Commit bffd9ee3 authored by Christian Beier's avatar Christian Beier

Merge branch 'websockets'

parents 629fe03d abec0aa8
......@@ -32,7 +32,8 @@ Alberto Lusiani, Malvina Mazin, Dave Stuart, Rohit Kumar, Donald Dugger,
Steven Carr, Uwe Völker, Charles Coffing, Guillaume Rousse,
Alessandro Praduroux, Brad Hards, Timo Ketola, Christian Ehrlicher,
Noriaki Yamazaki, Ben Klopfenstein, Vic Lee, Christian Beier,
Alexander Dorokhine, Corentin Chary, Wouter Van Meir and George Kiagiadakis.
Alexander Dorokhine, Corentin Chary, Wouter Van Meir, George Kiagiadakis,
Joel Martin and Gernot Tenchio.
Probably I forgot quite a few people sending a patch here and there, which
really made a difference. Without those, some obscure bugs still would
......
......@@ -10,30 +10,50 @@ set(PACKAGE_NAME "LibVNCServer")
set(FULL_PACKAGE_NAME "LibVNCServer")
set(PACKAGE_VERSION "0.9.8")
set(PROJECT_BUGREPORT_PATH "http://sourceforge.net/projects/libvncserver")
set(CMAKE_C_FLAGS "-O2 -W -Wall -g")
include_directories(${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/libvncserver ${CMAKE_SOURCE_DIR}/common)
find_package(ZLIB)
find_package(JPEG)
find_package(PNG)
find_package(SDL)
find_package(GnuTLS)
find_package(Threads)
find_package(X11)
find_package(OpenSSL)
find_library(LIBGCRYPT_LIBRARIES gcrypt)
set(CMAKE_REQUIRED_LIBRARIES resolv)
check_function_exists(__b64_ntop HAVE_B64)
if(Threads_FOUND)
option(TIGHTVNC_FILETRANSFER "Enable filetransfer" ON)
endif(Threads_FOUND)
if (HAVE_B64)
endif(HAVE_B64)
if(ZLIB_FOUND)
set(LIBVNCSERVER_HAVE_LIBZ 1)
endif(ZLIB_FOUND)
if(JPEG_FOUND)
set(LIBVNCSERVER_HAVE_LIBJPEG 1)
endif(JPEG_FOUND)
if(PNG_FOUND)
set(LIBVNCSERVER_HAVE_LIBPNG 1)
endif(PNG_FOUND)
option(LIBVNCSERVER_ALLOW24BPP "Allow 24 bpp" ON)
if(GNUTLS_FOUND)
set(LIBVNCSERVER_WITH_CLIENT_TLS 1)
endif(GNUTLS_FOUND)
option(LIBVNCSERVER_WITH_WEBSOCKETS "Build with websockets support (gnutls)" ON)
set(WEBSOCKET_LIBRARIES -lresolv ${GNUTLS_LIBRARIES})
set(WSSRCS rfbssl_gnutls)
elseif(OPENSSL_FOUND)
option(LIBVNCSERVER_WITH_WEBSOCKETS "Build with websockets support (openssl)" ON)
set(WEBSOCKET_LIBRARIES -lresolv ${OPENSSL_LIBRARIES})
set(WSSRCS rfbssl_openssl)
endif()
if(LIBGCRYPT_LIBRARIES)
message(STATUS "Found libgcrypt: ${LIBGCRYPT_LIBRARIES}")
set(LIBVNCSERVER_WITH_CLIENT_GCRYPT 1)
......@@ -142,12 +162,20 @@ endif(ZLIB_FOUND)
if(JPEG_FOUND)
add_definitions(-DLIBVNCSERVER_HAVE_LIBJPEG)
include_directories(${JPEG_INCLUDE_DIR})
set(LIBVNCSERVER_SOURCES
${LIBVNCSERVER_SOURCES}
${LIBVNCSERVER_DIR}/tight.c
)
set(TIGHT_C ${LIBVNCSERVER_DIR}/tight.c)
endif(JPEG_FOUND)
if(PNG_FOUND)
add_definitions(-DLIBVNCSERVER_HAVE_LIBPNG)
include_directories(${PNG_INCLUDE_DIR})
set(TIGHT_C ${LIBVNCSERVER_DIR}/tight.c)
endif(PNG_FOUND)
set(LIBVNCSERVER_SOURCES
${LIBVNCSERVER_SOURCES}
${TIGHT_C}
)
if(TIGHTVNC_FILETRANSFER)
set(LIBVNCSERVER_SOURCES
${LIBVNCSERVER_SOURCES}
......@@ -158,6 +186,18 @@ if(TIGHTVNC_FILETRANSFER)
)
endif(TIGHTVNC_FILETRANSFER)
if(LIBVNCSERVER_WITH_WEBSOCKETS)
add_definitions(-DLIBVNCSERVER_WITH_WEBSOCKETS)
set(LIBVNCSERVER_SOURCES
${LIBVNCSERVER_SOURCES}
${LIBVNCSERVER_DIR}/websockets.c
${LIBVNCSERVER_DIR}/${WSSRCS}
${COMMON_DIR}/md5.c
${COMMON_DIR}/sha1.c
)
endif(LIBVNCSERVER_WITH_WEBSOCKETS)
add_library(vncclient SHARED ${LIBVNCCLIENT_SOURCES})
add_library(vncserver SHARED ${LIBVNCSERVER_SOURCES})
if(WIN32)
......@@ -168,13 +208,17 @@ target_link_libraries(vncclient
${ADDITIONAL_LIBS}
${ZLIB_LIBRARIES}
${JPEG_LIBRARIES}
${SDL_LIBRARY}
)
target_link_libraries(vncserver
${ADDITIONAL_LIBS}
${ZLIB_LIBRARIES}
${JPEG_LIBRARIES}
${SDL_LIBRARY}
${PNG_LIBRARIES}
${WEBSOCKET_LIBRARIES}
)
SET_TARGET_PROPERTIES(vncclient vncserver
PROPERTIES SOVERSION "0.0.0"
)
# tests
......
This diff is collapsed.
/* Declaration of functions and data types used for MD5 sum computing
library functions.
Copyright (C) 1995-1997,1999,2000,2001,2004,2005
Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
#ifndef _MD5_H
#define _MD5_H 1
#include <stdio.h>
#if defined HAVE_LIMITS_H || _LIBC
# include <limits.h>
#endif
#define MD5_DIGEST_SIZE 16
#define MD5_BLOCK_SIZE 64
/* The following contortions are an attempt to use the C preprocessor
to determine an unsigned integral type that is 32 bits wide. An
alternative approach is to use autoconf's AC_CHECK_SIZEOF macro, but
doing that would require that the configure script compile and *run*
the resulting executable. Locally running cross-compiled executables
is usually not possible. */
#ifdef _LIBC
# include <stdint.h>
typedef uint32_t md5_uint32;
typedef uintptr_t md5_uintptr;
#else
# if defined __STDC__ && __STDC__
# define UINT_MAX_32_BITS 4294967295U
# else
# define UINT_MAX_32_BITS 0xFFFFFFFF
# endif
/* If UINT_MAX isn't defined, assume it's a 32-bit type.
This should be valid for all systems GNU cares about because
that doesn't include 16-bit systems, and only modern systems
(that certainly have <limits.h>) have 64+-bit integral types. */
# ifndef UINT_MAX
# define UINT_MAX UINT_MAX_32_BITS
# endif
# if UINT_MAX == UINT_MAX_32_BITS
typedef unsigned int md5_uint32;
# else
# if USHRT_MAX == UINT_MAX_32_BITS
typedef unsigned short md5_uint32;
# else
# if ULONG_MAX == UINT_MAX_32_BITS
typedef unsigned long md5_uint32;
# else
/* The following line is intended to evoke an error.
Using #error is not portable enough. */
"Cannot determine unsigned 32-bit data type."
# endif
# endif
# endif
/* We have to make a guess about the integer type equivalent in size
to pointers which should always be correct. */
typedef unsigned long int md5_uintptr;
#endif
/* Structure to save state of computation between the single steps. */
struct md5_ctx
{
md5_uint32 A;
md5_uint32 B;
md5_uint32 C;
md5_uint32 D;
md5_uint32 total[2];
md5_uint32 buflen;
char buffer[128] __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
};
/*
* The following three functions are build up the low level used in
* the functions `md5_stream' and `md5_buffer'.
*/
/* Initialize structure containing state of computation.
(RFC 1321, 3.3: Step 3) */
extern void __md5_init_ctx (struct md5_ctx *ctx) __THROW;
/* Starting with the result of former calls of this function (or the
initialization function update the context for the next LEN bytes
starting at BUFFER.
It is necessary that LEN is a multiple of 64!!! */
extern void __md5_process_block (const void *buffer, size_t len,
struct md5_ctx *ctx) __THROW;
/* Starting with the result of former calls of this function (or the
initialization function update the context for the next LEN bytes
starting at BUFFER.
It is NOT required that LEN is a multiple of 64. */
extern void __md5_process_bytes (const void *buffer, size_t len,
struct md5_ctx *ctx) __THROW;
/* Process the remaining bytes in the buffer and put result from CTX
in first 16 bytes following RESBUF. The result is always in little
endian byte order, so that a byte-wise output yields to the wanted
ASCII representation of the message digest.
IMPORTANT: On some systems it is required that RESBUF is correctly
aligned for a 32 bits value. */
extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW;
/* Put result from CTX in first 16 bytes following RESBUF. The result is
always in little endian byte order, so that a byte-wise output yields
to the wanted ASCII representation of the message digest.
IMPORTANT: On some systems it is required that RESBUF is correctly
aligned for a 32 bits value. */
extern void *__md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) __THROW;
/* Compute MD5 message digest for bytes read from STREAM. The
resulting message digest number will be written into the 16 bytes
beginning at RESBLOCK. */
extern int __md5_stream (FILE *stream, void *resblock) __THROW;
/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
result is always in little endian byte order, so that a byte-wise
output yields to the wanted ASCII representation of the message
digest. */
extern void *__md5_buffer (const char *buffer, size_t len,
void *resblock) __THROW;
#endif /* md5.h */
This diff is collapsed.
/*
* Copyright (C) The Internet Society (2001). All Rights Reserved.
*
* This document and translations of it may be copied and furnished to
* others, and derivative works that comment on or otherwise explain it
* or assist in its implementation may be prepared, copied, published
* and distributed, in whole or in part, without restriction of any
* kind, provided that the above copyright notice and this paragraph are
* included on all such copies and derivative works. However, this
* document itself may not be modified in any way, such as by removing
* the copyright notice or references to the Internet Society or other
* Internet organizations, except as needed for the purpose of
* developing Internet standards in which case the procedures for
* copyrights defined in the Internet Standards process must be
* followed, or as required to translate it into languages other than
* English.
*
* The limited permissions granted above are perpetual and will not be
* revoked by the Internet Society or its successors or assigns.
*
* This document and the information contained herein is provided on an
* "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
* TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
* BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
* HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*/
/*
* sha1.h
*
* Description:
* This is the header file for code which implements the Secure
* Hashing Algorithm 1 as defined in FIPS PUB 180-1 published
* April 17, 1995.
*
* Many of the variable names in this code, especially the
* single character names, were used because those were the names
* used in the publication.
*
* Please read the file sha1.c for more information.
*
*/
#ifndef _SHA1_H_
#define _SHA1_H_
#include <stdint.h>
/*
* If you do not have the ISO standard stdint.h header file, then you
* must typdef the following:
* name meaning
* uint32_t unsigned 32 bit integer
* uint8_t unsigned 8 bit integer (i.e., unsigned char)
* int_least16_t integer of >= 16 bits
*
*/
#ifndef _SHA_enum_
#define _SHA_enum_
enum
{
shaSuccess = 0,
shaNull, /* Null pointer parameter */
shaInputTooLong, /* input data too long */
shaStateError /* called Input after Result */
};
#endif
#define SHA1HashSize 20
/*
* This structure will hold context information for the SHA-1
* hashing operation
*/
typedef struct SHA1Context
{
uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
uint32_t Length_Low; /* Message length in bits */
uint32_t Length_High; /* Message length in bits */
/* Index into message block array */
int_least16_t Message_Block_Index;
uint8_t Message_Block[64]; /* 512-bit message blocks */
int Computed; /* Is the digest computed? */
int Corrupted; /* Is the message digest corrupted? */
} SHA1Context;
/*
* Function Prototypes
*/
int SHA1Reset( SHA1Context *);
int SHA1Input( SHA1Context *,
const uint8_t *,
unsigned int);
int SHA1Result( SHA1Context *,
uint8_t Message_Digest[SHA1HashSize]);
#endif
......@@ -3,6 +3,7 @@ AC_INIT(LibVNCServer, 0.9.8, http://sourceforge.net/projects/libvncserver)
AM_INIT_AUTOMAKE(LibVNCServer, 0.9.8)
AM_CONFIG_HEADER(rfbconfig.h)
AX_PREFIX_CONFIG_H([rfb/rfbconfig.h])
AM_SILENT_RULES([yes])
# Checks for programs.
AC_PROG_CC
......@@ -25,6 +26,14 @@ AC_ARG_WITH(tightvnc-filetransfer,
, [ with_tightvnc_filetransfer=yes ])
# AC_DEFINE moved to after libpthread check.
# WebSockets support
AC_CHECK_LIB(resolv, __b64_ntop, HAVE_B64="true", HAVE_B64="false")
AH_TEMPLATE(WITH_WEBSOCKETS, [Disable WebSockets support])
AC_ARG_WITH(websockets,
[ --without-websockets disable WebSockets support],
, [ with_websockets=yes ])
# AC_DEFINE moved to after libresolve check.
AH_TEMPLATE(ALLOW24BPP, [Enable 24 bit per pixel in native framebuffer])
AC_ARG_WITH(24bpp,
[ --without-24bpp disable 24 bpp framebuffers],
......@@ -46,6 +55,82 @@ AM_CONDITIONAL(HAVE_MP3LAME, test "$HAVE_MP3LAME" = "true")
# before it seemed to be inside the with_jpeg conditional.
AC_CHECK_HEADER(thenonexistentheader.h, HAVE_THENONEXISTENTHEADER_H="true")
# set some ld -R nonsense
#
uname_s=`(uname -s) 2>/dev/null`
ld_minus_R="yes"
if test "x$uname_s" = "xHP-UX"; then
ld_minus_R="no"
elif test "x$uname_s" = "xOSF1"; then
ld_minus_R="no"
elif test "x$uname_s" = "xDarwin"; then
ld_minus_R="no"
fi
# Check for OpenSSL
AH_TEMPLATE(HAVE_LIBCRYPT, [libcrypt library present])
AC_ARG_WITH(crypt,
[ --without-crypt disable support for libcrypt],,)
if test "x$with_crypt" != "xno"; then
AC_CHECK_FUNCS([crypt], HAVE_LIBC_CRYPT="true")
if test -z "$HAVE_LIBC_CRYPT"; then
AC_CHECK_LIB(crypt, crypt,
CRYPT_LIBS="-lcrypt"
[AC_DEFINE(HAVE_LIBCRYPT)], ,)
fi
fi
AC_SUBST(CRYPT_LIBS)
# some OS's need both -lssl and -lcrypto on link line:
AH_TEMPLATE(HAVE_LIBCRYPTO, [openssl libcrypto library present])
AC_ARG_WITH(crypto,
[ --without-crypto disable support for openssl libcrypto],,)
AH_TEMPLATE(HAVE_LIBSSL, [openssl libssl library present])
AC_ARG_WITH(ssl,
[ --without-ssl disable support for openssl libssl]
[ --with-ssl=DIR use openssl include/library files in DIR],,)
if test "x$with_crypto" != "xno" -a "x$with_ssl" != "xno"; then
if test ! -z "$with_ssl" -a "x$with_ssl" != "xyes"; then
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
LDFLAGS="$LDFLAGS -L$with_ssl/lib"
if test "x$ld_minus_R" = "xno"; then
:
elif test "x$GCC" = "xyes"; then
LDFLAGS="$LDFLAGS -Xlinker -R$with_ssl/lib"
else
LDFLAGS="$LDFLAGS -R$with_ssl/lib"
fi
fi
AC_CHECK_LIB(crypto, RAND_file_name,
[AC_DEFINE(HAVE_LIBCRYPTO) HAVE_LIBCRYPTO="true"], ,)
if test ! -z "$with_ssl" -a "x$with_ssl" != "xyes"; then
if test "x$HAVE_LIBCRYPTO" != "xtrue"; then
CPPFLAGS="$saved_CPPFLAGS"
LDFLAGS="$saved_LDFLAGS"
fi
fi
fi
AH_TEMPLATE(HAVE_X509_PRINT_EX_FP, [open ssl X509_print_ex_fp available])
if test "x$with_ssl" != "xno"; then
if test "x$HAVE_LIBCRYPTO" = "xtrue"; then
AC_CHECK_LIB(ssl, SSL_library_init,
SSL_LIBS="-lssl -lcrypto"
[AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,
-lcrypto)
else
AC_CHECK_LIB(ssl, SSL_library_init,
SSL_LIBS="-lssl"
[AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,)
fi
fi
AC_SUBST(SSL_LIBS)
AM_CONDITIONAL(HAVE_LIBSSL, test ! -z "$SSL_LIBS")
# Checks for X libraries
HAVE_X11="false"
AC_PATH_XTRA
......@@ -288,97 +373,6 @@ configure again.
sleep 5
fi
# set some ld -R nonsense
#
uname_s=`(uname -s) 2>/dev/null`
ld_minus_R="yes"
if test "x$uname_s" = "xHP-UX"; then
ld_minus_R="no"
elif test "x$uname_s" = "xOSF1"; then
ld_minus_R="no"
elif test "x$uname_s" = "xDarwin"; then
ld_minus_R="no"
fi
AH_TEMPLATE(HAVE_LIBCRYPT, [libcrypt library present])
AC_ARG_WITH(crypt,
[ --without-crypt disable support for libcrypt],,)
if test "x$with_crypt" != "xno"; then
AC_CHECK_FUNCS([crypt], HAVE_LIBC_CRYPT="true")
if test -z "$HAVE_LIBC_CRYPT"; then
AC_CHECK_LIB(crypt, crypt,
CRYPT_LIBS="-lcrypt"
[AC_DEFINE(HAVE_LIBCRYPT)], ,)
fi
fi
AC_SUBST(CRYPT_LIBS)
# some OS's need both -lssl and -lcrypto on link line:
AH_TEMPLATE(HAVE_LIBCRYPTO, [openssl libcrypto library present])
AC_ARG_WITH(crypto,
[ --without-crypto disable support for openssl libcrypto],,)
AH_TEMPLATE(HAVE_LIBSSL, [openssl libssl library present])
AC_ARG_WITH(ssl,
[ --without-ssl disable support for openssl libssl]
[ --with-ssl=DIR use openssl include/library files in DIR],,)
if test "x$with_crypto" != "xno" -a "x$with_ssl" != "xno"; then
if test ! -z "$with_ssl" -a "x$with_ssl" != "xyes"; then
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
LDFLAGS="$LDFLAGS -L$with_ssl/lib"
if test "x$ld_minus_R" = "xno"; then
:
elif test "x$GCC" = "xyes"; then
LDFLAGS="$LDFLAGS -Xlinker -R$with_ssl/lib"
else
LDFLAGS="$LDFLAGS -R$with_ssl/lib"
fi
fi
AC_CHECK_LIB(crypto, RAND_file_name,
[AC_DEFINE(HAVE_LIBCRYPTO) HAVE_LIBCRYPTO="true"], ,)
if test ! -z "$with_ssl" -a "x$with_ssl" != "xyes"; then
if test "x$HAVE_LIBCRYPTO" != "xtrue"; then
CPPFLAGS="$saved_CPPFLAGS"
LDFLAGS="$saved_LDFLAGS"
fi
fi
fi
AH_TEMPLATE(HAVE_X509_PRINT_EX_FP, [open ssl X509_print_ex_fp available])
if test "x$with_ssl" != "xno"; then
if test "x$HAVE_LIBCRYPTO" = "xtrue"; then
AC_CHECK_LIB(ssl, SSL_library_init,
SSL_LIBS="-lssl -lcrypto"
[AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,
-lcrypto)
else
AC_CHECK_LIB(ssl, SSL_library_init,
SSL_LIBS="-lssl"
[AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,)
fi
fi
AC_SUBST(SSL_LIBS)
if test "x$HAVE_LIBSSL" != "xtrue" -a "x$with_ssl" != "xno"; then
AC_MSG_WARN([
==========================================================================
*** The openssl encryption library libssl.so was not found. ***
An x11vnc built this way will not support SSL encryption. To enable
SSL install the necessary development packages (perhaps it is named
something like libssl-dev) and run configure again.
==========================================================================
])
sleep 5
elif test "x$with_ssl" != "xno"; then
AC_CHECK_LIB(ssl, X509_print_ex_fp,
[AC_DEFINE(HAVE_X509_PRINT_EX_FP) HAVE_X509_PRINT_EX_FP="true"], , $SSL_LIBS
)
fi
if test "x$with_v4l" != "xno"; then
AC_CHECK_HEADER(linux/videodev.h,
[AC_DEFINE(HAVE_LINUX_VIDEODEV_H)],,)
......@@ -578,6 +572,60 @@ ftp://ftp.uu.net/graphics/jpeg/
fi
fi
AC_ARG_WITH(png,
[ --without-png disable support for png]
[ --with-png=DIR use png include/library files in DIR],,)
# At this point:
# no png on command line with_png=""
# -with-png with_png="yes"
# -without-png with_png="no"
# -with-png=/foo/dir with_png="/foo/dir"
if test "x$with_png" != "xno"; then
if test ! -z "$with_png" -a "x$with_png" != "xyes"; then
# add user supplied directory to flags:
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
CPPFLAGS="$CPPFLAGS -I$with_png/include"
LDFLAGS="$LDFLAGS -L$with_png/lib"
if test "x$ld_minus_R" = "xno"; then
:
elif test "x$GCC" = "xyes"; then
# this is not complete... in general a rat's nest.
LDFLAGS="$LDFLAGS -Xlinker -R$with_png/lib"
else
LDFLAGS="$LDFLAGS -R$with_png/lib"
fi
fi
AC_CHECK_HEADER(png.h, HAVE_PNGLIB_H="true")
if test "x$HAVE_PNGLIB_H" = "xtrue"; then
AC_CHECK_LIB(png, png_create_write_struct, , HAVE_PNGLIB_H="")
fi
if test ! -z "$with_png" -a "x$with_png" != "xyes"; then
if test "x$HAVE_PNGLIB_H" != "xtrue"; then
# restore old flags on failure:
CPPFLAGS="$saved_CPPFLAGS"
LDFLAGS="$saved_LDFLAGS"
fi
fi
if test "$build_x11vnc" = "yes"; then
if test "x$HAVE_PNGLIB_H" != "xtrue"; then
AC_MSG_WARN([
==========================================================================
*** The libpng compression library was not found. ***
This may lead to reduced performance, especially over slow links.
If libpng is in a non-standard location use --with-png=DIR to
indicate the header file is in DIR/include/png.h and the library
in DIR/lib/libpng.a. A copy of libpng may be obtained from:
http://www.libpng.org/pub/png/libpng.html
==========================================================================
])
sleep 5
fi
fi
fi
AC_ARG_WITH(libz,
[ --without-libz disable support for deflate],,)
AC_ARG_WITH(zlib,
......@@ -652,8 +700,19 @@ if test "x$with_tightvnc_filetransfer" = "xyes"; then
fi
AM_CONDITIONAL(WITH_TIGHTVNC_FILETRANSFER, test "$with_tightvnc_filetransfer" = "yes")
# websockets implemented using base64 from resolve
if test "x$HAVE_B64" != "xtrue"; then
with_websockets=""
fi
if test "x$with_websockets" = "xyes"; then
LIBS="$LIBS -lresolv $SSL_LIBS"
AC_DEFINE(WITH_WEBSOCKETS)
fi
AM_CONDITIONAL(WITH_WEBSOCKETS, test "$with_websockets" = "yes")
AM_CONDITIONAL(HAVE_LIBZ, test ! -z "$HAVE_ZLIB_H")
AM_CONDITIONAL(HAVE_LIBJPEG, test ! -z "$HAVE_JPEGLIB_H")
AM_CONDITIONAL(HAVE_LIBPNG, test ! -z "$HAVE_PNGLIB_H")
SDLCONFIG="sdl-config"
......@@ -720,6 +779,21 @@ if test "x$with_gnutls" != "xno"; then
AC_DEFINE(WITH_CLIENT_TLS)
fi
fi
AM_CONDITIONAL(HAVE_GNUTLS, test ! -z "$GNUTLS_LIBS")
# warn if neither GnuTLS nor OpenSSL are available
if test -z "$SSL_LIBS" -a -z "$GNUTLS_LIBS"; then
AC_MSG_WARN([
==========================================================================
*** No encryption library could be found. ***
A libvncserver/libvncclient built this way will not support SSL encryption.
To enable SSL install the necessary development packages (perhaps it is named
something like libssl-dev or gnutls-dev) and run configure again.
==========================================================================
])
sleep 5
fi
# IPv6
AH_TEMPLATE(IPv6, [Enable IPv6 support])
......
......@@ -12,6 +12,23 @@ TIGHTVNCFILETRANSFERSRCS = tightvnc-filetransfer/rfbtightserver.c \
tightvnc-filetransfer/filelistinfo.c
endif
if WITH_WEBSOCKETS
if HAVE_LIBSSL
WEBSOCKETSSSLSRCS = rfbssl_openssl.c rfbcrypto_openssl.c
WEBSOCKETSSSLLIBS = @SSL_LIBS@ @CRYPT_LIBS@
else
if HAVE_GNUTLS
WEBSOCKETSSSLSRCS = rfbssl_gnutls.c rfbcrypto_gnutls.c
WEBSOCKETSSSLLIBS = @GNUTLS_LIBS@
else
WEBSOCKETSSSLSRCS = rfbssl_none.c rfbcrypto_included.c ../common/md5.c ../common/sha1.c
endif
endif
WEBSOCKETSSRCS = websockets.c $(WEBSOCKETSSSLSRCS)
endif
includedir=$(prefix)/include/rfb
#include_HEADERS=rfb.h rfbconfig.h rfbint.h rfbproto.h keysym.h rfbregion.h
......@@ -29,17 +46,22 @@ EXTRA_DIST=tableinit24.c tableinittctemplate.c tabletranstemplate.c \
if HAVE_LIBZ
ZLIBSRCS = zlib.c zrle.c zrleoutstream.c zrlepalettehelper.c ../common/zywrletemplate.c
if HAVE_LIBJPEG
JPEGSRCS = tight.c
TIGHTSRCS = tight.c
else
if HAVE_LIBPNG
TIGHTSRCS = tight.c
endif
endif
endif
LIB_SRCS = main.c rfbserver.c rfbregion.c auth.c sockets.c \
LIB_SRCS = main.c rfbserver.c rfbregion.c auth.c sockets.c $(WEBSOCKETSSRCS) \
stats.c corre.c hextile.c rre.c translate.c cutpaste.c \
httpd.c cursor.c font.c \
draw.c selbox.c ../common/d3des.c ../common/vncauth.c cargs.c ../common/minilzo.c ultra.c scale.c \
$(ZLIBSRCS) $(JPEGSRCS) $(TIGHTVNCFILETRANSFERSRCS)
$(ZLIBSRCS) $(TIGHTSRCS) $(TIGHTVNCFILETRANSFERSRCS)
libvncserver_la_SOURCES=$(LIB_SRCS)
libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS)
lib_LTLIBRARIES=libvncserver.la
......
......@@ -163,6 +163,20 @@ rfbProcessArguments(rfbScreenInfoPtr rfbScreen,int* argc, char *argv[])
if (! rfbStringToAddr(argv[++i], &(rfbScreen->listenInterface))) {
return FALSE;
}
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
} else if (strcmp(argv[i], "-sslkeyfile") == 0) { /* -sslkeyfile sslkeyfile */
if (i + 1 >= *argc) {
rfbUsage();
return FALSE;
}
rfbScreen->sslkeyfile = argv[++i];
} else if (strcmp(argv[i], "-sslcertfile") == 0) { /* -sslcertfile sslcertfile */
if (i + 1 >= *argc) {
rfbUsage();
return FALSE;
}
rfbScreen->sslcertfile = argv[++i];
#endif
} else {
rfbProtocolExtension* extension;
int handled=0;
......
#ifndef _RFB_CRYPTO_H
#define _RFB_CRYPTO_H 1
#include <sys/uio.h>
#define SHA1_HASH_SIZE 20
#define MD5_HASH_SIZE 16
void digestmd5(const struct iovec *iov, int iovcnt, void *dest);
void digestsha1(const struct iovec *iov, int iovcnt, void *dest);
#endif
/*
* rfbcrypto_gnutls.c - Crypto wrapper (gnutls version)
*/
/*
* Copyright (C) 2011 Gernot Tenchio
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#include <string.h>
#include <gcrypt.h>
#include "rfbcrypto.h"
void digestmd5(const struct iovec *iov, int iovcnt, void *dest)
{
gcry_md_hd_t c;
int i;
gcry_md_open(&c, GCRY_MD_MD5, 0);
for (i = 0; i < iovcnt; i++)
gcry_md_write(c, iov[i].iov_base, iov[i].iov_len);
gcry_md_final(c);
memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_MD5));
}
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
{
gcry_md_hd_t c;
int i;
gcry_md_open(&c, GCRY_MD_SHA1, 0);
for (i = 0; i < iovcnt; i++)
gcry_md_write(c, iov[i].iov_base, iov[i].iov_len);
gcry_md_final(c);
memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_SHA1));
}
/*
* rfbcrypto_included.c - Crypto wrapper (included version)
*/
/*
* Copyright (C) 2011 Gernot Tenchio
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#include <string.h>
#include "md5.h"
#include "sha1.h"
#include "rfbcrypto.h"
void digestmd5(const struct iovec *iov, int iovcnt, void *dest)
{
struct md5_ctx c;
int i;
__md5_init_ctx(&c);
for (i = 0; i < iovcnt; i++)
__md5_process_bytes(iov[i].iov_base, iov[i].iov_len, &c);
__md5_finish_ctx(&c, dest);
}
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
{
SHA1Context c;
int i;
SHA1Reset(&c);
for (i = 0; i < iovcnt; i++)
SHA1Input(&c, iov[i].iov_base, iov[i].iov_len);
SHA1Result(&c, dest);
}
/*
* rfbcrypto_openssl.c - Crypto wrapper (openssl version)
*/
/*
* Copyright (C) 2011 Gernot Tenchio
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#include <string.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include "rfbcrypto.h"
void digestmd5(const struct iovec *iov, int iovcnt, void *dest)
{
MD5_CTX c;
int i;
MD5_Init(&c);
for (i = 0; i < iovcnt; i++)
MD5_Update(&c, iov[i].iov_base, iov[i].iov_len);
MD5_Final(dest, &c);
}
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
{
SHA_CTX c;
int i;
SHA1_Init(&c);
for (i = 0; i < iovcnt; i++)
SHA1_Update(&c, iov[i].iov_base, iov[i].iov_len);
SHA1_Final(dest, &c);
}
#include <string.h>
#include <polarssl/md5.h>
#include <polarssl/sha1.h>
#include "rfbcrypto.h"
void digestmd5(const struct iovec *iov, int iovcnt, void *dest)
{
md5_context c;
int i;
md5_starts(&c);
for (i = 0; i < iovcnt; i++)
md5_update(&c, iov[i].iov_base, iov[i].iov_len);
md5_finish(&c, dest);
}
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
{
sha1_context c;
int i;
sha1_starts(&c);
for (i = 0; i < iovcnt; i++)
sha1_update(&c, iov[i].iov_base, iov[i].iov_len);
sha1_finish(&c, dest);
}
......@@ -73,6 +73,10 @@
/* strftime() */
#include <time.h>
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
#include "rfbssl.h"
#endif
#ifdef __MINGW32__
static int compat_mkdir(const char *path, int mode)
{
......@@ -358,10 +362,12 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
rfbScreen->clientHead = cl;
UNLOCK(rfbClientListMutex);
#ifdef LIBVNCSERVER_HAVE_LIBZ
#if defined(LIBVNCSERVER_HAVE_LIBZ) || defined(LIBVNCSERVER_HAVE_LIBPNG)
cl->tightQualityLevel = -1;
#ifdef LIBVNCSERVER_HAVE_LIBJPEG
#if defined(LIBVNCSERVER_HAVE_LIBJPEG) || defined(LIBVNCSERVER_HAVE_LIBPNG)
cl->tightCompressLevel = TIGHT_DEFAULT_COMPRESSION;
#endif
#ifdef LIBVNCSERVER_HAVE_LIBJPEG
{
int i;
for (i = 0; i < 4; i++)
......@@ -402,6 +408,20 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
cl->lastPtrX = -1;
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
/*
* Wait a few ms for the client to send one of:
* - Flash policy request
* - WebSockets connection (TLS/SSL or plain)
*/
if (!webSocketsCheck(cl)) {
/* Error reporting handled in webSocketsHandshake */
rfbCloseClient(cl);
rfbClientConnectionGone(cl);
return NULL;
}
#endif
sprintf(pv,rfbProtocolVersionFormat,rfbScreen->protocolMajorVersion,
rfbScreen->protocolMinorVersion);
......@@ -917,6 +937,9 @@ rfbSendSupportedEncodings(rfbClientPtr cl)
#endif
#ifdef LIBVNCSERVER_HAVE_LIBJPEG
rfbEncodingTight,
#endif
#ifdef LIBVNCSERVER_HAVE_LIBPNG
rfbEncodingTightPng,
#endif
rfbEncodingUltra,
rfbEncodingUltraZip,
......@@ -1812,6 +1835,11 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
char encBuf[64];
char encBuf2[64];
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
if (cl->wsctx && webSocketCheckDisconnect(cl))
return;
#endif
if ((n = rfbReadExact(cl, (char *)&msg, 1)) <= 0) {
if (n != 0)
rfbLogPerror("rfbProcessClientNormalMessage: read");
......@@ -1937,6 +1965,9 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
#ifdef LIBVNCSERVER_HAVE_LIBJPEG
case rfbEncodingTight:
#endif
#endif
#ifdef LIBVNCSERVER_HAVE_LIBPNG
case rfbEncodingTightPng:
#endif
/* The first supported encoding is the 'preferred' encoding */
if (cl->preferredEncoding == -1)
......@@ -2026,11 +2057,11 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
}
break;
default:
#ifdef LIBVNCSERVER_HAVE_LIBZ
#if defined(LIBVNCSERVER_HAVE_LIBZ) || defined(LIBVNCSERVER_HAVE_LIBPNG)
if ( enc >= (uint32_t)rfbEncodingCompressLevel0 &&
enc <= (uint32_t)rfbEncodingCompressLevel9 ) {
cl->zlibCompressLevel = enc & 0x0F;
#ifdef LIBVNCSERVER_HAVE_LIBJPEG
#if defined(LIBVNCSERVER_HAVE_LIBJPEG) || defined(LIBVNCSERVER_HAVE_LIBPNG)
cl->tightCompressLevel = enc & 0x0F;
rfbLog("Using compression level %d for client %s\n",
cl->tightCompressLevel, cl->host);
......@@ -2754,6 +2785,28 @@ rfbSendFramebufferUpdate(rfbClientPtr cl,
}
sraRgnReleaseIterator(i); i=NULL;
#endif
#endif
#ifdef LIBVNCSERVER_HAVE_LIBPNG
} else if (cl->preferredEncoding == rfbEncodingTightPng) {
nUpdateRegionRects = 0;
for(i = sraRgnGetIterator(updateRegion); sraRgnIteratorNext(i,&rect);){
int x = rect.x1;
int y = rect.y1;
int w = rect.x2 - x;
int h = rect.y2 - y;
int n;
/* We need to count the number of rects in the scaled screen */
if (cl->screen!=cl->scaledScreen)
rfbScaledCorrection(cl->screen, cl->scaledScreen, &x, &y, &w, &h, "rfbSendFramebufferUpdate");
n = rfbNumCodedRectsTight(cl, x, y, w, h);
if (n == 0) {
nUpdateRegionRects = 0xFFFF;
break;
}
nUpdateRegionRects += n;
}
sraRgnReleaseIterator(i); i=NULL;
#endif
} else {
nUpdateRegionRects = sraRgnCountRects(updateRegion);
......@@ -2773,6 +2826,10 @@ rfbSendFramebufferUpdate(rfbClientPtr cl,
/* Tight encoding counts the rectangles differently */
&& cl->preferredEncoding != rfbEncodingTight
#endif
#endif
#ifdef LIBVNCSERVER_HAVE_LIBPNG
/* Tight encoding counts the rectangles differently */
&& cl->preferredEncoding != rfbEncodingTightPng
#endif
&& nUpdateRegionRects>cl->screen->maxRectsPerUpdate) {
sraRegion* newUpdateRegion = sraRgnBBox(updateRegion);
......@@ -2868,6 +2925,12 @@ rfbSendFramebufferUpdate(rfbClientPtr cl,
break;
#endif
#endif
#ifdef LIBVNCSERVER_HAVE_LIBPNG
case rfbEncodingTightPng:
if (!rfbSendRectEncodingTightPng(cl, x, y, w, h))
goto updateFailed;
break;
#endif
#ifdef LIBVNCSERVER_HAVE_LIBZ
case rfbEncodingZRLE:
case rfbEncodingZYWRLE:
......
#ifndef _VNCSSL_H
#define _VNCSSL_H 1
#include "rfb/rfb.h"
#include "rfb/rfbconfig.h"
int rfbssl_init(rfbClientPtr cl);
int rfbssl_pending(rfbClientPtr cl);
int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize);
int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize);
int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize);
void rfbssl_destroy(rfbClientPtr cl);
#endif /* _VNCSSL_H */
/*
* rfbssl_gnutls.c - Secure socket funtions (gnutls version)
*/
/*
* Copyright (C) 2011 Gernot Tenchio
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#include "rfbssl.h"
#include <gnutls/gnutls.h>
#include <errno.h>
struct rfbssl_ctx {
char peekbuf[2048];
int peeklen;
int peekstart;
gnutls_session_t session;
gnutls_certificate_credentials_t x509_cred;
gnutls_dh_params_t dh_params;
#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH
gnutls_rsa_params_t rsa_params;
#endif
};
void rfbssl_log_func(int level, const char *msg)
{
rfbErr("SSL: %s", msg);
}
static void rfbssl_error(const char *msg, int e)
{
rfbErr("%s: %s (%ld)\n", msg, gnutls_strerror(e), e);
}
static int rfbssl_init_session(struct rfbssl_ctx *ctx, int fd)
{
gnutls_session_t session;
int ret;
if (!GNUTLS_E_SUCCESS == (ret = gnutls_init(&session, GNUTLS_SERVER))) {
/* */
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_priority_set_direct(session, "EXPORT", NULL))) {
/* */
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->x509_cred))) {
/* */
} else {
gnutls_session_enable_compatibility_mode(session);
gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t)(uintptr_t)fd);
ctx->session = session;
}
return ret;
}
static int generate_dh_params(struct rfbssl_ctx *ctx)
{
int ret;
if (GNUTLS_E_SUCCESS == (ret = gnutls_dh_params_init(&ctx->dh_params)))
ret = gnutls_dh_params_generate2(ctx->dh_params, 1024);
return ret;
}
#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH
static int generate_rsa_params(struct rfbssl_ctx *ctx)
{
int ret;
if (GNUTLS_E_SUCCESS == (ret = gnutls_rsa_params_init(&ctx->rsa_params)))
ret = gnutls_rsa_params_generate2(ctx->rsa_params, 512);
return ret;
}
#endif
struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert)
{
int ret = GNUTLS_E_SUCCESS;
struct rfbssl_ctx *ctx = NULL;
if (NULL == (ctx = malloc(sizeof(struct rfbssl_ctx)))) {
ret = GNUTLS_E_MEMORY_ERROR;
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_global_init())) {
/* */
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_allocate_credentials(&ctx->x509_cred))) {
/* */
} else if ((ret = gnutls_certificate_set_x509_trust_file(ctx->x509_cred, cert, GNUTLS_X509_FMT_PEM)) < 0) {
/* */
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_set_x509_key_file(ctx->x509_cred, cert, key, GNUTLS_X509_FMT_PEM))) {
/* */
} else if (!GNUTLS_E_SUCCESS == (ret = generate_dh_params(ctx))) {
/* */
#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH
} else if (!GNUTLS_E_SUCCESS == (ret = generate_rsa_params(ctx))) {
/* */
#endif
} else {
gnutls_global_set_log_function(rfbssl_log_func);
gnutls_global_set_log_level(1);
gnutls_certificate_set_dh_params(ctx->x509_cred, ctx->dh_params);
return ctx;
}
free(ctx);
return NULL;
}
int rfbssl_init(rfbClientPtr cl)
{
int ret = -1;
struct rfbssl_ctx *ctx;
char *keyfile;
if (!(keyfile = cl->screen->sslkeyfile))
keyfile = cl->screen->sslcertfile;
if (NULL == (ctx = rfbssl_init_global(keyfile, cl->screen->sslcertfile))) {
/* */
} else if (GNUTLS_E_SUCCESS != (ret = rfbssl_init_session(ctx, cl->sock))) {
/* */
} else {
while (GNUTLS_E_SUCCESS != (ret = gnutls_handshake(ctx->session))) {
if (ret == GNUTLS_E_AGAIN)
continue;
break;
}
}
if (ret != GNUTLS_E_SUCCESS) {
rfbssl_error(__func__, ret);
} else {
cl->sslctx = (rfbSslCtx *)ctx;
rfbLog("%s protocol initialized\n", gnutls_protocol_get_name(gnutls_protocol_get_version(ctx->session)));
}
return ret;
}
static int rfbssl_do_read(rfbClientPtr cl, char *buf, int bufsize)
{
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
int ret;
while ((ret = gnutls_record_recv(ctx->session, buf, bufsize)) < 0) {
if (ret == GNUTLS_E_AGAIN) {
/* continue */
} else if (ret == GNUTLS_E_INTERRUPTED) {
/* continue */
} else {
break;
}
}
if (ret < 0) {
rfbssl_error(__func__, ret);
errno = EIO;
ret = -1;
}
return ret < 0 ? -1 : ret;
}
int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize)
{
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
int ret;
while ((ret = gnutls_record_send(ctx->session, buf, bufsize)) < 0) {
if (ret == GNUTLS_E_AGAIN) {
/* continue */
} else if (ret == GNUTLS_E_INTERRUPTED) {
/* continue */
} else {
break;
}
}
if (ret < 0)
rfbssl_error(__func__, ret);
return ret;
}
static void rfbssl_gc_peekbuf(struct rfbssl_ctx *ctx, int bufsize)
{
if (ctx->peekstart) {
int spaceleft = sizeof(ctx->peekbuf) - ctx->peeklen - ctx->peekstart;
if (spaceleft < bufsize) {
memmove(ctx->peekbuf, ctx->peekbuf + ctx->peekstart, ctx->peeklen);
ctx->peekstart = 0;
}
}
}
static int __rfbssl_read(rfbClientPtr cl, char *buf, int bufsize, int peek)
{
int ret = 0;
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
rfbssl_gc_peekbuf(ctx, bufsize);
if (ctx->peeklen) {
/* If we have any peek data, simply return that. */
ret = bufsize < ctx->peeklen ? bufsize : ctx->peeklen;
memcpy (buf, ctx->peekbuf + ctx->peekstart, ret);
if (!peek) {
ctx->peeklen -= ret;
if (ctx->peeklen != 0)
ctx->peekstart += ret;
else
ctx->peekstart = 0;
}
}
if (ret < bufsize) {
int n;
/* read the remaining data */
if ((n = rfbssl_do_read(cl, buf + ret, bufsize - ret)) <= 0) {
rfbErr("rfbssl_%s: %s error\n", __func__, peek ? "peek" : "read");
return n;
}
if (peek) {
memcpy(ctx->peekbuf + ctx->peekstart + ctx->peeklen, buf + ret, n);
ctx->peeklen += n;
}
ret += n;
}
return ret;
}
int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize)
{
return __rfbssl_read(cl, buf, bufsize, 0);
}
int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize)
{
return __rfbssl_read(cl, buf, bufsize, 1);
}
int rfbssl_pending(rfbClientPtr cl)
{
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
int ret = ctx->peeklen;
if (ret <= 0)
ret = gnutls_record_check_pending(ctx->session);
return ret;
}
void rfbssl_destroy(rfbClientPtr cl)
{
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
gnutls_bye(ctx->session, GNUTLS_SHUT_WR);
gnutls_deinit(ctx->session);
gnutls_certificate_free_credentials(ctx->x509_cred);
}
/*
* rfbssl_none.c - Secure socket functions (fallback to failing)
*/
/*
* Copyright (C) 2011 Johannes Schindelin
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#include "rfbssl.h"
struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert)
{
return NULL;
}
int rfbssl_init(rfbClientPtr cl)
{
return -1;
}
int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize)
{
return -1;
}
int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize)
{
return -1;
}
int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize)
{
return -1;
}
int rfbssl_pending(rfbClientPtr cl)
{
return -1;
}
void rfbssl_destroy(rfbClientPtr cl)
{
}
/*
* rfbssl_openssl.c - Secure socket funtions (openssl version)
*/
/*
* Copyright (C) 2011 Gernot Tenchio
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#include "rfbssl.h"
#include <openssl/ssl.h>
#include <openssl/err.h>
struct rfbssl_ctx {
SSL_CTX *ssl_ctx;
SSL *ssl;
};
static void rfbssl_error(void)
{
char buf[1024];
unsigned long e = ERR_get_error();
rfbErr("%s (%ld)\n", ERR_error_string(e, buf), e);
}
int rfbssl_init(rfbClientPtr cl)
{
char *keyfile;
int r, ret = -1;
struct rfbssl_ctx *ctx;
SSL_library_init();
SSL_load_error_strings();
if (cl->screen->sslkeyfile && *cl->screen->sslkeyfile) {
keyfile = cl->screen->sslkeyfile;
} else {
keyfile = cl->screen->sslcertfile;
}
if (NULL == (ctx = malloc(sizeof(struct rfbssl_ctx)))) {
rfbErr("OOM\n");
} else if (!cl->screen->sslcertfile || !cl->screen->sslcertfile[0]) {
rfbErr("SSL connection but no cert specified\n");
} else if (NULL == (ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method()))) {
rfbssl_error();
} else if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, keyfile, SSL_FILETYPE_PEM) <= 0) {
rfbErr("Unable to load private key file %s\n", keyfile);
} else if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, cl->screen->sslcertfile, SSL_FILETYPE_PEM) <= 0) {
rfbErr("Unable to load certificate file %s\n", cl->screen->sslcertfile);
} else if (NULL == (ctx->ssl = SSL_new(ctx->ssl_ctx))) {
rfbErr("SSL_new failed\n");
rfbssl_error();
} else if (!(SSL_set_fd(ctx->ssl, cl->sock))) {
rfbErr("SSL_set_fd failed\n");
rfbssl_error();
} else {
while ((r = SSL_accept(ctx->ssl)) < 0) {
if (SSL_get_error(ctx->ssl, r) != SSL_ERROR_WANT_READ)
break;
}
if (r < 0) {
rfbErr("SSL_accept failed %d\n", SSL_get_error(ctx->ssl, r));
} else {
cl->sslctx = (rfbSslCtx *)ctx;
ret = 0;
}
}
return ret;
}
int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize)
{
int ret;
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
while ((ret = SSL_write(ctx->ssl, buf, bufsize)) <= 0) {
if (SSL_get_error(ctx->ssl, ret) != SSL_ERROR_WANT_WRITE)
break;
}
return ret;
}
int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize)
{
int ret;
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
while ((ret = SSL_peek(ctx->ssl, buf, bufsize)) <= 0) {
if (SSL_get_error(ctx->ssl, ret) != SSL_ERROR_WANT_READ)
break;
}
return ret;
}
int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize)
{
int ret;
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
while ((ret = SSL_read(ctx->ssl, buf, bufsize)) <= 0) {
if (SSL_get_error(ctx->ssl, ret) != SSL_ERROR_WANT_READ)
break;
}
return ret;
}
int rfbssl_pending(rfbClientPtr cl)
{
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
return SSL_pending(ctx->ssl);
}
void rfbssl_destroy(rfbClientPtr cl)
{
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
if (ctx->ssl)
SSL_free(ctx->ssl);
if (ctx->ssl_ctx)
SSL_CTX_free(ctx->ssl_ctx);
}
......@@ -62,6 +62,10 @@
#include <unistd.h>
#endif
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
#include "rfbssl.h"
#endif
#if defined(__linux__) && defined(NEED_TIMEVAL)
struct timeval
{
......@@ -392,6 +396,11 @@ rfbCloseClient(rfbClientPtr cl)
while(cl->screen->maxFd>0
&& !FD_ISSET(cl->screen->maxFd,&(cl->screen->allFds)))
cl->screen->maxFd--;
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
if (cl->sslctx)
rfbssl_destroy(cl);
free(cl->wspath);
#endif
#ifndef __MINGW32__
shutdown(cl->sock,SHUT_RDWR);
#endif
......@@ -457,7 +466,17 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
struct timeval tv;
while (len > 0) {
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
if (cl->wsctx) {
n = webSocketsDecode(cl, buf, len);
} else if (cl->sslctx) {
n = rfbssl_read(cl, buf, len);
} else {
n = read(sock, buf, len);
}
#else
n = read(sock, buf, len);
#endif
if (n > 0) {
......@@ -482,6 +501,12 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
return n;
}
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
if (cl->sslctx) {
if (rfbssl_pending(cl))
continue;
}
#endif
FD_ZERO(&fds);
FD_SET(sock, &fds);
tv.tv_sec = timeout / 1000;
......@@ -492,6 +517,7 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
return n;
}
if (n == 0) {
rfbErr("ReadExact: select timeout\n");
errno = ETIMEDOUT;
return -1;
}
......@@ -517,6 +543,82 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len)
return(rfbReadExactTimeout(cl,buf,len,rfbMaxClientWait));
}
/*
* PeekExact peeks at an exact number of bytes from a client. Returns 1 if
* those bytes have been read, 0 if the other end has closed, or -1 if an
* error occurred (errno is set to ETIMEDOUT if it timed out).
*/
int
rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
{
int sock = cl->sock;
int n;
fd_set fds;
struct timeval tv;
while (len > 0) {
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
if (cl->sslctx)
n = rfbssl_peek(cl, buf, len);
else
#endif
n = recv(sock, buf, len, MSG_PEEK);
if (n == len) {
break;
} else if (n == 0) {
return 0;
} else {
#ifdef WIN32
errno = WSAGetLastError();
#endif
if (errno == EINTR)
continue;
#ifdef LIBVNCSERVER_ENOENT_WORKAROUND
if (errno != ENOENT)
#endif
if (errno != EWOULDBLOCK && errno != EAGAIN) {
return n;
}
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
if (cl->sslctx) {
if (rfbssl_pending(cl))
continue;
}
#endif
FD_ZERO(&fds);
FD_SET(sock, &fds);
tv.tv_sec = timeout / 1000;
tv.tv_usec = (timeout % 1000) * 1000;
n = select(sock+1, &fds, NULL, &fds, &tv);
if (n < 0) {
rfbLogPerror("PeekExact: select");
return n;
}
if (n == 0) {
errno = ETIMEDOUT;
return -1;
}
}
}
#undef DEBUG_READ_EXACT
#ifdef DEBUG_READ_EXACT
rfbLog("PeekExact %d bytes\n",len);
for(n=0;n<len;n++)
fprintf(stderr,"%02x ",(unsigned char)buf[n]);
fprintf(stderr,"\n");
#endif
return 1;
}
/*
* WriteExact writes an exact number of bytes to a client. Returns 1 if
* those bytes have been written, or -1 if an error occurred (errno is set to
......@@ -543,8 +645,24 @@ rfbWriteExact(rfbClientPtr cl,
fprintf(stderr,"\n");
#endif
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
if (cl->wsctx) {
char *tmp = NULL;
if ((len = webSocketsEncode(cl, buf, len, &tmp)) < 0) {
rfbErr("WriteExact: WebSockets encode error\n");
return -1;
}
buf = tmp;
}
#endif
LOCK(cl->outputMutex);
while (len > 0) {
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
if (cl->sslctx)
n = rfbssl_write(cl, buf, len);
else
#endif
n = write(sock, buf, len);
if (n > 0) {
......
......@@ -100,6 +100,7 @@ char *encodingName(uint32_t type, char *buf, int len) {
case rfbEncodingHextile: snprintf(buf, len, "hextile"); break;
case rfbEncodingZlib: snprintf(buf, len, "zlib"); break;
case rfbEncodingTight: snprintf(buf, len, "tight"); break;
case rfbEncodingTightPng: snprintf(buf, len, "tightPng"); break;
case rfbEncodingZlibHex: snprintf(buf, len, "zlibhex"); break;
case rfbEncodingUltra: snprintf(buf, len, "ultra"); break;
case rfbEncodingZRLE: snprintf(buf, len, "ZRLE"); break;
......
This diff is collapsed.
This diff is collapsed.
......@@ -373,6 +373,10 @@ typedef struct _rfbScreenInfo
rfbDisplayFinishedHookPtr displayFinishedHook;
/** xvpHook is called to handle an xvp client message */
rfbXvpHookPtr xvpHook;
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
char *sslkeyfile;
char *sslcertfile;
#endif
} rfbScreenInfo, *rfbScreenInfoPtr;
......@@ -419,6 +423,9 @@ typedef struct _rfbStatList {
struct _rfbStatList *Next;
} rfbStatList;
typedef struct _rfbSslCtx rfbSslCtx;
typedef struct _wsCtx wsCtx;
typedef struct _rfbClientRec {
/** back pointer to the screen */
......@@ -547,7 +554,9 @@ typedef struct _rfbClientRec {
struct z_stream_s compStream;
rfbBool compStreamInited;
uint32_t zlibCompressLevel;
/** the quality level is also used by ZYWRLE */
#endif
#if defined(LIBVNCSERVER_HAVE_LIBZ) || defined(LIBVNCSERVER_HAVE_LIBPNG)
/** the quality level is also used by ZYWRLE and TightPng */
int tightQualityLevel;
#ifdef LIBVNCSERVER_HAVE_LIBJPEG
......@@ -555,6 +564,8 @@ typedef struct _rfbClientRec {
z_stream zsStruct[4];
rfbBool zsActive[4];
int zsLevel[4];
#endif
#if defined(LIBVNCSERVER_HAVE_LIBJPEG) || defined(LIBVNCSERVER_HAVE_LIBPNG)
int tightCompressLevel;
#endif
#endif
......@@ -629,6 +640,15 @@ typedef struct _rfbClientRec {
char *afterEncBuf;
int afterEncBufSize;
int afterEncBufLen;
#if defined(LIBVNCSERVER_HAVE_LIBZ) || defined(LIBVNCSERVER_HAVE_LIBPNG)
uint32_t tightEncoding; /* rfbEncodingTight or rfbEncodingTightPng */
#endif
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
rfbSslCtx *sslctx;
wsCtx *wsctx;
char *wspath; /* Requests path component */
#endif
} rfbClientRec, *rfbClientPtr;
/**
......@@ -681,6 +701,7 @@ extern void rfbDisconnectUDPSock(rfbScreenInfoPtr rfbScreen);
extern void rfbCloseClient(rfbClientPtr cl);
extern int rfbReadExact(rfbClientPtr cl, char *buf, int len);
extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
extern int rfbPeekExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
extern int rfbWriteExact(rfbClientPtr cl, const char *buf, int len);
extern int rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec);
extern int rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
......@@ -690,6 +711,15 @@ extern int rfbListenOnUDPPort(int port, in_addr_t iface);
extern int rfbStringToAddr(char* string,in_addr_t* addr);
extern rfbBool rfbSetNonBlocking(int sock);
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
/* websockets.c */
extern rfbBool webSocketsCheck(rfbClientPtr cl);
extern rfbBool webSocketCheckDisconnect(rfbClientPtr cl);
extern int webSocketsEncode(rfbClientPtr cl, const char *src, int len, char **dst);
extern int webSocketsDecode(rfbClientPtr cl, char *dst, int len);
#endif
/* rfbserver.c */
/* Routines to iterate over the client list in a thread-safe way.
......@@ -805,7 +835,7 @@ extern rfbBool rfbSendRectEncodingUltra(rfbClientPtr cl, int x,int y,int w,int h
extern rfbBool rfbSendRectEncodingZlib(rfbClientPtr cl, int x, int y, int w,
int h);
#ifdef LIBVNCSERVER_HAVE_LIBJPEG
#if defined(LIBVNCSERVER_HAVE_LIBJPEG) || defined(LIBVNCSERVER_HAVE_LIBPNG)
/* tight.c */
#define TIGHT_DEFAULT_COMPRESSION 6
......@@ -813,7 +843,13 @@ extern rfbBool rfbSendRectEncodingZlib(rfbClientPtr cl, int x, int y, int w,
extern rfbBool rfbTightDisableGradient;
extern int rfbNumCodedRectsTight(rfbClientPtr cl, int x,int y,int w,int h);
#if defined(LIBVNCSERVER_HAVE_LIBJPEG)
extern rfbBool rfbSendRectEncodingTight(rfbClientPtr cl, int x,int y,int w,int h);
#endif
#if defined(LIBVNCSERVER_HAVE_LIBPNG)
extern rfbBool rfbSendRectEncodingTightPng(rfbClientPtr cl, int x,int y,int w,int h);
#endif
#endif
#endif
......
......@@ -18,6 +18,9 @@
/* Define to 1 if you have the `jpeg' library (-ljpeg). */
#cmakedefine LIBVNCSERVER_HAVE_LIBJPEG 1
/* Define if you have the `png' library (-lpng). */
#cmakedefine LIBVNCSERVER_HAVE_LIBPNG 1
/* Define to 1 if you have the `pthread' library (-lpthread). */
#cmakedefine LIBVNCSERVER_HAVE_LIBPTHREAD 1
......@@ -60,6 +63,9 @@
/* Define to 1 if GnuTLS is present */
#cmakedefine LIBVNCSERVER_WITH_CLIENT_TLS 1
/* Define to 1 to build with websockets */
#cmakedefine LIBVNCSERVER_WITH_WEBSOCKETS 1
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#cmakedefine LIBVNCSERVER_WORDS_BIGENDIAN 1
......
......@@ -434,6 +434,7 @@ typedef struct {
#define rfbEncodingHextile 5
#define rfbEncodingZlib 6
#define rfbEncodingTight 7
#define rfbEncodingTightPng 0xFFFFFEFC /* -260 */
#define rfbEncodingZlibHex 8
#define rfbEncodingUltra 9
#define rfbEncodingZRLE 16
......@@ -704,7 +705,10 @@ typedef struct {
#ifdef LIBVNCSERVER_HAVE_LIBZ
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* Tight Encoding.
* Tight and TightPng Encoding.
*
*-- TightPng is like Tight but basic compression is not used, instead PNG
* data is sent.
*
*-- The first byte of each Tight-encoded rectangle is a "compression control
* byte". Its format is as follows (bit 0 is the least significant one):
......@@ -715,8 +719,9 @@ typedef struct {
* bit 3: if 1, then compression stream 3 should be reset;
* bits 7-4: if 1000 (0x08), then the compression type is "fill",
* if 1001 (0x09), then the compression type is "jpeg",
* if 1001 (0x0A), then the compression type is "png",
* if 0xxx, then the compression type is "basic",
* values greater than 1001 are not valid.
* values greater than 1010 are not valid.
*
* If the compression type is "basic", then bits 6..4 of the
* compression control byte (those xxx in 0xxx) specify the following:
......@@ -726,17 +731,17 @@ typedef struct {
* bit 6: if 1, then a "filter id" byte is following this byte.
*
*-- The data that follows after the compression control byte described
* above depends on the compression type ("fill", "jpeg" or "basic").
* above depends on the compression type ("fill", "jpeg", "png" or "basic").
*
*-- If the compression type is "fill", then the only pixel value follows, in
* client pixel format (see NOTE 1). This value applies to all pixels of the
* rectangle.
*
*-- If the compression type is "jpeg", the following data stream looks like
* this:
*-- If the compression type is "jpeg" or "png", the following data stream
* looks like this:
*
* 1..3 bytes: data size (N) in compact representation;
* N bytes: JPEG image.
* N bytes: JPEG or PNG image.
*
* Data size is compactly represented in one, two or three bytes, according
* to the following scheme:
......@@ -817,7 +822,7 @@ typedef struct {
*-- NOTE 2. The decoder must reset compression streams' states before
* decoding the rectangle, if some of bits 0,1,2,3 in the compression control
* byte are set to 1. Note that the decoder must reset zlib streams even if
* the compression type is "fill" or "jpeg".
* the compression type is "fill", "jpeg" or "png".
*
*-- NOTE 3. The "gradient" filter and "jpeg" compression may be used only
* when bits-per-pixel value is either 16 or 32, not 8.
......@@ -831,7 +836,8 @@ typedef struct {
#define rfbTightExplicitFilter 0x04
#define rfbTightFill 0x08
#define rfbTightJpeg 0x09
#define rfbTightMaxSubencoding 0x09
#define rfbTightPng 0x0A
#define rfbTightMaxSubencoding 0x0A
/* Filters to improve compression efficiency */
#define rfbTightFilterCopy 0x00
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment