void RfbInitializer::initVersion()
{
char initVersionMsg[] = "RFB 003.008\n";
char clientVersionMsg[13];
size_t msgLen = 12;
m_output->writeFully(initVersionMsg, msgLen);
m_input->readFully(clientVersionMsg, msgLen);
clientVersionMsg[12] = 0;
m_minorVerNum = getProtocolMinorVersion(clientVersionMsg);
try {
checkForLoopback();
// Checking for a ban before auth and then after.
checkForBan();
} catch (Exception &e) {
if (m_minorVerNum == 3) {
m_output->writeUInt32(0);
} else {
m_output->writeUInt8(0);
}
AnsiStringStorage reason(&StringStorage(e.getMessage()));
unsigned int reasonLen = (unsigned int)reason.getLength();
_ASSERT(reasonLen == reason.getLength());
m_output->writeUInt32(reasonLen);
m_output->writeFully(reason.getString(), reasonLen);
throw;
}
}
bool RfbClientManager::onCheckForBan(RfbClient *client)
{
StringStorage ip;
client->getPeerHost(&ip);
return checkForBan(&ip);
}
void RfbInitializer::initVersion()
{
char initVersionMsg[] = "RFB 003.008\n";
char clientVersionMsg[13];
size_t msgLen = 12;
m_output->writeFully(initVersionMsg, msgLen);
m_input->readFully(clientVersionMsg, msgLen);
clientVersionMsg[12] = 0;
m_minorVerNum = getProtocolMinorVersion(clientVersionMsg);
try {
checkForLoopback();
checkForBan();
} catch (Exception &e) {
if (m_minorVerNum == 3) {
m_output->writeUInt32(0);
} else {
m_output->writeUInt8(0);
}
StringStorage errorMessage(e.getMessage());
size_t reasonLen = errorMessage.getLength();
char *reason = new char[reasonLen + 1];
try {
if (errorMessage.toAnsiString(reason, reasonLen + 1)) {
m_output->writeUInt32(reasonLen);
m_output->writeFully(reason, reasonLen);
}
} catch (...) {
}
delete reason;
throw;
}
}
void RfbInitializer::doVncAuth()
{
UINT8 challenge[16];
srand((unsigned)time(0));
for (int i = 0; i < sizeof(challenge); i++) {
challenge[i] = rand() & 0xff;
}
m_output->writeFully(challenge, sizeof(challenge));
UINT8 response[16];
m_input->readFully(response, sizeof(response));
checkForBan();
ServerConfig *srvConf = Configurator::getInstance()->getServerConfig();
if ( srvConf->shouldReloadConfigOnClientAuth() ) {
Configurator::getInstance()->reloadConfig();
srvConf = Configurator::getInstance()->getServerConfig();
}
bool hasPrim = srvConf->hasPrimaryPassword();
bool hasRdly = srvConf->hasReadOnlyPassword();
if (!hasPrim && !hasRdly) {
throw AuthException(_T("Server is not configured properly"));
}
if (hasPrim) {
UINT8 crypPrimPass[8];
srvConf->getPrimaryPassword(crypPrimPass);
VncPassCrypt passCrypt;
passCrypt.updatePlain(crypPrimPass);
if (passCrypt.challengeAndResponseIsValid(challenge, response)) {
return;
}
}
if (hasRdly) {
UINT8 crypReadOnlyPass[8];
srvConf->getReadOnlyPassword(crypReadOnlyPass);
VncPassCrypt passCrypt;
passCrypt.updatePlain(crypReadOnlyPass);
if (passCrypt.challengeAndResponseIsValid(challenge, response)) {
m_viewOnlyAuth = true;
return;
}
}
m_extAuthListener->onAuthFailed(m_client);
throw AuthException(_T("Authentication failed"));
}
void RfbInitializer::doVncAuth()
{
UINT8 challenge[16];
srand((unsigned)time(0));
for (int i = 0; i < sizeof(challenge); i++) {
challenge[i] = rand() & 0xff;
}
m_output->writeFully(challenge, sizeof(challenge));
UINT8 response[16];
m_input->readFully(response, sizeof(response));
// Checking for a ban after auth.
checkForBan();
// Comparing the challenge with the response.
ServerConfig *srvConf = Configurator::getInstance()->getServerConfig();
bool hasPrim = srvConf->hasPrimaryPassword();
bool hasRdly = srvConf->hasReadOnlyPassword();
if (!hasPrim && !hasRdly) {
throw AuthException(_T("Server is not configured properly"));
}
if (hasPrim) {
UINT8 crypPrimPass[8];
srvConf->getPrimaryPassword(crypPrimPass);
VncPassCrypt passCrypt;
passCrypt.updatePlain(crypPrimPass);
if (passCrypt.challengeAndResponseIsValid(challenge, response)) {
return;
}
}
if (hasRdly) {
UINT8 crypReadOnlyPass[8];
srvConf->getReadOnlyPassword(crypReadOnlyPass);
VncPassCrypt passCrypt;
passCrypt.updatePlain(crypReadOnlyPass);
if (passCrypt.challengeAndResponseIsValid(challenge, response)) {
m_viewOnlyAuth = true;
return;
}
}
// At this time we are sure that the client was typed an incorectly password.
m_extAuthListener->onAuthFailed(m_client);
throw AuthException(_T("Authentication failed"));
}
void RfbInitializer::doVncAuth()
{
UINT8 challenge[16];
srand((unsigned)time(0));
for (int i = 0; i < sizeof(challenge); i++) {
challenge[i] = rand() & 0xff;
}
m_output->writeFully(challenge, sizeof(challenge));
UINT8 response[16];
m_input->readFully(response, sizeof(response));
// Checking for a ban after auth.
checkForBan();
// Comparing the challenge with the response.
ServerConfig *srvConf = Configurator::getInstance()->getServerConfig();
bool hasPrim = srvConf->hasPrimaryPassword();
if (!hasPrim) {
throw AuthException(_T("Server is not configured properly"));
}
if (hasPrim) {
UINT8 primPass[8];
srvConf->getPrimaryPassword(primPass);
VncPassCrypt passCrypt;
passCrypt.setPlain(primPass);
if (passCrypt.challengeAndResponseIsValid(challenge, response)) {
return;
}
}
// At this time we are sure that the client was typed an incorectly password.
m_extAuthListener->onAuthFailed(m_client);
StringStorage clientAddressStorage;
m_client->getPeerHost(&clientAddressStorage);
StringStorage errMess;
errMess.format(_T("Authentication failed from %s"), clientAddressStorage.getString());
throw AuthException(errMess.getString());
}
