1 /* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved.
2 *
3 * This is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This software is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this software; if not, write to the Free Software
15 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
16 * USA.
17 */
18 //
19 // CSecurityVncAuth
20 //
21 // XXX not thread-safe, because d3des isn't - do we need to worry about this?
22 //
23
24 #include <string.h>
25 #include <stdio.h>
26
27 #include <rfb/CConnection.h>
28 #include <rfb/Password.h>
29 #include <rfb/CSecurityVncAuth.h>
30 #include <rfb/util.h>
31 #include <rfb/Security.h>
32 extern "C" {
33 #include <rfb/d3des.h>
34 }
35
36 #include <rdr/InStream.h>
37 #include <rdr/OutStream.h>
38
39 using namespace rfb;
40
41 static const int vncAuthChallengeSize = 16;
42
processMsg()43 bool CSecurityVncAuth::processMsg()
44 {
45 rdr::InStream* is = cc->getInStream();
46 rdr::OutStream* os = cc->getOutStream();
47
48 if (!is->hasData(vncAuthChallengeSize))
49 return false;
50
51 // Read the challenge & obtain the user's password
52 rdr::U8 challenge[vncAuthChallengeSize];
53 is->readBytes(challenge, vncAuthChallengeSize);
54 PlainPasswd passwd;
55 (CSecurity::upg)->getUserPasswd(cc->isSecure(), 0, &passwd.buf);
56
57 // Calculate the correct response
58 rdr::U8 key[8];
59 int pwdLen = strlen(passwd.buf);
60 for (int i=0; i<8; i++)
61 key[i] = i<pwdLen ? passwd.buf[i] : 0;
62 deskey(key, EN0);
63 for (int j = 0; j < vncAuthChallengeSize; j += 8)
64 des(challenge+j, challenge+j);
65
66 // Return the response to the server
67 os->writeBytes(challenge, vncAuthChallengeSize);
68 os->flush();
69 return true;
70 }
71