KasmVNC/win/vncconfig/Authentication.h

190 lines
6.2 KiB
C
Raw Normal View History

2020-09-20 14:16:44 +02:00
/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved.
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#ifndef WINVNCCONF_AUTHENTICATION
#define WINVNCCONF_AUTHENTICATION
#include <windows.h>
#include <commctrl.h>
#include <vncconfig/PasswordDialog.h>
#include <rfb_win32/Registry.h>
#include <rfb_win32/SecurityPage.h>
#include <rfb_win32/MsgBox.h>
#include <rfb/ServerCore.h>
#include <rfb/Security.h>
#include <rfb/SecurityServer.h>
#include <rfb/SSecurityVncAuth.h>
#ifdef HAVE_GNUTLS
#include <rfb/SSecurityTLS.h>
#endif
#include <rfb/Password.h>
static rfb::BoolParameter queryOnlyIfLoggedOn("QueryOnlyIfLoggedOn",
"Only prompt for a local user to accept incoming connections if there is a user logged on", false);
namespace rfb {
namespace win32 {
class SecPage : public SecurityPage {
public:
SecPage(const RegKey& rk)
: SecurityPage(NULL), regKey(rk) {
security = new SecurityServer();
}
void initDialog() {
SecurityPage::initDialog();
setItemChecked(IDC_QUERY_CONNECT, rfb::Server::queryConnect);
setItemChecked(IDC_QUERY_LOGGED_ON, queryOnlyIfLoggedOn);
onCommand(IDC_AUTH_NONE, 0);
}
bool onCommand(int id, int cmd) {
SecurityPage::onCommand(id, cmd);
setChanged(true);
if (id == IDC_AUTH_VNC_PASSWD) {
PasswordDialog passwdDlg(regKey, registryInsecure);
passwdDlg.showDialog(handle);
} else if (id == IDC_LOAD_CERT) {
const TCHAR* title = _T("X509Cert");
const TCHAR* filter =
_T("X.509 Certificates (*.crt;*.cer;*.pem)\0*.crt;*.cer;*.pem\0All\0*.*\0");
showFileChooser(regKey, title, filter, handle);
} else if (id == IDC_LOAD_CERTKEY) {
const TCHAR* title = _T("X509Key");
const TCHAR* filter = _T("X.509 Keys (*.key;*.pem)\0*.key;*.pem\0All\0*.*\0");
showFileChooser(regKey, title, filter, handle);
} else if (id == IDC_QUERY_LOGGED_ON) {
enableItem(IDC_QUERY_LOGGED_ON, enableQueryOnlyIfLoggedOn());
}
return true;
}
bool onOk() {
SecurityPage::onOk();
if (isItemChecked(IDC_AUTH_VNC))
verifyVncPassword(regKey);
else if (haveVncPassword() &&
MsgBox(0, _T("The VNC authentication method is disabled, but a password is still stored for it.\n")
_T("Do you want to remove the VNC authentication password from the registry?"),
MB_ICONWARNING | MB_YESNO) == IDYES) {
regKey.setBinary(_T("Password"), 0, 0);
}
#ifdef HAVE_GNUTLS
if (isItemChecked(IDC_ENC_X509)) {
SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Cert"));
SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Key"));
}
#endif
regKey.setString(_T("SecurityTypes"), security->ToString());
regKey.setBool(_T("QueryConnect"), isItemChecked(IDC_QUERY_CONNECT));
regKey.setBool(_T("QueryOnlyIfLoggedOn"), isItemChecked(IDC_QUERY_LOGGED_ON));
return true;
}
void setWarnPasswdInsecure(bool warn) {
registryInsecure = warn;
}
bool enableQueryOnlyIfLoggedOn() {
return isItemChecked(IDC_QUERY_CONNECT);
}
static bool haveVncPassword() {
PlainPasswd password, passwordReadOnly;
SSecurityVncAuth::vncAuthPasswd.getVncAuthPasswd(&password, &passwordReadOnly);
return password.buf && strlen(password.buf) != 0;
}
static void verifyVncPassword(const RegKey& regKey) {
if (!haveVncPassword()) {
MsgBox(0, _T("The VNC authentication method is enabled, but no password is specified.\n")
_T("The password dialog will now be shown."), MB_ICONINFORMATION | MB_OK);
PasswordDialog passwd(regKey, registryInsecure);
passwd.showDialog();
}
}
virtual void loadX509Certs(void) {}
virtual void enableX509Dialogs(void) {
enableItem(IDC_LOAD_CERT, true);
enableItem(IDC_LOAD_CERTKEY, true);
}
virtual void disableX509Dialogs(void) {
enableItem(IDC_LOAD_CERT, false);
enableItem(IDC_LOAD_CERTKEY, false);
}
virtual void loadVncPasswd() {
enableItem(IDC_AUTH_VNC_PASSWD, isItemChecked(IDC_AUTH_VNC));
}
protected:
RegKey regKey;
static bool registryInsecure;
private:
inline void modifyAuthMethod(int enc_idc, int auth_idc, bool enable)
{
setItemChecked(enc_idc, enable);
setItemChecked(auth_idc, enable);
}
inline bool showFileChooser(const RegKey& rk,
const char* title,
const char* filter,
HWND hwnd)
{
OPENFILENAME ofn;
char filename[MAX_PATH];
ZeroMemory(&ofn, sizeof(ofn));
ZeroMemory(&filename, sizeof(filename));
filename[0] = '\0';
ofn.lStructSize = sizeof(ofn);
ofn.hwndOwner = hwnd;
ofn.lpstrFile = filename;
ofn.nMaxFile = sizeof(filename);
ofn.lpstrFilter = (char*)filter;
ofn.nFilterIndex = 1;
ofn.lpstrFileTitle = NULL;
ofn.nMaxFileTitle = 0;
ofn.lpstrTitle = (char*)title;
ofn.lpstrInitialDir = NULL;
ofn.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST;
if (GetOpenFileName(&ofn)==TRUE) {
regKey.setString(title, filename);
return true;
}
return false;
}
};
};
bool SecPage::registryInsecure = false;
};
#endif