ -191,3 +191,9 @@ bool CSecurityVeNCrypt::processMsg(CConnection* cc) | |||
return csecurity->processMsg(cc); | |||
} | |||
bool CSecurityVeNCrypt::isSecure() const | |||
{ | |||
if (csecurity && csecurity->isSecure()) | |||
return true; | |||
return false; | |||
} |
@@ -39,6 +39,7 @@ namespace rfb { | |||
virtual bool processMsg(CConnection* cc);// { return true; } | |||
int getType() const {return chosenType;} | |||
virtual const char* description() const { return secTypeName(chosenType); } | |||
virtual bool isSecure() const; | |||
protected: | |||
CSecurity *csecurity; |
@@ -49,7 +49,7 @@ bool CSecurityVncAuth::processMsg(CConnection* cc) | |||
rdr::U8 challenge[vncAuthChallengeSize]; | |||
is->readBytes(challenge, vncAuthChallengeSize); | |||
PlainPasswd passwd; | |||
(CSecurity::upg)->getUserPasswd(0, &passwd.buf); | |||
(CSecurity::upg)->getUserPasswd(cc->isSecure(), 0, &passwd.buf); | |||
// Calculate the correct response | |||
rdr::U8 key[8]; |
@@ -24,7 +24,7 @@ namespace rfb { | |||
// dialog, getpass(), etc. The user buffer pointer can be null, in which | |||
// case no user name will be retrieved. The caller MUST delete [] the | |||
// result(s). | |||
virtual void getUserPasswd(char** user, char** password)=0; | |||
virtual void getUserPasswd(bool secure, char** user, char** password)=0; | |||
}; | |||
} | |||
#endif |
@@ -0,0 +1,107 @@ | |||
<?xml version="1.0" encoding="UTF-8" standalone="no"?> | |||
<!-- Created with Inkscape (http://www.inkscape.org/) --> | |||
<svg | |||
xmlns:dc="http://purl.org/dc/elements/1.1/" | |||
xmlns:cc="http://creativecommons.org/ns#" | |||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" | |||
xmlns:svg="http://www.w3.org/2000/svg" | |||
xmlns="http://www.w3.org/2000/svg" | |||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" | |||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" | |||
width="16" | |||
height="16" | |||
viewBox="0 0 4.2333332 4.2333335" | |||
version="1.1" | |||
id="svg8" | |||
inkscape:version="0.92+devel unknown" | |||
sodipodi:docname="insecure.svg"> | |||
<defs | |||
id="defs2" /> | |||
<sodipodi:namedview | |||
id="base" | |||
pagecolor="#ffffff" | |||
bordercolor="#666666" | |||
borderopacity="1.0" | |||
inkscape:pageopacity="0.0" | |||
inkscape:pageshadow="2" | |||
inkscape:zoom="16" | |||
inkscape:cx="4.5653262" | |||
inkscape:cy="11.192284" | |||
inkscape:document-units="mm" | |||
inkscape:current-layer="layer1" | |||
inkscape:document-rotation="0" | |||
showgrid="true" | |||
units="px" | |||
inkscape:window-width="1920" | |||
inkscape:window-height="1136" | |||
inkscape:window-x="1920" | |||
inkscape:window-y="27" | |||
inkscape:window-maximized="1"> | |||
<inkscape:grid | |||
type="xygrid" | |||
id="grid10" /> | |||
</sodipodi:namedview> | |||
<metadata | |||
id="metadata5"> | |||
<rdf:RDF> | |||
<cc:Work | |||
rdf:about=""> | |||
<dc:format>image/svg+xml</dc:format> | |||
<dc:type | |||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /> | |||
<dc:title></dc:title> | |||
</cc:Work> | |||
</rdf:RDF> | |||
</metadata> | |||
<g | |||
inkscape:label="Layer 1" | |||
inkscape:groupmode="layer" | |||
id="layer1" | |||
transform="translate(0,-292.76665)"> | |||
<rect | |||
style="fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.13229166;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:0.26458333, 0.79374999" | |||
id="rect878" | |||
width="4.2333331" | |||
height="4.2333331" | |||
x="0" | |||
y="292.76666" /> | |||
<rect | |||
style="fill:#ff0000;stroke-width:0.13229166;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:0.26458333, 0.79375" | |||
id="rect926" | |||
width="4.2333331" | |||
height="4.2333331" | |||
x="-5.5511151e-17" | |||
y="292.76666" /> | |||
<rect | |||
style="fill:#000000;fill-opacity:1;stroke-width:0.10103943;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:0.20207887, 0.60623662" | |||
id="rect12-3" | |||
width="3.175" | |||
height="1.8520833" | |||
x="0.52916664" | |||
y="294.61874" | |||
ry="0.26457277" /> | |||
<path | |||
inkscape:connector-curvature="0" | |||
style="fill:#000000;stroke-width:0.13229166;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:0.26458333, 0.79374999" | |||
d="m 2.1166667,293.29579 a 1.0583332,1.0583332 0 0 0 -1.0583334,1.05833 v 0.79375 h 0.3601848 a 1.0583332,1.0583332 0 0 0 0.6981486,0.26458 1.0583332,1.0583332 0 0 0 0.6981486,-0.26458 H 3.175 v -0.79375 a 1.0583332,1.0583332 0 0 0 -1.0583333,-1.05833 z m 0,0.52916 a 0.52916664,0.52916664 0 0 1 0.5291666,0.52917 v 0.79375 H 1.5875 v -0.79375 a 0.52916664,0.52916664 0 0 1 0.5291667,-0.52917 z" | |||
id="path913" /> | |||
<rect | |||
style="fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.30752403;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:0.61504807, 1.84514421" | |||
id="rect871" | |||
width="4.4979167" | |||
height="0.52916664" | |||
x="-209.4492" | |||
y="209.48177" | |||
transform="rotate(-45)" /> | |||
<rect | |||
transform="rotate(-45)" | |||
y="210.0107" | |||
x="-209.26234" | |||
height="0.52916664" | |||
width="4.6772137" | |||
id="rect875" | |||
style="fill:#ff0000;fill-opacity:1;stroke:none;stroke-width:0.30752403;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:0.61504807, 1.84514421" | |||
ry="0" /> | |||
</g> | |||
</svg> |
@@ -0,0 +1,71 @@ | |||
/* XPM */ | |||
static char *insecure[] = { | |||
/* columns rows colors chars-per-pixel */ | |||
"15 15 50 1 ", | |||
" c black", | |||
". c #020000", | |||
"X c #050000", | |||
"o c #080000", | |||
"O c #0A0000", | |||
"+ c #0C0000", | |||
"@ c #0D0000", | |||
"# c #0F0000", | |||
"$ c #100000", | |||
"% c #110000", | |||
"& c #120000", | |||
"* c #140000", | |||
"= c #290000", | |||
"- c #330000", | |||
"; c #370000", | |||
": c #430000", | |||
"> c #560000", | |||
", c #620000", | |||
"< c #660000", | |||
"1 c #6C0000", | |||
"2 c #7D0000", | |||
"3 c #800000", | |||
"4 c #810000", | |||
"5 c #840000", | |||
"6 c #870000", | |||
"7 c #950000", | |||
"8 c #A20000", | |||
"9 c #AB0000", | |||
"0 c #B30000", | |||
"q c #B40000", | |||
"w c #C00000", | |||
"e c #C40000", | |||
"r c #CD0000", | |||
"t c #DC0000", | |||
"y c #DD0000", | |||
"u c #DF0000", | |||
"i c #E40000", | |||
"p c #E50000", | |||
"a c #E60000", | |||
"s c #EA0000", | |||
"d c #EB0000", | |||
"f c #ED0000", | |||
"g c #F00000", | |||
"h c #F40000", | |||
"j c #F90000", | |||
"k c #FA0000", | |||
"l c #FB0000", | |||
"z c #FC0000", | |||
"x c #FD0000", | |||
"c c red", | |||
/* pixels */ | |||
"ccccccccccccccc", | |||
"ccccccjpkcr:fcc", | |||
"ccccz6+ @1$ rcc", | |||
"cccc2 O-o wccc", | |||
"cccdX%tr# 4cccc", | |||
"ccce >r& 7czccc", | |||
"ccq< =O 8cg60cc", | |||
"cs. 3cg; ac", | |||
"cu 3cg; uc", | |||
"cu 3cg; uc", | |||
"c0 3cg; uc", | |||
"r$ 3cg; uc", | |||
", 5cg; *hc", | |||
"l9lxiyyyyyyyhcc", | |||
"ccccccccccccccc" | |||
}; |
@@ -0,0 +1,83 @@ | |||
<?xml version="1.0" encoding="UTF-8" standalone="no"?> | |||
<!-- Created with Inkscape (http://www.inkscape.org/) --> | |||
<svg | |||
xmlns:dc="http://purl.org/dc/elements/1.1/" | |||
xmlns:cc="http://creativecommons.org/ns#" | |||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" | |||
xmlns:svg="http://www.w3.org/2000/svg" | |||
xmlns="http://www.w3.org/2000/svg" | |||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" | |||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" | |||
width="16" | |||
height="16" | |||
viewBox="0 0 4.2333332 4.2333335" | |||
version="1.1" | |||
id="svg8" | |||
inkscape:version="0.92+devel unknown" | |||
sodipodi:docname="secure.svg"> | |||
<defs | |||
id="defs2" /> | |||
<sodipodi:namedview | |||
id="base" | |||
pagecolor="#ffffff" | |||
bordercolor="#666666" | |||
borderopacity="1.0" | |||
inkscape:pageopacity="0.0" | |||
inkscape:pageshadow="2" | |||
inkscape:zoom="32" | |||
inkscape:cx="19.34416" | |||
inkscape:cy="11.532874" | |||
inkscape:document-units="mm" | |||
inkscape:current-layer="layer1" | |||
inkscape:document-rotation="0" | |||
showgrid="true" | |||
units="px" | |||
inkscape:window-width="1920" | |||
inkscape:window-height="1136" | |||
inkscape:window-x="1920" | |||
inkscape:window-y="27" | |||
inkscape:window-maximized="1"> | |||
<inkscape:grid | |||
type="xygrid" | |||
id="grid10" /> | |||
</sodipodi:namedview> | |||
<metadata | |||
id="metadata5"> | |||
<rdf:RDF> | |||
<cc:Work | |||
rdf:about=""> | |||
<dc:format>image/svg+xml</dc:format> | |||
<dc:type | |||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /> | |||
<dc:title /> | |||
</cc:Work> | |||
</rdf:RDF> | |||
</metadata> | |||
<g | |||
inkscape:label="Layer 1" | |||
inkscape:groupmode="layer" | |||
id="layer1" | |||
transform="translate(0,-292.76665)"> | |||
<rect | |||
style="fill:#00ff00;stroke-width:0.13229166;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:0.26458333, 0.79374999000000002" | |||
id="rect926" | |||
width="4.2333331" | |||
height="4.2333331" | |||
x="0" | |||
y="292.76666" /> | |||
<rect | |||
style="fill:#000000;fill-opacity:1;stroke-width:0.10103943;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:0.20207887, 0.60623661" | |||
id="rect12" | |||
width="3.175" | |||
height="1.8520833" | |||
x="0.52916664" | |||
y="294.61874" | |||
ry="0.26457277" /> | |||
<path | |||
style="fill:#000000;stroke-width:0.49999997;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:0.99999999, 2.99999996" | |||
d="M 8 2 A 3.9999996 3.9999996 0 0 0 4 6 L 4 9 L 5.3613281 9 A 3.9999996 3.9999996 0 0 0 8 10 A 3.9999996 3.9999996 0 0 0 10.638672 9 L 12 9 L 12 6 A 3.9999996 3.9999996 0 0 0 8 2 z M 8 4 A 1.9999999 1.9999999 0 0 1 10 6 L 10 9 L 6 9 L 6 6 A 1.9999999 1.9999999 0 0 1 8 4 z " | |||
transform="matrix(0.26458333,0,0,0.26458333,0,292.76665)" | |||
id="path913" /> | |||
</g> | |||
</svg> |
@@ -0,0 +1,56 @@ | |||
/* XPM */ | |||
static char *secure[] = { | |||
/* columns rows colors chars-per-pixel */ | |||
"15 15 35 1 ", | |||
" c black", | |||
". c #000200", | |||
"X c #000500", | |||
"o c #000A00", | |||
"O c #000C00", | |||
"+ c #000D00", | |||
"@ c #001000", | |||
"# c #001100", | |||
"$ c #001400", | |||
"% c #003300", | |||
"& c #005500", | |||
"* c #005600", | |||
"= c #006600", | |||
"- c #007D00", | |||
"; c #007E00", | |||
": c #008700", | |||
"> c #008800", | |||
", c #00B300", | |||
"< c #00B400", | |||
"1 c #00C400", | |||
"2 c #00DB00", | |||
"3 c #00DC00", | |||
"4 c #00DD00", | |||
"5 c #00DF00", | |||
"6 c #00E500", | |||
"7 c #00E600", | |||
"8 c #00EA00", | |||
"9 c #00EB00", | |||
"0 c #00ED00", | |||
"q c #00F000", | |||
"w c #00F400", | |||
"e c #00F900", | |||
"r c #00FA00", | |||
"t c #00FC00", | |||
"y c green", | |||
/* pixels */ | |||
"yyyyyyyyyyyyyyy", | |||
"yyyyyye6ryyyyyy", | |||
"yyyyt:O +>tyyyy", | |||
"yyyy- o%o ;yyyy", | |||
"yyy9X#3y2@X0yyy", | |||
"yyy1 *yyy& 1yyy", | |||
"yy<= %>>>% =,yy", | |||
"y8. 7y", | |||
"y5 5y", | |||
"y5 5y", | |||
"y5 5y", | |||
"y5 5y", | |||
"yw# $wy", | |||
"yyq444444444wyy", | |||
"yyyyyyyyyyyyyyy" | |||
}; |
@@ -32,6 +32,7 @@ | |||
#include <FL/Fl_Secret_Input.H> | |||
#include <FL/Fl_Button.H> | |||
#include <FL/Fl_Return_Button.H> | |||
#include <FL/Fl_Pixmap.H> | |||
#include <rfb/util.h> | |||
#include <rfb/Password.h> | |||
@@ -42,8 +43,18 @@ | |||
#include "parameters.h" | |||
#include "UserDialog.h" | |||
/* xpm:s predate const, so they have invalid definitions */ | |||
#pragma GCC diagnostic push | |||
#pragma GCC diagnostic ignored "-Wwrite-strings" | |||
#include "../media/secure.xpm" | |||
#include "../media/insecure.xpm" | |||
#pragma GCC diagnostic pop | |||
using namespace rfb; | |||
static Fl_Pixmap secure_icon(secure); | |||
static Fl_Pixmap insecure_icon(insecure); | |||
static int ret_val = 0; | |||
static void button_cb(Fl_Widget *widget, void *val) { | |||
@@ -59,7 +70,7 @@ UserDialog::~UserDialog() | |||
{ | |||
} | |||
void UserDialog::getUserPasswd(char** user, char** password) | |||
void UserDialog::getUserPasswd(bool secure, char** user, char** password) | |||
{ | |||
CharArray passwordFileStr(passwordFile.getData()); | |||
@@ -83,6 +94,7 @@ void UserDialog::getUserPasswd(char** user, char** password) | |||
} | |||
Fl_Window *win; | |||
Fl_Box *banner; | |||
Fl_Input *username; | |||
Fl_Secret_Input *passwd; | |||
Fl_Box *icon; | |||
@@ -93,9 +105,22 @@ void UserDialog::getUserPasswd(char** user, char** password) | |||
win = new Fl_Window(410, 145, _("VNC authentication")); | |||
win->callback(button_cb,(void *)0); | |||
y = 10; | |||
banner = new Fl_Box(0, 0, win->w(), 20); | |||
banner->align(FL_ALIGN_CENTER|FL_ALIGN_INSIDE|FL_ALIGN_IMAGE_NEXT_TO_TEXT); | |||
banner->box(FL_FLAT_BOX); | |||
if (secure) { | |||
banner->label(_("This connection is secure")); | |||
banner->color(FL_GREEN); | |||
banner->image(secure_icon); | |||
} else { | |||
banner->label(_("This connection is not secure")); | |||
banner->color(FL_RED); | |||
banner->image(insecure_icon); | |||
} | |||
y = 20 + 10; | |||
icon = new Fl_Box(10, 10, 50, 50, "?"); | |||
icon = new Fl_Box(10, y, 50, 50, "?"); | |||
icon->box(FL_UP_BOX); | |||
icon->labelfont(FL_TIMES_BOLD); | |||
icon->labelsize(34); |
@@ -31,7 +31,7 @@ public: | |||
// UserPasswdGetter callbacks | |||
void getUserPasswd(char** user, char** password); | |||
void getUserPasswd(bool secure, char** user, char** password); | |||
// UserMsgBox callbacks | |||