1
--- vnc-4.0b5-unixsrc/x0vncserver/Makefile.in.tls 2004-06-11 16:36:08.113307745 +0100
2
+++ vnc-4.0b5-unixsrc/x0vncserver/Makefile.in 2004-06-11 16:36:46.864918325 +0100
5
DEP_LIBS = ../rfb/librfb.a ../network/libnetwork.a ../rdr/librdr.a
7
-EXTRA_LIBS = @ZLIB_LIB@ @X_PRE_LIBS@ @X_LIBS@ -lXtst -lXext -lX11 @X_EXTRA_LIBS@
8
+EXTRA_LIBS = @ZLIB_LIB@ @X_PRE_LIBS@ @X_LIBS@ -lXtst -lXext -lX11 @X_EXTRA_LIBS@ @LIBGNUTLS_LIBS@
10
-DIR_CPPFLAGS = -I$(top_srcdir) @X_CFLAGS@ # X_CFLAGS are really CPPFLAGS
11
+DIR_CPPFLAGS = -I$(top_srcdir) @X_CFLAGS@ @LIBGNUTLS_CFLAGS@ # X_CFLAGS are really CPPFLAGS
15
--- vnc-4.0b5-unixsrc/configure.in.tls 2004-06-11 16:36:08.147303017 +0100
16
+++ vnc-4.0b5-unixsrc/configure.in 2004-06-11 16:36:46.865918186 +0100
18
AC_SUBST(ZLIB_INCLUDE)
21
+AC_ARG_ENABLE(gnutls, [ --enable-gnutls build with gnutls support])
22
+if test "x$enable_gnutls" = "xyes"; then
24
+ AM_PATH_LIBGNUTLS(1.0.0, [AC_DEFINE(HAVE_GNUTLS)], AC_MSG_ERROR([Unable to find GNUTLS]))
25
+ LIBGNUTLS_CFLAGS="-DHAVE_GNUTLS $LIBGNUTLS_CFLAGS"
29
AC_CHECK_FUNC(vsnprintf,VSNPRINTF_DEFINE='-DHAVE_VSNPRINTF',VSNPRINTF_DEFINE=)
30
AC_SUBST(VSNPRINTF_DEFINE)
32
--- vnc-4.0b5-unixsrc/rfb/CSecurity.h.tls 2004-06-11 16:36:08.167300236 +0100
33
+++ vnc-4.0b5-unixsrc/rfb/CSecurity.h 2004-06-11 16:36:46.867917908 +0100
40
+ RFB_SECURITY_COMPLETED,
42
+ RFB_SECURITY_AUTH_TYPES
44
virtual ~CSecurity() {}
45
- virtual bool processMsg(CConnection* cc, bool* done)=0;
46
+ virtual statusEnum processMsg(CConnection* cc)=0;
47
virtual void destroy() { delete this; }
48
virtual int getType() const = 0;
49
virtual const char* description() const = 0;
50
--- vnc-4.0b5-unixsrc/rfb/CSecurityTLS.cxx.tls 2004-06-11 16:36:36.557351881 +0100
51
+++ vnc-4.0b5-unixsrc/rfb/CSecurityTLS.cxx 2004-06-11 16:36:46.868917769 +0100
54
+ * Copyright (C) 2004 Red Hat Inc.
56
+ * This is free software; you can redistribute it and/or modify
57
+ * it under the terms of the GNU General Public License as published by
58
+ * the Free Software Foundation; either version 2 of the License, or
59
+ * (at your option) any later version.
61
+ * This software is distributed in the hope that it will be useful,
62
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
63
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
64
+ * GNU General Public License for more details.
66
+ * You should have received a copy of the GNU General Public License
67
+ * along with this software; if not, write to the Free Software
68
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
74
+#include <rfb/CSecurityTLS.h>
75
+#include <rfb/CConnection.h>
76
+#include <rfb/LogWriter.h>
77
+#include <rdr/FdInStream.h>
78
+#include <rdr/FdOutStream.h>
84
+static LogWriter vlog("TLS");
87
+static void debug_log(int level, const char* str)
93
+void CSecurityTLS::initGlobal()
95
+ static bool globalInitDone = false;
97
+ if (!globalInitDone) {
98
+ gnutls_global_init();
101
+ gnutls_global_set_log_level(10);
102
+ gnutls_global_set_log_function(debug_log);
105
+ globalInitDone = true;
109
+CSecurityTLS::CSecurityTLS() : session(0), anon_cred(0)
113
+CSecurityTLS::~CSecurityTLS()
116
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
117
+ gnutls_anon_free_client_credentials (anon_cred);
118
+ gnutls_deinit (session);
121
+ /* FIXME: should be doing gnutls_global_deinit() at some point */
124
+CSecurityTLS::statusEnum CSecurityTLS::processMsg(CConnection* cc)
126
+ rdr::FdInStream* is;
127
+ rdr::FdOutStream* os;
129
+ if ((is = dynamic_cast<rdr::FdInStream*>(cc->getInStream())) == 0) {
130
+ vlog.error("Cannot use TLS security type with anything other than FdInStream");
131
+ return RFB_SECURITY_ERROR;
134
+ if ((os = dynamic_cast<rdr::FdOutStream*>(cc->getOutStream())) == 0) {
135
+ vlog.error("Cannot use TLS security type with anything other than FdOutStream");
136
+ return RFB_SECURITY_ERROR;
141
+ gnutls_init(&session, GNUTLS_CLIENT);
142
+ gnutls_set_default_priority(session);
144
+ int kx_priority[] = { GNUTLS_KX_ANON_DH, 0 };
145
+ gnutls_kx_set_priority(session, kx_priority);
147
+ gnutls_anon_allocate_client_credentials(&anon_cred);
148
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
150
+ gnutls_transport_set_ptr2(session,
151
+ (gnutls_transport_ptr)is->getFd(),
152
+ (gnutls_transport_ptr)os->getFd());
156
+ err = gnutls_handshake(session);
157
+ } while (err != GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(err));
159
+ if (err != GNUTLS_E_SUCCESS) {
160
+ vlog.error("TLS Handshake failed: %s\n", gnutls_strerror (err));
161
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
162
+ gnutls_anon_free_client_credentials(anon_cred);
163
+ gnutls_deinit(session);
165
+ return RFB_SECURITY_ERROR;
168
+ is->useTLS(session);
169
+ os->useTLS(session);
171
+ return RFB_SECURITY_AUTH_TYPES;
174
+#endif /* HAVE_GNUTLS */
175
--- vnc-4.0b5-unixsrc/rfb/CConnection.h.tls 2004-06-11 16:36:08.248288973 +0100
176
+++ vnc-4.0b5-unixsrc/rfb/CConnection.h 2004-06-11 16:36:46.869917630 +0100
178
// first one is most preferred.
179
void addSecType(rdr::U8 secType);
181
+ // addAuthType() should be called once for each authentication type which
182
+ // the client supports. The order in which they're added is such that the
183
+ // first one is most preferred.
184
+ void addAuthType(rdr::U8 authType);
186
// setClientSecTypeOrder() determines whether the client should obey
187
// the server's security type preference, by picking the first server security
188
// type that the client supports, or whether it should pick the first type
191
void processVersionMsg();
192
void processSecurityTypesMsg();
193
+ void processAuthTypesMsg();
194
void processSecurityMsg();
195
void processSecurityResultMsg();
196
void processInitMsg();
198
bool deleteStreamsWhenDone;
201
- enum { maxSecTypes = 8 };
202
+ enum { maxSecTypes = 8, maxAuthTypes = 8 };
204
rdr::U8 secTypes[maxSecTypes];
206
+ rdr::U8 authTypes[maxAuthTypes];
207
bool clientSecTypeOrder;
210
--- vnc-4.0b5-unixsrc/rfb/Makefile.in.tls 2004-06-11 16:36:08.250288695 +0100
211
+++ vnc-4.0b5-unixsrc/rfb/Makefile.in 2004-06-11 16:36:46.869917630 +0100
215
CSecurityVncAuth.cxx \
217
ComparingUpdateTracker.cxx \
222
OBJS = d3des.o $(CXXSRCS:.cxx=.o)
224
-DIR_CPPFLAGS = -I$(top_srcdir) @VSNPRINTF_DEFINE@
225
+DIR_CPPFLAGS = -I$(top_srcdir) @VSNPRINTF_DEFINE@ @LIBGNUTLS_CFLAGS@
230
$(AR) $(library) $(OBJS)
233
+DIR_CFLAGS = -DPIC -fPIC
234
+DIR_CXXFLAGS = -DPIC -fPIC
235
# followed by boilerplate.mk
236
--- vnc-4.0b5-unixsrc/rfb/CSecurityVncAuth.cxx.tls 2004-06-11 16:36:08.252288416 +0100
237
+++ vnc-4.0b5-unixsrc/rfb/CSecurityVncAuth.cxx 2004-06-11 16:36:46.869917630 +0100
242
-bool CSecurityVncAuth::processMsg(CConnection* cc, bool* done)
243
+CSecurity::statusEnum CSecurityVncAuth::processMsg(CConnection* cc)
246
rdr::InStream* is = cc->getInStream();
247
rdr::OutStream* os = cc->getOutStream();
251
if (!upg->getUserPasswd(0, &passwd.buf)) {
252
vlog.error("Getting password failed");
254
+ return RFB_SECURITY_ERROR;
256
vncAuthEncryptChallenge(challenge, passwd.buf);
257
memset(passwd.buf, 0, strlen(passwd.buf));
258
os->writeBytes(challenge, vncAuthChallengeSize);
262
+ return RFB_SECURITY_COMPLETED;
264
--- vnc-4.0b5-unixsrc/rfb/secTypes.cxx.tls 2004-06-11 16:36:08.254288138 +0100
265
+++ vnc-4.0b5-unixsrc/rfb/secTypes.cxx 2004-06-11 16:36:46.870917491 +0100
267
if (strcasecmp(name, "VncAuth") == 0) return secTypeVncAuth;
268
if (strcasecmp(name, "RA2") == 0) return secTypeRA2;
269
if (strcasecmp(name, "RA2ne") == 0) return secTypeRA2ne;
270
+ if (strcasecmp(name, "TLS") == 0) return secTypeTLS;
271
return secTypeInvalid;
275
case secTypeVncAuth: return "VncAuth";
276
case secTypeRA2: return "RA2";
277
case secTypeRA2ne: return "RA2ne";
278
+ case secTypeTLS: return "TLS";
279
default: return "[unknown secType]";
285
case secTypeRA2: return true;
286
+ case secTypeTLS: return true;
287
default: return false;
290
--- vnc-4.0b5-unixsrc/rfb/CSecurityTLS.h.tls 2004-06-11 16:36:31.135105991 +0100
291
+++ vnc-4.0b5-unixsrc/rfb/CSecurityTLS.h 2004-06-11 16:36:46.870917491 +0100
294
+ * Copyright (C) 2004 Red Hat Inc.
296
+ * This is free software; you can redistribute it and/or modify
297
+ * it under the terms of the GNU General Public License as published by
298
+ * the Free Software Foundation; either version 2 of the License, or
299
+ * (at your option) any later version.
301
+ * This software is distributed in the hope that it will be useful,
302
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
303
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
304
+ * GNU General Public License for more details.
306
+ * You should have received a copy of the GNU General Public License
307
+ * along with this software; if not, write to the Free Software
308
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
312
+#ifndef __C_SECURITY_TLS_H__
313
+#define __C_SECURITY_TLS_H__
317
+#include <rfb/CSecurity.h>
318
+#include <rfb/secTypes.h>
319
+#include <gnutls/gnutls.h>
322
+ class CSecurityTLS : public CSecurity {
325
+ virtual ~CSecurityTLS();
326
+ virtual statusEnum processMsg(CConnection* cc);
327
+ virtual int getType() const { return secTypeTLS; };
328
+ virtual const char* description() const { return "TLS Encryption"; }
331
+ static void initGlobal();
333
+ gnutls_session session;
334
+ gnutls_anon_server_credentials anon_cred;
338
+#endif /* HAVE_GNUTLS */
340
+#endif /* __C_SECURITY_TLS_H__ */
341
--- vnc-4.0b5-unixsrc/rfb/CSecurityNone.h.tls 2004-06-11 16:36:08.312280073 +0100
342
+++ vnc-4.0b5-unixsrc/rfb/CSecurityNone.h 2004-06-11 16:36:46.871917352 +0100
345
class CSecurityNone : public CSecurity {
347
- virtual bool processMsg(CConnection* cc, bool* done) {
348
- *done = true; return true;
349
+ virtual statusEnum processMsg(CConnection* cc) {
350
+ return RFB_SECURITY_COMPLETED;
352
virtual int getType() const {return secTypeNone;}
353
virtual const char* description() const {return "No Encryption";}
354
--- vnc-4.0b5-unixsrc/rfb/CConnection.cxx.tls 2004-06-11 16:36:08.315279656 +0100
355
+++ vnc-4.0b5-unixsrc/rfb/CConnection.cxx 2004-06-11 16:36:46.980902194 +0100
358
CConnection::CConnection()
359
: is(0), os(0), reader_(0), writer_(0),
360
- shared(false), security(0), nSecTypes(0), clientSecTypeOrder(false),
361
+ shared(false), security(0),
362
+ nSecTypes(0), nAuthTypes(0), clientSecTypeOrder(false),
363
state_(RFBSTATE_UNINITIALISED), useProtocol3_3(false)
368
void CConnection::addSecType(rdr::U8 secType)
370
+ vlog.debug("adding %d", secType);
371
if (nSecTypes == maxSecTypes)
372
throw Exception("too many security types");
373
secTypes[nSecTypes++] = secType;
376
+void CConnection::addAuthType(rdr::U8 authType)
378
+ if (nAuthTypes == maxAuthTypes)
379
+ throw Exception("too many authentication types");
380
+ authTypes[nAuthTypes++] = authType;
383
void CConnection::setClientSecTypeOrder(bool clientOrder) {
384
clientSecTypeOrder = clientOrder;
386
@@ -204,15 +213,72 @@
387
processSecurityMsg();
390
+void CConnection::processAuthTypesMsg()
392
+ vlog.debug("processing authentication types message");
394
+ int authType = secTypeInvalid;
396
+ int nServerAuthTypes = is->readU8();
397
+ if (nServerAuthTypes == 0)
398
+ throwConnFailedException();
400
+ int authTypePos = nAuthTypes;
401
+ for (int i = 0; i < nServerAuthTypes; i++) {
402
+ rdr::U8 serverAuthType = is->readU8();
403
+ vlog.debug("Server offers security type %s(%d)",
404
+ secTypeName(serverAuthType),serverAuthType);
406
+ // If we haven't already chosen a authType, try this one
407
+ // If we are using the client's preference for types,
408
+ // we keep trying types, to find the one that matches and
409
+ // which appears first in the client's list of supported types.
410
+ if (authType == secTypeInvalid || clientSecTypeOrder) {
411
+ for (int j = 0; j < nAuthTypes; j++) {
412
+ if (authTypes[j] == serverAuthType && j < authTypePos) {
413
+ authType = authTypes[j];
418
+ // NB: Continue reading the remaining server authTypes, but ignore them
422
+ // Inform the server of our decision
423
+ if (authType != secTypeInvalid) {
424
+ os->writeU8(authType);
426
+ vlog.debug("Choosing authentication type %s(%d)",secTypeName(authType),authType);
429
+ if (authType == secTypeInvalid) {
430
+ state_ = RFBSTATE_INVALID;
431
+ vlog.error("No matching authentication types");
432
+ throw Exception("No matching authentication types");
435
+ security = getCSecurity(authType);
436
+ processSecurityMsg();
439
void CConnection::processSecurityMsg()
441
vlog.debug("processing security message");
443
- if (!security->processMsg(this, &done))
444
+ switch (security->processMsg(this)) {
445
+ case CSecurity::RFB_SECURITY_ERROR:
446
throwAuthFailureException();
448
+ case CSecurity::RFB_SECURITY_COMPLETED:
449
state_ = RFBSTATE_SECURITY_RESULT;
450
processSecurityResultMsg();
452
+ case CSecurity::RFB_SECURITY_DEFER:
454
+ case CSecurity::RFB_SECURITY_AUTH_TYPES:
455
+ processAuthTypesMsg();
458
+ throw Exception("CConnection::processSecurityMsg: invalid security status");
462
--- vnc-4.0b5-unixsrc/rfb/CSecurityVncAuth.h.tls 2004-06-11 16:36:08.317279378 +0100
463
+++ vnc-4.0b5-unixsrc/rfb/CSecurityVncAuth.h 2004-06-11 16:36:46.980902194 +0100
466
CSecurityVncAuth(UserPasswdGetter* pg);
467
virtual ~CSecurityVncAuth();
468
- virtual bool processMsg(CConnection* cc, bool* done);
469
+ virtual statusEnum processMsg(CConnection* cc);
470
virtual int getType() const {return secTypeVncAuth;};
471
virtual const char* description() const {return "No Encryption";}
473
--- vnc-4.0b5-unixsrc/network/Makefile.in.tls 2004-06-11 16:36:08.319279100 +0100
474
+++ vnc-4.0b5-unixsrc/network/Makefile.in 2004-06-11 16:36:46.981902055 +0100
477
OBJS = $(SRCS:.cxx=.o)
479
-DIR_CPPFLAGS = -I$(top_srcdir) @SOCKLEN_T_DEFINE@
480
+DIR_CPPFLAGS = -I$(top_srcdir) @SOCKLEN_T_DEFINE@ @LIBGNUTLS_CFLAGS@
482
library = libnetwork.a
485
$(AR) $(library) $(OBJS)
488
+DIR_CXXFLAGS = -DPIC -fPIC
489
# followed by boilerplate.mk
490
--- vnc-4.0b5-unixsrc/vncconfig/Makefile.in.tls 2004-06-11 16:36:08.322278683 +0100
491
+++ vnc-4.0b5-unixsrc/vncconfig/Makefile.in 2004-06-11 16:36:47.034894685 +0100
493
DEP_LIBS = ../tx/libtx.a ../rfb/librfb.a ../network/libnetwork.a \
496
-EXTRA_LIBS = @X_PRE_LIBS@ @X_LIBS@ -lX11 -lXext @X_EXTRA_LIBS@
497
+EXTRA_LIBS = @X_PRE_LIBS@ @X_LIBS@ -lX11 -lXext @X_EXTRA_LIBS@ @LIBGNUTLS_LIBS@
499
-DIR_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/tx @X_CFLAGS@ # X_CFLAGS are really CPPFLAGS
500
+DIR_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/tx @X_CFLAGS@ @LIBGNUTLS_CFLAGS@ # X_CFLAGS are really CPPFLAGS
504
--- vnc-4.0b5-unixsrc/rdr/FdInStream.h.tls 2004-06-11 16:36:08.324278405 +0100
505
+++ vnc-4.0b5-unixsrc/rdr/FdInStream.h 2004-06-11 16:36:47.035894546 +0100
508
#include <rdr/InStream.h>
511
+#include <gnutls/gnutls.h>
516
class FdInStreamBlockCallback {
519
void readBytes(void* data, int length);
522
+ void useTLS(gnutls_session session);
527
unsigned int kbitsPerSecond();
530
FdInStreamBlockCallback* blockCallback;
533
+ gnutls_session tlsSession;
537
unsigned int timeWaitedIn100us;
538
unsigned int timedKbits;
539
--- vnc-4.0b5-unixsrc/rdr/FdOutStream.cxx.tls 2004-06-11 16:36:08.327277987 +0100
540
+++ vnc-4.0b5-unixsrc/rdr/FdOutStream.cxx 2004-06-11 16:36:47.035894546 +0100
542
FdOutStream::FdOutStream(int fd_, int timeoutms_, int bufSize_)
543
: fd(fd_), timeoutms(timeoutms_),
544
bufSize(bufSize_ ? bufSize_ : DEFAULT_BUF_SIZE), offset(0)
549
ptr = start = new U8[bufSize];
550
end = start + bufSize;
556
+void FdOutStream::useTLS(gnutls_session session)
558
+ tlsSession = session;
563
// writeWithTimeout() writes up to the given length in bytes from the given
564
// buffer to the file descriptor. If there is a timeout set and that timeout
575
@@ -159,15 +171,32 @@
577
if (n == 0) throw TimedOut();
580
- n = ::write(fd, data, length);
581
- } while (n < 0 && (errno == EINTR));
587
+ n = ::write(fd, data, length);
588
+ } while (n < 0 && (errno == EINTR));
594
+ n = gnutls_record_send(tlsSession, data, length);
595
+ } while (n == GNUTLS_E_INTERRUPTED);
597
+ if (n < 0) throw TLSException("send",n);
601
// NB: This outer loop simply fixes a broken Winsock2 EWOULDBLOCK
602
// condition, found only under Win98 (first edition), with slow
603
// network connections. Should in fact never ever happen...
604
} while (n < 0 && (errno == EWOULDBLOCK));
606
+#endif /* HAVE_GNUTLS */
608
if (n < 0) throw SystemException("write",errno);
611
--- vnc-4.0b5-unixsrc/rdr/FdOutStream.h.tls 2004-06-11 16:36:08.329277709 +0100
612
+++ vnc-4.0b5-unixsrc/rdr/FdOutStream.h 2004-06-11 16:36:47.088887176 +0100
615
#include <rdr/OutStream.h>
618
+#include <gnutls/gnutls.h>
623
class FdOutStream : public OutStream {
626
void writeBytes(const void* data, int length);
629
+ void useTLS(gnutls_session session);
633
int overrun(int itemSize, int nItems);
634
int writeWithTimeout(const void* data, int length);
641
+ gnutls_session tlsSession;
646
--- vnc-4.0b5-unixsrc/rdr/Makefile.in.tls 2004-06-11 16:36:08.331277431 +0100
647
+++ vnc-4.0b5-unixsrc/rdr/Makefile.in 2004-06-11 16:36:47.089887037 +0100
650
OBJS = $(SRCS:.cxx=.o)
652
-DIR_CPPFLAGS = -I$(top_srcdir) @ZLIB_INCLUDE@
653
+DIR_CPPFLAGS = -I$(top_srcdir) @ZLIB_INCLUDE@ @LIBGNUTLS_CFLAGS@
657
--- vnc-4.0b5-unixsrc/rdr/Exception.cxx.tls 2004-06-11 16:36:08.333277153 +0100
658
+++ vnc-4.0b5-unixsrc/rdr/Exception.cxx 2004-06-11 16:36:47.089887037 +0100
660
strncat(str_, buf, len-1-strlen(str_));
661
strncat(str_, ")", len-1-strlen(str_));
665
+TLSException::TLSException(const char* s, int err_)
666
+ : Exception(s, "rdr::TLSException"), err(err_)
668
+ strncat(str_, ": ", len-1-strlen(str_));
669
+ strncat(str_, gnutls_strerror(err), len-1-strlen(str_));
670
+ strncat(str_, " (", len-1-strlen(str_));
672
+ sprintf(buf,"%d",err);
673
+ strncat(str_, buf, len-1-strlen(str_));
674
+ strncat(str_, ")", len-1-strlen(str_));
676
+#endif /* HAVE_GNUTLS */
677
--- vnc-4.0b5-unixsrc/rdr/FdInStream.cxx.tls 2004-06-11 16:36:08.335276875 +0100
678
+++ vnc-4.0b5-unixsrc/rdr/FdInStream.cxx 2004-06-11 16:36:47.142879667 +0100
681
: fd(fd_), closeWhenDone(closeWhenDone_),
682
timeoutms(timeoutms_), blockCallback(0),
686
timing(false), timeWaitedIn100us(5), timedKbits(0),
687
bufSize(bufSize_ ? bufSize_ : DEFAULT_BUF_SIZE), offset(0)
694
+void FdInStream::useTLS(gnutls_session session)
696
+ tlsSession = session;
701
// readWithTimeoutOrCallback() reads up to the given length in bytes from the
702
// file descriptor into a buffer. If the wait argument is false, then zero is
703
@@ -217,12 +227,29 @@
704
blockCallback->blockCallback();
708
- n = ::read(fd, buf, len);
709
- } while (n < 0 && errno == EINTR);
715
+ n = ::read(fd, buf, len);
716
+ } while (n < 0 && errno == EINTR);
718
- if (n < 0) throw SystemException("read",errno);
719
- if (n == 0) throw EndOfStream();
720
+ if (n < 0) throw SystemException("read",errno);
721
+ if (n == 0) throw EndOfStream();
727
+ n = gnutls_record_recv(tlsSession, buf, len);
728
+ } while (n == GNUTLS_E_INTERRUPTED);
730
+ if (n < 0) throw TLSException("recv",n);
731
+ if (n == 0) throw EndOfStream();
737
gettimeofday(&after, 0);
738
--- vnc-4.0b5-unixsrc/rdr/Exception.h.tls 2004-06-11 16:36:08.337276597 +0100
739
+++ vnc-4.0b5-unixsrc/rdr/Exception.h 2004-06-11 16:36:47.143879528 +0100
745
+#include <gnutls/gnutls.h>
752
struct SystemException : public Exception {
754
SystemException(const char* s, int err_);
758
struct TimedOut : public Exception {
759
TimedOut(const char* s="Timed out") : Exception(s,"rdr::TimedOut") {}
761
EndOfStream(const char* s="End of stream")
762
: Exception(s,"rdr::EndOfStream") {}
766
+ struct TLSException : public Exception {
768
+ TLSException(const char* s, int err_);
774
--- vnc-4.0b5-unixsrc/vncviewer/Makefile.in.tls 2004-06-11 16:36:08.339276319 +0100
775
+++ vnc-4.0b5-unixsrc/vncviewer/Makefile.in 2004-06-11 16:36:47.144879388 +0100
777
DEP_LIBS = ../tx/libtx.a ../rfb/librfb.a ../network/libnetwork.a \
780
-EXTRA_LIBS = @ZLIB_LIB@ @X_PRE_LIBS@ @X_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@
781
+EXTRA_LIBS = @ZLIB_LIB@ @X_PRE_LIBS@ @X_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@ @LIBGNUTLS_LIBS@
783
-DIR_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/tx @X_CFLAGS@ # X_CFLAGS are really CPPFLAGS
784
+DIR_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/tx @X_CFLAGS@ @LIBGNUTLS_CFLAGS@ # X_CFLAGS are really CPPFLAGS
788
--- vnc-4.0b5-unixsrc/vncviewer/CConn.cxx.tls 2004-06-11 16:36:08.341276041 +0100
789
+++ vnc-4.0b5-unixsrc/vncviewer/CConn.cxx 2004-06-11 16:36:47.201871462 +0100
791
#include <rfb/secTypes.h>
792
#include <rfb/CSecurityNone.h>
793
#include <rfb/CSecurityVncAuth.h>
794
+#include <rfb/CSecurityTLS.h>
795
#include <rfb/Hostname.h>
796
#include <rfb/LogWriter.h>
797
#include <rfb/util.h>
799
menuKeysym = XStringToKeysym(menuKeyStr.buf);
804
+ addSecType(secTypeTLS);
806
addSecType(secTypeNone);
807
addSecType(secTypeVncAuth);
809
+ addAuthType(secTypeNone);
810
+ addAuthType(secTypeVncAuth);
812
CharArray encStr(preferredEncoding.getData());
813
int encNum = encodingNum(encStr.buf);
816
return new CSecurityNone();
818
return new CSecurityVncAuth(this);
821
+ return new CSecurityTLS();
824
throw rfb::Exception("Unsupported secType?");
826
--- vnc-4.0b5-unixsrc/tx/Makefile.in.tls 2004-06-11 16:36:08.392268949 +0100
827
+++ vnc-4.0b5-unixsrc/tx/Makefile.in 2004-06-11 16:36:47.202871323 +0100
830
OBJS = $(SRCS:.cxx=.o)
832
-DIR_CPPFLAGS = -I$(top_srcdir) @X_CFLAGS@ # X_CFLAGS are really CPPFLAGS
833
+DIR_CPPFLAGS = -I$(top_srcdir) @X_CFLAGS@ @LIBGNUTLS_CFLAGS@ # X_CFLAGS are really CPPFLAGS