diff options
Diffstat (limited to 'x11vnc/sslhelper.c')
| -rw-r--r-- | x11vnc/sslhelper.c | 77 |
1 files changed, 58 insertions, 19 deletions
diff --git a/x11vnc/sslhelper.c b/x11vnc/sslhelper.c index fc24878..635e4f5 100644 --- a/x11vnc/sslhelper.c +++ b/x11vnc/sslhelper.c @@ -11,6 +11,7 @@ #define OPENSSL_INETD 1 #define OPENSSL_VNC 2 #define OPENSSL_HTTPS 3 +#define OPENSSL_REVERSE 4 #define DO_DH 0 @@ -43,13 +44,13 @@ static void badnews(void) { rfbLog("** not compiled with libssl OpenSSL support **\n"); clean_up_exit(1); } -void openssl_init(void) {badnews();} +void openssl_init(int isclient) {badnews();} void openssl_port(void) {badnews();} void https_port(void) {badnews();} void check_openssl(void) {if (use_openssl) badnews();} void check_https(void) {if (use_openssl) badnews();} void ssl_helper_pid(pid_t pid, int sock) {badnews(); sock = pid;} -void accept_openssl(int mode) {mode = 0; badnews();} +void accept_openssl(int mode, int presock) {mode = 0; presock = 0; badnews();} char *find_openssl_bin(void) {badnews(); return NULL;} char *get_saved_pem(char *string, int create) {badnews(); return NULL;} #else @@ -59,12 +60,12 @@ char *get_saved_pem(char *string, int create) {badnews(); return NULL;} #include <openssl/rand.h> int openssl_present(void); -void openssl_init(void); +void openssl_init(int isclient); void openssl_port(void); void check_openssl(void); void check_https(void); void ssl_helper_pid(pid_t pid, int sock); -void accept_openssl(int mode); +void accept_openssl(int mode, int presock); char *find_openssl_bin(void); char *get_saved_pem(char *string, int create); @@ -82,7 +83,7 @@ static int ssl_init(int s_in, int s_out); static void ssl_xfer(int csock, int s_in, int s_out, int is_https); #ifndef FORK_OK -void openssl_init(void) { +void openssl_init(int isclient) { rfbLog("openssl_init: fork is not supported. cannot create" " ssl helper process.\n"); clean_up_exit(1); @@ -678,31 +679,50 @@ static char *get_ssl_verify_file(char *str_in) { return tfile; } -void openssl_init(void) { +static int ssl_client_mode = 0; + +void openssl_init(int isclient) { int db = 0, tmp_pem = 0, do_dh; FILE *in; double ds; long mode; + static int first = 1; do_dh = DO_DH; if (! quiet) { rfbLog("\n"); - rfbLog("Initializing SSL.\n"); + rfbLog("Initializing SSL (%s connect mode).\n", isclient ? "client":"server"); } - if (db) fprintf(stderr, "\nSSL_load_error_strings()\n"); + if (first) { + if (db) fprintf(stderr, "\nSSL_load_error_strings()\n"); - SSL_load_error_strings(); + SSL_load_error_strings(); - if (db) fprintf(stderr, "SSL_library_init()\n"); + if (db) fprintf(stderr, "SSL_library_init()\n"); - SSL_library_init(); + SSL_library_init(); - if (db) fprintf(stderr, "init_prng()\n"); + if (db) fprintf(stderr, "init_prng()\n"); - init_prng(); + init_prng(); + + first = 0; + } - ctx = SSL_CTX_new( SSLv23_server_method() ); + if (isclient) { + ssl_client_mode = 1; + } else { + ssl_client_mode = 0; + } + + if (ssl_client_mode) { + if (db) fprintf(stderr, "SSLv23_client_method()\n"); + ctx = SSL_CTX_new( SSLv23_client_method() ); + } else { + if (db) fprintf(stderr, "SSLv23_server_method()\n"); + ctx = SSL_CTX_new( SSLv23_server_method() ); + } if (ctx == NULL) { rfbLog("openssl_init: SSL_CTX_new failed.\n"); @@ -1288,7 +1308,7 @@ if (db) fprintf(stderr, "buf: '%s'\n", buf); return 1; } -void accept_openssl(int mode) { +void accept_openssl(int mode, int presock) { int sock = -1, listen = -1, cport, csock, vsock; int status, n, i, db = 0; struct sockaddr_in addr; @@ -1337,6 +1357,17 @@ void accept_openssl(int mode) { } listen = openssl_sock; + } else if (mode == OPENSSL_REVERSE) { + sock = presock; + if (sock < 0) { + rfbLog("SSL: accept_openssl: connection failed\n"); + if (ssl_no_fail) { + clean_up_exit(1); + } + return; + } + listen = -1; + } else if (mode == OPENSSL_HTTPS) { sock = accept(https_sock, (struct sockaddr *)&addr, &addrlen); if (sock < 0) { @@ -1940,7 +1971,11 @@ if (db > 1) fprintf(stderr, "ssl_init: 1\n"); } if (db > 1) fprintf(stderr, "ssl_init: 2\n"); - SSL_set_accept_state(ssl); + if (ssl_client_mode) { + SSL_set_connect_state(ssl); + } else { + SSL_set_accept_state(ssl); + } if (db > 1) fprintf(stderr, "ssl_init: 3\n"); @@ -1954,7 +1989,11 @@ if (db > 1) fprintf(stderr, "ssl_init: 4\n"); signal(SIGALRM, ssl_timeout); alarm(timeout); - rc = SSL_accept(ssl); + if (ssl_client_mode) { + rc = SSL_connect(ssl); + } else { + rc = SSL_accept(ssl); + } err = SSL_get_error(ssl, rc); alarm(0); @@ -2425,7 +2464,7 @@ void check_openssl(void) { } rfbLog("SSL: accept_openssl(OPENSSL_VNC)\n"); - accept_openssl(OPENSSL_VNC); + accept_openssl(OPENSSL_VNC, -1); } void check_https(void) { @@ -2457,7 +2496,7 @@ void check_https(void) { return; } rfbLog("SSL: accept_openssl(OPENSSL_HTTPS)\n"); - accept_openssl(OPENSSL_HTTPS); + accept_openssl(OPENSSL_HTTPS, -1); } #define MSZ 4096 |