/* * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. * * This is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ /* * vncauth.c - Functions for VNC password management and authentication. */ #ifdef __STRICT_ANSI__ #define _BSD_SOURCE #define _POSIX_SOURCE #define _XOPEN_SOURCE 600 #endif #ifdef LIBVNCSERVER_HAVE_SYS_TYPES_H #include #endif #include #include #include #include #include "d3des.h" #include #include #ifdef LIBVNCSERVER_HAVE_SYS_STAT_H #include #endif #include #ifdef WIN32 #define srandom srand #define random rand #else #include #endif /* libvncclient does not need this */ #ifndef rfbEncryptBytes /* * We use a fixed key to store passwords, since we assume that our local * file system is secure but nonetheless don't want to store passwords * as plaintext. */ static unsigned char fixedkey[8] = {23,82,107,6,35,78,88,7}; /* * Encrypt a password and store it in a file. Returns 0 if successful, * 1 if the file could not be written. */ int rfbEncryptAndStorePasswd(char *passwd, char *fname) { FILE *fp; unsigned int i; unsigned char encryptedPasswd[8]; if ((fp = fopen(fname,"w")) == NULL) return 1; /* windows security sux */ #ifndef WIN32 fchmod(fileno(fp), S_IRUSR|S_IWUSR); #endif /* pad password with nulls */ for (i = 0; i < 8; i++) { if (i < strlen(passwd)) { encryptedPasswd[i] = passwd[i]; } else { encryptedPasswd[i] = 0; } } /* Do encryption in-place - this way we overwrite our copy of the plaintext password */ rfbDesKey(fixedkey, EN0); rfbDes(encryptedPasswd, encryptedPasswd); for (i = 0; i < 8; i++) { putc(encryptedPasswd[i], fp); } fclose(fp); return 0; } /* * Decrypt a password from a file. Returns a pointer to a newly allocated * string containing the password or a null pointer if the password could * not be retrieved for some reason. */ char * rfbDecryptPasswdFromFile(char *fname) { FILE *fp; int i, ch; unsigned char *passwd = (unsigned char *)malloc(9); if ((fp = fopen(fname,"r")) == NULL) { free(passwd); return NULL; } for (i = 0; i < 8; i++) { ch = getc(fp); if (ch == EOF) { fclose(fp); free(passwd); return NULL; } passwd[i] = ch; } fclose(fp); rfbDesKey(fixedkey, DE1); rfbDes(passwd, passwd); passwd[8] = 0; return (char *)passwd; } /* * Generate CHALLENGESIZE random bytes for use in challenge-response * authentication. */ void rfbRandomBytes(unsigned char *bytes) { int i; static rfbBool s_srandom_called = FALSE; if (!s_srandom_called) { srandom((unsigned int)time(NULL) ^ (unsigned int)getpid()); s_srandom_called = TRUE; } for (i = 0; i < CHALLENGESIZE; i++) { bytes[i] = (unsigned char)(random() & 255); } } #endif /* * Encrypt CHALLENGESIZE bytes in memory using a password. */ void rfbEncryptBytes(unsigned char *bytes, char *passwd) { unsigned char key[8]; unsigned int i; /* key is simply password padded with nulls */ for (i = 0; i < 8; i++) { if (i < strlen(passwd)) { key[i] = passwd[i]; } else { key[i] = 0; } } rfbDesKey(key, EN0); for (i = 0; i < CHALLENGESIZE; i += 8) { rfbDes(bytes+i, bytes+i); } } void rfbEncryptBytes2(unsigned char *where, const int length, unsigned char *key) { int i, j; rfbDesKey(key, EN0); for (i = 0; i< 8; i++) where[i] ^= key[i]; rfbDes(where, where); for (i = 8; i < length; i += 8) { for (j = 0; j < 8; j++) where[i + j] ^= where[i + j - 8]; rfbDes(where + i, where + i); } }