diff options
-rw-r--r-- | common/rfb/AccessRights.cxx | 36 | ||||
-rw-r--r-- | common/rfb/AccessRights.h | 41 | ||||
-rw-r--r-- | common/rfb/CMakeLists.txt | 1 | ||||
-rw-r--r-- | common/rfb/SConnection.cxx | 14 | ||||
-rw-r--r-- | common/rfb/SConnection.h | 12 | ||||
-rw-r--r-- | common/rfb/SSecurity.h | 2 | ||||
-rw-r--r-- | common/rfb/SSecurityRSAAES.cxx | 6 | ||||
-rw-r--r-- | common/rfb/SSecurityRSAAES.h | 4 | ||||
-rw-r--r-- | common/rfb/SSecurityStack.cxx | 6 | ||||
-rw-r--r-- | common/rfb/SSecurityStack.h | 2 | ||||
-rw-r--r-- | common/rfb/SSecurityVeNCrypt.cxx | 2 | ||||
-rw-r--r-- | common/rfb/SSecurityVeNCrypt.h | 2 | ||||
-rw-r--r-- | common/rfb/SSecurityVncAuth.cxx | 6 | ||||
-rw-r--r-- | common/rfb/SSecurityVncAuth.h | 4 | ||||
-rw-r--r-- | common/rfb/VNCServerST.cxx | 4 | ||||
-rw-r--r-- | tests/perf/encperf.cxx | 4 | ||||
-rw-r--r-- | win/winvnc/VNCServerWin32.cxx | 30 |
17 files changed, 116 insertions, 60 deletions
diff --git a/common/rfb/AccessRights.cxx b/common/rfb/AccessRights.cxx new file mode 100644 index 00000000..65e6ce24 --- /dev/null +++ b/common/rfb/AccessRights.cxx @@ -0,0 +1,36 @@ +/* Copyright 2024 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include "AccessRights.h" + +namespace rfb +{ + + // AccessRights values + const AccessRights AccessNone = 0x0000; + const AccessRights AccessView = 0x0001; + const AccessRights AccessKeyEvents = 0x0002; + const AccessRights AccessPtrEvents = 0x0004; + const AccessRights AccessCutText = 0x0008; + const AccessRights AccessSetDesktopSize = 0x0010; + const AccessRights AccessNonShared = 0x0020; + const AccessRights AccessDefault = 0x03ff; + const AccessRights AccessNoQuery = 0x0400; + const AccessRights AccessFull = 0xffff; + +} /* namespace rfb */ diff --git a/common/rfb/AccessRights.h b/common/rfb/AccessRights.h new file mode 100644 index 00000000..adf4393d --- /dev/null +++ b/common/rfb/AccessRights.h @@ -0,0 +1,41 @@ +/* Copyright 2024 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef COMMON_RFB_ACCESSRIGHTS_H_ +#define COMMON_RFB_ACCESSRIGHTS_H_ + +#include <stdint.h> + +namespace rfb +{ + + typedef uint16_t AccessRights; + extern const AccessRights AccessNone; // No rights at all + extern const AccessRights AccessView; // View display contents + extern const AccessRights AccessKeyEvents; // Send key events + extern const AccessRights AccessPtrEvents; // Send pointer events + extern const AccessRights AccessCutText; // Send/receive clipboard events + extern const AccessRights AccessSetDesktopSize; // Change desktop size + extern const AccessRights AccessNonShared; // Exclusive access to the server + extern const AccessRights AccessDefault; // The default rights, INCLUDING FUTURE ONES + extern const AccessRights AccessNoQuery; // Connect without local user accepting + extern const AccessRights AccessFull; // All of the available AND FUTURE rights + +} /* namespace rfb */ + +#endif /* COMMON_RFB_ACCESSRIGHTS_H_ */ diff --git a/common/rfb/CMakeLists.txt b/common/rfb/CMakeLists.txt index 2cae2356..360434a9 100644 --- a/common/rfb/CMakeLists.txt +++ b/common/rfb/CMakeLists.txt @@ -1,4 +1,5 @@ add_library(rfb STATIC + AccessRights.cxx Blacklist.cxx Congestion.cxx CConnection.cxx diff --git a/common/rfb/SConnection.cxx b/common/rfb/SConnection.cxx index 33b2d850..462c34c2 100644 --- a/common/rfb/SConnection.cxx +++ b/common/rfb/SConnection.cxx @@ -43,24 +43,12 @@ using namespace rfb; static LogWriter vlog("SConnection"); -// AccessRights values -const SConnection::AccessRights SConnection::AccessView = 0x0001; -const SConnection::AccessRights SConnection::AccessKeyEvents = 0x0002; -const SConnection::AccessRights SConnection::AccessPtrEvents = 0x0004; -const SConnection::AccessRights SConnection::AccessCutText = 0x0008; -const SConnection::AccessRights SConnection::AccessSetDesktopSize = 0x0010; -const SConnection::AccessRights SConnection::AccessNonShared = 0x0020; -const SConnection::AccessRights SConnection::AccessDefault = 0x03ff; -const SConnection::AccessRights SConnection::AccessNoQuery = 0x0400; -const SConnection::AccessRights SConnection::AccessFull = 0xffff; - - SConnection::SConnection() : readyForSetColourMapEntries(false), is(0), os(0), reader_(0), writer_(0), ssecurity(0), authFailureTimer(this, &SConnection::handleAuthFailureTimeout), state_(RFBSTATE_UNINITIALISED), preferredEncoding(encodingRaw), - accessRights(0x0000), hasRemoteClipboard(false), + accessRights(AccessNone), hasRemoteClipboard(false), hasLocalClipboard(false), unsolicitedClipboardAttempt(false) { diff --git a/common/rfb/SConnection.h b/common/rfb/SConnection.h index b163d627..fb8b0b4c 100644 --- a/common/rfb/SConnection.h +++ b/common/rfb/SConnection.h @@ -29,6 +29,7 @@ #include <rdr/InStream.h> #include <rdr/OutStream.h> +#include <rfb/AccessRights.h> #include <rfb/SMsgHandler.h> #include <rfb/SecurityServer.h> #include <rfb/Timer.h> @@ -178,17 +179,6 @@ namespace rfb { // setAccessRights() allows a security package to limit the access rights // of a SConnection to the server. How the access rights are treated // is up to the derived class. - - typedef uint16_t AccessRights; - static const AccessRights AccessView; // View display contents - static const AccessRights AccessKeyEvents; // Send key events - static const AccessRights AccessPtrEvents; // Send pointer events - static const AccessRights AccessCutText; // Send/receive clipboard events - static const AccessRights AccessSetDesktopSize; // Change desktop size - static const AccessRights AccessNonShared; // Exclusive access to the server - static const AccessRights AccessDefault; // The default rights, INCLUDING FUTURE ONES - static const AccessRights AccessNoQuery; // Connect without local user accepting - static const AccessRights AccessFull; // All of the available AND FUTURE rights virtual void setAccessRights(AccessRights ar); virtual bool accessCheck(AccessRights ar) const; diff --git a/common/rfb/SSecurity.h b/common/rfb/SSecurity.h index fbc3de6f..8e296c5a 100644 --- a/common/rfb/SSecurity.h +++ b/common/rfb/SSecurity.h @@ -62,7 +62,7 @@ namespace rfb { // for this security type. virtual const char* getUserName() const = 0; - virtual SConnection::AccessRights getAccessRights() const { return SConnection::AccessDefault; } + virtual AccessRights getAccessRights() const { return AccessDefault; } protected: SConnection* sc; diff --git a/common/rfb/SSecurityRSAAES.cxx b/common/rfb/SSecurityRSAAES.cxx index 2a8dfa3e..cea62644 100644 --- a/common/rfb/SSecurityRSAAES.cxx +++ b/common/rfb/SSecurityRSAAES.cxx @@ -76,7 +76,7 @@ SSecurityRSAAES::SSecurityRSAAES(SConnection* sc, uint32_t _secType, keySize(_keySize), isAllEncrypted(_isAllEncrypted), secType(_secType), serverKey(), clientKey(), serverKeyN(NULL), serverKeyE(NULL), clientKeyN(NULL), clientKeyE(NULL), - accessRights(SConnection::AccessDefault), + accessRights(AccessDefault), rais(NULL), raos(NULL), rawis(NULL), rawos(NULL) { assert(keySize == 128 || keySize == 256); @@ -578,12 +578,12 @@ void SSecurityRSAAES::verifyPass() throw AuthFailureException("No password configured for VNC Auth"); if (password == passwd) { - accessRights = SConnection::AccessDefault; + accessRights = AccessDefault; return; } if (!passwdReadOnly.empty() && password == passwdReadOnly) { - accessRights = SConnection::AccessView; + accessRights = AccessView; return; } diff --git a/common/rfb/SSecurityRSAAES.h b/common/rfb/SSecurityRSAAES.h index eaeb13a1..0c4fc852 100644 --- a/common/rfb/SSecurityRSAAES.h +++ b/common/rfb/SSecurityRSAAES.h @@ -39,7 +39,7 @@ namespace rfb { virtual bool processMsg(); virtual const char* getUserName() const; virtual int getType() const { return secType; } - virtual SConnection::AccessRights getAccessRights() const + virtual AccessRights getAccessRights() const { return accessRights; } @@ -82,7 +82,7 @@ namespace rfb { char username[256]; char password[256]; - SConnection::AccessRights accessRights; + AccessRights accessRights; rdr::InStream* rais; rdr::OutStream* raos; diff --git a/common/rfb/SSecurityStack.cxx b/common/rfb/SSecurityStack.cxx index 8b1c2a47..9c0321d4 100644 --- a/common/rfb/SSecurityStack.cxx +++ b/common/rfb/SSecurityStack.cxx @@ -71,14 +71,14 @@ const char* SSecurityStack::getUserName() const return c; } -SConnection::AccessRights SSecurityStack::getAccessRights() const +AccessRights SSecurityStack::getAccessRights() const { - SConnection::AccessRights accessRights; + AccessRights accessRights; if (!state0 && !state1) return SSecurity::getAccessRights(); - accessRights = SConnection::AccessFull; + accessRights = AccessFull; if (state0) accessRights &= state0->getAccessRights(); diff --git a/common/rfb/SSecurityStack.h b/common/rfb/SSecurityStack.h index 8b412bdf..cf7b10d0 100644 --- a/common/rfb/SSecurityStack.h +++ b/common/rfb/SSecurityStack.h @@ -32,7 +32,7 @@ namespace rfb { virtual bool processMsg(); virtual int getType() const { return type; }; virtual const char* getUserName() const; - virtual SConnection::AccessRights getAccessRights() const; + virtual AccessRights getAccessRights() const; protected: short state; SSecurity* state0; diff --git a/common/rfb/SSecurityVeNCrypt.cxx b/common/rfb/SSecurityVeNCrypt.cxx index c126d82f..2813f299 100644 --- a/common/rfb/SSecurityVeNCrypt.cxx +++ b/common/rfb/SSecurityVeNCrypt.cxx @@ -180,7 +180,7 @@ const char* SSecurityVeNCrypt::getUserName() const return ssecurity->getUserName(); } -SConnection::AccessRights SSecurityVeNCrypt::getAccessRights() const +AccessRights SSecurityVeNCrypt::getAccessRights() const { if (ssecurity == NULL) return SSecurity::getAccessRights(); diff --git a/common/rfb/SSecurityVeNCrypt.h b/common/rfb/SSecurityVeNCrypt.h index 86cf420a..91713f89 100644 --- a/common/rfb/SSecurityVeNCrypt.h +++ b/common/rfb/SSecurityVeNCrypt.h @@ -37,7 +37,7 @@ namespace rfb { virtual bool processMsg(); virtual int getType() const { return chosenType; } virtual const char* getUserName() const; - virtual SConnection::AccessRights getAccessRights() const; + virtual AccessRights getAccessRights() const; protected: SSecurity *ssecurity; diff --git a/common/rfb/SSecurityVncAuth.cxx b/common/rfb/SSecurityVncAuth.cxx index cbd0ccd2..c1ef1f1c 100644 --- a/common/rfb/SSecurityVncAuth.cxx +++ b/common/rfb/SSecurityVncAuth.cxx @@ -54,7 +54,7 @@ VncAuthPasswdParameter SSecurityVncAuth::vncAuthPasswd SSecurityVncAuth::SSecurityVncAuth(SConnection* sc) : SSecurity(sc), sentChallenge(false), - pg(&vncAuthPasswd), accessRights(0) + pg(&vncAuthPasswd), accessRights(AccessNone) { } @@ -103,13 +103,13 @@ bool SSecurityVncAuth::processMsg() throw AuthFailureException("No password configured for VNC Auth"); if (verifyResponse(passwd.c_str())) { - accessRights = SConnection::AccessDefault; + accessRights = AccessDefault; return true; } if (!passwdReadOnly.empty() && verifyResponse(passwdReadOnly.c_str())) { - accessRights = SConnection::AccessView; + accessRights = AccessView; return true; } diff --git a/common/rfb/SSecurityVncAuth.h b/common/rfb/SSecurityVncAuth.h index 2bd27791..7f27b02b 100644 --- a/common/rfb/SSecurityVncAuth.h +++ b/common/rfb/SSecurityVncAuth.h @@ -55,7 +55,7 @@ namespace rfb { virtual bool processMsg(); virtual int getType() const {return secTypeVncAuth;} virtual const char* getUserName() const {return 0;} - virtual SConnection::AccessRights getAccessRights() const { return accessRights; } + virtual AccessRights getAccessRights() const { return accessRights; } static StringParameter vncAuthPasswdFile; static VncAuthPasswdParameter vncAuthPasswd; private: @@ -65,7 +65,7 @@ namespace rfb { uint8_t response[vncAuthChallengeSize]; bool sentChallenge; VncAuthPasswdGetter* pg; - SConnection::AccessRights accessRights; + AccessRights accessRights; }; } #endif diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx index 560a0ffa..c97b0735 100644 --- a/common/rfb/VNCServerST.cxx +++ b/common/rfb/VNCServerST.cxx @@ -680,7 +680,7 @@ void VNCServerST::queryConnection(VNCSConnectionST* client, } // - Does the client have the right to bypass the query? - if (client->accessCheck(SConnection::AccessNoQuery)) + if (client->accessCheck(AccessNoQuery)) { approveConnection(client->getSock(), true, NULL); return; @@ -693,7 +693,7 @@ void VNCServerST::clientReady(VNCSConnectionST* client, bool shared) { if (!shared) { if (rfb::Server::disconnectClients && - client->accessCheck(SConnection::AccessNonShared)) { + client->accessCheck(AccessNonShared)) { // - Close all the other connected clients slog.debug("non-shared connection - closing clients"); closeClients("Non-shared connection requested", client->getSock()); diff --git a/tests/perf/encperf.cxx b/tests/perf/encperf.cxx index 40e3abfc..55fa386e 100644 --- a/tests/perf/encperf.cxx +++ b/tests/perf/encperf.cxx @@ -134,7 +134,7 @@ public: void getStats(double&, unsigned long long&, unsigned long long&); - virtual void setAccessRights(AccessRights ar); + virtual void setAccessRights(rfb::AccessRights ar); virtual void setDesktopSize(int fb_width, int fb_height, const rfb::ScreenSet& layout); @@ -329,7 +329,7 @@ void SConn::getStats(double& ratio, unsigned long long& bytes, manager->getStats(ratio, bytes, rawEquivalent); } -void SConn::setAccessRights(AccessRights) +void SConn::setAccessRights(rfb::AccessRights) { } diff --git a/win/winvnc/VNCServerWin32.cxx b/win/winvnc/VNCServerWin32.cxx index a243d95e..38b2ef16 100644 --- a/win/winvnc/VNCServerWin32.cxx +++ b/win/winvnc/VNCServerWin32.cxx @@ -363,11 +363,11 @@ void VNCServerWin32::getConnInfo(ListConnInfo * listConn) if (!conn->authenticated()) status = 3; - else if (conn->accessCheck(rfb::SConnection::AccessPtrEvents | - rfb::SConnection::AccessKeyEvents | - rfb::SConnection::AccessView)) + else if (conn->accessCheck(rfb::AccessPtrEvents | + rfb::AccessKeyEvents | + rfb::AccessView)) status = 0; - else if (conn->accessCheck(rfb::SConnection::AccessView)) + else if (conn->accessCheck(rfb::AccessView)) status = 1; else status = 2; @@ -398,25 +398,25 @@ void VNCServerWin32::setConnStatus(ListConnInfo* listConn) if (status == 3) { conn->close(0); } else { - rfb::SConnection::AccessRights ar; + rfb::AccessRights ar; - ar = rfb::SConnection::AccessDefault; + ar = rfb::AccessDefault; switch (status) { case 0: - ar |= rfb::SConnection::AccessPtrEvents | - rfb::SConnection::AccessKeyEvents | - rfb::SConnection::AccessView; + ar |= rfb::AccessPtrEvents | + rfb::AccessKeyEvents | + rfb::AccessView; break; case 1: - ar |= rfb::SConnection::AccessView; - ar &= ~(rfb::SConnection::AccessPtrEvents | - rfb::SConnection::AccessKeyEvents); + ar |= rfb::AccessView; + ar &= ~(rfb::AccessPtrEvents | + rfb::AccessKeyEvents); break; case 2: - ar &= ~(rfb::SConnection::AccessPtrEvents | - rfb::SConnection::AccessKeyEvents | - rfb::SConnection::AccessView); + ar &= ~(rfb::AccessPtrEvents | + rfb::AccessKeyEvents | + rfb::AccessView); break; } conn->setAccessRights(ar); |