diff options
Diffstat (limited to 'common/rfb')
| -rw-r--r-- | common/rfb/AccessRights.cxx | 36 | ||||
| -rw-r--r-- | common/rfb/AccessRights.h | 41 | ||||
| -rw-r--r-- | common/rfb/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | common/rfb/CSecurityTLS.cxx | 27 | ||||
| -rw-r--r-- | common/rfb/SConnection.cxx | 18 | ||||
| -rw-r--r-- | common/rfb/SConnection.h | 17 | ||||
| -rw-r--r-- | common/rfb/SSecurity.h | 2 | ||||
| -rw-r--r-- | common/rfb/SSecurityRSAAES.cxx | 6 | ||||
| -rw-r--r-- | common/rfb/SSecurityRSAAES.h | 4 | ||||
| -rw-r--r-- | common/rfb/SSecurityStack.cxx | 6 | ||||
| -rw-r--r-- | common/rfb/SSecurityStack.h | 2 | ||||
| -rw-r--r-- | common/rfb/SSecurityVeNCrypt.cxx | 2 | ||||
| -rw-r--r-- | common/rfb/SSecurityVeNCrypt.h | 2 | ||||
| -rw-r--r-- | common/rfb/SSecurityVncAuth.cxx | 6 | ||||
| -rw-r--r-- | common/rfb/SSecurityVncAuth.h | 4 | ||||
| -rw-r--r-- | common/rfb/VNCSConnectionST.cxx | 5 | ||||
| -rw-r--r-- | common/rfb/VNCSConnectionST.h | 3 | ||||
| -rw-r--r-- | common/rfb/VNCServer.h | 39 | ||||
| -rw-r--r-- | common/rfb/VNCServerST.cxx | 14 | ||||
| -rw-r--r-- | common/rfb/VNCServerST.h | 8 | ||||
| -rw-r--r-- | common/rfb/obfuscate.cxx | 4 | ||||
| -rw-r--r-- | common/rfb/util.cxx | 4 |
22 files changed, 170 insertions, 81 deletions
diff --git a/common/rfb/AccessRights.cxx b/common/rfb/AccessRights.cxx new file mode 100644 index 00000000..65e6ce24 --- /dev/null +++ b/common/rfb/AccessRights.cxx @@ -0,0 +1,36 @@ +/* Copyright 2024 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include "AccessRights.h" + +namespace rfb +{ + + // AccessRights values + const AccessRights AccessNone = 0x0000; + const AccessRights AccessView = 0x0001; + const AccessRights AccessKeyEvents = 0x0002; + const AccessRights AccessPtrEvents = 0x0004; + const AccessRights AccessCutText = 0x0008; + const AccessRights AccessSetDesktopSize = 0x0010; + const AccessRights AccessNonShared = 0x0020; + const AccessRights AccessDefault = 0x03ff; + const AccessRights AccessNoQuery = 0x0400; + const AccessRights AccessFull = 0xffff; + +} /* namespace rfb */ diff --git a/common/rfb/AccessRights.h b/common/rfb/AccessRights.h new file mode 100644 index 00000000..adf4393d --- /dev/null +++ b/common/rfb/AccessRights.h @@ -0,0 +1,41 @@ +/* Copyright 2024 TigerVNC Team + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef COMMON_RFB_ACCESSRIGHTS_H_ +#define COMMON_RFB_ACCESSRIGHTS_H_ + +#include <stdint.h> + +namespace rfb +{ + + typedef uint16_t AccessRights; + extern const AccessRights AccessNone; // No rights at all + extern const AccessRights AccessView; // View display contents + extern const AccessRights AccessKeyEvents; // Send key events + extern const AccessRights AccessPtrEvents; // Send pointer events + extern const AccessRights AccessCutText; // Send/receive clipboard events + extern const AccessRights AccessSetDesktopSize; // Change desktop size + extern const AccessRights AccessNonShared; // Exclusive access to the server + extern const AccessRights AccessDefault; // The default rights, INCLUDING FUTURE ONES + extern const AccessRights AccessNoQuery; // Connect without local user accepting + extern const AccessRights AccessFull; // All of the available AND FUTURE rights + +} /* namespace rfb */ + +#endif /* COMMON_RFB_ACCESSRIGHTS_H_ */ diff --git a/common/rfb/CMakeLists.txt b/common/rfb/CMakeLists.txt index 2cae2356..360434a9 100644 --- a/common/rfb/CMakeLists.txt +++ b/common/rfb/CMakeLists.txt @@ -1,4 +1,5 @@ add_library(rfb STATIC + AccessRights.cxx Blacklist.cxx Congestion.cxx CConnection.cxx diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index 90540959..11e6dfe3 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -58,28 +58,27 @@ using namespace rfb; -static const char* homedirfn(const char* fn); +static const char* configdirfn(const char* fn); StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", - homedirfn("x509_ca.pem"), + configdirfn("x509_ca.pem"), ConfViewer); StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", - homedirfn("x509_crl.pem"), + configdirfn("x509_crl.pem"), ConfViewer); static LogWriter vlog("TLS"); -static const char* homedirfn(const char* fn) +static const char* configdirfn(const char* fn) { static char full_path[PATH_MAX]; - const char* homedir; + const char* configdir; - homedir = os::getvnchomedir(); - if (homedir == NULL) + configdir = os::getvncconfigdir(); + if (configdir == NULL) return ""; - snprintf(full_path, sizeof(full_path), "%s/%s", homedir, fn); - + snprintf(full_path, sizeof(full_path), "%s/%s", configdir, fn); return full_path; } @@ -308,7 +307,7 @@ void CSecurityTLS::checkSession() int err; bool hostname_match; - const char *homeDir; + const char *hostsDir; gnutls_datum_t info; size_t len; @@ -385,14 +384,14 @@ void CSecurityTLS::checkSession() /* Certificate has some user overridable problems, so TOFU time */ - homeDir = os::getvnchomedir(); - if (homeDir == NULL) { - throw AuthFailureException("Could not obtain VNC home directory " + hostsDir = os::getvncstatedir(); + if (hostsDir == NULL) { + throw AuthFailureException("Could not obtain VNC state directory " "path for known hosts storage"); } std::string dbPath; - dbPath = (std::string)homeDir + "/x509_known_hosts"; + dbPath = (std::string)hostsDir + "/x509_known_hosts"; err = gnutls_verify_stored_pubkey(dbPath.c_str(), NULL, client->getServerName(), NULL, diff --git a/common/rfb/SConnection.cxx b/common/rfb/SConnection.cxx index 402b0c04..12ba0f1a 100644 --- a/common/rfb/SConnection.cxx +++ b/common/rfb/SConnection.cxx @@ -43,24 +43,12 @@ using namespace rfb; static LogWriter vlog("SConnection"); -// AccessRights values -const SConnection::AccessRights SConnection::AccessView = 0x0001; -const SConnection::AccessRights SConnection::AccessKeyEvents = 0x0002; -const SConnection::AccessRights SConnection::AccessPtrEvents = 0x0004; -const SConnection::AccessRights SConnection::AccessCutText = 0x0008; -const SConnection::AccessRights SConnection::AccessSetDesktopSize = 0x0010; -const SConnection::AccessRights SConnection::AccessNonShared = 0x0020; -const SConnection::AccessRights SConnection::AccessDefault = 0x03ff; -const SConnection::AccessRights SConnection::AccessNoQuery = 0x0400; -const SConnection::AccessRights SConnection::AccessFull = 0xffff; - - -SConnection::SConnection() +SConnection::SConnection(AccessRights accessRights) : readyForSetColourMapEntries(false), is(0), os(0), reader_(0), writer_(0), ssecurity(0), authFailureTimer(this, &SConnection::handleAuthFailureTimeout), state_(RFBSTATE_UNINITIALISED), preferredEncoding(encodingRaw), - accessRights(0x0000), hasRemoteClipboard(false), + accessRights(accessRights), hasRemoteClipboard(false), hasLocalClipboard(false), unsolicitedClipboardAttempt(false) { @@ -254,7 +242,7 @@ bool SConnection::processSecurityMsg() } state_ = RFBSTATE_QUERYING; - setAccessRights(ssecurity->getAccessRights()); + setAccessRights(accessRights & ssecurity->getAccessRights()); queryConnection(ssecurity->getUserName()); // If the connection got approved right away then we can continue diff --git a/common/rfb/SConnection.h b/common/rfb/SConnection.h index 0bd6afdb..5bc61677 100644 --- a/common/rfb/SConnection.h +++ b/common/rfb/SConnection.h @@ -29,6 +29,7 @@ #include <rdr/InStream.h> #include <rdr/OutStream.h> +#include <rfb/AccessRights.h> #include <rfb/SMsgHandler.h> #include <rfb/SecurityServer.h> #include <rfb/Timer.h> @@ -42,7 +43,7 @@ namespace rfb { class SConnection : public SMsgHandler { public: - SConnection(); + SConnection(AccessRights accessRights); virtual ~SConnection(); // Methods to initialise the connection @@ -175,20 +176,12 @@ namespace rfb { // clipboard via handleClipboardRequest(). virtual void sendClipboardData(const char* data); + // getAccessRights() returns the access rights of a SConnection to the server. + AccessRights getAccessRights() { return accessRights; } + // setAccessRights() allows a security package to limit the access rights // of a SConnection to the server. How the access rights are treated // is up to the derived class. - - typedef uint16_t AccessRights; - static const AccessRights AccessView; // View display contents - static const AccessRights AccessKeyEvents; // Send key events - static const AccessRights AccessPtrEvents; // Send pointer events - static const AccessRights AccessCutText; // Send/receive clipboard events - static const AccessRights AccessSetDesktopSize; // Change desktop size - static const AccessRights AccessNonShared; // Exclusive access to the server - static const AccessRights AccessDefault; // The default rights, INCLUDING FUTURE ONES - static const AccessRights AccessNoQuery; // Connect without local user accepting - static const AccessRights AccessFull; // All of the available AND FUTURE rights virtual void setAccessRights(AccessRights ar); virtual bool accessCheck(AccessRights ar) const; diff --git a/common/rfb/SSecurity.h b/common/rfb/SSecurity.h index fbc3de6f..8e296c5a 100644 --- a/common/rfb/SSecurity.h +++ b/common/rfb/SSecurity.h @@ -62,7 +62,7 @@ namespace rfb { // for this security type. virtual const char* getUserName() const = 0; - virtual SConnection::AccessRights getAccessRights() const { return SConnection::AccessDefault; } + virtual AccessRights getAccessRights() const { return AccessDefault; } protected: SConnection* sc; diff --git a/common/rfb/SSecurityRSAAES.cxx b/common/rfb/SSecurityRSAAES.cxx index 2a8dfa3e..cea62644 100644 --- a/common/rfb/SSecurityRSAAES.cxx +++ b/common/rfb/SSecurityRSAAES.cxx @@ -76,7 +76,7 @@ SSecurityRSAAES::SSecurityRSAAES(SConnection* sc, uint32_t _secType, keySize(_keySize), isAllEncrypted(_isAllEncrypted), secType(_secType), serverKey(), clientKey(), serverKeyN(NULL), serverKeyE(NULL), clientKeyN(NULL), clientKeyE(NULL), - accessRights(SConnection::AccessDefault), + accessRights(AccessDefault), rais(NULL), raos(NULL), rawis(NULL), rawos(NULL) { assert(keySize == 128 || keySize == 256); @@ -578,12 +578,12 @@ void SSecurityRSAAES::verifyPass() throw AuthFailureException("No password configured for VNC Auth"); if (password == passwd) { - accessRights = SConnection::AccessDefault; + accessRights = AccessDefault; return; } if (!passwdReadOnly.empty() && password == passwdReadOnly) { - accessRights = SConnection::AccessView; + accessRights = AccessView; return; } diff --git a/common/rfb/SSecurityRSAAES.h b/common/rfb/SSecurityRSAAES.h index eaeb13a1..0c4fc852 100644 --- a/common/rfb/SSecurityRSAAES.h +++ b/common/rfb/SSecurityRSAAES.h @@ -39,7 +39,7 @@ namespace rfb { virtual bool processMsg(); virtual const char* getUserName() const; virtual int getType() const { return secType; } - virtual SConnection::AccessRights getAccessRights() const + virtual AccessRights getAccessRights() const { return accessRights; } @@ -82,7 +82,7 @@ namespace rfb { char username[256]; char password[256]; - SConnection::AccessRights accessRights; + AccessRights accessRights; rdr::InStream* rais; rdr::OutStream* raos; diff --git a/common/rfb/SSecurityStack.cxx b/common/rfb/SSecurityStack.cxx index 8b1c2a47..9c0321d4 100644 --- a/common/rfb/SSecurityStack.cxx +++ b/common/rfb/SSecurityStack.cxx @@ -71,14 +71,14 @@ const char* SSecurityStack::getUserName() const return c; } -SConnection::AccessRights SSecurityStack::getAccessRights() const +AccessRights SSecurityStack::getAccessRights() const { - SConnection::AccessRights accessRights; + AccessRights accessRights; if (!state0 && !state1) return SSecurity::getAccessRights(); - accessRights = SConnection::AccessFull; + accessRights = AccessFull; if (state0) accessRights &= state0->getAccessRights(); diff --git a/common/rfb/SSecurityStack.h b/common/rfb/SSecurityStack.h index 8b412bdf..cf7b10d0 100644 --- a/common/rfb/SSecurityStack.h +++ b/common/rfb/SSecurityStack.h @@ -32,7 +32,7 @@ namespace rfb { virtual bool processMsg(); virtual int getType() const { return type; }; virtual const char* getUserName() const; - virtual SConnection::AccessRights getAccessRights() const; + virtual AccessRights getAccessRights() const; protected: short state; SSecurity* state0; diff --git a/common/rfb/SSecurityVeNCrypt.cxx b/common/rfb/SSecurityVeNCrypt.cxx index c126d82f..2813f299 100644 --- a/common/rfb/SSecurityVeNCrypt.cxx +++ b/common/rfb/SSecurityVeNCrypt.cxx @@ -180,7 +180,7 @@ const char* SSecurityVeNCrypt::getUserName() const return ssecurity->getUserName(); } -SConnection::AccessRights SSecurityVeNCrypt::getAccessRights() const +AccessRights SSecurityVeNCrypt::getAccessRights() const { if (ssecurity == NULL) return SSecurity::getAccessRights(); diff --git a/common/rfb/SSecurityVeNCrypt.h b/common/rfb/SSecurityVeNCrypt.h index 86cf420a..91713f89 100644 --- a/common/rfb/SSecurityVeNCrypt.h +++ b/common/rfb/SSecurityVeNCrypt.h @@ -37,7 +37,7 @@ namespace rfb { virtual bool processMsg(); virtual int getType() const { return chosenType; } virtual const char* getUserName() const; - virtual SConnection::AccessRights getAccessRights() const; + virtual AccessRights getAccessRights() const; protected: SSecurity *ssecurity; diff --git a/common/rfb/SSecurityVncAuth.cxx b/common/rfb/SSecurityVncAuth.cxx index cbd0ccd2..c1ef1f1c 100644 --- a/common/rfb/SSecurityVncAuth.cxx +++ b/common/rfb/SSecurityVncAuth.cxx @@ -54,7 +54,7 @@ VncAuthPasswdParameter SSecurityVncAuth::vncAuthPasswd SSecurityVncAuth::SSecurityVncAuth(SConnection* sc) : SSecurity(sc), sentChallenge(false), - pg(&vncAuthPasswd), accessRights(0) + pg(&vncAuthPasswd), accessRights(AccessNone) { } @@ -103,13 +103,13 @@ bool SSecurityVncAuth::processMsg() throw AuthFailureException("No password configured for VNC Auth"); if (verifyResponse(passwd.c_str())) { - accessRights = SConnection::AccessDefault; + accessRights = AccessDefault; return true; } if (!passwdReadOnly.empty() && verifyResponse(passwdReadOnly.c_str())) { - accessRights = SConnection::AccessView; + accessRights = AccessView; return true; } diff --git a/common/rfb/SSecurityVncAuth.h b/common/rfb/SSecurityVncAuth.h index 2bd27791..7f27b02b 100644 --- a/common/rfb/SSecurityVncAuth.h +++ b/common/rfb/SSecurityVncAuth.h @@ -55,7 +55,7 @@ namespace rfb { virtual bool processMsg(); virtual int getType() const {return secTypeVncAuth;} virtual const char* getUserName() const {return 0;} - virtual SConnection::AccessRights getAccessRights() const { return accessRights; } + virtual AccessRights getAccessRights() const { return accessRights; } static StringParameter vncAuthPasswdFile; static VncAuthPasswdParameter vncAuthPasswd; private: @@ -65,7 +65,7 @@ namespace rfb { uint8_t response[vncAuthChallengeSize]; bool sentChallenge; VncAuthPasswdGetter* pg; - SConnection::AccessRights accessRights; + AccessRights accessRights; }; } #endif diff --git a/common/rfb/VNCSConnectionST.cxx b/common/rfb/VNCSConnectionST.cxx index ffbf8be7..306bba1d 100644 --- a/common/rfb/VNCSConnectionST.cxx +++ b/common/rfb/VNCSConnectionST.cxx @@ -51,8 +51,9 @@ static LogWriter vlog("VNCSConnST"); static Cursor emptyCursor(0, 0, Point(0, 0), NULL); VNCSConnectionST::VNCSConnectionST(VNCServerST* server_, network::Socket *s, - bool reverse) - : sock(s), reverseConnection(reverse), + bool reverse, AccessRights ar) + : SConnection(ar), + sock(s), reverseConnection(reverse), inProcessMessages(false), pendingSyncFence(false), syncFence(false), fenceFlags(0), fenceDataLen(0), fenceData(NULL), congestionTimer(this), diff --git a/common/rfb/VNCSConnectionST.h b/common/rfb/VNCSConnectionST.h index 85bfd38f..3a9ec242 100644 --- a/common/rfb/VNCSConnectionST.h +++ b/common/rfb/VNCSConnectionST.h @@ -40,7 +40,8 @@ namespace rfb { class VNCSConnectionST : private SConnection, public Timer::Callback { public: - VNCSConnectionST(VNCServerST* server_, network::Socket* s, bool reverse); + VNCSConnectionST(VNCServerST* server_, network::Socket* s, bool reverse, + AccessRights ar); virtual ~VNCSConnectionST(); // SConnection methods diff --git a/common/rfb/VNCServer.h b/common/rfb/VNCServer.h index b49dbfe3..3ac9fb94 100644 --- a/common/rfb/VNCServer.h +++ b/common/rfb/VNCServer.h @@ -23,17 +23,48 @@ #ifndef __RFB_VNCSERVER_H__ #define __RFB_VNCSERVER_H__ -#include <network/Socket.h> - #include <rfb/UpdateTracker.h> #include <rfb/SSecurity.h> #include <rfb/ScreenSet.h> +namespace network { class Socket; } + namespace rfb { - class VNCServer : public UpdateTracker, - public network::SocketServer { + class VNCServer : public UpdateTracker { public: + // addSocket() tells the server to serve the Socket. The caller + // retains ownership of the Socket - the only way for the server + // to discard a Socket is by calling shutdown() on it. + // outgoing is set to true if the socket was created by connecting out + // to another host, or false if the socket was created by accept()ing + // an incoming connection. + // accessRights allows to set the access rights to the server. + virtual void addSocket(network::Socket* sock, bool outgoing=false, + AccessRights accessRights = AccessDefault) = 0; + + // removeSocket() tells the server to stop serving the Socket. The + // caller retains ownership of the Socket - the server must NOT + // delete the Socket! This call is used mainly to cause per-Socket + // resources to be freed. + virtual void removeSocket(network::Socket* sock) = 0; + + // getSockets() gets a list of sockets. This can be used to generate an + // fd_set for calling select(). + virtual void getSockets(std::list<network::Socket*>* sockets) = 0; + + // processSocketReadEvent() tells the server there is a Socket read event. + // The implementation can indicate that the Socket is no longer active + // by calling shutdown() on it. The caller will then call removeSocket() + // soon after processSocketEvent returns, to allow any pre-Socket + // resources to be tidied up. + virtual void processSocketReadEvent(network::Socket* sock) = 0; + + // processSocketReadEvent() tells the server there is a Socket write event. + // This is only necessary if the Socket has been put in non-blocking + // mode and needs this callback to flush the buffer. + virtual void processSocketWriteEvent(network::Socket* sock) = 0; + // blockUpdates()/unblockUpdates() tells the server that the pixel buffer // is currently in flux and may not be accessed. The attributes of the // pixel buffer may still be accessed, but not the frame buffer itself. diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx index 72cf942d..b9579f12 100644 --- a/common/rfb/VNCServerST.cxx +++ b/common/rfb/VNCServerST.cxx @@ -55,6 +55,8 @@ #include <assert.h> #include <stdlib.h> +#include <network/Socket.h> + #include <rfb/ComparingUpdateTracker.h> #include <rfb/Exception.h> #include <rfb/KeyRemapper.h> @@ -130,9 +132,9 @@ VNCServerST::~VNCServerST() } -// SocketServer methods +// VNCServer methods -void VNCServerST::addSocket(network::Socket* sock, bool outgoing) +void VNCServerST::addSocket(network::Socket* sock, bool outgoing, AccessRights accessRights) { // - Check the connection isn't black-marked // *** do this in getSecurity instead? @@ -163,7 +165,7 @@ void VNCServerST::addSocket(network::Socket* sock, bool outgoing) connectTimer.start(secsToMillis(rfb::Server::maxConnectionTime)); disconnectTimer.stop(); - VNCSConnectionST* client = new VNCSConnectionST(this, sock, outgoing); + VNCSConnectionST* client = new VNCSConnectionST(this, sock, outgoing, accessRights); clients.push_front(client); client->init(); } @@ -235,8 +237,6 @@ void VNCServerST::processSocketWriteEvent(network::Socket* sock) throw rdr::Exception("invalid Socket in VNCServerST"); } -// VNCServer methods - void VNCServerST::blockUpdates() { blockCounter++; @@ -702,7 +702,7 @@ void VNCServerST::queryConnection(VNCSConnectionST* client, } // - Does the client have the right to bypass the query? - if (client->accessCheck(SConnection::AccessNoQuery)) + if (client->accessCheck(AccessNoQuery)) { approveConnection(client->getSock(), true, NULL); return; @@ -715,7 +715,7 @@ void VNCServerST::clientReady(VNCSConnectionST* client, bool shared) { if (!shared) { if (rfb::Server::disconnectClients && - client->accessCheck(SConnection::AccessNonShared)) { + client->accessCheck(AccessNonShared)) { // - Close all the other connected clients slog.debug("non-shared connection - closing clients"); closeClients("Non-shared connection requested", client->getSock()); diff --git a/common/rfb/VNCServerST.h b/common/rfb/VNCServerST.h index 3436d333..90c8d753 100644 --- a/common/rfb/VNCServerST.h +++ b/common/rfb/VNCServerST.h @@ -51,12 +51,13 @@ namespace rfb { virtual ~VNCServerST(); - // Methods overridden from SocketServer + // Methods overridden from VNCServer // addSocket // Causes the server to allocate an RFB-protocol management // structure for the socket & initialise it. - virtual void addSocket(network::Socket* sock, bool outgoing=false); + virtual void addSocket(network::Socket* sock, bool outgoing=false, + AccessRights ar=AccessDefault); // removeSocket // Clean up any resources associated with the Socket @@ -76,9 +77,6 @@ namespace rfb { // Flush pending data from the Socket on to the network. virtual void processSocketWriteEvent(network::Socket* sock); - - // Methods overridden from VNCServer - virtual void blockUpdates(); virtual void unblockUpdates(); virtual uint64_t getMsc(); diff --git a/common/rfb/obfuscate.cxx b/common/rfb/obfuscate.cxx index 1f785893..d40e25c3 100644 --- a/common/rfb/obfuscate.cxx +++ b/common/rfb/obfuscate.cxx @@ -56,11 +56,11 @@ std::string rfb::deobfuscate(const uint8_t *data, size_t len) { char buf[9]; - assert(data != NULL); - if (len != 8) throw rdr::Exception("bad obfuscated password length"); + assert(data != NULL); + deskey(d3desObfuscationKey, DE1); des((uint8_t*)data, (uint8_t*)buf); buf[8] = 0; diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx index d1a8cc33..48f59846 100644 --- a/common/rfb/util.cxx +++ b/common/rfb/util.cxx @@ -126,8 +126,8 @@ namespace rfb { bool hexToBin(const char* in, size_t inlen, uint8_t* out, size_t outlen) { - assert(in); - assert(out); + assert(in || inlen == 0); + assert(out || outlen == 0); if (inlen & 1) return false; |