API: Consolidate setup of security constraints
parent
373e5a0f9e
commit
58d6dff5e5
|
@ -152,10 +152,12 @@ struct nvnc {
|
||||||
} cursor;
|
} cursor;
|
||||||
uint32_t cursor_seq;
|
uint32_t cursor_seq;
|
||||||
|
|
||||||
#ifdef ENABLE_TLS
|
enum nvnc_auth_flags auth_flags;
|
||||||
gnutls_certificate_credentials_t tls_creds;
|
|
||||||
nvnc_auth_fn auth_fn;
|
nvnc_auth_fn auth_fn;
|
||||||
void* auth_ud;
|
void* auth_ud;
|
||||||
|
|
||||||
|
#ifdef ENABLE_TLS
|
||||||
|
gnutls_certificate_credentials_t tls_creds;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_CRYPTO
|
#ifdef HAVE_CRYPTO
|
||||||
|
|
|
@ -97,6 +97,11 @@ enum nvnc_log_level {
|
||||||
NVNC_LOG_TRACE = 5,
|
NVNC_LOG_TRACE = 5,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
enum nvnc_auth_flags {
|
||||||
|
NVNC_AUTH_REQUIRE_AUTH = 1 << 0,
|
||||||
|
NVNC_AUTH_REQUIRE_ENCRYPTION = 1 << 1,
|
||||||
|
};
|
||||||
|
|
||||||
struct nvnc_log_data {
|
struct nvnc_log_data {
|
||||||
enum nvnc_log_level level;
|
enum nvnc_log_level level;
|
||||||
const char* file;
|
const char* file;
|
||||||
|
@ -157,17 +162,11 @@ void nvnc_set_client_cleanup_fn(struct nvnc_client* self, nvnc_client_fn fn);
|
||||||
void nvnc_set_cut_text_fn(struct nvnc*, nvnc_cut_text_fn fn);
|
void nvnc_set_cut_text_fn(struct nvnc*, nvnc_cut_text_fn fn);
|
||||||
void nvnc_set_desktop_layout_fn(struct nvnc* self, nvnc_desktop_layout_fn);
|
void nvnc_set_desktop_layout_fn(struct nvnc* self, nvnc_desktop_layout_fn);
|
||||||
|
|
||||||
/* TODO: Changes this interface so that we have enable_auth(auth_fn),
|
|
||||||
* set_tls_creds(key, cert), and has_tls() -> bool
|
|
||||||
*/
|
|
||||||
|
|
||||||
bool nvnc_has_auth(void);
|
bool nvnc_has_auth(void);
|
||||||
|
int nvnc_enable_auth(struct nvnc* self, enum nvnc_auth_flags flags,
|
||||||
int nvnc_enable_auth(struct nvnc* self, const char* privkey_path,
|
nvnc_auth_fn, void* userdata);
|
||||||
const char* cert_path, nvnc_auth_fn, void* userdata);
|
int nvnc_set_tls_creds(struct nvnc* self, const char* privkey_path,
|
||||||
|
const char* cert_path);
|
||||||
int nvnc_enable_auth2(struct nvnc* self, nvnc_auth_fn, void* userdata);
|
|
||||||
|
|
||||||
int nvnc_set_rsa_creds(struct nvnc* self, const char* private_key_path);
|
int nvnc_set_rsa_creds(struct nvnc* self, const char* private_key_path);
|
||||||
|
|
||||||
struct nvnc_fb* nvnc_fb_new(uint16_t width, uint16_t height,
|
struct nvnc_fb* nvnc_fb_new(uint16_t width, uint16_t height,
|
||||||
|
|
26
src/server.c
26
src/server.c
|
@ -227,7 +227,9 @@ static int on_version_message(struct nvnc_client* client)
|
||||||
(struct rfb_security_types_msg*)buf;
|
(struct rfb_security_types_msg*)buf;
|
||||||
|
|
||||||
security->n = 0;
|
security->n = 0;
|
||||||
if (client->server->auth_fn) {
|
if (server->auth_flags & NVNC_AUTH_REQUIRE_AUTH) {
|
||||||
|
assert(server->auth_fn);
|
||||||
|
|
||||||
#ifdef ENABLE_TLS
|
#ifdef ENABLE_TLS
|
||||||
if (server->tls_creds) {
|
if (server->tls_creds) {
|
||||||
security->types[security->n++] = RFB_SECURITY_TYPE_VENCRYPT;
|
security->types[security->n++] = RFB_SECURITY_TYPE_VENCRYPT;
|
||||||
|
@ -237,13 +239,18 @@ static int on_version_message(struct nvnc_client* client)
|
||||||
#ifdef HAVE_CRYPTO
|
#ifdef HAVE_CRYPTO
|
||||||
security->types[security->n++] = RFB_SECURITY_TYPE_RSA_AES256;
|
security->types[security->n++] = RFB_SECURITY_TYPE_RSA_AES256;
|
||||||
security->types[security->n++] = RFB_SECURITY_TYPE_RSA_AES;
|
security->types[security->n++] = RFB_SECURITY_TYPE_RSA_AES;
|
||||||
|
|
||||||
|
if (!(server->auth_flags & NVNC_AUTH_REQUIRE_ENCRYPTION)) {
|
||||||
security->types[security->n++] = RFB_SECURITY_TYPE_APPLE_DH;
|
security->types[security->n++] = RFB_SECURITY_TYPE_APPLE_DH;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
} else {
|
||||||
|
security->n = 1;
|
||||||
|
security->types[0] = RFB_SECURITY_TYPE_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (security->n == 0) {
|
if (security->n == 0) {
|
||||||
security->n = 1;
|
nvnc_log(NVNC_LOG_PANIC, "Failed to satisfy requested security constraints");
|
||||||
security->types[0] = RFB_SECURITY_TYPE_NONE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
stream_write(client->net_stream, security, sizeof(*security) +
|
stream_write(client->net_stream, security, sizeof(*security) +
|
||||||
|
@ -2293,9 +2300,8 @@ bool nvnc_has_auth(void)
|
||||||
}
|
}
|
||||||
|
|
||||||
EXPORT
|
EXPORT
|
||||||
int nvnc_enable_auth(struct nvnc* self, const char* privkey_path,
|
int nvnc_set_tls_creds(struct nvnc* self, const char* privkey_path,
|
||||||
const char* cert_path, nvnc_auth_fn auth_fn,
|
const char* cert_path)
|
||||||
void* userdata)
|
|
||||||
{
|
{
|
||||||
#ifdef ENABLE_TLS
|
#ifdef ENABLE_TLS
|
||||||
if (self->tls_creds)
|
if (self->tls_creds)
|
||||||
|
@ -2326,9 +2332,6 @@ int nvnc_enable_auth(struct nvnc* self, const char* privkey_path,
|
||||||
goto cert_set_failure;
|
goto cert_set_failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
self->auth_fn = auth_fn;
|
|
||||||
self->auth_ud = userdata;
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
cert_set_failure:
|
cert_set_failure:
|
||||||
|
@ -2341,10 +2344,13 @@ cert_alloc_failure:
|
||||||
}
|
}
|
||||||
|
|
||||||
EXPORT
|
EXPORT
|
||||||
int nvnc_enable_auth2(struct nvnc* self, nvnc_auth_fn auth_fn, void* userdata)
|
int nvnc_enable_auth(struct nvnc* self, enum nvnc_auth_flags flags,
|
||||||
|
nvnc_auth_fn auth_fn, void* userdata)
|
||||||
{
|
{
|
||||||
#ifdef HAVE_CRYPTO
|
#ifdef HAVE_CRYPTO
|
||||||
|
self->auth_flags = flags;
|
||||||
self->auth_fn = auth_fn;
|
self->auth_fn = auth_fn;
|
||||||
|
self->auth_ud = userdata;
|
||||||
return 0;
|
return 0;
|
||||||
#endif
|
#endif
|
||||||
return -1;
|
return -1;
|
||||||
|
|
Loading…
Reference in New Issue