KasmVNC/common/rfb/SSecurityVeNCrypt.cxx

189 lines
4.7 KiB
C++
Raw Normal View History

2020-09-20 14:16:44 +02:00
/*
* Copyright (C) 2005-2006 Martin Koegler
* Copyright (C) 2006 OCCAM Financial Technology
* Copyright (C) 2010 TigerVNC Team
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
/*
* SSecurityVeNCrypt
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <rfb/SSecurityVeNCrypt.h>
#include <rfb/Exception.h>
#include <rfb/LogWriter.h>
#include <rdr/InStream.h>
#include <rdr/OutStream.h>
using namespace rfb;
using namespace rdr;
using namespace std;
static LogWriter vlog("SVeNCrypt");
SSecurityVeNCrypt::SSecurityVeNCrypt(SecurityServer *sec) : security(sec)
{
ssecurity = NULL;
haveSentVersion = false;
haveRecvdMajorVersion = false;
haveRecvdMinorVersion = false;
majorVersion = 0;
minorVersion = 0;
haveSentTypes = false;
haveChosenType = false;
chosenType = secTypeVeNCrypt;
numTypes = 0;
subTypes = NULL;
}
SSecurityVeNCrypt::~SSecurityVeNCrypt()
{
delete ssecurity;
if (subTypes) {
delete [] subTypes;
subTypes = NULL;
}
}
bool SSecurityVeNCrypt::processMsg(SConnection* sc)
{
rdr::InStream* is = sc->getInStream();
rdr::OutStream* os = sc->getOutStream();
rdr::U8 i;
/* VeNCrypt initialization */
/* Send the highest version we can support */
if (!haveSentVersion) {
os->writeU8(0);
os->writeU8(2);
haveSentVersion = true;
os->flush();
return false;
}
/* Receive back highest version that client can support (up to and including ours) */
if (!haveRecvdMajorVersion) {
majorVersion = is->readU8();
haveRecvdMajorVersion = true;
return false;
}
if (!haveRecvdMinorVersion) {
minorVersion = is->readU8();
haveRecvdMinorVersion = true;
/* WORD value with major version in upper 8 bits and minor version in lower 8 bits */
U16 Version = (((U16)majorVersion) << 8) | ((U16)minorVersion);
switch (Version) {
case 0x0000: /* 0.0 - The client cannot support us! */
case 0x0001: /* 0.1 Legacy VeNCrypt, not supported */
os->writeU8(0xFF); /* This is not OK */
os->flush();
throw AuthFailureException("The client cannot support the server's "
"VeNCrypt version");
case 0x0002: /* 0.2 */
os->writeU8(0); /* OK */
break;
default:
os->writeU8(0xFF); /* Not OK */
os->flush();
throw AuthFailureException("The client returned an unsupported VeNCrypt version");
}
}
/*
* send number of supported VeNCrypt authentication types (U8) followed
* by authentication types (U32s)
*/
if (!haveSentTypes) {
list<U32> listSubTypes;
listSubTypes = security->GetEnabledExtSecTypes();
numTypes = listSubTypes.size();
subTypes = new U32[numTypes];
for (i = 0; i < numTypes; i++) {
subTypes[i] = listSubTypes.front();
listSubTypes.pop_front();
}
if (numTypes) {
os->writeU8(numTypes);
for (i = 0; i < numTypes; i++)
os->writeU32(subTypes[i]);
os->flush();
haveSentTypes = true;
return false;
} else
throw AuthFailureException("There are no VeNCrypt sub-types to send to the client");
}
/* get type back from client (must be one of the ones we sent) */
if (!haveChosenType) {
is->check(4);
chosenType = is->readU32();
for (i = 0; i < numTypes; i++) {
if (chosenType == subTypes[i]) {
haveChosenType = true;
break;
}
}
if (!haveChosenType)
chosenType = secTypeInvalid;
vlog.info("Client requests security type %s (%d)", secTypeName(chosenType),
chosenType);
/* Set up the stack according to the chosen type */
if (chosenType == secTypeInvalid || chosenType == secTypeVeNCrypt)
throw AuthFailureException("No valid VeNCrypt sub-type");
ssecurity = security->GetSSecurity(chosenType);
}
/* continue processing the messages */
return ssecurity->processMsg(sc);
}
const char* SSecurityVeNCrypt::getUserName() const
{
if (ssecurity == NULL)
return NULL;
return ssecurity->getUserName();
}
SConnection::AccessRights SSecurityVeNCrypt::getAccessRights() const
{
if (ssecurity == NULL)
return SSecurity::getAccessRights();
return ssecurity->getAccessRights();
}