From 7f9ea27ec88dc0eaadc4cb6f9397f61a9fbad521 Mon Sep 17 00:00:00 2001 From: DRC Date: Fri, 9 Jul 2010 19:37:14 +0000 Subject: [PATCH] Add a filter mode option to vncpasswd git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4085 3789f03b-4d11-0410-bbf8-ca57d06f2519 --- unix/vncpasswd/vncpasswd.cxx | 19 ++++++++++++++++- unix/vncpasswd/vncpasswd.man | 40 +++++++++++++++++++++++++----------- 2 files changed, 46 insertions(+), 13 deletions(-) diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx index e8898792..a8f3afd0 100644 --- a/unix/vncpasswd/vncpasswd.cxx +++ b/unix/vncpasswd/vncpasswd.cxx @@ -1,4 +1,6 @@ /* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved. + * Copyright (C) 2010 Antoine Martin. All Rights Reserved. + * Copyright (C) 2010 D. R. Commander. All Rights Reserved. * * This is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,7 +35,8 @@ char* prog; static void usage() { - fprintf(stderr,"usage: %s [file]\n",prog); + fprintf(stderr,"usage: %s [file]\n", prog); + fprintf(stderr," %s -f\n", prog); exit(1); } @@ -63,6 +66,18 @@ static char* getpassword(const char* prompt) { return 0; } +// Reads password from stdin and prints encrypted password to stdout. +static int encrypt_pipe() { + PlainPasswd buf(256); + fgets(buf.buf, 256, stdin); + ObfuscatedPasswd obfuscated(buf); + //fputs(prompt, stdout); + if (fwrite(obfuscated.buf, obfuscated.length, 1, stdout) != 1) { + fprintf(stderr,"Writing to stdout failed\n"); + return 1; + } + return 0; +} int main(int argc, char** argv) { @@ -72,6 +87,8 @@ int main(int argc, char** argv) for (int i = 1; i < argc; i++) { if (strcmp(argv[i], "-q") == 0) { // allowed for backwards compatibility + } else if (strncmp(argv[i], "-f", 2) == 0) { + return encrypt_pipe(); } else if (argv[i][0] == '-') { usage(); } else if (!fname) { diff --git a/unix/vncpasswd/vncpasswd.man b/unix/vncpasswd/vncpasswd.man index c846d576..27c04fe2 100644 --- a/unix/vncpasswd/vncpasswd.man +++ b/unix/vncpasswd/vncpasswd.man @@ -1,26 +1,38 @@ -.TH vncpasswd 1 "05 May 2006" "TigerVNC" "Virtual Network Computing" +.TH vncpasswd 1 "09 Jul 2010" "TigerVNC" "Virtual Network Computing" .SH NAME -vncpasswd \- change a VNC password +vncpasswd \- change the VNC password .SH SYNOPSIS -.B vncpasswd -.RI [ passwd-file ] +\fBvncpasswd\fR [\fIpasswd-file\fR] +.br +\fBvncpasswd\fR \-f .SH DESCRIPTION .B vncpasswd -allows you to set the password used to access VNC desktops. It stores an -obfuscated version of the password in the given file (default -$HOME/.vnc/passwd). The \fBvncserver\fP script runs \fBvncpasswd\fP the first -time you start a VNC desktop, and invokes \fBXvnc\fP with the appropriate +allows you to set the password used to access VNC desktops. Its default +behavior is to prompt for a VNC password and then store an obfuscated version +of this password to \fIpasswd-file\fR (or to $HOME/.vnc/passwd if no password +file is specified.) The \fBvncserver\fP script runs \fBvncpasswd\fP the first +time you start a VNC desktop, and it invokes \fBXvnc\fP with the appropriate \fB\-rfbauth\fP option. \fBvncviewer\fP can also be given a password file to use via the \fB\-passwd\fP option. -The password must be at least six characters long, and only the first eight +The password must be at least six characters long (unless the \fB\-f\fR +command-line option is used-- see below), and only the first eight characters are significant. Note that the stored password is \fBnot\fP encrypted securely - anyone who has access to this file can trivially find out -the plaintext password, so \fBvncpasswd\fP always sets appropriate permissions -(read and write only by the owner). However, when accessing a VNC desktop a +the plain-text password, so \fBvncpasswd\fP always sets appropriate permissions +(read and write only by the owner.) However, when accessing a VNC desktop, a challenge-response mechanism is used over the wire making it hard for anyone to crack the password simply by snooping on the network. +.SH OPTIONS + +.TP +.B \-f +Filter mode. Read a plain-text password from stdin and write an encrypted +version to stdout. Note that in filter mode, short or even empty passwords +will be silently accepted. + + .SH FILES .TP $HOME/.vnc/passwd @@ -34,8 +46,12 @@ Default location of the VNC password file. .br http://www.tigervnc.org -.SH AUTHOR +.SH AUTHORS Tristan Richardson, RealVNC Ltd. +.br +Antoine Martin +.br +D. R. Commander VNC was originally developed by the RealVNC team while at Olivetti Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were -- 2.39.5