mirrors
/
tigervnc
mirror of https://github.com/TigerVNC/tigervnc.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 37 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4366 Commits
15 Branches
Tree: dfc9421dcf
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dfc9421dcf'
${ noResults }
tigervnc/common/rfb/Security.cxx

Security.cxx 6.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214 
  1. /* Copyright (C) 2002-2005 RealVNC Ltd.  All Rights Reserved.

  2.  * Copyright (C) 2010 TigerVNC Team

  3.  * 

  4.  * This is free software; you can redistribute it and/or modify

  5.  * it under the terms of the GNU General Public License as published by

  6.  * the Free Software Foundation; either version 2 of the License, or

  7.  * (at your option) any later version.

  8.  * 

  9.  * This software is distributed in the hope that it will be useful,

  10.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12.  * GNU General Public License for more details.

  13.  * 

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this software; if not, write to the Free Software

  16.  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

  17.  * USA.

  18.  */

  19. 

  20. #ifdef HAVE_CONFIG_H

  21. #include <config.h>

  22. #endif

  23. 

  24. #include <assert.h>

  25. #include <stdlib.h>

  26. #include <string.h>

  27. #include <rfb/CSecurityNone.h>

  28. #include <rfb/CSecurityStack.h>

  29. #include <rfb/CSecurityVeNCrypt.h>

  30. #include <rfb/CSecurityVncAuth.h>

  31. #include <rfb/CSecurityPlain.h>

  32. #include <rdr/Exception.h>

  33. #include <rfb/LogWriter.h>

  34. #include <rfb/Security.h>

  35. #include <rfb/SSecurityNone.h>

  36. #include <rfb/SSecurityStack.h>

  37. #include <rfb/SSecurityPlain.h>

  38. #include <rfb/SSecurityVncAuth.h>

  39. #include <rfb/SSecurityVeNCrypt.h>

  40. #ifdef HAVE_GNUTLS

  41. #include <rfb/CSecurityTLS.h>

  42. #include <rfb/SSecurityTLS.h>

  43. #endif

  44. #include <rfb/util.h>

  45. 

  46. using namespace rdr;

  47. using namespace rfb;

  48. using namespace std;

  49. 

  50. static LogWriter vlog("Security");

  51. 

  52. #ifdef HAVE_GNUTLS

  53. StringParameter Security::GnuTLSPriority("GnuTLSPriority",

  54.   "GnuTLS priority string that controls the TLS session’s handshake algorithms",

  55.   "");

  56. #endif

  57. 

  58. Security::Security()

  59. {

  60. }

  61. 

  62. Security::Security(StringParameter &secTypes)

  63. {

  64.   char *secTypesStr;

  65. 

  66.   secTypesStr = secTypes.getData();

  67.   enabledSecTypes = parseSecTypes(secTypesStr);

  68. 

  69.   delete [] secTypesStr;

  70. }

  71. 

  72. const std::list<rdr::U8> Security::GetEnabledSecTypes(void)

  73. {

  74.   list<rdr::U8> result;

  75.   list<U32>::iterator i;

  76. 

  77.   /* Partial workaround for Vino's stupid behaviour. It doesn't allow

  78.    * the basic authentication types as part of the VeNCrypt handshake,

  79.    * making it impossible for a client to do opportunistic encryption.

  80.    * At least make it possible to connect when encryption is explicitly

  81.    * disabled. */

  82.   for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++) {

  83.     if (*i >= 0x100) {

  84.       result.push_back(secTypeVeNCrypt);

  85.       break;

  86.     }

  87.   }

  88. 

  89.   for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)

  90.     if (*i < 0x100)

  91.       result.push_back(*i);

  92. 

  93.   return result;

  94. }

  95. 

  96. const std::list<rdr::U32> Security::GetEnabledExtSecTypes(void)

  97. {

  98.   list<rdr::U32> result;

  99.   list<U32>::iterator i;

  100. 

  101.   for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)

  102.     if (*i != secTypeVeNCrypt) /* Do not include VeNCrypt type to avoid loops */

  103.       result.push_back(*i);

  104. 

  105.   return result;

  106. }

  107. 

  108. void Security::EnableSecType(U32 secType)

  109. {

  110.   list<U32>::iterator i;

  111. 

  112.   for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)

  113.     if (*i == secType)

  114.       return;

  115. 

  116.   enabledSecTypes.push_back(secType);

  117. }

  118. 

  119. bool Security::IsSupported(U32 secType)

  120. {

  121.   list<U32>::iterator i;

  122. 

  123.   for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)

  124.     if (*i == secType)

  125.       return true;

  126.   if (secType == secTypeVeNCrypt)

  127.     return true;

  128. 

  129.   return false;

  130. }

  131. 

  132. char *Security::ToString(void)

  133. {

  134.   list<U32>::iterator i;

  135.   static char out[128]; /* Should be enough */

  136.   bool firstpass = true;

  137.   const char *name;

  138. 

  139.   memset(out, 0, sizeof(out));

  140. 

  141.   for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++) {

  142.     name = secTypeName(*i);

  143.     if (name[0] == '[') /* Unknown security type */

  144.       continue;

  145. 

  146.     if (!firstpass)

  147.       strncat(out, ",", sizeof(out) - 1);

  148.     else

  149.       firstpass = false;

  150.     strncat(out, name, sizeof(out) - 1);

  151.   }

  152. 

  153.   return out;

  154. }

  155. 

  156. rdr::U32 rfb::secTypeNum(const char* name)

  157. {

  158.   if (strcasecmp(name, "None") == 0)       return secTypeNone;

  159.   if (strcasecmp(name, "VncAuth") == 0)    return secTypeVncAuth;

  160.   if (strcasecmp(name, "Tight") == 0)      return secTypeTight;

  161.   if (strcasecmp(name, "RA2") == 0)        return secTypeRA2;

  162.   if (strcasecmp(name, "RA2ne") == 0)      return secTypeRA2ne;

  163.   if (strcasecmp(name, "SSPI") == 0)       return secTypeSSPI;

  164.   if (strcasecmp(name, "SSPIne") == 0)     return secTypeSSPIne;

  165.   if (strcasecmp(name, "VeNCrypt") == 0)   return secTypeVeNCrypt;

  166. 

  167.   /* VeNCrypt subtypes */

  168.   if (strcasecmp(name, "Plain") == 0)      return secTypePlain;

  169.   if (strcasecmp(name, "TLSNone") == 0)    return secTypeTLSNone;

  170.   if (strcasecmp(name, "TLSVnc") == 0)     return secTypeTLSVnc;

  171.   if (strcasecmp(name, "TLSPlain") == 0)   return secTypeTLSPlain;

  172.   if (strcasecmp(name, "X509None") == 0)   return secTypeX509None;

  173.   if (strcasecmp(name, "X509Vnc") == 0)    return secTypeX509Vnc;

  174.   if (strcasecmp(name, "X509Plain") == 0)  return secTypeX509Plain;

  175. 

  176.   return secTypeInvalid;

  177. }

  178. 

  179. const char* rfb::secTypeName(rdr::U32 num)

  180. {

  181.   switch (num) {

  182.   case secTypeNone:       return "None";

  183.   case secTypeVncAuth:    return "VncAuth";

  184.   case secTypeTight:      return "Tight";

  185.   case secTypeRA2:        return "RA2";

  186.   case secTypeRA2ne:      return "RA2ne";

  187.   case secTypeSSPI:       return "SSPI";

  188.   case secTypeSSPIne:     return "SSPIne";

  189.   case secTypeVeNCrypt:   return "VeNCrypt";

  190. 

  191.   /* VeNCrypt subtypes */

  192.   case secTypePlain:      return "Plain";

  193.   case secTypeTLSNone:    return "TLSNone";

  194.   case secTypeTLSVnc:     return "TLSVnc";

  195.   case secTypeTLSPlain:   return "TLSPlain";

  196.   case secTypeX509None:   return "X509None";

  197.   case secTypeX509Vnc:    return "X509Vnc";

  198.   case secTypeX509Plain:  return "X509Plain";

  199.   default:                return "[unknown secType]";

  200.   }

  201. }

  202. 

  203. std::list<rdr::U32> rfb::parseSecTypes(const char* types_)

  204. {

  205.   std::list<rdr::U32> result;

  206.   CharArray types(strDup(types_)), type;

  207.   while (types.buf) {

  208.     strSplit(types.buf, ',', &type.buf, &types.buf);

  209.     rdr::U32 typeNum = secTypeNum(type.buf);

  210.     if (typeNum != secTypeInvalid)

  211.       result.push_back(typeNum);

  212.   }

  213.   return result;

  214. }