#! /bin/sh /usr/share/dpatch/dpatch-run ## common-tls.patch ## ## DP: Add TLS support via GNUTLS @DPATCH@ diff -urN tiger/common/configure.ac tiger-tls/common/configure.ac --- tiger/common/configure.ac 2009-08-20 11:46:42.000000000 +0200 +++ tiger-tls/common/configure.ac 2009-11-05 13:10:43.000000000 +0100 @@ -49,6 +49,14 @@ fi fi +dnl Check for GNUTLS support +AC_ARG_ENABLE(gnutls, [ --enable-gnutls build with gnutls support]) +if test "$enable_gnutls" = "yes"; then + PKG_CHECK_MODULES(LIBGNUTLS, gnutls >= 1.0.0, [AC_DEFINE(HAVE_GNUTLS, 1, [Define to 1 if GnuTLS is available])], + AC_MSG_ERROR([Unable to find GNUTLS])) + LIBGNUTLS_CFLAGS="-DHAVE_GNUTLS $LIBGNUTLS_CFLAGS" +fi + dnl Check for zlib library INCLUDED_ZLIB=no AC_ARG_WITH([included-zlib], diff -urN tiger/common/Makefile.in tiger-tls/common/Makefile.in --- tiger/common/Makefile.in 2009-08-20 11:49:46.000000000 +0200 +++ tiger-tls/common/Makefile.in 2009-11-05 13:10:43.000000000 +0100 @@ -138,6 +138,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ +LIBS = @LIBS@ @LIBGNUTLS_LIBS@ LIBTOOL = @LIBTOOL@ @@ -157,8 +159,10 @@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ diff -urN tiger/common/network/Makefile.am tiger-tls/common/network/Makefile.am --- tiger/common/network/Makefile.am 2009-08-20 11:46:42.000000000 +0200 +++ tiger-tls/common/network/Makefile.am 2009-11-05 13:10:43.000000000 +0100 @@ -4,5 +4,5 @@ libnetwork_la_SOURCES = $(HDRS) TcpSocket.cxx -libnetwork_la_CPPFLAGS = -I$(top_srcdir) +libnetwork_la_CPPFLAGS = -I$(top_srcdir) @LIBGNUTLS_CFLAGS@ diff -urN tiger/common/network/Makefile.in tiger-tls/common/network/Makefile.in --- tiger/common/network/Makefile.in 2009-08-20 11:49:46.000000000 +0200 +++ tiger-tls/common/network/Makefile.in 2009-11-05 13:10:43.000000000 +0100 @@ -111,6 +111,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ +LIBS = @LIBS@ @LIBGNUTLS_LIBS@ LIBTOOL = @LIBTOOL@ @@ -130,8 +132,10 @@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -195,7 +199,7 @@ noinst_LTLIBRARIES = libnetwork.la HDRS = Socket.h TcpSocket.h libnetwork_la_SOURCES = $(HDRS) TcpSocket.cxx -libnetwork_la_CPPFLAGS = -I$(top_srcdir) +libnetwork_la_CPPFLAGS = -I$(top_srcdir) @LIBGNUTLS_CFLAGS@ all: all-am .SUFFIXES: diff -urN tiger/common/os/Makefile.in tiger-tls/common/os/Makefile.in --- tiger/common/os/Makefile.in 2009-08-20 11:49:46.000000000 +0200 +++ tiger-tls/common/os/Makefile.in 2009-11-05 13:10:43.000000000 +0100 @@ -102,6 +102,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ +LIBS = @LIBS@ @LIBGNUTLS_LIBS@ LIBTOOL = @LIBTOOL@ @@ -121,8 +123,10 @@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ diff -urN tiger/common/rdr/Makefile.am tiger-tls/common/rdr/Makefile.am --- tiger/common/rdr/Makefile.am 2009-08-20 11:46:42.000000000 +0200 +++ tiger-tls/common/rdr/Makefile.am 2009-11-05 13:10:43.000000000 +0100 @@ -3,13 +3,15 @@ HDRS = Exception.h FdInStream.h FdOutStream.h FixedMemOutStream.h \ HexInStream.h HexOutStream.h InStream.h MemInStream.h \ MemOutStream.h msvcwarning.h OutStream.h RandomStream.h \ - SubstitutingInStream.h types.h ZlibInStream.h ZlibOutStream.h + SubstitutingInStream.h types.h ZlibInStream.h ZlibOutStream.h \ + TLSInStream.h TLSOutStream.h TLSException.h librdr_la_SOURCES = $(HDRS) Exception.cxx FdInStream.cxx FdOutStream.cxx \ InStream.cxx RandomStream.cxx ZlibInStream.cxx ZlibOutStream.cxx \ - HexInStream.cxx HexOutStream.cxx + HexInStream.cxx HexOutStream.cxx TLSInStream.cxx TLSOutStream.cxx TLSException.cxx librdr_la_CPPFLAGS = -I$(top_srcdir) librdr_la_LIBADD = +CPPFLAGS += @LIBGNUTLS_CFLAGS@ if INCLUDED_ZLIB diff -urN tiger/common/rdr/Makefile.in tiger-tls/common/rdr/Makefile.in --- tiger/common/rdr/Makefile.in 2009-08-20 11:49:46.000000000 +0200 +++ tiger-tls/common/rdr/Makefile.in 2009-11-05 13:10:43.000000000 +0100 @@ -53,7 +53,9 @@ librdr_la-FdInStream.lo librdr_la-FdOutStream.lo \ librdr_la-InStream.lo librdr_la-RandomStream.lo \ librdr_la-ZlibInStream.lo librdr_la-ZlibOutStream.lo \ - librdr_la-HexInStream.lo librdr_la-HexOutStream.lo + librdr_la-HexInStream.lo librdr_la-HexOutStream.lo \ + librdr_la-TLSInStream.lo librdr_la-TLSOutStream.lo \ + librdr_la-TLSException.lo librdr_la_OBJECTS = $(am_librdr_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp @@ -117,6 +119,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ +LIBS = @LIBS@ @LIBGNUTLS_LIBS@ LIBTOOL = @LIBTOOL@ @@ -136,8 +140,10 @@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -202,13 +208,15 @@ HDRS = Exception.h FdInStream.h FdOutStream.h FixedMemOutStream.h \ HexInStream.h HexOutStream.h InStream.h MemInStream.h \ MemOutStream.h msvcwarning.h OutStream.h RandomStream.h \ - SubstitutingInStream.h types.h ZlibInStream.h ZlibOutStream.h + SubstitutingInStream.h types.h ZlibInStream.h ZlibOutStream.h \ + TLSInStream.h TLSOutStream.h TLSException.h librdr_la_SOURCES = $(HDRS) Exception.cxx FdInStream.cxx FdOutStream.cxx \ InStream.cxx RandomStream.cxx ZlibInStream.cxx ZlibOutStream.cxx \ - HexInStream.cxx HexOutStream.cxx + HexInStream.cxx HexOutStream.cxx TLSInStream.cxx TLSOutStream.cxx TLSException.cxx -librdr_la_CPPFLAGS = -I$(top_srcdir) $(am__append_1) +librdr_la_CPPFLAGS = -I$(top_srcdir) @LIBGNUTLS_CFLAGS@ \ + $(am__append_1) librdr_la_LIBADD = $(am__append_2) all: all-am @@ -269,6 +277,9 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librdr_la-HexOutStream.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librdr_la-InStream.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librdr_la-RandomStream.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librdr_la-TLSException.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librdr_la-TLSInStream.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librdr_la-TLSOutStream.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librdr_la-ZlibInStream.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librdr_la-ZlibOutStream.Plo@am__quote@ @@ -356,6 +367,27 @@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdr_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librdr_la-HexOutStream.lo `test -f 'HexOutStream.cxx' || echo '$(srcdir)/'`HexOutStream.cxx +librdr_la-TLSInStream.lo: TLSInStream.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdr_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librdr_la-TLSInStream.lo -MD -MP -MF $(DEPDIR)/librdr_la-TLSInStream.Tpo -c -o librdr_la-TLSInStream.lo `test -f 'TLSInStream.cxx' || echo '$(srcdir)/'`TLSInStream.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librdr_la-TLSInStream.Tpo $(DEPDIR)/librdr_la-TLSInStream.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='TLSInStream.cxx' object='librdr_la-TLSInStream.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdr_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librdr_la-TLSInStream.lo `test -f 'TLSInStream.cxx' || echo '$(srcdir)/'`TLSInStream.cxx + +librdr_la-TLSOutStream.lo: TLSOutStream.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdr_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librdr_la-TLSOutStream.lo -MD -MP -MF $(DEPDIR)/librdr_la-TLSOutStream.Tpo -c -o librdr_la-TLSOutStream.lo `test -f 'TLSOutStream.cxx' || echo '$(srcdir)/'`TLSOutStream.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librdr_la-TLSOutStream.Tpo $(DEPDIR)/librdr_la-TLSOutStream.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='TLSOutStream.cxx' object='librdr_la-TLSOutStream.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdr_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librdr_la-TLSOutStream.lo `test -f 'TLSOutStream.cxx' || echo '$(srcdir)/'`TLSOutStream.cxx + +librdr_la-TLSException.lo: TLSException.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdr_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librdr_la-TLSException.lo -MD -MP -MF $(DEPDIR)/librdr_la-TLSException.Tpo -c -o librdr_la-TLSException.lo `test -f 'TLSException.cxx' || echo '$(srcdir)/'`TLSException.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librdr_la-TLSException.Tpo $(DEPDIR)/librdr_la-TLSException.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='TLSException.cxx' object='librdr_la-TLSException.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdr_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librdr_la-TLSException.lo `test -f 'TLSException.cxx' || echo '$(srcdir)/'`TLSException.cxx + mostlyclean-libtool: -rm -f *.lo diff -urN tiger/common/rdr/TLSException.cxx tiger-tls/common/rdr/TLSException.cxx --- tiger/common/rdr/TLSException.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rdr/TLSException.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,37 @@ +/* Copyright (C) 2004 Red Hat Inc. + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include + + +#ifdef HAVE_GNUTLS +using namespace rdr; +TLSException::TLSException(const char* s, int err_) + : Exception(s), err(err_) +{ + strncat(str_, ": ", len-1-strlen(str_)); + strncat(str_, gnutls_strerror(err), len-1-strlen(str_)); + strncat(str_, " (", len-1-strlen(str_)); + char buf[20]; + sprintf(buf,"%d",err); + strncat(str_, buf, len-1-strlen(str_)); + strncat(str_, ")", len-1-strlen(str_)); +} +#endif /* HAVE_GNUTLS */ diff -urN tiger/common/rdr/TLSException.h tiger-tls/common/rdr/TLSException.h --- tiger/common/rdr/TLSException.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rdr/TLSException.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,38 @@ +/* Copyright (C) 2004 Red Hat Inc. + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __RDR_TLSEXCEPTION_H__ +#define __RDR_TLSEXCEPTION_H__ + +#ifdef HAVE_GNUTLS +#include + +#include + +namespace rdr { + + struct TLSException : public Exception { + int err; + TLSException(const char* s, int err_); + }; + +} + + +#endif +#endif diff -urN tiger/common/rdr/TLSInStream.cxx tiger-tls/common/rdr/TLSInStream.cxx --- tiger/common/rdr/TLSInStream.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rdr/TLSInStream.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,106 @@ +/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include + +#ifdef HAVE_GNUTLS +using namespace rdr; + +enum { DEFAULT_BUF_SIZE = 16384 }; + +ssize_t rdr::gnutls_InStream_pull(gnutls_transport_ptr str,void* data, size_t size) +{ + InStream*in=(InStream*)str; + if(!in->check(1, 1, false)) + { + errno=EAGAIN; + return -1; + } + if(in->getend() - in->getptr()getend() - in->getptr(); + + in->readBytes(data,size); + return size; +} + +TLSInStream::TLSInStream(InStream* _in, gnutls_session _session) +{ + in=_in; + session=_session; + bufSize=DEFAULT_BUF_SIZE; + offset=0; + ptr = end = start = new U8[bufSize]; +} + +TLSInStream::~TLSInStream() +{ + delete[] start; +} + +int TLSInStream::pos() +{ + return offset + ptr - start; +} + +int TLSInStream::overrun(int itemSize, int nItems, bool wait) +{ + if (itemSize > bufSize) + throw Exception("TLSInStream overrun: max itemSize exceeded"); + + if (end - ptr != 0) + memmove(start, ptr, end - ptr); + + offset += ptr - start; + end -= ptr - start; + ptr = start; + + while (end < start + itemSize) { + int n = readTLS((U8*)end, start + bufSize - end, wait); + if (!wait && n == 0) return 0; + end += n; + } + + if (itemSize * nItems > end - ptr) + nItems = (end - ptr) / itemSize; + + return nItems; + +} + + +int TLSInStream::readTLS(void* buf, int len, bool wait) +{ + int n; + + n = in->check(1, 1, wait); + if (n == 0) return 0; + + + n = gnutls_record_recv(session, buf, len); + if(n == GNUTLS_E_INTERRUPTED || n == GNUTLS_E_AGAIN) + return 0; + + if (n < 0) throw TLSException("recv",n); + //if (n == 0) throw EndOfStream(); + return n; +} + +#endif diff -urN tiger/common/rdr/TLSInStream.h tiger-tls/common/rdr/TLSInStream.h --- tiger/common/rdr/TLSInStream.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rdr/TLSInStream.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,52 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __RDR_TLSINSTREAM_H__ +#define __RDR_TLSINSTREAM_H__ + +#ifdef HAVE_GNUTLS + +#include +#include + +namespace rdr { + + class TLSInStream : public InStream { + public: + TLSInStream(InStream* in, gnutls_session session); + virtual ~TLSInStream(); + + int pos(); + + private: + int overrun(int itemSize, int nItems, bool wait); + int readTLS(void* buf, int len, bool wait); + + gnutls_session session; + InStream* in; + int bufSize; + int offset; + U8* start; + }; + +ssize_t gnutls_InStream_pull(gnutls_transport_ptr,void*, size_t); + +}; + +#endif +#endif diff -urN tiger/common/rdr/TLSOutStream.cxx tiger-tls/common/rdr/TLSOutStream.cxx --- tiger/common/rdr/TLSOutStream.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rdr/TLSOutStream.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,99 @@ +/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include + +#ifdef HAVE_GNUTLS +using namespace rdr; + +enum { DEFAULT_BUF_SIZE = 16384 }; + +ssize_t rdr::gnutls_OutStream_push(gnutls_transport_ptr str,const void* data, size_t size) +{ + OutStream* out=(OutStream*)str; + out->writeBytes(data,size); + out->flush(); + return size; +} + +TLSOutStream::TLSOutStream(OutStream* _out, gnutls_session _session) +{ + bufSize=DEFAULT_BUF_SIZE; + ptr = start = new U8[bufSize]; + end = start + bufSize; + offset=0; + session=_session; + out=_out; +} + +TLSOutStream::~TLSOutStream() +{ + try { +// flush(); + } catch (Exception&) { + } + delete [] start; +} + +int TLSOutStream::length() +{ + return offset + ptr - start; +} + +void TLSOutStream::flush() +{ + U8* sentUpTo = start; + while (sentUpTo < ptr) { + int n = writeTLS((const void*) sentUpTo, ptr - sentUpTo); + sentUpTo += n; + offset += n; + } + + ptr = start; + out->flush(); +} + + +int TLSOutStream::overrun(int itemSize, int nItems) +{ + if (itemSize > bufSize) + throw Exception("TLSOutStream overrun: max itemSize exceeded"); + + flush(); + + if (itemSize * nItems > end - ptr) + nItems = (end - ptr) / itemSize; + + return nItems; +} + +int TLSOutStream::writeTLS(const void* data, int length) +{ + int n; + + n = gnutls_record_send(session,data,length); + if(n == GNUTLS_E_INTERRUPTED || n == GNUTLS_E_AGAIN) + return 0; + + if (n < 0) throw TLSException("send",n); + return n; +} + +#endif diff -urN tiger/common/rdr/TLSOutStream.h tiger-tls/common/rdr/TLSOutStream.h --- tiger/common/rdr/TLSOutStream.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rdr/TLSOutStream.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,54 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __RDR_TLSOUTSTREAM_H__ +#define __RDR_TLSOUTSTREAM_H__ + +#ifdef HAVE_GNUTLS + +#include +#include + +namespace rdr { + + class TLSOutStream : public OutStream { + public: + TLSOutStream(OutStream* out, gnutls_session session); + virtual ~TLSOutStream(); + + void flush(); + int length(); + + protected: + int overrun(int itemSize, int nItems); + + private: + int writeTLS(const void* data, int length); + + gnutls_session session; + OutStream* out; + int bufSize; + U8* start; + int offset; + }; + +ssize_t gnutls_OutStream_push(gnutls_transport_ptr,const void*, size_t); +}; + +#endif +#endif diff -urN tiger/common/rfb/CSecurityPlain.cxx tiger-tls/common/rfb/CSecurityPlain.cxx --- tiger/common/rfb/CSecurityPlain.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityPlain.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,47 @@ +/* Copyright (C) 2005 Martin Kögler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include +#include + +using namespace rfb; + +CSecurityPlain::CSecurityPlain(UserPasswdGetter* upg_) + : upg(upg_) +{ +} + +bool CSecurityPlain::processMsg(CConnection* cc) +{ + rdr::OutStream* os = cc->getOutStream(); + + CharArray username; + CharArray password; + + upg->getUserPasswd(&username.buf, &password.buf); + + // Return the response to the server + os->writeU32(strlen(username.buf)); + os->writeU32(strlen(password.buf)); + os->writeBytes(username.buf,strlen(username.buf)); + os->writeBytes(password.buf,strlen(password.buf)); + os->flush(); + return true; +} diff -urN tiger/common/rfb/CSecurityPlain.h tiger-tls/common/rfb/CSecurityPlain.h --- tiger/common/rfb/CSecurityPlain.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityPlain.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,38 @@ +/* Copyright (C) 2005 Martin Kögler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +#ifndef __RFB_CSECURITYPLAIN_H__ +#define __RFB_CSECURITYPLAIN_H__ + +#include +#include + +namespace rfb { + + class UserPasswdGetter; + + class CSecurityPlain : public CSecurity { + public: + CSecurityPlain(UserPasswdGetter* pg); + virtual bool processMsg(CConnection* cc); + virtual int getType() const {return secTypePlain;}; + virtual const char* description() const {return "ask for username and password";} + private: + UserPasswdGetter* upg; + }; +} +#endif diff -urN tiger/common/rfb/CSecurityPlain.java tiger-tls/common/rfb/CSecurityPlain.java --- tiger/common/rfb/CSecurityPlain.java 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityPlain.java 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,60 @@ +/* Copyright (C) 2005 Martin Kögler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +package rfb; + +public class CSecurityPlain extends CSecurity +{ + + public CSecurityPlain (UserPasswdGetter upg_) + { + upg = upg_; + } + + public int processMsg (CConnection cc) + { + rdr.OutStream os = cc.getOutStream (); + + StringBuffer passwd = new StringBuffer (); + StringBuffer uname = new StringBuffer (); + if (!upg.getUserPasswd (uname, passwd)) + { + return 0; + } + os.writeU32 (uname.toString ().length ()); + os.writeU32 (passwd.toString ().length ()); + os.writeBytes (uname.toString ().getBytes (), 0, + uname.toString ().length ()); + os.writeBytes (passwd.toString ().getBytes (), 0, + passwd.toString ().length ()); + os.flush (); + return 1; + } + + public int getType () + { + return SecTypes.Plain; + } + + UserPasswdGetter upg; + + public String description () + { + return "Plain"; + } +} diff -urN tiger/common/rfb/CSecurityStack.cxx tiger-tls/common/rfb/CSecurityStack.cxx --- tiger/common/rfb/CSecurityStack.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityStack.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,81 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include + +using namespace rfb; + +CSecurityStack::CSecurityStack(int Type,const char*Name,CSecurity* s0,CSecurity* s1,CSecurity* s2,CSecurity* s3) + :name(Name),type(Type) +{ + state=0; + state0=s0; + state1=s1; + state2=s2; + state3=s3; +} + +CSecurityStack::~CSecurityStack() +{ + if(state0) + delete state0; + if(state1) + delete state1; + if(state2) + delete state2; + if(state3) + delete state3; +} + +bool CSecurityStack::processMsg(CConnection* cc) +{ + bool res=true; + if(state==0) + { + if(state0) + res=state0->processMsg(cc); + if(!res) + return res; + state++; + } + if(state==1) + { + if(state1) + res=state1->processMsg(cc); + if(!res) + return res; + state++; + } + if(state==2) + { + if(state2) + res=state2->processMsg(cc); + if(!res) + return res; + state++; + } + if(state==3) + { + if(state3) + res=state3->processMsg(cc); + if(!res) + return res; + state++; + } + return res; +} diff -urN tiger/common/rfb/CSecurityStack.h tiger-tls/common/rfb/CSecurityStack.h --- tiger/common/rfb/CSecurityStack.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityStack.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,43 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +#ifndef __RFB_CSECURITYSTACK_H__ +#define __RFB_CSECURITYSTACK_H__ + +#include +#include + +namespace rfb { + + class CSecurityStack : public CSecurity { + public: + CSecurityStack(int Type,const char*Name,CSecurity* s0=0,CSecurity* s1=0,CSecurity* s2=0,CSecurity* s3=0); + ~CSecurityStack(); + virtual bool processMsg(CConnection* cc); + virtual int getType() const {return type;}; + virtual const char* description() const {return name;} + private: + int state; + CSecurity* state0; + CSecurity* state1; + CSecurity* state2; + CSecurity* state3; + const char* name; + int type; + }; +} +#endif diff -urN tiger/common/rfb/CSecurityStack.java tiger-tls/common/rfb/CSecurityStack.java --- tiger/common/rfb/CSecurityStack.java 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityStack.java 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,95 @@ +/* Copyright (C) 2005 Martin Koegler All Rights Reserved. + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +package rfb; + +public class CSecurityStack extends CSecurity +{ + String name; + int type; + int state; + CSecurity state0; + CSecurity state1; + CSecurity state2; + CSecurity state3; + + public CSecurityStack (int Type, String Name, CSecurity s0, CSecurity s1, + CSecurity s2, CSecurity s3) + { + state = 0; + type = Type; + name = Name; + state0 = s0; + state1 = s1; + state2 = s2; + state3 = s3; + } + + public int processMsg (CConnection cc) + { + int result = 1; + if (state == 0) + { + if (state0 != null) + result = state0.processMsg (cc); + if (result != 1) + return result; + state++; + } + if (state == 1) + { + if (state1 != null) + result = state1.processMsg (cc); + if (result != 1) + return result; + state++; + } + if (state == 1) + { + if (state1 != null) + result = state1.processMsg (cc); + if (result != 1) + return result; + state++; + } + if (state == 2) + { + if (state2 != null) + result = state2.processMsg (cc); + if (result != 1) + return result; + state++; + } + if (state == 3) + { + if (state3 != null) + result = state3.processMsg (cc); + if (result != 1) + return result; + state++; + } + return result; + } + public int getType () + { + return type; + } + public String description () + { + return name; + } +} diff -urN tiger/common/rfb/CSecurityTLSBase.cxx tiger-tls/common/rfb/CSecurityTLSBase.cxx --- tiger/common/rfb/CSecurityTLSBase.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityTLSBase.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,132 @@ +/* + * Copyright (C) 2004 Red Hat Inc. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifdef HAVE_GNUTLS + +#include +#include +#include +#include +#include +#include + +#define TLS_DEBUG + +using namespace rfb; + +static LogWriter vlog("TLS"); + +#ifdef TLS_DEBUG +static void debug_log(int level, const char* str) +{ + vlog.debug(str); +} +#endif + +void CSecurityTLSBase::initGlobal() +{ + static bool globalInitDone = false; + + if (!globalInitDone) { + gnutls_global_init(); + +#ifdef TLS_DEBUG + gnutls_global_set_log_level(10); + gnutls_global_set_log_function(debug_log); +#endif + + globalInitDone = true; + } +} + +CSecurityTLSBase::CSecurityTLSBase() : session(0) +{ + fis=0; + fos=0; +} + +void CSecurityTLSBase::shutdown() +{ + if(session) + ;//gnutls_bye(session, GNUTLS_SHUT_RDWR); +} + + +CSecurityTLSBase::~CSecurityTLSBase() +{ + if (session) { + //gnutls_bye(session, GNUTLS_SHUT_RDWR); + gnutls_deinit (session); + session = 0; + } + if(fis) + delete fis; + if(fos) + delete fos; + /* FIXME: should be doing gnutls_global_deinit() at some point */ +} + +bool CSecurityTLSBase::processMsg(CConnection* cc) +{ + rdr::InStream* is = cc->getInStream(); + rdr::OutStream* os = cc->getOutStream(); + client=cc; + + initGlobal(); + + if(!session) { + if(!is->checkNoWait(1)) + return false; + if(is->readU8()==0) + return true; + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_set_default_priority(session); + + setParam(session); + + gnutls_transport_set_pull_function(session,rdr::gnutls_InStream_pull); + gnutls_transport_set_push_function(session,rdr::gnutls_OutStream_push); + gnutls_transport_set_ptr2(session, + (gnutls_transport_ptr)is, + (gnutls_transport_ptr)os); + } + + int err; + err = gnutls_handshake(session); + if (err != GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(err)) + return false; + + if (err != GNUTLS_E_SUCCESS) { + vlog.error("TLS Handshake failed: %s\n", gnutls_strerror (err)); + gnutls_bye(session, GNUTLS_SHUT_RDWR); + freeResources(); + gnutls_deinit(session); + session = 0; + throw AuthFailureException("TLS Handshake failed"); + } + checkSession(session); + + cc->setStreams(fis=new rdr::TLSInStream(is,session), + fos=new rdr::TLSOutStream(os,session)); + + return true; +} + +#endif /* HAVE_GNUTLS */ diff -urN tiger/common/rfb/CSecurityTLSBase.h tiger-tls/common/rfb/CSecurityTLSBase.h --- tiger/common/rfb/CSecurityTLSBase.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityTLSBase.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2004 Red Hat Inc. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __C_SECURITY_TLSBASE_H__ +#define __C_SECURITY_TLSBASE_H__ + +#ifdef HAVE_GNUTLS + +#include +#include +#include +#include +#include + +namespace rfb { + class CSecurityTLSBase : public CSecurity { + public: + CSecurityTLSBase(); + virtual ~CSecurityTLSBase(); + virtual bool processMsg(CConnection* cc); + + protected: + void shutdown(); + virtual void freeResources()=0; + virtual void setParam(gnutls_session session)=0; + virtual void checkSession(gnutls_session session)=0; + CConnection *client; + + private: + static void initGlobal(); + + gnutls_session session; + rdr::InStream* fis; + rdr::OutStream* fos; + }; +} + +#endif /* HAVE_GNUTLS */ + +#endif diff -urN tiger/common/rfb/CSecurityTLSBase.java tiger-tls/common/rfb/CSecurityTLSBase.java --- tiger/common/rfb/CSecurityTLSBase.java 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityTLSBase.java 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2003 Sun Microsystems, Inc. + * Copyright (C) 2003 Martin Kögler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +package rfb; + +import java.util.ArrayList; +import java.net.*; +import javax.net.ssl.*; + +public abstract class CSecurityTLSBase extends CSecurity +{ + + public CSecurityTLSBase (Socket sock_) + { + sock = sock_; + } + + protected void initContext (SSLContext sc) throws java.security. + GeneralSecurityException + { + sc.init (null, null, null); + } + + public int processMsg (CConnection cc) + { + if (cc.getInStream ().readU8 () == 0) + return 1; + try + { + SSLSocketFactory sslfactory; + SSLSocket sslsock; + SSLContext sc = SSLContext.getInstance ("TLS"); + initContext (sc); + sslfactory = sc.getSocketFactory (); + sslsock = (SSLSocket) sslfactory.createSocket (sock, + sock.getInetAddress (). + getHostName (), + sock.getPort (), true); + + setParam (sslsock); + + /* Not neccessary - just ensures that we know what cipher + * suite we are using for the output of toString() + */ + sslsock.startHandshake (); + + tlog.debug ("Completed handshake with server " + sslsock.toString ()); + + cc.setStreams (new rdr.JavaInStream (sslsock.getInputStream ()), + new rdr.JavaOutStream (sslsock.getOutputStream ())); + + return 1; + } + catch (java.io.IOException e) + { + tlog.error ("TLS handshake failed " + e.toString ()); + return 0; + } + catch (java.security.GeneralSecurityException e) + { + tlog.error ("TLS handshake failed " + e.toString ()); + return 0; + } + } + + + protected abstract void setParam (SSLSocket sock); + + Socket sock; + + static LogWriter tlog = new LogWriter ("TLS"); +} diff -urN tiger/common/rfb/CSecurityTLS.cxx tiger-tls/common/rfb/CSecurityTLS.cxx --- tiger/common/rfb/CSecurityTLS.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityTLS.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2004 Red Hat Inc. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifdef HAVE_GNUTLS + +#include + + +using namespace rfb; + +CSecurityTLS::CSecurityTLS() : anon_cred(0) +{ +} + +CSecurityTLS::~CSecurityTLS() +{ + shutdown(); + if(anon_cred) + gnutls_anon_free_client_credentials (anon_cred); +} + + +void CSecurityTLS::freeResources() +{ + if(anon_cred) + gnutls_anon_free_client_credentials(anon_cred); + anon_cred=0; + } + +void CSecurityTLS::setParam(gnutls_session session) +{ + int kx_priority[] = { GNUTLS_KX_ANON_DH, 0 }; + gnutls_kx_set_priority(session, kx_priority); + + gnutls_anon_allocate_client_credentials(&anon_cred); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred); +} + +void CSecurityTLS::checkSession(gnutls_session session) +{ + +} + +#endif /* HAVE_GNUTLS */ diff -urN tiger/common/rfb/CSecurityTLS.h tiger-tls/common/rfb/CSecurityTLS.h --- tiger/common/rfb/CSecurityTLS.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityTLS.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2004 Red Hat Inc. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __C_SECURITY_TLS_H__ +#define __C_SECURITY_TLS_H__ + +#ifdef HAVE_GNUTLS + +#include + +namespace rfb { + class CSecurityTLS : public CSecurityTLSBase { + public: + CSecurityTLS(); + virtual ~CSecurityTLS(); + virtual int getType() const { return secTypeTLSNone; }; + virtual const char* description() const { return "TLS Encryption without VncAuth"; } + protected: + virtual void freeResources(); + virtual void setParam(gnutls_session session); + virtual void checkSession(gnutls_session session); + + private: + gnutls_anon_client_credentials anon_cred; + }; +} + +#endif /* HAVE_GNUTLS */ + +#endif /* __C_SECURITY_TLS_H__ */ diff -urN tiger/common/rfb/CSecurityTLS.java tiger-tls/common/rfb/CSecurityTLS.java --- tiger/common/rfb/CSecurityTLS.java 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityTLS.java 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2003 Sun Microsystems, Inc. + * Copyright (C) 2003 Martin Kögler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +package rfb; +import java.util.*; +import java.net.*; +import javax.net.ssl.*; + +public class CSecurityTLS extends CSecurityTLSBase +{ + + public CSecurityTLS (Socket sock_) + { + super (sock_); + } + + public int getType () + { + return SecTypes.TLSNone; + } + public String description () + { + return "TLS Encryption"; + } + + protected void setParam (SSLSocket sock) + { + String[]supported; + ArrayList enabled = new ArrayList (); + + supported = sock.getSupportedCipherSuites (); + + for (int i = 0; i < supported.length; i++) + if (supported[i].matches (".*DH_anon.*")) + enabled.add (supported[i]); + + sock.setEnabledCipherSuites ((String[])enabled.toArray (new String[0])); + } + +} diff -urN tiger/common/rfb/CSecurityX509.cxx tiger-tls/common/rfb/CSecurityX509.cxx --- tiger/common/rfb/CSecurityX509.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityX509.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,122 @@ +/* + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifdef HAVE_GNUTLS + +#include +#include +#include +#include +#include + +#include + +using namespace rfb; + +static LogWriter vlog("X509"); + + +CSecurityX509::CSecurityX509(UserMsgBox* _msg,char * ca, char* crl) : cert_cred(0) +{ + msg=_msg; + cafile=ca; + crlfile=crl; +} + +CSecurityX509::~CSecurityX509() +{ + shutdown(); + if(cert_cred) + gnutls_certificate_free_credentials (cert_cred); + delete[] cafile; + delete[] crlfile; +} + + +void CSecurityX509::freeResources() +{ + if(cert_cred) + gnutls_certificate_free_credentials(cert_cred); + cert_cred=0; + } + +void CSecurityX509::setParam(gnutls_session session) +{ + int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; + gnutls_kx_set_priority(session, kx_priority); + + gnutls_certificate_allocate_credentials(&cert_cred); + + if(*cafile&&gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM)<0) + throw AuthFailureException("load of CA cert failed"); + + if(*crlfile&&gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM)<0) + throw AuthFailureException("load of CRL failed"); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred); +} + +void CSecurityX509::checkSession(gnutls_session session) +{ + int status; + const gnutls_datum *cert_list; + unsigned int cert_list_size = 0; + unsigned int i; + + if(gnutls_certificate_type_get(session)!=GNUTLS_CRT_X509) + throw AuthFailureException("unsupported certificate type"); + + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); + if(!cert_list_size) + throw AuthFailureException("unsupported certificate type"); + + status = gnutls_certificate_verify_peers(session); + if (status == GNUTLS_E_NO_CERTIFICATE_FOUND) + throw AuthFailureException("no certificate sent"); + if(status<0) + { + vlog.error("X509 verify failed: %s\n", gnutls_strerror (status)); + throw AuthFailureException("certificate verification failed"); + } + if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) + { + if(!msg->showMsgBox(UserMsgBox::M_OKCANCEL|UserMsgBox::M_DEFBUTTON2,"certificate issuer unknown")) + throw AuthFailureException("certificate issuer unknown"); + } + if (status & GNUTLS_CERT_INVALID) + { + if(!msg->showMsgBox(UserMsgBox::M_OKCANCEL|UserMsgBox::M_DEFBUTTON2,"certificate not trusted")) + throw AuthFailureException("certificate not trusted"); + } + for(i=0;igetServerName())==0) + { + if(!msg->showMsgBox(UserMsgBox::M_OKCANCEL|UserMsgBox::M_DEFBUTTON2,"hostname mismatch")) + throw AuthFailureException("Hostname mismatch"); + } + gnutls_x509_crt_deinit(crt); + } +} + +#endif /* HAVE_GNUTLS */ diff -urN tiger/common/rfb/CSecurityX509.h tiger-tls/common/rfb/CSecurityX509.h --- tiger/common/rfb/CSecurityX509.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityX509.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __C_SECURITY_X509_H__ +#define __C_SECURITY_X509_H__ + +#ifdef HAVE_GNUTLS + +#include + +namespace rfb { + class UserMsgBox; + + class CSecurityX509 : public CSecurityTLSBase { + public: + CSecurityX509(UserMsgBox* msg,char * cafile,char*crlfile); + virtual ~CSecurityX509(); + virtual int getType() const { return secTypeX509None; }; + virtual const char* description() const { return "X509 Encryption without VncAuth"; } + protected: + virtual void freeResources(); + virtual void setParam(gnutls_session session); + virtual void checkSession(gnutls_session session); + + private: + gnutls_certificate_credentials cert_cred; + char * cafile; + char * crlfile; + UserMsgBox* msg; + }; +} + +#endif /* HAVE_GNUTLS */ + +#endif /* __C_SECURITY_TLS_H__ */ diff -urN tiger/common/rfb/CSecurityX509.java tiger-tls/common/rfb/CSecurityX509.java --- tiger/common/rfb/CSecurityX509.java 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/CSecurityX509.java 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,111 @@ +/* + * Copyright (C) 2003 Sun Microsystems, Inc. + * Copyright (C) 2003 Martin Kögler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +package rfb; +import java.util.*; +import java.net.*; +import javax.net.ssl.*; +import java.security.*; +import java.security.cert.*; + +public class CSecurityX509 extends CSecurityTLSBase +{ + + public CSecurityX509 (Socket sock_) + { + super (sock_); + } + + public int getType () + { + return SecTypes.X509None; + } + public String description () + { + return "X509 Encryption"; + } + + protected void setParam (SSLSocket sock) + { + String[]supported; + ArrayList enabled = new ArrayList (); + + supported = sock.getSupportedCipherSuites (); + + for (int i = 0; i < supported.length; i++) + if (!supported[i].matches (".*DH_anon.*")) + enabled.add (supported[i]); + + sock.setEnabledCipherSuites ((String[])enabled.toArray (new String[0])); + } + + protected void initContext (SSLContext sc) throws java.security. + GeneralSecurityException + { + TrustManager[] myTM = new TrustManager[] + { + new MyX509TrustManager ()}; + sc.init (null, myTM, null); + } + + + class MyX509TrustManager implements X509TrustManager + { + + X509TrustManager tm; + + MyX509TrustManager () throws java.security.GeneralSecurityException + { + TrustManagerFactory tmf = + TrustManagerFactory.getInstance ("SunX509", "SunJSSE"); + KeyStore ks = KeyStore.getInstance ("JKS"); + tmf.init (ks); + tm = (X509TrustManager) tmf.getTrustManagers ()[0]; + } + public void checkClientTrusted (X509Certificate[]chain, + String authType) throws + CertificateException + { + tm.checkClientTrusted (chain, authType); + } + + public void checkServerTrusted (X509Certificate[]chain, + String authType) + throws CertificateException + { + try + { + tm.checkServerTrusted (chain, authType); + } catch (CertificateException e) + { + vncviewer.MessageBox m = + new vncviewer.MessageBox (e.toString (), + vncviewer.MessageBox.MB_OKAYCANCEL); + if (!m.result ()) + throw e; + } + } + + public X509Certificate[] getAcceptedIssuers () + { + return tm.getAcceptedIssuers (); + } + } +} diff -urN tiger/common/rfb/Makefile.am tiger-tls/common/rfb/Makefile.am --- tiger/common/rfb/Makefile.am 2009-08-20 11:46:42.000000000 +0200 +++ tiger-tls/common/rfb/Makefile.am 2009-11-05 13:10:43.000000000 +0100 @@ -21,7 +21,9 @@ TransImageGetter.h transInitTempl.h transTempl.h TrueColourMap.h \ UpdateTracker.h UserPasswdGetter.h util.h VNCSConnectionST.h \ VNCServer.h VNCServerST.h zrleDecode.h ZRLEDecoder.h zrleEncode.h \ - ZRLEEncoder.h + ZRLEEncoder.h TLSInStream.h TLSOutStream.h TLSException.h \ + SSecurityPlain.h SSecurityTLSBase.h SSecurityFactoryTLS.h \ + SSecurityNone.h SSecurityStack.h SSecurityTLS.h SSecurityX509.h librfb_la_SOURCES = $(HDRS) Blacklist.cxx CConnection.cxx CMsgHandler.cxx \ CMsgReader.cxx CMsgReaderV3.cxx CMsgWriter.cxx CMsgWriterV3.cxx \ @@ -39,9 +41,14 @@ TightEncoder.cxx TightPalette.cxx TransImageGetter.cxx \ UpdateTracker.cxx VNCSConnectionST.cxx \ VNCServerST.cxx ZRLEEncoder.cxx ZRLEDecoder.cxx encodings.cxx \ - secTypes.cxx util.cxx + secTypes.cxx util.cxx \ + SSecurityFactoryTLS.cxx SSecurityPlain.cxx SSecurityTLSBase.cxx \ + SSecurityTLS.cxx SSecurityX509.cxx SSecurityStack.cxx \ + CSecurityPlain.cxx CSecurityTLSBase.cxx CSecurityTLS.cxx \ + CSecurityX509.cxx CSecurityStack.cxx librfb_la_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/../win librfb_la_LIBADD = +CPPFLAGS += @LIBGNUTLS_CFLAGS@ if INCLUDED_JPEG diff -urN tiger/common/rfb/Makefile.in tiger-tls/common/rfb/Makefile.in --- tiger/common/rfb/Makefile.in 2009-08-20 11:49:46.000000000 +0200 +++ tiger-tls/common/rfb/Makefile.in 2009-11-05 13:10:43.000000000 +0100 @@ -77,7 +77,13 @@ librfb_la-UpdateTracker.lo librfb_la-VNCSConnectionST.lo \ librfb_la-VNCServerST.lo librfb_la-ZRLEEncoder.lo \ librfb_la-ZRLEDecoder.lo librfb_la-encodings.lo \ - librfb_la-secTypes.lo librfb_la-util.lo + librfb_la-secTypes.lo librfb_la-util.lo \ + librfb_la-SSecurityFactoryTLS.lo librfb_la-SSecurityPlain.lo \ + librfb_la-SSecurityTLSBase.lo librfb_la-SSecurityTLS.lo \ + librfb_la-SSecurityX509.lo librfb_la-SSecurityStack.lo \ + librfb_la-CSecurityPlain.lo librfb_la-CSecurityTLSBase.lo \ + librfb_la-CSecurityTLS.lo librfb_la-CSecurityX509.lo \ + librfb_la-CSecurityStack.lo librfb_la_OBJECTS = $(am_librfb_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp @@ -141,6 +147,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ +LIBS = @LIBS@ @LIBGNUTLS_LIBS@ LIBTOOL = @LIBTOOL@ @@ -160,8 +168,10 @@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -244,7 +254,9 @@ TransImageGetter.h transInitTempl.h transTempl.h TrueColourMap.h \ UpdateTracker.h UserPasswdGetter.h util.h VNCSConnectionST.h \ VNCServer.h VNCServerST.h zrleDecode.h ZRLEDecoder.h zrleEncode.h \ - ZRLEEncoder.h + ZRLEEncoder.h TLSInStream.h TLSOutStream.h TLSException.h \ + SSecurityPlain.h SSecurityTLSBase.h SSecurityFactoryTLS.h \ + SSecurityNone.h SSecurityStack.h SSecurityTLS.h SSecurityX509.h librfb_la_SOURCES = $(HDRS) Blacklist.cxx CConnection.cxx CMsgHandler.cxx \ CMsgReader.cxx CMsgReaderV3.cxx CMsgWriter.cxx CMsgWriterV3.cxx \ @@ -262,10 +274,14 @@ TightEncoder.cxx TightPalette.cxx TransImageGetter.cxx \ UpdateTracker.cxx VNCSConnectionST.cxx \ VNCServerST.cxx ZRLEEncoder.cxx ZRLEDecoder.cxx encodings.cxx \ - secTypes.cxx util.cxx + secTypes.cxx util.cxx \ + SSecurityFactoryTLS.cxx SSecurityPlain.cxx SSecurityTLSBase.cxx \ + SSecurityTLS.cxx SSecurityX509.cxx SSecurityStack.cxx \ + CSecurityPlain.cxx CSecurityTLSBase.cxx CSecurityTLS.cxx \ + CSecurityX509.cxx CSecurityStack.cxx librfb_la_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/../win \ - $(am__append_1) + @LIBGNUTLS_CFLAGS@ $(am__append_1) librfb_la_LIBADD = $(am__append_2) all: all-am @@ -326,7 +342,12 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CMsgReaderV3.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CMsgWriter.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CMsgWriterV3.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CSecurityPlain.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CSecurityStack.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CSecurityTLS.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CSecurityTLSBase.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CSecurityVncAuth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CSecurityX509.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CapsContainer.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-CapsList.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-ComparingUpdateTracker.Plo@am__quote@ @@ -358,7 +379,13 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SMsgWriter.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SMsgWriterV3.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SSecurityFactoryStandard.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SSecurityFactoryTLS.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SSecurityPlain.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SSecurityStack.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SSecurityTLS.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SSecurityTLSBase.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SSecurityVncAuth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-SSecurityX509.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-ScaleFilters.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-ScaledPixelBuffer.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfb_la-ServerCore.Plo@am__quote@ @@ -818,6 +845,83 @@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-util.lo `test -f 'util.cxx' || echo '$(srcdir)/'`util.cxx +librfb_la-SSecurityFactoryTLS.lo: SSecurityFactoryTLS.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-SSecurityFactoryTLS.lo -MD -MP -MF $(DEPDIR)/librfb_la-SSecurityFactoryTLS.Tpo -c -o librfb_la-SSecurityFactoryTLS.lo `test -f 'SSecurityFactoryTLS.cxx' || echo '$(srcdir)/'`SSecurityFactoryTLS.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-SSecurityFactoryTLS.Tpo $(DEPDIR)/librfb_la-SSecurityFactoryTLS.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='SSecurityFactoryTLS.cxx' object='librfb_la-SSecurityFactoryTLS.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-SSecurityFactoryTLS.lo `test -f 'SSecurityFactoryTLS.cxx' || echo '$(srcdir)/'`SSecurityFactoryTLS.cxx + +librfb_la-SSecurityPlain.lo: SSecurityPlain.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-SSecurityPlain.lo -MD -MP -MF $(DEPDIR)/librfb_la-SSecurityPlain.Tpo -c -o librfb_la-SSecurityPlain.lo `test -f 'SSecurityPlain.cxx' || echo '$(srcdir)/'`SSecurityPlain.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-SSecurityPlain.Tpo $(DEPDIR)/librfb_la-SSecurityPlain.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='SSecurityPlain.cxx' object='librfb_la-SSecurityPlain.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-SSecurityPlain.lo `test -f 'SSecurityPlain.cxx' || echo '$(srcdir)/'`SSecurityPlain.cxx + +librfb_la-SSecurityTLSBase.lo: SSecurityTLSBase.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-SSecurityTLSBase.lo -MD -MP -MF $(DEPDIR)/librfb_la-SSecurityTLSBase.Tpo -c -o librfb_la-SSecurityTLSBase.lo `test -f 'SSecurityTLSBase.cxx' || echo '$(srcdir)/'`SSecurityTLSBase.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-SSecurityTLSBase.Tpo $(DEPDIR)/librfb_la-SSecurityTLSBase.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='SSecurityTLSBase.cxx' object='librfb_la-SSecurityTLSBase.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-SSecurityTLSBase.lo `test -f 'SSecurityTLSBase.cxx' || echo '$(srcdir)/'`SSecurityTLSBase.cxx + +librfb_la-SSecurityTLS.lo: SSecurityTLS.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-SSecurityTLS.lo -MD -MP -MF $(DEPDIR)/librfb_la-SSecurityTLS.Tpo -c -o librfb_la-SSecurityTLS.lo `test -f 'SSecurityTLS.cxx' || echo '$(srcdir)/'`SSecurityTLS.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-SSecurityTLS.Tpo $(DEPDIR)/librfb_la-SSecurityTLS.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='SSecurityTLS.cxx' object='librfb_la-SSecurityTLS.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-SSecurityTLS.lo `test -f 'SSecurityTLS.cxx' || echo '$(srcdir)/'`SSecurityTLS.cxx + +librfb_la-SSecurityX509.lo: SSecurityX509.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-SSecurityX509.lo -MD -MP -MF $(DEPDIR)/librfb_la-SSecurityX509.Tpo -c -o librfb_la-SSecurityX509.lo `test -f 'SSecurityX509.cxx' || echo '$(srcdir)/'`SSecurityX509.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-SSecurityX509.Tpo $(DEPDIR)/librfb_la-SSecurityX509.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='SSecurityX509.cxx' object='librfb_la-SSecurityX509.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-SSecurityX509.lo `test -f 'SSecurityX509.cxx' || echo '$(srcdir)/'`SSecurityX509.cxx + +librfb_la-SSecurityStack.lo: SSecurityStack.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-SSecurityStack.lo -MD -MP -MF $(DEPDIR)/librfb_la-SSecurityStack.Tpo -c -o librfb_la-SSecurityStack.lo `test -f 'SSecurityStack.cxx' || echo '$(srcdir)/'`SSecurityStack.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-SSecurityStack.Tpo $(DEPDIR)/librfb_la-SSecurityStack.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='SSecurityStack.cxx' object='librfb_la-SSecurityStack.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-SSecurityStack.lo `test -f 'SSecurityStack.cxx' || echo '$(srcdir)/'`SSecurityStack.cxx + +librfb_la-CSecurityPlain.lo: CSecurityPlain.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-CSecurityPlain.lo -MD -MP -MF $(DEPDIR)/librfb_la-CSecurityPlain.Tpo -c -o librfb_la-CSecurityPlain.lo `test -f 'CSecurityPlain.cxx' || echo '$(srcdir)/'`CSecurityPlain.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-CSecurityPlain.Tpo $(DEPDIR)/librfb_la-CSecurityPlain.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='CSecurityPlain.cxx' object='librfb_la-CSecurityPlain.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-CSecurityPlain.lo `test -f 'CSecurityPlain.cxx' || echo '$(srcdir)/'`CSecurityPlain.cxx + +librfb_la-CSecurityTLSBase.lo: CSecurityTLSBase.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-CSecurityTLSBase.lo -MD -MP -MF $(DEPDIR)/librfb_la-CSecurityTLSBase.Tpo -c -o librfb_la-CSecurityTLSBase.lo `test -f 'CSecurityTLSBase.cxx' || echo '$(srcdir)/'`CSecurityTLSBase.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-CSecurityTLSBase.Tpo $(DEPDIR)/librfb_la-CSecurityTLSBase.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='CSecurityTLSBase.cxx' object='librfb_la-CSecurityTLSBase.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-CSecurityTLSBase.lo `test -f 'CSecurityTLSBase.cxx' || echo '$(srcdir)/'`CSecurityTLSBase.cxx + +librfb_la-CSecurityTLS.lo: CSecurityTLS.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-CSecurityTLS.lo -MD -MP -MF $(DEPDIR)/librfb_la-CSecurityTLS.Tpo -c -o librfb_la-CSecurityTLS.lo `test -f 'CSecurityTLS.cxx' || echo '$(srcdir)/'`CSecurityTLS.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-CSecurityTLS.Tpo $(DEPDIR)/librfb_la-CSecurityTLS.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='CSecurityTLS.cxx' object='librfb_la-CSecurityTLS.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-CSecurityTLS.lo `test -f 'CSecurityTLS.cxx' || echo '$(srcdir)/'`CSecurityTLS.cxx + +librfb_la-CSecurityX509.lo: CSecurityX509.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-CSecurityX509.lo -MD -MP -MF $(DEPDIR)/librfb_la-CSecurityX509.Tpo -c -o librfb_la-CSecurityX509.lo `test -f 'CSecurityX509.cxx' || echo '$(srcdir)/'`CSecurityX509.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-CSecurityX509.Tpo $(DEPDIR)/librfb_la-CSecurityX509.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='CSecurityX509.cxx' object='librfb_la-CSecurityX509.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-CSecurityX509.lo `test -f 'CSecurityX509.cxx' || echo '$(srcdir)/'`CSecurityX509.cxx + +librfb_la-CSecurityStack.lo: CSecurityStack.cxx +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT librfb_la-CSecurityStack.lo -MD -MP -MF $(DEPDIR)/librfb_la-CSecurityStack.Tpo -c -o librfb_la-CSecurityStack.lo `test -f 'CSecurityStack.cxx' || echo '$(srcdir)/'`CSecurityStack.cxx +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/librfb_la-CSecurityStack.Tpo $(DEPDIR)/librfb_la-CSecurityStack.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='CSecurityStack.cxx' object='librfb_la-CSecurityStack.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o librfb_la-CSecurityStack.lo `test -f 'CSecurityStack.cxx' || echo '$(srcdir)/'`CSecurityStack.cxx + mostlyclean-libtool: -rm -f *.lo diff -urN tiger/common/rfb/secTypes.cxx tiger-tls/common/rfb/secTypes.cxx --- tiger/common/rfb/secTypes.cxx 2009-08-20 11:46:42.000000000 +0200 +++ tiger-tls/common/rfb/secTypes.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -31,6 +31,13 @@ if (strcasecmp(name, "RA2ne") == 0) return secTypeRA2ne; if (strcasecmp(name, "SSPI") == 0) return secTypeSSPI; if (strcasecmp(name, "SSPIne") == 0) return secTypeSSPIne; + if (strcasecmp(name, "Plain") == 0) return secTypePlain; + if (strcasecmp(name, "TLSNone") == 0) return secTypeTLSNone; + if (strcasecmp(name, "TLSVnc") == 0) return secTypeTLSVnc; + if (strcasecmp(name, "TLSPlain") == 0) return secTypeTLSPlain; + if (strcasecmp(name, "X509None") == 0) return secTypeX509None; + if (strcasecmp(name, "X509Vnc") == 0) return secTypeX509Vnc; + if (strcasecmp(name, "X509Plain") == 0) return secTypeX509Plain; return secTypeInvalid; } @@ -44,6 +51,13 @@ case secTypeRA2ne: return "RA2ne"; case secTypeSSPI: return "SSPI"; case secTypeSSPIne: return "SSPIne"; + case secTypePlain: return "Plain"; + case secTypeTLSNone: return "TLSNone"; + case secTypeTLSVnc: return "TLSVnc"; + case secTypeTLSPlain: return "TLSPlain"; + case secTypeX509None: return "X509None"; + case secTypeX509Vnc: return "X509Vnc"; + case secTypeX509Plain: return "X509Plain"; default: return "[unknown secType]"; } } @@ -53,6 +67,12 @@ switch (num) { case secTypeRA2: case secTypeSSPI: + case secTypeTLSNone: + case secTypeTLSVnc: + case secTypeTLSPlain: + case secTypeX509None: + case secTypeX509Vnc: + case secTypeX509Plain: return true; default: return false; diff -urN tiger/common/rfb/secTypes.h tiger-tls/common/rfb/secTypes.h --- tiger/common/rfb/secTypes.h 2009-08-20 11:46:42.000000000 +0200 +++ tiger-tls/common/rfb/secTypes.h 2009-11-05 13:10:43.000000000 +0100 @@ -38,6 +38,13 @@ const int secTypeTight = 16; const int secTypeUltra = 17; const int secTypeTLS = 18; + const int secTypePlain = 19; + const int secTypeTLSNone = 20; + const int secTypeTLSVnc = 21; + const int secTypeTLSPlain= 22; + const int secTypeX509None= 23; + const int secTypeX509Vnc = 24; + const int secTypeX509Plain=25; // result types diff -urN tiger/common/rfb/SSecurityFactoryTLS.cxx tiger-tls/common/rfb/SSecurityFactoryTLS.cxx --- tiger/common/rfb/SSecurityFactoryTLS.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityFactoryTLS.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include +#include +#include +#include + +using namespace rfb; + +#ifdef HAVE_GNUTLS + +StringParameter X509_CertFile +("x509cert", + "specifies path to the x509 certificate in PEM format", + ""); + +StringParameter X509_KeyFile +("x509key", + "specifies path to the key of the x509 certificate in PEM format", + ""); + +#endif + +class Valid : public PasswordValidator { +public: + bool validate(SConnection* sc, const char* username, const char* password) + { + if(*username==*password) + return true; + else + return false; + } +}; +static Valid defvalid; + +SSecurity* SSecurityFactoryTLS::getSSecurity(rdr::U8 secType, bool reverse) { + switch (secType) { +#ifdef HAVE_GNUTLS + /* Test: + case secTypePlain: + return new SSecurityPlain(&defvalid); + */ + case secTypeTLSNone: + return new SSecurityTLS(); + case secTypeTLSVnc: + return new SSecurityStack(secTypeTLSVnc,getSSecurity(secTypeTLSNone,reverse),getSSecurity(secTypeVncAuth,reverse)); + case secTypeTLSPlain: + return new SSecurityStack(secTypeTLSPlain,getSSecurity(secTypeTLSNone,reverse),getSSecurity(secTypePlain,reverse)); + case secTypeX509None: + return new SSecurityX509(X509_CertFile.getData(),X509_KeyFile.getData()); + case secTypeX509Vnc: + return new SSecurityStack(secTypeX509Vnc,getSSecurity(secTypeX509None,reverse),getSSecurity(secTypeVncAuth,reverse)); + case secTypeX509Plain: + return new SSecurityStack(secTypeX509Vnc,getSSecurity(secTypeX509None,reverse),getSSecurity(secTypePlain,reverse)); +#endif + default: + return SSecurityFactoryStandard::getSSecurity(secType,reverse); + } +} +bool SSecurityFactoryTLS::isSecTypeSupported(rdr::U8 secType) { + switch (secType) { +#ifdef HAVE_GNUTLS + case secTypePlain: + case secTypeTLSNone: + case secTypeTLSVnc: + case secTypeTLSPlain: + case secTypeX509None: + case secTypeX509Vnc: + case secTypeX509Plain: +#endif + return true; + default: + return SSecurityFactoryStandard::isSecTypeSupported(secType); + } +} diff -urN tiger/common/rfb/SSecurityFactoryTLS.h tiger-tls/common/rfb/SSecurityFactoryTLS.h --- tiger/common/rfb/SSecurityFactoryTLS.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityFactoryTLS.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __RFB_SSECURITYFACTORY_TLS_H__ +#define __RFB_SSECURITYFACTORY_TLS_H__ + +#include + +namespace rfb { + + class SSecurityFactoryTLS : public SSecurityFactoryStandard { + public: + virtual SSecurity* getSSecurity(rdr::U8 secType, bool reverse); + protected: + virtual bool isSecTypeSupported(rdr::U8 secType); + }; +} + +#endif diff -urN tiger/common/rfb/SSecurityPlain.cxx tiger-tls/common/rfb/SSecurityPlain.cxx --- tiger/common/rfb/SSecurityPlain.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityPlain.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,67 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include +#include + +using namespace rfb; + +SSecurityPlain::SSecurityPlain(PasswordValidator* _valid) +{ + valid=_valid; + state=0; +} + +bool SSecurityPlain::processMsg(SConnection* sc) +{ + rdr::InStream* is = sc->getInStream(); + char* pw; + char *uname; + CharArray password; + + if(state==0) + { + if(!is->checkNoWait(8)) + return false; + ulen=is->readU32(); + plen=is->readU32(); + state=1; + } + if(state==1) + { + if(is->checkNoWait(ulen+plen+2)) + return false; + state=2; + pw=new char[plen+1]; + uname=new char[ulen+1]; + username.replaceBuf(uname); + password.replaceBuf(pw); + is->readBytes(pw,plen); + is->readBytes(uname,ulen); + pw[plen]=0; + uname[ulen]=0; + plen=0; + if(!valid->validate(sc,uname,pw)) + throw AuthFailureException("invalid password or username"); + return true; + } + return true; +} + diff -urN tiger/common/rfb/SSecurityPlain.h tiger-tls/common/rfb/SSecurityPlain.h --- tiger/common/rfb/SSecurityPlain.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityPlain.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,48 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +#ifndef __RFB_SSECURITYPLAIN_H__ +#define __RFB_SSECURITYPLAIN_H__ + +#include +#include +#include + +namespace rfb { + + class PasswordValidator { + public: + // validate username / password combination + virtual bool validate(SConnection* sc, const char* username, const char* password)=0; + }; + + class SSecurityPlain : public SSecurity { + public: + SSecurityPlain(PasswordValidator* valid); + virtual bool processMsg(SConnection* sc); + virtual int getType() const {return secTypePlain;}; + virtual const char* getUserName() const { return username.buf; } + + private: + PasswordValidator* valid; + unsigned ulen,plen,state; + CharArray username; + }; + +} +#endif + diff -urN tiger/common/rfb/SSecurityStack.cxx tiger-tls/common/rfb/SSecurityStack.cxx --- tiger/common/rfb/SSecurityStack.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityStack.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,95 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include + +using namespace rfb; + +SSecurityStack::SSecurityStack(int Type,SSecurity* s0,SSecurity* s1,SSecurity* s2,SSecurity* s3) + :type(Type) +{ + state=0; + state0=s0; + state1=s1; + state2=s2; + state3=s3; +} + +SSecurityStack::~SSecurityStack() +{ + if(state0) + delete state0; + if(state1) + delete state1; + if(state2) + delete state2; + if(state3) + delete state3; +} + +bool SSecurityStack::processMsg(SConnection* cc) +{ + bool res=true; + if(state==0) + { + if(state0) + res=state0->processMsg(cc); + if(!res) + return res; + state++; + } + if(state==1) + { + if(state1) + res=state1->processMsg(cc); + if(!res) + return res; + state++; + } + if(state==2) + { + if(state2) + res=state2->processMsg(cc); + if(!res) + return res; + state++; + } + if(state==3) + { + if(state3) + res=state3->processMsg(cc); + if(!res) + return res; + state++; + } + return res; +} + +const char* SSecurityStack::getUserName() const +{ + const char* c=0; + if(state3 && !c) + c=state3->getUserName(); + if(state2 && !c) + c=state2->getUserName(); + if(state1 && !c) + c=state1->getUserName(); + if(state0 && !c) + c=state0->getUserName(); + return c; +} diff -urN tiger/common/rfb/SSecurityStack.h tiger-tls/common/rfb/SSecurityStack.h --- tiger/common/rfb/SSecurityStack.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityStack.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,42 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +#ifndef __RFB_SSECURITYSTACK_H__ +#define __RFB_SSECURITYSTACK_H__ + +#include +#include + +namespace rfb { + + class SSecurityStack : public SSecurity { + public: + SSecurityStack(int Type,SSecurity* s0=0,SSecurity* s1=0,SSecurity* s2=0,SSecurity* s3=0); + ~SSecurityStack(); + virtual bool processMsg(SConnection* cc); + virtual int getType() const {return type;}; + virtual const char* getUserName() const; + private: + int state; + SSecurity* state0; + SSecurity* state1; + SSecurity* state2; + SSecurity* state3; + int type; + }; +} +#endif diff -urN tiger/common/rfb/SSecurityTLSBase.cxx tiger-tls/common/rfb/SSecurityTLSBase.cxx --- tiger/common/rfb/SSecurityTLSBase.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityTLSBase.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,138 @@ +/* + * Copyright (C) 2004 Red Hat Inc. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifdef HAVE_GNUTLS + +#include +#include +#include +#include +#include +#include + +#define TLS_DEBUG + +using namespace rfb; + +static LogWriter vlog("TLS"); + +#ifdef TLS_DEBUG +static void debug_log(int level, const char* str) +{ + vlog.debug(str); +} +#endif + +void SSecurityTLSBase::initGlobal() +{ + static bool globalInitDone = false; + + if (!globalInitDone) { + gnutls_global_init(); + +#ifdef TLS_DEBUG + gnutls_global_set_log_level(10); + gnutls_global_set_log_function(debug_log); +#endif + + globalInitDone = true; + } +} + +SSecurityTLSBase::SSecurityTLSBase() : session(0) +{ + fis=0; + fos=0; +} + +void SSecurityTLSBase::shutdown() +{ + if(session) + ;//gnutls_bye(session, GNUTLS_SHUT_RDWR); +} + + +SSecurityTLSBase::~SSecurityTLSBase() +{ + if (session) { + //gnutls_bye(session, GNUTLS_SHUT_RDWR); + gnutls_deinit(session); + } + if(fis) + delete fis; + if(fos) + delete fos; + /* FIXME: should be doing gnutls_global_deinit() at some point */ +} + +bool SSecurityTLSBase::processMsg(SConnection *sc) +{ + rdr::InStream* is = sc->getInStream(); + rdr::OutStream* os = sc->getOutStream(); + + vlog.debug("Process security message (session %p)", session); + + if (!session) { + initGlobal(); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_set_default_priority(session); + + try { + setParams(session); + } + catch(...) { + os->writeU8(0); + throw; + } + + gnutls_transport_set_pull_function(session,rdr::gnutls_InStream_pull); + gnutls_transport_set_push_function(session,rdr::gnutls_OutStream_push); + gnutls_transport_set_ptr2(session, + (gnutls_transport_ptr)is, + (gnutls_transport_ptr)os); + os->writeU8(1); + os->flush(); + } + + int err; + if ((err = gnutls_handshake(session)) != GNUTLS_E_SUCCESS) { + if (!gnutls_error_is_fatal(err)) { + vlog.debug("Deferring completion of TLS handshake: %s", gnutls_strerror(err)); + return false; + } + vlog.error("TLS Handshake failed: %s", gnutls_strerror (err)); + gnutls_bye(session, GNUTLS_SHUT_RDWR); + freeResources(); + gnutls_deinit(session); + session = 0; + throw AuthFailureException("TLS Handshake failed"); + } + checkSession(session); + + vlog.debug("Handshake completed"); + + sc->setStreams(fis=new rdr::TLSInStream(is,session), + fos=new rdr::TLSOutStream(os,session)); + + return true; +} + +#endif /* HAVE_GNUTLS */ diff -urN tiger/common/rfb/SSecurityTLSBase.h tiger-tls/common/rfb/SSecurityTLSBase.h --- tiger/common/rfb/SSecurityTLSBase.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityTLSBase.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2004 Red Hat Inc. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __S_SECURITY_TLSBASE_H__ +#define __S_SECURITY_TLSBASE_H__ + +#ifdef HAVE_GNUTLS + +#include +#include +#include +#include +#include + +namespace rfb { + + class SSecurityTLSBase : public SSecurity { + public: + SSecurityTLSBase(); + virtual ~SSecurityTLSBase(); + virtual bool processMsg(SConnection* sc); + virtual const char* getUserName() const {return 0;} + + protected: + void shutdown(); + virtual void freeResources()=0; + virtual void setParams(gnutls_session session)=0; + virtual void checkSession(gnutls_session session)=0; + + private: + static void initGlobal(); + + gnutls_session session; + rdr::InStream* fis; + rdr::OutStream* fos; + }; + +} + +#endif /* HAVE_GNUTLS */ + +#endif diff -urN tiger/common/rfb/SSecurityTLS.cxx tiger-tls/common/rfb/SSecurityTLS.cxx --- tiger/common/rfb/SSecurityTLS.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityTLS.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2004 Red Hat Inc. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifdef HAVE_GNUTLS + +#include +#include + +#define DH_BITS 1024 + +#undef TLS_DEBUG + +using namespace rfb; + +SSecurityTLS::SSecurityTLS() : dh_params(0), anon_cred(0) +{ +} + +SSecurityTLS::~SSecurityTLS() +{ + shutdown(); + if(dh_params) + gnutls_dh_params_deinit(dh_params); + if(anon_cred) + gnutls_anon_free_server_credentials(anon_cred); +} + +void SSecurityTLS::freeResources() +{ + if(dh_params) + gnutls_dh_params_deinit(dh_params); + dh_params=0; + if(anon_cred) + gnutls_anon_free_server_credentials(anon_cred); + anon_cred=0; +} + +void SSecurityTLS::setParams(gnutls_session session) +{ + static const int kx_priority[] = {GNUTLS_KX_ANON_DH, 0}; + gnutls_kx_set_priority(session, kx_priority); + + if(gnutls_anon_allocate_server_credentials(&anon_cred)<0) + goto error; + if(gnutls_dh_params_init(&dh_params)<0) + goto error; + if(gnutls_dh_params_generate2(dh_params, DH_BITS)<0) + goto error; + gnutls_anon_set_server_dh_params(anon_cred, dh_params); + if(gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred)<0) + goto error; + return; + + error: + throw AuthFailureException("setParams failed"); +} + +void SSecurityTLS::checkSession(gnutls_session session) +{ +} + +#endif /* HAVE_GNUTLS */ diff -urN tiger/common/rfb/SSecurityTLS.h tiger-tls/common/rfb/SSecurityTLS.h --- tiger/common/rfb/SSecurityTLS.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityTLS.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2004 Red Hat Inc. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __S_SECURITY_TLS_H__ +#define __S_SECURITY_TLS_H__ + +#ifdef HAVE_GNUTLS + +#include + +namespace rfb { + + class SSecurityTLS : public SSecurityTLSBase { + public: + SSecurityTLS(); + virtual ~SSecurityTLS(); + virtual int getType() const {return secTypeTLSNone;} + + protected: + virtual void freeResources(); + virtual void setParams(gnutls_session session); + virtual void checkSession(gnutls_session session); + + private: + static void initGlobal(); + + gnutls_dh_params dh_params; + gnutls_anon_server_credentials anon_cred; + }; + +} + +#endif /* HAVE_GNUTLS */ + +#endif /* __S_SECURITY_TLS_H__ */ diff -urN tiger/common/rfb/SSecurityX509.cxx tiger-tls/common/rfb/SSecurityX509.cxx --- tiger/common/rfb/SSecurityX509.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityX509.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifdef HAVE_GNUTLS + +#include +#include + +#define DH_BITS 1024 + +using namespace rfb; + +SSecurityX509::SSecurityX509(char* cert, char* key) : dh_params(0), cert_cred(0) +{ + certfile=cert; + keyfile=key; +} + +SSecurityX509::~SSecurityX509() +{ + shutdown(); + if(dh_params) + gnutls_dh_params_deinit(dh_params); + if(cert_cred) + gnutls_certificate_free_credentials(cert_cred); + delete[] keyfile; + delete[] certfile; +} + +void SSecurityX509::freeResources() +{ + if(dh_params) + gnutls_dh_params_deinit(dh_params); + dh_params=0; + if(cert_cred) + gnutls_certificate_free_credentials(cert_cred); + cert_cred=0; +} + +void SSecurityX509::setParams(gnutls_session session) +{ + static const int kx_priority[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; + gnutls_kx_set_priority(session, kx_priority); + + if(gnutls_certificate_allocate_credentials(&cert_cred)<0) + goto error; + if(gnutls_dh_params_init(&dh_params)<0) + goto error; + if(gnutls_dh_params_generate2(dh_params, DH_BITS)<0) + goto error; + gnutls_certificate_set_dh_params(cert_cred, dh_params); + if(gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile,GNUTLS_X509_FMT_PEM)<0) + throw AuthFailureException("load of key failed"); + if(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred)<0) + goto error; + return; + + error: + throw AuthFailureException("setParams failed"); +} + + +void SSecurityX509::checkSession(gnutls_session session) +{ +} + +#endif /* HAVE_GNUTLS */ diff -urN tiger/common/rfb/SSecurityX509.h tiger-tls/common/rfb/SSecurityX509.h --- tiger/common/rfb/SSecurityX509.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/SSecurityX509.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __S_SECURITY_X509_H__ +#define __S_SECURITY_X509_H__ + +#ifdef HAVE_GNUTLS + +#include + +namespace rfb { + + class SSecurityX509 : public SSecurityTLSBase { + public: + SSecurityX509(char* certfile, char* keyfile); + virtual ~SSecurityX509(); + virtual int getType() const {return secTypeX509None;} + + protected: + virtual void freeResources(); + virtual void setParams(gnutls_session session); + virtual void checkSession(gnutls_session session); + + private: + static void initGlobal(); + + gnutls_dh_params dh_params; + gnutls_certificate_credentials cert_cred; + char* keyfile; + char* certfile; + }; + +} + +#endif /* HAVE_GNUTLS */ + +#endif /* __S_SECURITY_TLS_H__ */ diff -urN tiger/common/rfb/TLSException.cxx tiger-tls/common/rfb/TLSException.cxx --- tiger/common/rfb/TLSException.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/TLSException.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,35 @@ +/* Copyright (C) 2004 Red Hat Inc. + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include + +using namespace rdr; + +#ifdef HAVE_GNUTLS +TLSException::TLSException(const char* s, int err_) + : Exception(s), err(err_) +{ + strncat(str_, ": ", len-1-strlen(str_)); + strncat(str_, gnutls_strerror(err), len-1-strlen(str_)); + strncat(str_, " (", len-1-strlen(str_)); + char buf[20]; + sprintf(buf,"%d",err); + strncat(str_, buf, len-1-strlen(str_)); + strncat(str_, ")", len-1-strlen(str_)); +} +#endif /* HAVE_GNUTLS */ diff -urN tiger/common/rfb/TLSException.h tiger-tls/common/rfb/TLSException.h --- tiger/common/rfb/TLSException.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/TLSException.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,38 @@ +/* Copyright (C) 2004 Red Hat Inc. + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __RDR_TLSEXCEPTION_H__ +#define __RDR_TLSEXCEPTION_H__ + +#ifdef HAVE_GNUTLS +#include + +#include + +namespace rdr { + + struct TLSException : public Exception { + int err; + TLSException(const char* s, int err_); + }; + +} + + +#endif +#endif diff -urN tiger/common/rfb/TLSInStream.cxx tiger-tls/common/rfb/TLSInStream.cxx --- tiger/common/rfb/TLSInStream.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/TLSInStream.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,106 @@ +/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include + +#ifdef HAVE_GNUTLS +using namespace rdr; + +enum { DEFAULT_BUF_SIZE = 16384 }; + +ssize_t rdr::gnutls_InStream_pull(gnutls_transport_ptr str,void* data, size_t size) +{ + InStream*in=(InStream*)str; + if(!in->check(1, 1, false)) + { + errno=EAGAIN; + return -1; + } + if(in->getend() - in->getptr()getend() - in->getptr(); + + in->readBytes(data,size); + return size; +} + +TLSInStream::TLSInStream(InStream* _in, gnutls_session _session) +{ + in=_in; + session=_session; + bufSize=DEFAULT_BUF_SIZE; + offset=0; + ptr = end = start = new U8[bufSize]; +} + +TLSInStream::~TLSInStream() +{ + delete[] start; +} + +int TLSInStream::pos() +{ + return offset + ptr - start; +} + +int TLSInStream::overrun(int itemSize, int nItems, bool wait) +{ + if (itemSize > bufSize) + throw Exception("TLSInStream overrun: max itemSize exceeded"); + + if (end - ptr != 0) + memmove(start, ptr, end - ptr); + + offset += ptr - start; + end -= ptr - start; + ptr = start; + + while (end < start + itemSize) { + int n = readTLS((U8*)end, start + bufSize - end, wait); + if (!wait && n == 0) return 0; + end += n; + } + + if (itemSize * nItems > end - ptr) + nItems = (end - ptr) / itemSize; + + return nItems; + +} + + +int TLSInStream::readTLS(void* buf, int len, bool wait) +{ + int n; + + n = in->check(1, 1, wait); + if (n == 0) return 0; + + + n = gnutls_record_recv(session, buf, len); + if(n == GNUTLS_E_INTERRUPTED || n == GNUTLS_E_AGAIN) + return 0; + + if (n < 0) throw TLSException("recv",n); + //if (n == 0) throw EndOfStream(); + return n; +} + +#endif diff -urN tiger/common/rfb/TLSInStream.h tiger-tls/common/rfb/TLSInStream.h --- tiger/common/rfb/TLSInStream.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/TLSInStream.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,52 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __RDR_TLSINSTREAM_H__ +#define __RDR_TLSINSTREAM_H__ + +#ifdef HAVE_GNUTLS + +#include +#include + +namespace rdr { + + class TLSInStream : public InStream { + public: + TLSInStream(InStream* in, gnutls_session session); + virtual ~TLSInStream(); + + int pos(); + + private: + int overrun(int itemSize, int nItems, bool wait); + int readTLS(void* buf, int len, bool wait); + + gnutls_session session; + InStream* in; + int bufSize; + int offset; + U8* start; + }; + +ssize_t gnutls_InStream_pull(gnutls_transport_ptr,void*, size_t); + +}; + +#endif +#endif diff -urN tiger/common/rfb/TLSOutStream.cxx tiger-tls/common/rfb/TLSOutStream.cxx --- tiger/common/rfb/TLSOutStream.cxx 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/TLSOutStream.cxx 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,99 @@ +/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved. + * Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include + +#ifdef HAVE_GNUTLS +using namespace rdr; + +enum { DEFAULT_BUF_SIZE = 16384 }; + +ssize_t rdr::gnutls_OutStream_push(gnutls_transport_ptr str,const void* data, size_t size) +{ + OutStream* out=(OutStream*)str; + out->writeBytes(data,size); + out->flush(); + return size; +} + +TLSOutStream::TLSOutStream(OutStream* _out, gnutls_session _session) +{ + bufSize=DEFAULT_BUF_SIZE; + ptr = start = new U8[bufSize]; + end = start + bufSize; + offset=0; + session=_session; + out=_out; +} + +TLSOutStream::~TLSOutStream() +{ + try { +// flush(); + } catch (Exception&) { + } + delete [] start; +} + +int TLSOutStream::length() +{ + return offset + ptr - start; +} + +void TLSOutStream::flush() +{ + U8* sentUpTo = start; + while (sentUpTo < ptr) { + int n = writeTLS((const void*) sentUpTo, ptr - sentUpTo); + sentUpTo += n; + offset += n; + } + + ptr = start; + out->flush(); +} + + +int TLSOutStream::overrun(int itemSize, int nItems) +{ + if (itemSize > bufSize) + throw Exception("TLSOutStream overrun: max itemSize exceeded"); + + flush(); + + if (itemSize * nItems > end - ptr) + nItems = (end - ptr) / itemSize; + + return nItems; +} + +int TLSOutStream::writeTLS(const void* data, int length) +{ + int n; + + n = gnutls_record_send(session,data,length); + if(n == GNUTLS_E_INTERRUPTED || n == GNUTLS_E_AGAIN) + return 0; + + if (n < 0) throw TLSException("send",n); + return n; +} + +#endif diff -urN tiger/common/rfb/TLSOutStream.h tiger-tls/common/rfb/TLSOutStream.h --- tiger/common/rfb/TLSOutStream.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/TLSOutStream.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,54 @@ +/* Copyright (C) 2005 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#ifndef __RDR_TLSOUTSTREAM_H__ +#define __RDR_TLSOUTSTREAM_H__ + +#ifdef HAVE_GNUTLS + +#include +#include + +namespace rdr { + + class TLSOutStream : public OutStream { + public: + TLSOutStream(OutStream* out, gnutls_session session); + virtual ~TLSOutStream(); + + void flush(); + int length(); + + protected: + int overrun(int itemSize, int nItems); + + private: + int writeTLS(const void* data, int length); + + gnutls_session session; + OutStream* out; + int bufSize; + U8* start; + int offset; + }; + +ssize_t gnutls_OutStream_push(gnutls_transport_ptr,const void*, size_t); +}; + +#endif +#endif diff -urN tiger/common/rfb/UserMsgBox.h tiger-tls/common/rfb/UserMsgBox.h --- tiger/common/rfb/UserMsgBox.h 1970-01-01 01:00:00.000000000 +0100 +++ tiger-tls/common/rfb/UserMsgBox.h 2009-11-05 13:10:43.000000000 +0100 @@ -0,0 +1,37 @@ +/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved. + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +#ifndef __RFB_USERMSGBOX_H__ +#define __RFB_USERMSGBOX_H__ +namespace rfb { + class UserMsgBox { + public: + enum MsgBoxFlags{ + M_OK = 0, + M_OKCANCEL = 1, + M_YESNO = 4, + M_ICONERROR = 0x10, + M_ICONQUESTION = 0x20, + M_ICONWARNING = 0x30, + M_ICONINFORMATION = 0x40, + M_DEFBUTTON1 = 0, + M_DEFBUTTON2 = 0x100 + }; + virtual bool showMsgBox(int flags,const char* text)=0; + }; +} +#endif