diff --git a/.gitignore b/.gitignore index 303c203..f23193b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ build* subprojects .clang_complete +.vscode \ No newline at end of file diff --git a/include/vnc.h b/include/vnc.h index bd36831..b6d0acf 100644 --- a/include/vnc.h +++ b/include/vnc.h @@ -79,3 +79,4 @@ void vnc_client_set_compression_level(struct vnc_client* self, int value); void vnc_client_send_cut_text(struct vnc_client* self, const char* text, size_t len); void vnc_client_clear_av_frames(struct vnc_client* self); +rfbCredential* handle_vnc_authentication(struct _rfbClient *client, int credentialType); \ No newline at end of file diff --git a/src/open-h264.c b/src/open-h264.c index 662210d..bf49694 100644 --- a/src/open-h264.c +++ b/src/open-h264.c @@ -153,6 +153,9 @@ static void reset_all_contexts(struct open_h264* self) struct open_h264* open_h264_create(rfbClient* client) { + // Use this to enable debug logs + // av_log_set_level(AV_LOG_DEBUG); + struct open_h264* self = calloc(1, sizeof(*self)); if (!self) return NULL; diff --git a/src/tls_gnutls.c b/src/tls_gnutls.c index 2619959..b9eb2d9 100644 --- a/src/tls_gnutls.c +++ b/src/tls_gnutls.c @@ -25,7 +25,7 @@ #include #include -static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP"; +static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA"; static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH"; #define DH_BITS 1024 @@ -112,12 +112,13 @@ verify_certificate_callback (gnutls_session_t session) return GNUTLS_E_CERTIFICATE_ERROR; } - if (!gnutls_x509_crt_check_hostname (cert, hostname)) - { - rfbClientLog("The certificate's owner does not match hostname '%s'\n", - hostname); - return GNUTLS_E_CERTIFICATE_ERROR; - } + // Certificate doesn't have a hostname + //if (!gnutls_x509_crt_check_hostname (cert, hostname)) + // { + // rfbClientLog("The certificate's owner does not match hostname '%s'\n", + // hostname); + // return GNUTLS_E_CERTIFICATE_ERROR; + // } gnutls_x509_crt_deinit (cert); @@ -337,6 +338,9 @@ FreeX509Credential(rfbCredential *cred) static gnutls_certificate_credentials_t CreateX509CertCredential(rfbCredential *cred) { + // Use this to enable debug logs + //gnutls_global_set_log_level(GNUTLS_DEBUG_LEVEL); + gnutls_certificate_credentials_t x509_cred; int ret; diff --git a/src/vnc.c b/src/vnc.c index 100ec35..788c450 100644 --- a/src/vnc.c +++ b/src/vnc.c @@ -249,6 +249,9 @@ struct vnc_client* vnc_client_create(void) self->pts = NO_PTS; + // Handle authentication + client->GetCredential = handle_vnc_authentication; + return self; failure: @@ -256,6 +259,31 @@ failure: return NULL; } +rfbCredential* handle_vnc_authentication(struct _rfbClient *client, int credentialType) { + rfbCredential* creds = (rfbCredential*) malloc(sizeof(rfbCredential)); + + if (client->authScheme == rfbVeNCrypt && credentialType == rfbCredentialTypeX509) { + char* path = getenv("TLS_CA"); + rfbClientLog("Using TLS CA certificate from env 'TLS_CA': %s", path); + + creds->x509Credential.x509CACertFile = malloc(strlen(path) + 1); + strcpy(creds->x509Credential.x509CACertFile, path); + creds->x509Credential.x509CrlVerifyMode = rfbX509CrlVerifyAll; + } else if (client->authScheme == rfbVeNCrypt && credentialType == rfbCredentialTypeUser) { + const* username = getenv("VNC_USERNAME"); + const* password = getenv("VNC_PASSWORD"); + rfbClientLog("Using username and password for VNC authentication 'VNC_USERNAME', 'VNC_PASSWORD'"); + + creds->userCredential.password = malloc(strlen(password) + 1); + creds->userCredential.username = malloc(strlen(username) + 1); + strcpy(creds->userCredential.password, password); + strcpy(creds->userCredential.username, username); + } else { + + } + return creds; +} + void vnc_client_destroy(struct vnc_client* self) { vnc_client_clear_av_frames(self);