tightvnc  1.3.10
About: TightVNC is an enhanced version of VNC (Virtual Network Computing), allowing remote network access to graphical desktops.
  Fossies Dox: tightvnc-1.3.10_unixsrc.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros
vncauth.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
3  *
4  * This is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This software is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17  * USA.
18  */
19 
20 /*
21  * vncauth.c - Functions for VNC password management and authentication.
22  */
23 
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
29 #include <unistd.h>
30 #include <vncauth.h>
31 #include <d3des.h>
32 
33 
34 /*
35  * Make sure we call srandom() only once.
36  */
37 
38 static int s_srandom_called = 0;
39 
40 /*
41  * We use a fixed key to store passwords, since we assume that our local
42  * file system is secure but nonetheless don't want to store passwords
43  * as plaintext.
44  */
45 
46 static unsigned char s_fixedkey[8] = {23,82,107,6,35,78,88,7};
47 
48 
49 /*
50  * Encrypt a password and store it in a file. Returns 0 if successful,
51  * 1 if the file could not be written.
52  *
53  * NOTE: This function is preserved only for compatibility with the original
54  * AT&T VNC software. Use vncEncryptAndStorePasswd2() instead.
55  */
56 
57 int
58 vncEncryptAndStorePasswd(char *passwd, char *fname)
59 {
60  return (vncEncryptAndStorePasswd2(passwd, NULL, fname) == 0);
61 }
62 
63 /*
64  * Encrypt one or two passwords and store them in a file. Returns 1 if
65  * successful, 0 if the file could not be written (note that the original
66  * vncEncryptAndStorePasswd() function returns inverse values). The
67  * passwdViewOnly pointer may be NULL.
68  *
69  * NOTE: The file name of "-" denotes stdout.
70  */
71 
72 int
73 vncEncryptAndStorePasswd2(char *passwd, char *passwdViewOnly, char *fname)
74 {
75  FILE *fp;
76  int i, bytesToWrite, bytesWrote;
77  unsigned char encryptedPasswd[16] = {
78  0,0,0,0,0,0,0,0,
79  0,0,0,0,0,0,0,0
80  };
81 
82  if (strcmp(fname, "-") != 0) {
83  fp = fopen(fname, "w");
84  if (fp == NULL) {
85  return 0;
86  }
87  chmod(fname, S_IRUSR|S_IWUSR);
88  } else {
89  fp = stdout;
90  }
91 
92  strncpy(encryptedPasswd, passwd, 8);
93  if (passwdViewOnly != NULL)
94  strncpy(encryptedPasswd + 8, passwdViewOnly, 8);
95 
96  /* Do encryption in-place - this way we overwrite our copies of
97  plaintext passwords. */
98 
99  deskey(s_fixedkey, EN0);
100  des(encryptedPasswd, encryptedPasswd);
101  if (passwdViewOnly != NULL)
102  des(encryptedPasswd + 8, encryptedPasswd + 8);
103 
104  bytesToWrite = (passwdViewOnly == NULL) ? 8 : 16;
105  bytesWrote = fwrite(encryptedPasswd, 1, bytesToWrite, fp);
106 
107  if (fp != stdout) {
108  fclose(fp);
109  }
110  return (bytesWrote == bytesToWrite);
111 }
112 
113 
114 /*
115  * Decrypt a password from a file. Returns a pointer to a newly allocated
116  * string containing the password or a null pointer if the password could
117  * not be retrieved for some reason.
118  *
119  * NOTE: This function is preserved only for compatibility with the original
120  * AT&T VNC software. Use vncDecryptPasswdFromFile2() instead.
121  */
122 
123 char *
125 {
126  char *passwd;
127 
128  passwd = malloc(9);
129 
130  if (passwd != NULL) {
131  if (vncDecryptPasswdFromFile2(fname, passwd, NULL) == 0) {
132  free(passwd);
133  passwd = NULL;
134  }
135  }
136 
137  return passwd;
138 }
139 
140 /*
141  * Decrypt one or two passwords from a file. Returns the number of
142  * passwords read (1, 2, or 0 on error). On success, the passwords are
143  * written into buffers passwdFullControl[] and passwdViewOnly[] if
144  * they are not NULL. If the pointers to buffers are not NULL, then
145  * the buffers should be at least of 9 bytes length.
146  */
147 
148 int
150  char *passwdFullControl, char *passwdViewOnly)
151 {
152  FILE *fp;
153  int i, ch;
154  char passwd[16];
155 
156  if (strcmp(fname, "-") != 0) {
157  if ((fp = fopen(fname,"r")) == NULL)
158  return 0; /* Could not open the file */
159  } else {
160  fp = stdin;
161  }
162 
163  for (i = 0; i < 16; i++) {
164  ch = getc(fp);
165  if (ch == EOF)
166  break;
167  passwd[i] = ch;
168  }
169 
170  if (fp != stdin)
171  fclose(fp);
172 
173  if (i < 8)
174  return 0; /* Could not read eight bytes */
175 
176  deskey(s_fixedkey, DE1);
177 
178  /* Decoding first (full-control) password */
179  if (passwdFullControl != NULL) {
180  des(passwd, passwd);
181  memcpy(passwdFullControl, passwd, 8);
182  passwdFullControl[8] = '\0';
183  }
184 
185  /* Decoding second (view-only) password if available */
186  if (i == 16 && passwdViewOnly != NULL) {
187  des(&passwd[8], &passwd[8]);
188  memcpy(passwdViewOnly, &passwd[8], 8);
189  passwdViewOnly[8] = '\0';
190  }
191 
192  /* Destroying our copy of clear-text passwords */
193  memset(passwd, 0, 16);
194 
195  return (i < 16) ? 1 : 2;
196 }
197 
198 
199 /*
200  * Generate CHALLENGESIZE random bytes for use in challenge-response
201  * authentication.
202  */
203 
204 void
205 vncRandomBytes(unsigned char *bytes)
206 {
207  int i;
208  unsigned int seed;
209 
210  if (!s_srandom_called) {
211  seed = (unsigned int)time(0) ^ (unsigned int)getpid();
212  srandom(seed);
213  s_srandom_called = 1;
214  }
215 
216  for (i = 0; i < CHALLENGESIZE; i++) {
217  bytes[i] = (unsigned char)(random() & 255);
218  }
219 }
220 
221 
222 /*
223  * Encrypt CHALLENGESIZE bytes in memory using a password.
224  */
225 
226 void
227 vncEncryptBytes(unsigned char *bytes, char *passwd)
228 {
229  unsigned char key[8];
230  int i;
231 
232  /* key is simply password padded with nulls */
233 
234  for (i = 0; i < 8; i++) {
235  if (i < strlen(passwd)) {
236  key[i] = passwd[i];
237  } else {
238  key[i] = 0;
239  }
240  }
241 
242  deskey(key, EN0);
243 
244  for (i = 0; i < CHALLENGESIZE; i += 8) {
245  des(bytes+i, bytes+i);
246  }
247 }