[Development] Implement VeNCrypt type support on client side. Currently only

TLSNone and TLSVnc VeNCrypt subtypes are implemented.


git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4046 3789f03b-4d11-0410-bbf8-ca57d06f2519

16 files changed, 741 insertions, 30 deletions

diff --git a/common/rfb/CSecurity.h b/common/rfb/CSecurity.h
index 90a01d70..36da5c7a 100644
--- a/common/rfb/CSecurity.h
+++ b/common/rfb/CSecurity.h
@@ -38,6 +38,8 @@
 #ifndef __RFB_CSECURITY_H__
 #define __RFB_CSECURITY_H__
 
+#include <rfb/UserPasswdGetter.h>
+
 namespace rfb {
   class CConnection;
   class CSecurity {
@@ -47,6 +49,12 @@ namespace rfb {
     virtual void destroy() { delete this; }
     virtual int getType() const = 0;
     virtual const char* description() const = 0;
+
+    /*
+     * Use variable directly instead of dumb get/set methods.
+     * It MUST be set by viewer.
+     */
+    static UserPasswdGetter *upg;
   };
 }
 #endif
diff --git a/common/rfb/CSecurityStack.cxx b/common/rfb/CSecurityStack.cxx
new file mode 100644
index 00000000..cfc60fd5
--- /dev/null
+++ b/common/rfb/CSecurityStack.cxx
@@ -0,0 +1,65 @@
+/* Copyright (C) 2005 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ * 
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#include <rfb/CSecurityStack.h>
+
+using namespace rfb;
+
+CSecurityStack::CSecurityStack(int Type, const char*Name, CSecurity* s0,
+			       CSecurity* s1)
+  :name(Name),type(Type)
+{
+  state = 0;
+  state0 = s0;
+  state1 = s1;
+}
+
+CSecurityStack::~CSecurityStack()
+{
+  if (state0)
+    delete state0;
+  if (state1)
+    delete state1;
+}
+
+bool CSecurityStack::processMsg(CConnection* cc)
+{
+  bool res=true;
+  if (state == 0) {
+    if (state0)
+      res = state0->processMsg(cc);
+
+    if (!res)
+      return res;
+
+    state++;
+  }
+
+  if (state == 1) {
+    if(state1)
+      res = state1->processMsg(cc);
+
+    if(!res)
+      return res;
+
+    state++;
+  }
+
+  return res;
+}
diff --git a/common/rfb/CSecurityStack.h b/common/rfb/CSecurityStack.h
new file mode 100644
index 00000000..a5205d79
--- /dev/null
+++ b/common/rfb/CSecurityStack.h
@@ -0,0 +1,43 @@
+/* Copyright (C) 2005 Martin Koegler

+ * Copyright (C) 2006 OCCAM Financial Technology

+ * Copyright (C) 2010 TigerVNC Team

+ * 

+ * This is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ * 

+ * This software is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ * GNU General Public License for more details.

+ * 

+ * You should have received a copy of the GNU General Public License

+ * along with this software; if not, write to the Free Software

+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

+ * USA.

+ */

+#ifndef __RFB_CSECURITYSTACK_H__

+#define __RFB_CSECURITYSTACK_H__

+

+#include <rfb/CSecurity.h>

+#include <rfb/Security.h>

+

+namespace rfb {

+

+  class CSecurityStack : public CSecurity {

+  public:

+    CSecurityStack(int Type, const char *Name, CSecurity* s0 = 0, CSecurity* s1 = 0);

+    ~CSecurityStack();

+    virtual bool processMsg(CConnection* cc);

+    virtual int getType() const {return type;};

+    virtual const char* description() const {return name;}

+  protected:

+    int state;

+    CSecurity* state0;

+    CSecurity* state1;

+    const char* name;

+    int type;

+  };

+}

+#endif

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
new file mode 100644
index 00000000..6bd2fa7d
--- /dev/null
+++ b/common/rfb/CSecurityTLS.cxx
@@ -0,0 +1,66 @@
+/* 
+ * Copyright (C) 2004 Red Hat Inc.
+ * Copyright (C) 2005 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_GNUTLS
+
+#include <rfb/CSecurityTLS.h>
+
+
+using namespace rfb;
+
+CSecurityTLS::CSecurityTLS() :  anon_cred(0)
+{
+}
+
+CSecurityTLS::~CSecurityTLS()
+{
+  shutdown();
+  if (anon_cred)
+    gnutls_anon_free_client_credentials (anon_cred);
+}
+
+
+void CSecurityTLS::freeResources()
+{
+  if (anon_cred)
+    gnutls_anon_free_client_credentials(anon_cred);
+  anon_cred=0;
+ }
+
+void CSecurityTLS::setParam(gnutls_session session)
+{
+  int kx_priority[] = { GNUTLS_KX_ANON_DH, 0 };
+  gnutls_kx_set_priority(session, kx_priority);
+
+  gnutls_anon_allocate_client_credentials(&anon_cred);
+  gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
+}
+
+void CSecurityTLS::checkSession(gnutls_session session)
+{
+
+}
+
+#endif /* HAVE_GNUTLS */
diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h
new file mode 100644
index 00000000..a2bcc57f
--- /dev/null
+++ b/common/rfb/CSecurityTLS.h
@@ -0,0 +1,53 @@
+/* 

+ * Copyright (C) 2004 Red Hat Inc.

+ * Copyright (C) 2005 Martin Koegler

+ * Copyright (C) 2010 TigerVNC Team

+ *    

+ * This is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ * 

+ * This software is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ * GNU General Public License for more details.

+ * 

+ * You should have received a copy of the GNU General Public License

+ * along with this software; if not, write to the Free Software

+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

+ * USA.

+ */

+

+#ifndef __C_SECURITY_TLS_H__

+#define __C_SECURITY_TLS_H__

+

+#ifdef HAVE_CONFIG_H

+#include <config.h>

+#endif

+

+#ifdef HAVE_GNUTLS

+

+#include <rfb/CSecurityTLSBase.h>

+#include <rfb/SSecurityVeNCrypt.h>

+

+namespace rfb {

+  class CSecurityTLS : public CSecurityTLSBase {

+  public:

+    CSecurityTLS();

+    virtual ~CSecurityTLS();

+    virtual int getType() const { return secTypeTLSNone; };

+    virtual const char* description() const { return "TLS Encryption without VncAuth"; }

+  protected:

+    virtual void freeResources();

+    virtual void setParam(gnutls_session session);

+    virtual void checkSession(gnutls_session session);

+

+  private:

+    gnutls_anon_client_credentials anon_cred;

+  };

+}

+

+#endif /* HAVE_GNUTLS */

+

+#endif /* __C_SECURITY_TLS_H__ */

diff --git a/common/rfb/CSecurityTLSBase.cxx b/common/rfb/CSecurityTLSBase.cxx
new file mode 100644
index 00000000..0755f368
--- /dev/null
+++ b/common/rfb/CSecurityTLSBase.cxx
@@ -0,0 +1,139 @@
+/* 
+ * Copyright (C) 2004 Red Hat Inc.
+ * Copyright (C) 2005 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_GNUTLS
+
+#include <rfb/CSecurityTLSBase.h>
+#include <rfb/CConnection.h>
+#include <rfb/LogWriter.h>
+#include <rfb/Exception.h>
+#include <rdr/TLSInStream.h>
+#include <rdr/TLSOutStream.h>
+
+#define TLS_DEBUG
+
+using namespace rfb;
+
+static LogWriter vlog("TLS");
+
+#ifdef TLS_DEBUG
+static void debug_log(int level, const char* str)
+{
+  vlog.debug(str);
+}
+#endif
+
+void CSecurityTLSBase::initGlobal()
+{
+  static bool globalInitDone = false;
+
+  if (!globalInitDone) {
+    gnutls_global_init();
+
+#ifdef TLS_DEBUG
+    gnutls_global_set_log_level(10);
+    gnutls_global_set_log_function(debug_log);
+#endif
+
+    globalInitDone = true;
+  }
+}
+
+CSecurityTLSBase::CSecurityTLSBase() : session(0)
+{
+  fis = 0;
+  fos = 0;
+}
+
+void CSecurityTLSBase::shutdown()
+{
+  if(session)
+    ;//gnutls_bye(session, GNUTLS_SHUT_RDWR);
+}
+
+
+CSecurityTLSBase::~CSecurityTLSBase()
+{
+  if (session) {
+    //gnutls_bye(session, GNUTLS_SHUT_RDWR);
+    gnutls_deinit (session);
+    session = 0;
+  }
+  if (fis)
+    delete fis;
+  if (fos)
+    delete fos;
+  /* FIXME: should be doing gnutls_global_deinit() at some point */
+}
+
+bool CSecurityTLSBase::processMsg(CConnection* cc)
+{
+  rdr::InStream* is = cc->getInStream();
+  rdr::OutStream* os = cc->getOutStream();
+  client = cc;
+
+  initGlobal();
+
+  if (!session) {
+    if (!is->checkNoWait(1))
+      return false;
+
+    if (is->readU8() == 0)
+      return true;
+
+    gnutls_init(&session, GNUTLS_CLIENT);
+    gnutls_set_default_priority(session);
+
+    setParam(session);
+    
+    gnutls_transport_set_pull_function(session, rdr::gnutls_InStream_pull);
+    gnutls_transport_set_push_function(session, rdr::gnutls_OutStream_push);
+    gnutls_transport_set_ptr2(session,
+			      (gnutls_transport_ptr) is,
+			      (gnutls_transport_ptr) os);
+  }
+
+  int err;
+  err = gnutls_handshake(session);
+  if (err != GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(err))
+    return false;
+
+  if (err != GNUTLS_E_SUCCESS) {
+    vlog.error("TLS Handshake failed: %s\n", gnutls_strerror (err));
+    gnutls_bye(session, GNUTLS_SHUT_RDWR);
+    freeResources();
+    gnutls_deinit(session);
+    session = 0;
+    throw AuthFailureException("TLS Handshake failed");
+  }
+  checkSession(session);
+
+  cc->setStreams(fis = new rdr::TLSInStream(is, session),
+		 fos = new rdr::TLSOutStream(os, session));
+
+  return true;
+}
+
+#endif /* HAVE_GNUTLS */
diff --git a/common/rfb/CSecurityTLSBase.h b/common/rfb/CSecurityTLSBase.h
new file mode 100644
index 00000000..3839ebcf
--- /dev/null
+++ b/common/rfb/CSecurityTLSBase.h
@@ -0,0 +1,62 @@
+/* 

+ * Copyright (C) 2004 Red Hat Inc.

+ * Copyright (C) 2005 Martin Koegler

+ * Copyright (C) 2010 TigerVNC Team

+ *    

+ * This is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ * 

+ * This software is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ * GNU General Public License for more details.

+ * 

+ * You should have received a copy of the GNU General Public License

+ * along with this software; if not, write to the Free Software

+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

+ * USA.

+ */

+

+#ifndef __C_SECURITY_TLSBASE_H__

+#define __C_SECURITY_TLSBASE_H__

+

+#ifdef HAVE_CONFIG_H

+#include <config.h>

+#endif

+

+#ifdef HAVE_GNUTLS

+

+#include <rfb/CSecurity.h>

+#include <rfb/Security.h>

+#include <rdr/InStream.h>

+#include <rdr/OutStream.h>

+#include <gnutls/gnutls.h>

+

+namespace rfb {

+  class CSecurityTLSBase : public CSecurity {

+  public:

+    CSecurityTLSBase();

+    virtual ~CSecurityTLSBase();

+    virtual bool processMsg(CConnection* cc);

+

+  protected:

+    void shutdown();

+    virtual void freeResources() = 0;

+    virtual void setParam(gnutls_session session) = 0;

+    virtual void checkSession(gnutls_session session) = 0;

+    CConnection *client;

+

+  private:

+    static void initGlobal();

+

+    gnutls_session session;

+    rdr::InStream* fis;

+    rdr::OutStream* fos;

+  };

+}

+

+#endif /* HAVE_GNUTLS */

+

+#endif

diff --git a/common/rfb/CSecurityVeNCrypt.cxx b/common/rfb/CSecurityVeNCrypt.cxx
new file mode 100644
index 00000000..12eed8f4
--- /dev/null
+++ b/common/rfb/CSecurityVeNCrypt.cxx
@@ -0,0 +1,220 @@
+/* 

+ * Copyright (C) 2006 OCCAM Financial Technology

+ * Copyright (C) 2005-2006 Martin Koegler

+ * Copyright (C) 2010 TigerVNC Team

+ * 

+ * This is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ * 

+ * This software is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ * GNU General Public License for more details.

+ * 

+ * You should have received a copy of the GNU General Public License

+ * along with this software; if not, write to the Free Software

+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

+ * USA.

+ */

+//

+// CSecurityVeNCrypt

+//

+

+#include <rfb/Exception.h>

+#include <rdr/InStream.h>

+#include <rdr/OutStream.h>

+#include <rfb/CConnection.h>

+#include <rfb/CSecurityTLS.h>

+#include <rfb/CSecurityVeNCrypt.h>

+#include <rfb/CSecurityVncAuth.h>

+#include <rfb/SSecurityVeNCrypt.h>

+#include <list>

+

+using namespace rfb;

+using namespace rdr;

+using namespace std;

+

+CSecurityVeNCrypt::CSecurityVeNCrypt(void) : csecurityStack(NULL)

+{

+  haveRecvdMajorVersion = false;

+  haveRecvdMinorVersion = false;

+  haveSentVersion = false;

+  haveAgreedVersion = false;

+  haveListOfTypes = false;

+  haveNumberOfTypes = false;

+  haveChosenType = false;

+  majorVersion = 0;

+  minorVersion = 0;

+  chosenType = secTypeVeNCrypt;

+  nAvailableTypes = 0;

+  availableTypes = NULL;

+  iAvailableType = 0;

+}

+

+CSecurityVeNCrypt::~CSecurityVeNCrypt()

+{

+  if (availableTypes)

+	delete[] availableTypes;

+}

+

+bool CSecurityVeNCrypt::processMsg(CConnection* cc)

+{

+  InStream* is = cc->getInStream();

+  OutStream* os = cc->getOutStream();

+	

+  /* get major, minor versions, send what we can support (or 0.0 for can't support it) */

+  if (!haveRecvdMajorVersion) {

+    majorVersion = is->readU8();

+    haveRecvdMajorVersion = true;

+

+    return false;

+  }

+

+  if (!haveRecvdMinorVersion) {

+    minorVersion = is->readU8();

+    haveRecvdMinorVersion = true;

+  }

+

+  /* major version in upper 8 bits and minor version in lower 8 bits */

+  U16 Version = (((U16) majorVersion) << 8) | ((U16) minorVersion);

+  

+  if (!haveSentVersion) {

+    /* Currently we don't support former VeNCrypt 0.1 */

+    if (Version >= 0x0002) {

+      majorVersion = 0;

+      minorVersion = 2;

+      os->writeU8(majorVersion);

+      os->writeU8(minorVersion);

+      os->flush();

+    } else {

+      /* Send 0.0 to indicate no support */

+      majorVersion = 0;

+      minorVersion = 0;

+      os->writeU8(0);

+      os->writeU8(0);

+      os->flush();

+      throw AuthFailureException("The server reported an unsupported VeNCrypt version");

+     }

+

+     haveSentVersion = true;

+     return false;

+  }

+

+  /* Check that the server is OK */

+  if (!haveAgreedVersion) {

+    if (is->readU8())

+      throw AuthFailureException("The server reported it could not support the "

+				 "VeNCrypt version");

+

+    haveAgreedVersion = true;

+    return false;

+  }

+  

+  /* get a number of types */

+  if (!haveNumberOfTypes) {

+    nAvailableTypes = is->readU8();

+    iAvailableType = 0;

+

+    if (!nAvailableTypes)

+      throw AuthFailureException("The server reported no VeNCrypt sub-types");

+

+    availableTypes = new rdr::U32[nAvailableTypes];

+    haveNumberOfTypes = true;

+    return false;

+  }

+

+  if (nAvailableTypes) {

+    /* read in the types possible */

+    if (!haveListOfTypes) {

+      if (is->checkNoWait(4)) {

+	availableTypes[iAvailableType++] = is->readU32();

+	haveListOfTypes = (iAvailableType >= nAvailableTypes);

+

+	if (!haveListOfTypes)

+	  return false;

+

+      } else

+	return false;

+    }

+

+    /* make a choice and send it to the server, meanwhile set up the stack */

+    if (!haveChosenType) {

+      chosenType = 0;

+      U8 i;

+      list<U32>::iterator j;

+      list<U32> preferredList;

+

+      /* Try preferred choice */

+      SSecurityVeNCrypt::getSecTypes(&preferredList);

+	  

+      for (j = preferredList.begin(); j != preferredList.end(); j++) {

+	for (i = 0; i < nAvailableTypes; i++) {

+	  if (*j == availableTypes[i]) {

+	    chosenType = *j;

+	    break;

+	  }

+	}

+

+	if (chosenType)

+	  break;

+      }

+

+      /* Set up the stack according to the chosen type: */

+      switch (chosenType) {

+	case secTypeTLSNone:

+	case secTypeTLSVnc:

+	case secTypeTLSPlain:

+	case secTypeX509None:

+	case secTypeX509Vnc:

+	case secTypeX509Plain:

+	  csecurityStack = CSecurityVeNCrypt::getCSecurityStack(chosenType);

+	  break;

+

+	case secTypeInvalid:

+	case secTypeVeNCrypt: /* would cause looping */

+	default:

+	  throw AuthFailureException("No valid VeNCrypt sub-type");

+      }

+      

+      /* send chosen type to server */

+      os->writeU32(chosenType);

+      os->flush();

+

+      haveChosenType = true;

+    }

+  } else {

+    /*

+     * Server told us that there are 0 types it can support - this should not

+     * happen, since if the server supports 0 sub-types, it doesn't support

+     * this security type

+     */

+    throw AuthFailureException("The server reported 0 VeNCrypt sub-types");

+  }

+

+  return csecurityStack->processMsg(cc);

+}

+

+CSecurityStack* CSecurityVeNCrypt::getCSecurityStack(int secType)

+{

+  switch (secType) {

+  case secTypeTLSNone:

+    return new CSecurityStack(secTypeTLSNone, "TLS with no password",

+			      new CSecurityTLS());

+  case secTypeTLSVnc:

+    return new CSecurityStack(secTypeTLSVnc, "TLS with VNCAuth",

+			      new CSecurityTLS(), new CSecurityVncAuth());

+#if 0

+  /* Following subtypes are not implemented, yet */

+  case secTypeTLSPlain:

+  case secTypeX509None:

+  case secTypeX509Vnc:

+  case secTypeX509Plain:

+#endif

+  default:

+    throw Exception("Unsupported VeNCrypt subtype");

+  }

+

+  return NULL; /* not reached */

+}

diff --git a/common/rfb/CSecurityVeNCrypt.h b/common/rfb/CSecurityVeNCrypt.h
new file mode 100644
index 00000000..b466ba7c
--- /dev/null
+++ b/common/rfb/CSecurityVeNCrypt.h
@@ -0,0 +1,64 @@
+/*

+ * Copyright (C) 2005-2006 Martin Koegler

+ * Copyright (C) 2006 OCCAM Financial Technology

+ * Copyright (C) 2010 TigerVNC Team

+ * 

+ * This is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ * 

+ * This software is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ * GNU General Public License for more details.

+ * 

+ * You should have received a copy of the GNU General Public License

+ * along with this software; if not, write to the Free Software

+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

+ * USA.

+ */

+//

+// CSecurityVeNCrypt

+//

+

+#ifndef __CSECURITYVENCRYPT_H__

+#define __CSECURITYVENCRYPT_H__

+

+#include <rfb/CSecurity.h>

+#include <rfb/CSecurityStack.h>

+#include <rfb/Security.h>

+#include <rdr/types.h>

+

+namespace rfb {

+

+  class CSecurityVeNCrypt : public CSecurity {

+  public:

+

+    CSecurityVeNCrypt(void);

+    ~CSecurityVeNCrypt();

+    virtual bool processMsg(CConnection* cc);// { return true; }

+    int getType() const {return chosenType;}

+    virtual const char* description() const { return secTypeName(chosenType); }

+

+    static StringParameter secTypesStr;

+  protected:

+    static CSecurityStack* getCSecurityStack(int secType);

+

+    CSecurityStack *csecurityStack;

+    bool haveRecvdMajorVersion;

+    bool haveRecvdMinorVersion;

+    bool haveSentVersion;

+    bool haveAgreedVersion;

+    bool haveListOfTypes;

+    bool haveNumberOfTypes;

+    bool haveChosenType;

+    rdr::U8 majorVersion, minorVersion;

+    rdr::U32 chosenType;

+    rdr::U8 nAvailableTypes;

+    rdr::U32 *availableTypes;

+    rdr::U8 iAvailableType;

+    const char* desc;

+  };

+}

+#endif

diff --git a/common/rfb/CSecurityVncAuth.cxx b/common/rfb/CSecurityVncAuth.cxx
index ba5a30b7..5b53c60b 100644
--- a/common/rfb/CSecurityVncAuth.cxx
+++ b/common/rfb/CSecurityVncAuth.cxx
@@ -24,10 +24,10 @@
 #include <string.h>
 #include <stdio.h>
 #include <rfb/CConnection.h>
-#include <rfb/UserPasswdGetter.h>
 #include <rfb/Password.h>
 #include <rfb/CSecurityVncAuth.h>
 #include <rfb/util.h>
+#include <rfb/Security.h>
 extern "C" {
 #include <rfb/d3des.h>
 }
@@ -37,16 +37,6 @@ using namespace rfb;
 
 static const int vncAuthChallengeSize = 16;
 
-
-CSecurityVncAuth::CSecurityVncAuth(UserPasswdGetter* upg_)
-  : upg(upg_)
-{
-}
-
-CSecurityVncAuth::~CSecurityVncAuth()
-{
-}
-
 bool CSecurityVncAuth::processMsg(CConnection* cc)
 {
   rdr::InStream* is = cc->getInStream();
@@ -56,7 +46,7 @@ bool CSecurityVncAuth::processMsg(CConnection* cc)
   rdr::U8 challenge[vncAuthChallengeSize];
   is->readBytes(challenge, vncAuthChallengeSize);
   PlainPasswd passwd;
-  upg->getUserPasswd(0, &passwd.buf);
+  (CSecurity::upg)->getUserPasswd(0, &passwd.buf);
 
   // Calculate the correct response
   rdr::U8 key[8];
diff --git a/common/rfb/CSecurityVncAuth.h b/common/rfb/CSecurityVncAuth.h
index 820222f6..391ed236 100644
--- a/common/rfb/CSecurityVncAuth.h
+++ b/common/rfb/CSecurityVncAuth.h
@@ -23,17 +23,13 @@
 
 namespace rfb {
 
-  class UserPasswdGetter;
-
   class CSecurityVncAuth : public CSecurity {
   public:
-    CSecurityVncAuth(UserPasswdGetter* pg);
-    virtual ~CSecurityVncAuth();
+    CSecurityVncAuth(void) {}
+    virtual ~CSecurityVncAuth() {}
     virtual bool processMsg(CConnection* cc);
     virtual int getType() const {return secTypeVncAuth;};
     virtual const char* description() const {return "No Encryption";}
-  private:
-    UserPasswdGetter* upg;
   };
 }
 #endif
diff --git a/common/rfb/Makefile.am b/common/rfb/Makefile.am
index ee797a83..e936a4f8 100644
--- a/common/rfb/Makefile.am
+++ b/common/rfb/Makefile.am
@@ -4,6 +4,8 @@ HDRS = Blacklist.h CapsContainer.h CapsList.h CConnection.h \
 	CMsgHandler.h CMsgReader.h CMsgReaderV3.h CMsgWriter.h \
 	CMsgWriterV3.h ColourCube.h ColourMap.h ComparingUpdateTracker.h \
 	Configuration.h ConnParams.h CSecurity.h CSecurityNone.h \
+	CSecurityStack.h CSecurityTLS.h CSecurityTLSBase.h \
+	CSecurityVeNCrypt.h \
 	CSecurityVncAuth.h Cursor.h Decoder.h d3des.h Encoder.h \
 	encodings.h Exception.h hextileConstants.h hextileDecode.h \
 	HextileDecoder.h hextileEncodeBetter.h hextileEncode.h \
@@ -15,7 +17,7 @@ HDRS = Blacklist.h CapsContainer.h CapsList.h CConnection.h \
 	ScaledPixelBuffer.h ScaleFilters.h SConnection.h ScreenSet.h \
 	screenTypes.h SDesktop.h ServerCore.h SMsgHandler.h \
 	SMsgReader.h SMsgReaderV3.h SMsgWriter.h SMsgWriterV3.h \
-	Security.h SSecurity.h SSecurityNone.h SSecurityPlain.h \
+	SSecurity.h SSecurityNone.h SSecurityPlain.h \
 	SSecurityStack.h SSecurityTLS.h SSecurityTLSBase.h SSecurityVeNCrypt.h \
 	SSecurityVncAuth.h Threading.h tightDecode.h \
 	TightDecoder.h tightEncode.h TightEncoder.h TightPalette.h Timer.h \
@@ -26,6 +28,8 @@ HDRS = Blacklist.h CapsContainer.h CapsList.h CConnection.h \
 
 librfb_la_SOURCES = $(HDRS) Blacklist.cxx CConnection.cxx CMsgHandler.cxx \
 	CMsgReader.cxx CMsgReaderV3.cxx CMsgWriter.cxx CMsgWriterV3.cxx \
+	CSecurityStack.cxx CSecurityTLS.cxx CSecurityTLSBase.cxx \
+	CSecurityVeNCrypt.cxx \
 	CSecurityVncAuth.cxx CapsContainer.cxx CapsList.cxx \
 	ComparingUpdateTracker.cxx Configuration.cxx ConnParams.cxx \
 	Cursor.cxx Decoder.cxx d3des.c Encoder.cxx \
diff --git a/common/rfb/SSecurityVeNCrypt.cxx b/common/rfb/SSecurityVeNCrypt.cxx
index fc831482..926edaaf 100644
--- a/common/rfb/SSecurityVeNCrypt.cxx
+++ b/common/rfb/SSecurityVeNCrypt.cxx
@@ -54,7 +54,7 @@ StringParameter SSecurityVeNCrypt::secTypesStr
 ("VeNCryptTypes",

  "Specify which security scheme to use for VeNCrypt connections (TLSNone, "

  "TLSVnc, TLSPlain, X509None, X509Vnc, X509Plain)",

- "TLSVnc,TLSPlain,X509Vnc,X509Plain", ConfServer);

+ "TLSVnc,TLSPlain,X509Vnc,X509Plain");

 

 SSecurityVeNCrypt::SSecurityVeNCrypt(void)

 {

diff --git a/common/rfb/SSecurityVeNCrypt.h b/common/rfb/SSecurityVeNCrypt.h
index 3d1e0e0a..526dad18 100644
--- a/common/rfb/SSecurityVeNCrypt.h
+++ b/common/rfb/SSecurityVeNCrypt.h
@@ -49,14 +49,13 @@ namespace rfb {
 

     static StringParameter X509_CertFile, X509_KeyFile, secTypesStr;

 

-  protected:

-    static SSecurityStack* getSSecurityStack(int secType);

-

     /* XXX Derive Security class and merge those functions appropriately ? */

     static void getSecTypes(std::list<rdr::U32>* secTypes);

     static rdr::U32 secTypeNum(const char *name);

     static char* secTypeName(rdr::U32 num);

     static std::list<rdr::U32> parseSecTypes(const char *types);

+  protected:

+    static SSecurityStack* getSSecurityStack(int secType);

 

     SSecurityStack *ssecurityStack;

     bool haveSentVersion, haveRecvdMajorVersion, haveRecvdMinorVersion;

diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx
index 589eaa66..eb99f7c5 100644
--- a/common/rfb/Security.cxx
+++ b/common/rfb/Security.cxx
@@ -22,6 +22,7 @@
 #define strcasecmp _stricmp
 #endif
 #include <rfb/CSecurityNone.h>
+#include <rfb/CSecurityVeNCrypt.h>
 #include <rfb/CSecurityVncAuth.h>
 #include <rdr/Exception.h>
 #include <rfb/LogWriter.h>
@@ -37,12 +38,14 @@ using namespace std;
 
 static LogWriter vlog("Security");
 
+UserPasswdGetter *CSecurity::upg = NULL;
+
 StringParameter Security::secTypes
 ("SecurityTypes",
  "Specify which security scheme to use (None, VncAuth)",
- "VncAuth", ConfServer);
+ "VncAuth");
 
-Security::Security(void) : upg(NULL)
+Security::Security(void)
 {
   char *secTypesStr = secTypes.getData();
 
@@ -88,16 +91,17 @@ bail:
   throw Exception("Security type not supported");
 }
 
-CSecurity* Security::GetCSecurity(rdr::U8 secType)
+CSecurity* Security::GetCSecurity(U8 secType)
 {
-  assert (upg != NULL); /* (upg == NULL) means bug in the viewer */
+  assert (CSecurity::upg != NULL); /* (upg == NULL) means bug in the viewer */
 
   if (!IsSupported(secType))
     goto bail;
 
   switch (secType) {
   case secTypeNone: return new CSecurityNone();
-  case secTypeVncAuth: return new CSecurityVncAuth(upg);
+  case secTypeVncAuth: return new CSecurityVncAuth();
+  case secTypeVeNCrypt: return new CSecurityVeNCrypt();
   }
 
 bail:
diff --git a/common/rfb/Security.h b/common/rfb/Security.h
index 3231f1f5..f4c9681c 100644
--- a/common/rfb/Security.h
+++ b/common/rfb/Security.h
@@ -26,7 +26,6 @@
 #include <rfb/Configuration.h>
 #include <rfb/CSecurity.h>
 #include <rfb/SSecurity.h>
-#include <rfb/UserPasswdGetter.h>
 
 #include <list>
 
@@ -82,7 +81,6 @@ namespace rfb {
      * Use variable directly instead of dumb get/set methods. It is used
      * only in viewer-side code and MUST be set by viewer.
      */
-    UserPasswdGetter *upg;
   private:
     std::list<rdr::U8> enabledSecTypes;
   };