1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved.
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
//
// SSecurityFactoryStandard
//
#include <rfb/Security.h>
#include <rfb/SSecurityNone.h>
#include <rfb/Configuration.h>
#include <rfb/LogWriter.h>
#include <rfb/Exception.h>
#include <rfb/SSecurityFactoryStandard.h>
#include <rfb/Password.h>
using namespace rfb;
static LogWriter vlog("SSecurityFactoryStandard");
StringParameter SSecurityFactoryStandard::sec_types
("SecurityTypes",
"Specify which security scheme to use for incoming connections (None, VncAuth)",
"VncAuth");
StringParameter SSecurityFactoryStandard::rev_sec_types
("ReverseSecurityTypes",
"Specify encryption scheme to use for reverse connections (None)",
"None");
StringParameter SSecurityFactoryStandard::vncAuthPasswdFile
("PasswordFile", "Password file for VNC authentication", "");
VncAuthPasswdParameter SSecurityFactoryStandard::vncAuthPasswd
("Password", "Obfuscated binary encoding of the password which clients must supply to "
"access the server", &SSecurityFactoryStandard::vncAuthPasswdFile);
SSecurity* SSecurityFactoryStandard::getSSecurity(rdr::U8 secType, bool reverseConnection) {
switch (secType) {
case secTypeNone: return new SSecurityNone();
case secTypeVncAuth:
return new SSecurityVncAuth(&vncAuthPasswd);
default:
throw Exception("Security type not supported");
}
}
void SSecurityFactoryStandard::getSecTypes(std::list<rdr::U8>* secTypes, bool reverseConnection) {
CharArray secTypesStr;
if (reverseConnection)
secTypesStr.buf = rev_sec_types.getData();
else
secTypesStr.buf = sec_types.getData();
std::list<int> configured = parseSecTypes(secTypesStr.buf);
std::list<int>::iterator i;
for (i=configured.begin(); i!=configured.end(); i++) {
if (isSecTypeSupported(*i))
secTypes->push_back(*i);
}
}
bool SSecurityFactoryStandard::isSecTypeSupported(rdr::U8 secType) {
switch (secType) {
case secTypeNone:
case secTypeVncAuth:
return true;
default:
return false;
}
}
VncAuthPasswdParameter::VncAuthPasswdParameter(const char* name,
const char* desc,
StringParameter* passwdFile_)
: BinaryParameter(name, desc, 0, 0), passwdFile(passwdFile_) {
}
char* VncAuthPasswdParameter::getVncAuthPasswd() {
ObfuscatedPasswd obfuscated;
getData((void**)&obfuscated.buf, &obfuscated.length);
if (obfuscated.length == 0) {
if (passwdFile) {
CharArray fname(passwdFile->getData());
if (!fname.buf[0]) {
vlog.info("neither %s nor %s params set", getName(), passwdFile->getName());
return 0;
}
FILE* fp = fopen(fname.buf, "r");
if (!fp) {
vlog.error("opening password file '%s' failed",fname.buf);
return 0;
}
vlog.debug("reading password file");
obfuscated.buf = new char[128];
obfuscated.length = fread(obfuscated.buf, 1, 128, fp);
fclose(fp);
} else {
vlog.info("%s parameter not set", getName());
}
}
try {
PlainPasswd password(obfuscated);
return password.takeBuf();
} catch (...) {
return 0;
}
}
|