Merge branch 'master' into mouse-button-support

BUILDING.txt

@@ -55,6 +55,9 @@ Build Requirements (Unix)
    * You might have to enable additional repositories for this. E.g.,
      on RHEL, EPEL and RPMFusion (free + nonfree) need to be enabled.
 
+-- If building vncpasswd with password quality check support:
+   * libpwquality
+
 ============================
 Build Requirements (Windows)
 ============================

CMakeLists.txt

@@ -336,6 +336,20 @@ if(UNIX AND NOT APPLE)
   endif()
 endif()
 
+# check for password pwquality check support
+if(UNIX AND NOT APPLE)
+  option(ENABLE_PWQUALITY "Enable password pwquality check" ON)
+  if(ENABLE_PWQUALITY)
+    find_package(PkgConfig)
+    if(PKG_CONFIG_FOUND)
+      pkg_check_modules(PWQUALITY pwquality)
+      if(PWQUALITY_FOUND)
+        add_definitions(-DHAVE_PWQUALITY)
+      endif()
+    endif()
+  endif()
+endif()
+
 # Generate config.h and make sure the source finds it
 configure_file(config.h.in config.h)
 add_definitions(-DHAVE_CONFIG_H)

common/rdr/CMakeLists.txt

@@ -20,6 +20,11 @@ target_include_directories(rdr PUBLIC ${CMAKE_SOURCE_DIR}/common)
 target_include_directories(rdr SYSTEM PUBLIC ${ZLIB_INCLUDE_DIRS})
 target_link_libraries(rdr ${ZLIB_LIBRARIES} os rfb)
 
+if(MSVC)
+  # undef min and max macro
+  target_compile_definitions(rfb PRIVATE NOMINMAX)
+endif()
+
 if(GNUTLS_FOUND)
   target_include_directories(rdr SYSTEM PUBLIC ${GNUTLS_INCLUDE_DIR})
   target_link_libraries(rdr ${GNUTLS_LIBRARIES})

common/rdr/HexInStream.cxx

@@ -21,14 +21,13 @@
 #include <config.h>
 #endif
 
+#include <algorithm>
 #include <rdr/HexInStream.h>
 #include <rdr/Exception.h>
 #include <rfb/util.h>
 
 using namespace rdr;
 
-static inline int min(int a, int b) {return a<b ? a : b;}
-
 HexInStream::HexInStream(InStream& is)
 : in_stream(is)
 {
@@ -37,12 +36,11 @@ HexInStream::HexInStream(InStream& is)
 HexInStream::~HexInStream() {
 }
 
-
 bool HexInStream::fillBuffer() {
   if (!in_stream.hasData(2))
     return false;
 
-  size_t length = min(in_stream.avail()/2, availSpace());
+  size_t length = std::min(in_stream.avail()/2, availSpace());
   const uint8_t* iptr = in_stream.getptr(length*2);
 
   uint8_t* optr = (uint8_t*) end;

common/rdr/HexOutStream.cxx

@@ -20,14 +20,12 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
-
+#include <algorithm>
 #include <rdr/HexOutStream.h>
 #include <rfb/util.h>
 
 using namespace rdr;
 
-static inline size_t min(size_t a, size_t b) {return a<b ? a : b;}
-
 HexOutStream::HexOutStream(OutStream& os)
   : out_stream(os)
 {
@@ -41,7 +39,7 @@ bool HexOutStream::flushBuffer()
 {
   while (sentUpTo != ptr) {
     uint8_t* optr = out_stream.getptr(2);
-    size_t length = min(ptr-sentUpTo, out_stream.avail()/2);
+    size_t length = std::min((size_t)(ptr-sentUpTo), out_stream.avail()/2);
 
     for (size_t i=0; i<length; i++)
       rfb::binToHex(&sentUpTo[i], 1, (char*)&optr[i*2], 2);
@@ -64,4 +62,3 @@ void HexOutStream::cork(bool enable)
   BufferedOutStream::cork(enable);
   out_stream.cork(enable);
 }
-

common/rfb/AccessRights.cxx

@@ -16,6 +16,10 @@
  * USA.
  */
 
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
 #include "AccessRights.h"
 
 namespace rfb

common/rfb/CConnection.cxx

@@ -332,7 +332,7 @@ bool CConnection::processSecurityResultMsg()
 
   if (server.beforeVersion(3,8)) {
     state_ = RFBSTATE_INVALID;
-    throw AuthFailureException();
+    throw AuthFailureException("Authentication failed");
   }
 
   state_ = RFBSTATE_SECURITY_REASON;

common/rfb/CConnection.h

@@ -35,7 +35,18 @@ namespace rfb {
   class CMsgReader;
   class CMsgWriter;
   class CSecurity;
-  class IdentityVerifier;
+
+  enum MsgBoxFlags{
+      M_OK = 0,
+      M_OKCANCEL = 1,
+      M_YESNO = 4,
+      M_ICONERROR = 0x10,
+      M_ICONQUESTION = 0x20,
+      M_ICONWARNING = 0x30,
+      M_ICONINFORMATION = 0x40,
+      M_DEFBUTTON1 = 0,
+      M_DEFBUTTON2 = 0x100
+  };
 
   class CConnection : public CMsgHandler {
   public:
@@ -75,16 +86,11 @@ namespace rfb {
     // there is data to read on the InStream.
     void initialiseProtocol();
 
-    // processMsg() should be called whenever there is either:
-    // - data available on the underlying network stream
-    //   In this case, processMsg may return without processing an RFB message,
-    //   if the available data does not result in an RFB message being ready
-    //   to handle. e.g. if data is encrypted.
-    // NB: This makes it safe to call processMsg() in response to select()
-    // - data available on the CConnection's current InStream
-    //   In this case, processMsg should always process the available RFB
-    //   message before returning.
-    // NB: In either case, you must have called initialiseProtocol() first.
+    // processMsg() should be called whenever there is data available on
+    // the CConnection's current InStream. It will process at most one
+    // RFB message before returning. If there was insufficient data,
+    // then it will return false and should be called again once more
+    // data is available.
     bool processMsg();
 
     // close() gracefully shuts down the connection to the server and
@@ -117,7 +123,7 @@ namespace rfb {
     void serverCutText(const char* str) override;
 
     void handleClipboardCaps(uint32_t flags,
-                                     const uint32_t* lengths) override;
+                             const uint32_t* lengths) override;
     void handleClipboardRequest(uint32_t flags) override;
     void handleClipboardPeek() override;
     void handleClipboardNotify(uint32_t flags) override;
@@ -127,6 +133,17 @@ namespace rfb {
 
     // Methods to be overridden in a derived class
 
+    // getUserPasswd() gets the username and password.  This might
+    // involve a dialog, getpass(), etc.  The user buffer pointer can be
+    // null, in which case no user name will be retrieved.
+    virtual void getUserPasswd(bool secure, std::string* user,
+                               std::string* password) = 0;
+
+    // showMsgBox() displays a message box with the specified style and
+    // contents.  The return value is true if the user clicked OK/Yes.
+    virtual bool showMsgBox(MsgBoxFlags flags, const char *title,
+                            const char *text) = 0;
+
     // authSuccess() is called when authentication has succeeded.
     virtual void authSuccess();
 

common/rfb/CMakeLists.txt

@@ -50,7 +50,6 @@ add_library(rfb STATIC
   SSecurityStack.cxx
   SSecurityVncAuth.cxx
   SSecurityVeNCrypt.cxx
-  ScaleFilters.cxx
   Timer.cxx
   TightDecoder.cxx
   TightEncoder.cxx
@@ -101,6 +100,10 @@ if(GNUTLS_FOUND)
   target_sources(rfb PRIVATE CSecurityTLS.cxx SSecurityTLS.cxx)
   target_include_directories(rfb SYSTEM PUBLIC ${GNUTLS_INCLUDE_DIR})
   target_link_libraries(rfb ${GNUTLS_LIBRARIES})
+  # FIXME: Hack to block it marking gnutls_free() as dllimport
+  if(WIN32 AND BUILD_STATIC)
+    target_compile_definitions(rfb PRIVATE GNUTLS_INTERNAL_BUILD)
+  endif()
 endif()
 
 if (NETTLE_FOUND)

common/rfb/CMsgHandler.cxx

@@ -59,11 +59,6 @@ void CMsgHandler::setExtendedDesktopSize(unsigned reason, unsigned result,
   server.setDimensions(width, height, layout);
 }
 
-void CMsgHandler::setPixelFormat(const PixelFormat& pf)
-{
-  server.setPF(pf);
-}
-
 void CMsgHandler::setName(const char* name)
 {
   server.setName(name);

common/rfb/CMsgHandler.h

@@ -39,12 +39,12 @@ namespace rfb {
     CMsgHandler();
     virtual ~CMsgHandler();
 
-    // The following methods are called as corresponding messages are read.  A
-    // derived class should override these methods as desired.  Note that for
-    // the setDesktopSize(), setExtendedDesktopSize(), setPixelFormat(),
-    // setName(), serverInit() and clipboardCaps methods, a derived class
-    // should call on to CMsgHandler's methods to set the members of "server"
-    // appropriately.
+    // The following methods are called as corresponding messages are
+    // read.  A derived class should override these methods as desired.
+    // Note that for the setDesktopSize(), setExtendedDesktopSize(),
+    // setName(), serverInit() and handleClipboardCaps() methods, a
+    // derived class should call on to CMsgHandler's methods to set the
+    // members of "server" appropriately.
 
     virtual void setDesktopSize(int w, int h);
     virtual void setExtendedDesktopSize(unsigned reason, unsigned result,
@@ -53,7 +53,6 @@ namespace rfb {
     virtual void setCursor(int width, int height, const Point& hotspot,
                            const uint8_t* data) = 0;
     virtual void setCursorPos(const Point& pos) = 0;
-    virtual void setPixelFormat(const PixelFormat& pf);
     virtual void setName(const char* name);
     virtual void fence(uint32_t flags, unsigned len, const uint8_t data[]);
     virtual void endOfContinuousUpdates();

common/rfb/CMsgWriter.cxx

@@ -173,7 +173,7 @@ void CMsgWriter::writeKeyEvent(uint32_t keysym, uint32_t keycode, bool down)
 }
 
 
-void CMsgWriter::writePointerEvent(const Point& pos, int buttonMask)
+void CMsgWriter::writePointerEvent(const Point& pos, uint16_t buttonMask)
 {
   Point p(pos);
   bool extendedMouseButtons;

common/rfb/CMsgWriter.h

@@ -54,7 +54,7 @@ namespace rfb {
     void writeFence(uint32_t flags, unsigned len, const uint8_t data[]);
 
     void writeKeyEvent(uint32_t keysym, uint32_t keycode, bool down);
-    void writePointerEvent(const Point& pos, int buttonMask);
+    void writePointerEvent(const Point& pos, uint16_t buttonMask);
 
     void writeClientCutText(const char* str);
 

common/rfb/CSecurity.h

@@ -38,9 +38,6 @@
 #ifndef __RFB_CSECURITY_H__
 #define __RFB_CSECURITY_H__
 
-#include <rfb/UserPasswdGetter.h>
-#include <rfb/UserMsgBox.h>
-
 namespace rfb {
   class CConnection;
   class CSecurity {
@@ -51,13 +48,6 @@ namespace rfb {
     virtual int getType() const = 0;
     virtual bool isSecure() const { return false; }
 
-    /*
-     * Use variable directly instead of dumb get/set methods.
-     * It MUST be set by viewer.
-     */
-    static UserPasswdGetter *upg;
-    static UserMsgBox *msg;
-
   protected:
     CConnection* cc;
   };

common/rfb/CSecurityDH.cxx

@@ -86,9 +86,9 @@ bool CSecurityDH::readKey()
   uint16_t gen = is->readU16();
   keyLength = is->readU16();
   if (keyLength < MinKeyLength)
-    throw AuthFailureException("DH key is too short");
+    throw Exception("DH key is too short");
   if (keyLength > MaxKeyLength)
-    throw AuthFailureException("DH key is too long");
+    throw Exception("DH key is too long");
   if (!is->hasDataOrRestore(keyLength * 2))
     return false;
   is->clearRestorePoint();
@@ -108,11 +108,11 @@ void CSecurityDH::writeCredentials()
   std::string password;
   rdr::RandomStream rs;
 
-  (CSecurity::upg)->getUserPasswd(isSecure(), &username, &password);
+  cc->getUserPasswd(isSecure(), &username, &password);
 
   std::vector<uint8_t> bBytes(keyLength);
   if (!rs.hasData(keyLength))
-    throw ConnFailedException("failed to generate DH private key");
+    throw Exception("failed to generate DH private key");
   rs.readBytes(bBytes.data(), bBytes.size());
   nettle_mpz_set_str_256_u(b, bBytes.size(), bBytes.data());
   mpz_powm(k, A, b, p);
@@ -132,13 +132,13 @@ void CSecurityDH::writeCredentials()
 
   uint8_t buf[128];
   if (!rs.hasData(128))
-    throw ConnFailedException("failed to generate random padding");
+    throw Exception("failed to generate random padding");
   rs.readBytes(buf, 128);
   if (username.size() >= 64)
-    throw AuthFailureException("username is too long");
+    throw Exception("username is too long");
   memcpy(buf, username.c_str(), username.size() + 1);
   if (password.size() >= 64)
-    throw AuthFailureException("password is too long");
+    throw Exception("password is too long");
   memcpy(buf + 64, password.c_str(), password.size() + 1);
   aes128_encrypt(&aesCtx, 128, buf, buf);
 

common/rfb/CSecurityMSLogonII.cxx

@@ -97,11 +97,11 @@ void CSecurityMSLogonII::writeCredentials()
   std::string password;
   rdr::RandomStream rs;
 
-  (CSecurity::upg)->getUserPasswd(isSecure(), &username, &password);
+  cc->getUserPasswd(isSecure(), &username, &password);
 
   std::vector<uint8_t> bBytes(8);
   if (!rs.hasData(8))
-    throw ConnFailedException("failed to generate DH private key");
+    throw Exception("failed to generate DH private key");
   rs.readBytes(bBytes.data(), bBytes.size());
   nettle_mpz_set_str_256_u(b, bBytes.size(), bBytes.data());
   mpz_powm(k, A, b, p);
@@ -123,14 +123,14 @@ void CSecurityMSLogonII::writeCredentials()
   }
 
   if (!rs.hasData(256 + 64))
-    throw ConnFailedException("failed to generate random padding");
+    throw Exception("failed to generate random padding");
   rs.readBytes(user, 256);
   rs.readBytes(pass, 64);
   if (username.size() >= 256)
-    throw AuthFailureException("username is too long");
+    throw Exception("username is too long");
   memcpy(user, username.c_str(), username.size() + 1);
   if (password.size() >= 64)
-    throw AuthFailureException("password is too long");
+    throw Exception("password is too long");
   memcpy(pass, password.c_str(), password.size() + 1);
 
   // DES-CBC with the original key as IV, and the reversed one as the DES key

common/rfb/CSecurityPlain.cxx

@@ -23,7 +23,6 @@
 
 #include <rfb/CConnection.h>
 #include <rfb/CSecurityPlain.h>
-#include <rfb/UserPasswdGetter.h>
 
 #include <rdr/OutStream.h>
 
@@ -36,7 +35,7 @@ bool CSecurityPlain::processMsg()
   std::string username;
   std::string password;
 
-  (CSecurity::upg)->getUserPasswd(cc->isSecure(), &username, &password);
+  cc->getUserPasswd(cc->isSecure(), &username, &password);
 
   // Return the response to the server
   os->writeU32(username.size());