void RfbServer::onAcceptConnection(SocketIPv4 *socket)
{
try {
// Get incoming connection address and convert it to string.
SocketAddressIPv4 peerAddr;
socket->getPeerAddr(&peerAddr);
StringStorage peerIpString;
peerAddr.toString(&peerIpString);
m_log->message(_T("Incoming rfb connection from %s"), peerIpString.getString());
struct sockaddr_in addr_in = peerAddr.getSockAddr();
// Check access control rules for the IP address of the peer.
// FIXME: Check loopback-related rules separately, report differently.
ServerConfig *config = Configurator::getInstance()->getServerConfig();
IpAccessRule::ActionType action = config->getActionByAddress((unsigned long)addr_in.sin_addr.S_un.S_addr);
if (action == IpAccessRule::ACTION_TYPE_DENY) {
m_log->message(_T("Connection rejected due to access control rules"));
delete socket;
return;
}
// Access granted, add new RFB client. One more check will follow later in
// RfbClientManager::onCheckAccessControl().
socket->enableNaggleAlgorithm(false);
m_clientManager->addNewConnection(socket, &m_viewPort, false, false);
} catch (Exception &ex) {
m_log->error(_T("Failed to process incoming rfb connection with following reason: \"%s\""), ex.getMessage());
}
}
void RfbClient::getPeerHost(StringStorage *host)
{
SocketAddressIPv4 addr;
if (m_socket->getPeerAddr(&addr)) {
addr.toString(host);
} else {
// FIXME: This may occur if the close() function has been called.
_ASSERT(FALSE);
host->setString(_T("unknown"));
}
}
void RfbClient::getLocalIpAddress(StringStorage *address)
{
SocketAddressIPv4 addr;
if (m_socket->getLocalAddr(&addr)) {
addr.toString(address);
} else {
// FIXME: This may occur if the close() function has been called.
_ASSERT(FALSE);
address->setString(_T("unknown"));
}
}
void RfbClientManager::onCheckAccessControl(RfbClient *client)
{
SocketAddressIPv4 peerAddr;
try {
client->getSocketAddr(&peerAddr);
} catch (...) {
throw AuthException(_T("Failed to get IP address of the RFB client"));
}
struct sockaddr_in addr_in = peerAddr.getSockAddr();
ServerConfig *config = Configurator::getInstance()->getServerConfig();
IpAccessRule::ActionType action;
if (!client->isOutgoing()) {
action = config->getActionByAddress((unsigned long)addr_in.sin_addr.S_un.S_addr);
} else {
action = IpAccessRule::ACTION_TYPE_ALLOW;
}
// Promt user to know what to do with incmoing connection.
if (action == IpAccessRule::ACTION_TYPE_QUERY) {
StringStorage peerHost;
peerAddr.toString(&peerHost);
int queryRetVal = QueryConnectionApplication::execute(peerHost.getString(),
config->isDefaultActionAccept(),
config->getQueryTimeout());
if (queryRetVal == 1) {
throw AuthException(_T("Connection has been rejected"));
}
}
}