blob: ca81bf33cb135aabbadc98242593484fbbabbd31 [file] [log] [blame]
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +00001/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved.
2 *
3 * This is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This software is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this software; if not, write to the Free Software
15 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
16 * USA.
17 */
18//
19// SSecurityVncAuth
20//
21// XXX not thread-safe, because d3des isn't - do we need to worry about this?
22//
23
24#include <rfb/SSecurityVncAuth.h>
25#include <rdr/RandomStream.h>
26#include <rfb/SConnection.h>
27#include <rfb/Password.h>
28#include <rfb/Configuration.h>
29#include <rfb/LogWriter.h>
30#include <rfb/util.h>
31#include <rfb/Exception.h>
32#include <string.h>
33#include <stdio.h>
34extern "C" {
35#include <rfb/d3des.h>
36}
37
38
39using namespace rfb;
40
41static LogWriter vlog("SVncAuth");
42
Adam Tkac162ac352010-04-23 14:02:43 +000043StringParameter SSecurityVncAuth::vncAuthPasswdFile
44("PasswordFile", "Password file for VNC authentication", "", ConfServer);
45AliasParameter rfbauth("rfbauth", "Alias for PasswordFile",
46 &SSecurityVncAuth::vncAuthPasswdFile, ConfServer);
47VncAuthPasswdParameter SSecurityVncAuth::vncAuthPasswd
48("Password", "Obfuscated binary encoding of the password which clients must supply to "
49 "access the server", &SSecurityVncAuth::vncAuthPasswdFile);
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +000050
Adam Tkac162ac352010-04-23 14:02:43 +000051SSecurityVncAuth::SSecurityVncAuth(void)
52 : sentChallenge(false), responsePos(0), pg(&vncAuthPasswd)
Constantin Kaplinskya2adc8d2006-05-25 05:01:55 +000053{
54}
55
56bool SSecurityVncAuth::processMsg(SConnection* sc)
57{
58 rdr::InStream* is = sc->getInStream();
59 rdr::OutStream* os = sc->getOutStream();
60
61 if (!sentChallenge) {
62 rdr::RandomStream rs;
63 rs.readBytes(challenge, vncAuthChallengeSize);
64 os->writeBytes(challenge, vncAuthChallengeSize);
65 os->flush();
66 sentChallenge = true;
67 return false;
68 }
69
70 while (responsePos < vncAuthChallengeSize && is->checkNoWait(1))
71 response[responsePos++] = is->readU8();
72
73 if (responsePos < vncAuthChallengeSize) return false;
74
75 PlainPasswd passwd(pg->getVncAuthPasswd());
76
77 if (!passwd.buf)
78 throw AuthFailureException("No password configured for VNC Auth");
79
80 // Calculate the expected response
81 rdr::U8 key[8];
82 int pwdLen = strlen(passwd.buf);
83 for (int i=0; i<8; i++)
84 key[i] = i<pwdLen ? passwd.buf[i] : 0;
85 deskey(key, EN0);
86 for (int j = 0; j < vncAuthChallengeSize; j += 8)
87 des(challenge+j, challenge+j);
88
89 // Check the actual response
90 if (memcmp(challenge, response, vncAuthChallengeSize) != 0)
91 throw AuthFailureException();
92
93 return true;
94}
Adam Tkac162ac352010-04-23 14:02:43 +000095
96VncAuthPasswdParameter::VncAuthPasswdParameter(const char* name,
97 const char* desc,
98 StringParameter* passwdFile_)
99: BinaryParameter(name, desc, 0, 0, ConfServer), passwdFile(passwdFile_) {
100}
101
102char* VncAuthPasswdParameter::getVncAuthPasswd() {
103 ObfuscatedPasswd obfuscated;
104 getData((void**)&obfuscated.buf, &obfuscated.length);
105
106 if (obfuscated.length == 0) {
107 if (passwdFile) {
108 CharArray fname(passwdFile->getData());
109 if (!fname.buf[0]) {
110 vlog.info("neither %s nor %s params set", getName(), passwdFile->getName());
111 return 0;
112 }
113
114 FILE* fp = fopen(fname.buf, "r");
115 if (!fp) {
116 vlog.error("opening password file '%s' failed",fname.buf);
117 return 0;
118 }
119
120 vlog.debug("reading password file");
121 obfuscated.buf = new char[128];
122 obfuscated.length = fread(obfuscated.buf, 1, 128, fp);
123 fclose(fp);
124 } else {
125 vlog.info("%s parameter not set", getName());
126 }
127 }
128
129 try {
130 PlainPasswd password(obfuscated);
131 return password.takeBuf();
132 } catch (...) {
133 return 0;
134 }
135}
136