depend on libpng16-16

[vncterm.git] / vncterm.c

diff --git a/vncterm.c b/vncterm.c
index ec5394b6ec3d5f4349c24b35a23382abf662752c..3ca00ba17bb6c3c5999ab45ffa1769db2c1f8f07 100644 (file)
--- a/vncterm.c
+++ b/vncterm.c
@@ -169,7 +169,7 @@ static void vnc_debug_gnutls_log(int level, const char* str) {
 }
 #endif
 
-#define DH_BITS 1024
+#define DH_BITS 2048
 static gnutls_dh_params_t dh_params;
 
 typedef struct {
@@ -256,7 +256,11 @@ tls_initialize_anon_cred(void)
                return NULL;
        }
 
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+       gnutls_anon_set_server_known_dh_params(anon_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
        gnutls_anon_set_server_dh_params(anon_cred, dh_params);
+#endif
 
        return anon_cred;
 }
@@ -290,8 +294,13 @@ tls_initialize_x509_cred(void)
                gnutls_certificate_free_credentials(x509_cred);
                return NULL;
        }
-
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+       /* only available since GnuTLS 3.5.6, on previous versions see
+        * gnutls_certificate_set_dh_params(). */
+       gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
        gnutls_certificate_set_dh_params (x509_cred, dh_params);
+#endif
 
        return x509_cred;
 }
@@ -485,42 +494,10 @@ rfbVncAuthVencrypt(rfbClientPtr cl)
                        return;
                }
 
-               /* optimize for speed */
-               static const int cipher_priority_performance[] = {
-                       GNUTLS_CIPHER_ARCFOUR_128,
-                       GNUTLS_CIPHER_AES_128_CBC,
-                       GNUTLS_CIPHER_3DES_CBC, 0
-               };
-
-               if ((ret = gnutls_cipher_set_priority(sd->session, cipher_priority_performance)) < 0) {
-                       rfbLog("gnutls_cipher_set_priority failed: %s\n", gnutls_strerror(ret));
-                       sd->session = NULL;
-                       rfbCloseClient(cl);
-                       return;
-               }
-
-               static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
-               static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
-               if ((ret = gnutls_kx_set_priority(sd->session, use_x509 ? kx_x509 : kx_anon)) < 0) {
-                       rfbLog("gnutls_kx_set_priority failed: %s\n", gnutls_strerror(ret));
-                       sd->session = NULL;
-                       rfbCloseClient(cl);
-                       return;
-               }
-
-               static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
-               if ((ret = gnutls_certificate_type_set_priority(sd->session, cert_type_priority)) < 0) {
-                       rfbLog("gnutls_certificate_type_set_priority failed: %s\n",
-                              gnutls_strerror(ret));
-                       sd->session = NULL;
-                       rfbCloseClient(cl);
-                       return;
-               }
-
-               static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
-               if ((ret = gnutls_protocol_set_priority(sd->session, protocol_priority)) < 0) {
-                       rfbLog("gnutls_protocol_set_priority failed: %s\n",
-                              gnutls_strerror(ret));
+               static const char *priority_str_x509 = "NORMAL";
+               static const char *priority_str_anon = "NORMAL:+ANON-ECDH:+ANON-DH";
+               if ((ret = gnutls_priority_set_direct(sd->session, use_x509 ? priority_str_x509 : priority_str_anon, NULL)) < 0) {
+                       rfbLog("gnutls_priority_set_direct failed: %s\n", gnutls_strerror(ret));
                        sd->session = NULL;
                        rfbCloseClient(cl);
                        return;
@@ -1377,6 +1354,7 @@ vncterm_putchar (vncTerm *vt, unicode ch)
       }
       break;
     } else if (ch == ';') {
+      vt->esc_has_par = 1;
       vt->esc_count++;
       break;
     } else {
@@ -1812,7 +1790,11 @@ vncterm_puts (vncTerm *vt, const char *buf, int len)
            vt->utf_char = (vt->utf_char << 6) | (c & 0x3f);
            vt->utf_count--;
            if (vt->utf_count == 0) {
-             tc = vt->utf_char;
+               if (vt->utf_char <= USHRT_MAX) {
+                 tc = vt->utf_char;
+               } else {
+                 tc = 0;
+               }
            } else {
              continue;
            }
@@ -2196,6 +2178,8 @@ new_client (rfbClientPtr client)
   return RFB_CLIENT_ACCEPT;
 }
 
+static char *vncticket = NULL;
+
 vncTerm *
 create_vncterm (int argc, char** argv, int maxx, int maxy)
 {
@@ -2204,6 +2188,8 @@ create_vncterm (int argc, char** argv, int maxx, int maxy)
   rfbScreenInfoPtr screen = rfbGetScreen (&argc, argv, maxx, maxy, 8, 1, 1);
   screen->frameBuffer=(char*)calloc(maxx*maxy, 1);
 
+  char **passwds = calloc(sizeof(char**), 2);
+
   vncTerm *vt = (vncTerm *)calloc (sizeof(vncTerm), 1);
 
   rfbColourMap *cmap =&screen->colourMap;
@@ -2272,7 +2258,15 @@ create_vncterm (int argc, char** argv, int maxx, int maxy)
 
   //screen->autoPort = 1;
 
-  rfbRegisterSecurityHandler(&VncSecurityHandlerVencrypt);
+  if (vncticket) {
+      passwds[0] = vncticket;
+      passwds[1] = NULL;
+  
+      screen->authPasswdData = (void *)passwds;
+      screen->passwordCheck = rfbCheckPasswordByList;
+  } else {
+      rfbRegisterSecurityHandler(&VncSecurityHandlerVencrypt);
+  }
 
   rfbInitServer(screen);
 
@@ -2322,20 +2316,26 @@ main (int argc, char** argv)
     if (!strcmp (argv[i], "-timeout")) {
       CHECK_ARGC (argc, argv, i);
       idle_timeout = atoi(argv[i+1]);
-      rfbPurgeArguments(&argc, &i, 2, argv);
-    }
-    if (!strcmp (argv[i], "-authpath")) {
+      rfbPurgeArguments(&argc, &i, 2, argv); i--;
+    } else if (!strcmp (argv[i], "-authpath")) {
       CHECK_ARGC (argc, argv, i);
       auth_path = argv[i+1];
-      rfbPurgeArguments(&argc, &i, 2, argv);
-    }
-    if (!strcmp (argv[i], "-perm")) {
+      rfbPurgeArguments(&argc, &i, 2, argv); i--;
+    } else if (!strcmp (argv[i], "-perm")) {
       CHECK_ARGC (argc, argv, i);
       auth_perm = argv[i+1];
-      rfbPurgeArguments(&argc, &i, 2, argv);
+      rfbPurgeArguments(&argc, &i, 2, argv); i--;
+    } else if (!strcmp (argv[i], "-notls")) {
+        rfbPurgeArguments(&argc, &i, 1, argv); i--;
+        if ((vncticket = getenv("PVE_VNC_TICKET")) == NULL) {
+          fprintf(stderr, "missing env PVE_VNC_TICKET (-notls)\n");
+         exit(-1);           
+        }
     }
   }
 
+  unsetenv("PVE_VNC_TICKET"); // do not expose this to child
+
 #ifdef DEBUG
   rfbLogEnable (1);
   gnutls_global_set_log_level(10);