mirrors
/
tigervnc
mirror of https://github.com/TigerVNC/tigervnc.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 38 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2599 Commits
16 Branches
Tree: 945cddacef
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '945cddacef'
${ noResults }
tigervnc/common/rfb/SSecurityVncAuth.cxx

SSecurityVncAuth.cxx 4.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. /* Copyright (C) 2002-2005 RealVNC Ltd.  All Rights Reserved.

  2.  * 

  3.  * This is free software; you can redistribute it and/or modify

  4.  * it under the terms of the GNU General Public License as published by

  5.  * the Free Software Foundation; either version 2 of the License, or

  6.  * (at your option) any later version.

  7.  * 

  8.  * This software is distributed in the hope that it will be useful,

  9.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  10.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  11.  * GNU General Public License for more details.

  12.  * 

  13.  * You should have received a copy of the GNU General Public License

  14.  * along with this software; if not, write to the Free Software

  15.  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

  16.  * USA.

  17.  */

  18. //

  19. // SSecurityVncAuth

  20. //

  21. // XXX not thread-safe, because d3des isn't - do we need to worry about this?

  22. //

  23. 

  24. #include <rfb/SSecurityVncAuth.h>

  25. #include <rdr/RandomStream.h>

  26. #include <rfb/SConnection.h>

  27. #include <rfb/Password.h>

  28. #include <rfb/Configuration.h>

  29. #include <rfb/LogWriter.h>

  30. #include <rfb/util.h>

  31. #include <rfb/Exception.h>

  32. #include <string.h>

  33. #include <stdio.h>

  34. extern "C" {

  35. #include <rfb/d3des.h>

  36. }

  37. 

  38. 

  39. using namespace rfb;

  40. 

  41. static LogWriter vlog("SVncAuth");

  42. 

  43. StringParameter SSecurityVncAuth::vncAuthPasswdFile

  44. ("PasswordFile", "Password file for VNC authentication", "", ConfServer);

  45. AliasParameter rfbauth("rfbauth", "Alias for PasswordFile",

  46. 		       &SSecurityVncAuth::vncAuthPasswdFile, ConfServer);

  47. VncAuthPasswdParameter SSecurityVncAuth::vncAuthPasswd

  48. ("Password", "Obfuscated binary encoding of the password which clients must supply to "

  49.  "access the server", &SSecurityVncAuth::vncAuthPasswdFile);

  50. 

  51. SSecurityVncAuth::SSecurityVncAuth(void)

  52.   : sentChallenge(false), responsePos(0), pg(&vncAuthPasswd)

  53. {

  54. }

  55. 

  56. bool SSecurityVncAuth::processMsg(SConnection* sc)

  57. {

  58.   rdr::InStream* is = sc->getInStream();

  59.   rdr::OutStream* os = sc->getOutStream();

  60. 

  61.   if (!sentChallenge) {

  62.     rdr::RandomStream rs;

  63.     rs.readBytes(challenge, vncAuthChallengeSize);

  64.     os->writeBytes(challenge, vncAuthChallengeSize);

  65.     os->flush();

  66.     sentChallenge = true;

  67.     return false;

  68.   }

  69. 

  70.   while (responsePos < vncAuthChallengeSize && is->checkNoWait(1))

  71.     response[responsePos++] = is->readU8();

  72. 

  73.   if (responsePos < vncAuthChallengeSize) return false;

  74. 

  75.   PlainPasswd passwd(pg->getVncAuthPasswd());

  76. 

  77.   if (!passwd.buf)

  78.     throw AuthFailureException("No password configured for VNC Auth");

  79. 

  80.   // Calculate the expected response

  81.   rdr::U8 key[8];

  82.   int pwdLen = strlen(passwd.buf);

  83.   for (int i=0; i<8; i++)

  84.     key[i] = i<pwdLen ? passwd.buf[i] : 0;

  85.   deskey(key, EN0);

  86.   for (int j = 0; j < vncAuthChallengeSize; j += 8)

  87.     des(challenge+j, challenge+j);

  88. 

  89.   // Check the actual response

  90.   if (memcmp(challenge, response, vncAuthChallengeSize) != 0)

  91.     throw AuthFailureException();

  92. 

  93.   return true;

  94. }

  95. 

  96. VncAuthPasswdParameter::VncAuthPasswdParameter(const char* name,

  97.                                                const char* desc,

  98.                                                StringParameter* passwdFile_)

  99. : BinaryParameter(name, desc, 0, 0, ConfServer), passwdFile(passwdFile_) {

  100. }

  101. 

  102. char* VncAuthPasswdParameter::getVncAuthPasswd() {

  103.   ObfuscatedPasswd obfuscated;

  104.   getData((void**)&obfuscated.buf, &obfuscated.length);

  105. 

  106.   if (obfuscated.length == 0) {

  107.     if (passwdFile) {

  108.       CharArray fname(passwdFile->getData());

  109.       if (!fname.buf[0]) {

  110.         vlog.info("neither %s nor %s params set", getName(), passwdFile->getName());

  111.         return 0;

  112.       }

  113. 

  114.       FILE* fp = fopen(fname.buf, "r");

  115.       if (!fp) {

  116.         vlog.error("opening password file '%s' failed",fname.buf);

  117.         return 0;

  118.       }

  119. 

  120.       vlog.debug("reading password file");

  121.       obfuscated.buf = new char[128];

  122.       obfuscated.length = fread(obfuscated.buf, 1, 128, fp);

  123.       fclose(fp);

  124.     } else {

  125.       vlog.info("%s parameter not set", getName());

  126.     }

  127.   }

  128. 

  129.   try {

  130.     PlainPasswd password(obfuscated);

  131.     return password.takeBuf();

  132.   } catch (...) {

  133.     return 0;

  134.   }

  135. }