}
#endif
-#define DH_BITS 1024
+#define DH_BITS 2048
static gnutls_dh_params_t dh_params;
typedef struct {
return NULL;
}
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+ gnutls_anon_set_server_known_dh_params(anon_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
gnutls_anon_set_server_dh_params(anon_cred, dh_params);
+#endif
return anon_cred;
}
gnutls_certificate_free_credentials(x509_cred);
return NULL;
}
-
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+ /* only available since GnuTLS 3.5.6, on previous versions see
+ * gnutls_certificate_set_dh_params(). */
+ gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
gnutls_certificate_set_dh_params (x509_cred, dh_params);
+#endif
return x509_cred;
}
return RFB_CLIENT_ACCEPT;
}
+static char *vncticket = NULL;
+
vncTerm *
create_vncterm (int argc, char** argv, int maxx, int maxy)
{
rfbScreenInfoPtr screen = rfbGetScreen (&argc, argv, maxx, maxy, 8, 1, 1);
screen->frameBuffer=(char*)calloc(maxx*maxy, 1);
+ char **passwds = calloc(sizeof(char**), 2);
+
vncTerm *vt = (vncTerm *)calloc (sizeof(vncTerm), 1);
rfbColourMap *cmap =&screen->colourMap;
//screen->autoPort = 1;
- rfbRegisterSecurityHandler(&VncSecurityHandlerVencrypt);
+ if (vncticket) {
+ passwds[0] = vncticket;
+ passwds[1] = NULL;
+
+ screen->authPasswdData = (void *)passwds;
+ screen->passwordCheck = rfbCheckPasswordByList;
+ } else {
+ rfbRegisterSecurityHandler(&VncSecurityHandlerVencrypt);
+ }
rfbInitServer(screen);
if (!strcmp (argv[i], "-timeout")) {
CHECK_ARGC (argc, argv, i);
idle_timeout = atoi(argv[i+1]);
- rfbPurgeArguments(&argc, &i, 2, argv);
- }
- if (!strcmp (argv[i], "-authpath")) {
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-authpath")) {
CHECK_ARGC (argc, argv, i);
auth_path = argv[i+1];
- rfbPurgeArguments(&argc, &i, 2, argv);
- }
- if (!strcmp (argv[i], "-perm")) {
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-perm")) {
CHECK_ARGC (argc, argv, i);
auth_perm = argv[i+1];
- rfbPurgeArguments(&argc, &i, 2, argv);
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-notls")) {
+ rfbPurgeArguments(&argc, &i, 1, argv); i--;
+ if ((vncticket = getenv("PVE_VNC_TICKET")) == NULL) {
+ fprintf(stderr, "missing env PVE_VNC_TICKET (-notls)\n");
+ exit(-1);
+ }
}
}
+ unsetenv("PVE_VNC_TICKET"); // do not expose this to child
+
#ifdef DEBUG
rfbLogEnable (1);
gnutls_global_set_log_level(10);