342 lines
8.0 KiB
Go
342 lines
8.0 KiB
Go
package vnc
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/des"
|
|
"encoding/binary"
|
|
"fmt"
|
|
)
|
|
|
|
type SecurityType uint8
|
|
|
|
const (
|
|
SecTypeUnknown = SecurityType(0)
|
|
SecTypeNone = SecurityType(1)
|
|
SecTypeVNC = SecurityType(2)
|
|
SecTypeTight = SecurityType(16)
|
|
SecTypeATEN = SecurityType(16)
|
|
SecTypeVeNCrypt = SecurityType(19)
|
|
)
|
|
|
|
type SecuritySubType uint32
|
|
|
|
const (
|
|
SecSubTypeUnknown = SecuritySubType(0)
|
|
)
|
|
|
|
const (
|
|
SecSubTypeVeNCrypt01Unknown = SecuritySubType(0)
|
|
SecSubTypeVeNCrypt01Plain = SecuritySubType(19)
|
|
SecSubTypeVeNCrypt01TLSNone = SecuritySubType(20)
|
|
SecSubTypeVeNCrypt01TLSVNC = SecuritySubType(21)
|
|
SecSubTypeVeNCrypt01TLSPlain = SecuritySubType(22)
|
|
SecSubTypeVeNCrypt01X509None = SecuritySubType(23)
|
|
SecSubTypeVeNCrypt01X509VNC = SecuritySubType(24)
|
|
SecSubTypeVeNCrypt01X509Plain = SecuritySubType(25)
|
|
)
|
|
|
|
const (
|
|
SecSubTypeVeNCrypt02Unknown = SecuritySubType(0)
|
|
SecSubTypeVeNCrypt02Plain = SecuritySubType(256)
|
|
SecSubTypeVeNCrypt02TLSNone = SecuritySubType(257)
|
|
SecSubTypeVeNCrypt02TLSVNC = SecuritySubType(258)
|
|
SecSubTypeVeNCrypt02TLSPlain = SecuritySubType(259)
|
|
SecSubTypeVeNCrypt02X509None = SecuritySubType(260)
|
|
SecSubTypeVeNCrypt02X509VNC = SecuritySubType(261)
|
|
SecSubTypeVeNCrypt02X509Plain = SecuritySubType(262)
|
|
)
|
|
|
|
type SecurityHandler interface {
|
|
Type() SecurityType
|
|
SubType() SecuritySubType
|
|
Auth(Conn) error
|
|
}
|
|
|
|
type ClientAuthNone struct{}
|
|
|
|
func (*ClientAuthNone) Type() SecurityType {
|
|
return SecTypeNone
|
|
}
|
|
|
|
func (*ClientAuthNone) SubType() SecuritySubType {
|
|
return SecSubTypeUnknown
|
|
}
|
|
|
|
func (*ClientAuthNone) Auth(conn Conn) error {
|
|
return nil
|
|
}
|
|
|
|
// ServerAuthNone is the "none" authentication. See 7.2.1.
|
|
type ServerAuthNone struct{}
|
|
|
|
func (*ServerAuthNone) Type() SecurityType {
|
|
return SecTypeNone
|
|
}
|
|
|
|
func (*ServerAuthNone) Auth(c Conn) error {
|
|
return nil
|
|
}
|
|
|
|
type ClientAuthATEN struct {
|
|
Username []byte
|
|
Password []byte
|
|
}
|
|
|
|
func readTightTunnels(c Conn) (uint32, error) {
|
|
var n uint32
|
|
if err := binary.Read(c, binary.BigEndian, &n); err != nil {
|
|
return 0, err
|
|
}
|
|
return n, nil
|
|
}
|
|
|
|
func (*ClientAuthATEN) Type() SecurityType {
|
|
return SecTypeATEN
|
|
}
|
|
|
|
func (*ClientAuthATEN) SubType() SecuritySubType {
|
|
return SecSubTypeUnknown
|
|
}
|
|
|
|
func charCodeAt(s string, n int) rune {
|
|
for i, r := range s {
|
|
if i == n {
|
|
return r
|
|
}
|
|
}
|
|
return 0
|
|
}
|
|
|
|
func (auth *ClientAuthATEN) Auth(c Conn) error {
|
|
var definedAuthLen = 24
|
|
|
|
nt, err := readTightTunnels(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if (nt&0xffff0ff0)>>0 == 0xaff90fb0 {
|
|
fmt.Printf("aten\n")
|
|
var skip [20]byte
|
|
binary.Read(c, binary.BigEndian, &skip)
|
|
fmt.Printf("skip %s\n", skip)
|
|
}
|
|
/*
|
|
if len(auth.Username) > 24 || len(auth.Password) > 24 {
|
|
return fmt.Errorf("username/password > 24")
|
|
}
|
|
|
|
username := make([]byte, 24-len(auth.Username)+1)
|
|
password := make([]byte, 24-len(auth.Password)+1)
|
|
copy(username, auth.Username)
|
|
copy(password, auth.Password)
|
|
username = append(username, []byte("\x00")...)
|
|
password = append(password, []byte("\x00")...)
|
|
challenge := bytes.Join([][]byte{username, password}, []byte(":"))
|
|
if err := binary.Write(c, binary.BigEndian, challenge); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := c.Flush(); err != nil {
|
|
return err
|
|
}
|
|
*/
|
|
sendUsername := make([]byte, definedAuthLen)
|
|
for i := 0; i < definedAuthLen; i++ {
|
|
if i < len(auth.Username) {
|
|
sendUsername[i] = byte(charCodeAt(string(auth.Username), i))
|
|
} else {
|
|
sendUsername[i] = 0
|
|
}
|
|
}
|
|
|
|
sendPassword := make([]byte, definedAuthLen)
|
|
|
|
for i := 0; i < definedAuthLen; i++ {
|
|
if i < len(auth.Password) {
|
|
sendPassword[i] = byte(charCodeAt(string(auth.Password), i))
|
|
} else {
|
|
sendPassword[i] = 0
|
|
}
|
|
}
|
|
if err := binary.Write(c, binary.BigEndian, sendUsername); err != nil {
|
|
return err
|
|
}
|
|
if err := binary.Write(c, binary.BigEndian, sendPassword); err != nil {
|
|
return err
|
|
}
|
|
return c.Flush()
|
|
}
|
|
|
|
func (*ClientAuthVeNCrypt02Plain) Type() SecurityType {
|
|
return SecTypeVeNCrypt
|
|
}
|
|
|
|
func (*ClientAuthVeNCrypt02Plain) SubType() SecuritySubType {
|
|
return SecSubTypeVeNCrypt02Plain
|
|
}
|
|
|
|
// ClientAuthVeNCryptPlain see https://www.berrange.com/~dan/vencrypt.txt
|
|
type ClientAuthVeNCrypt02Plain struct {
|
|
Username []byte
|
|
Password []byte
|
|
}
|
|
|
|
func (auth *ClientAuthVeNCrypt02Plain) Auth(c Conn) error {
|
|
if err := binary.Write(c, binary.BigEndian, []uint8{0, 2}); err != nil {
|
|
return err
|
|
}
|
|
if err := c.Flush(); err != nil {
|
|
return err
|
|
}
|
|
var (
|
|
major, minor uint8
|
|
)
|
|
|
|
if err := binary.Read(c, binary.BigEndian, &major); err != nil {
|
|
return err
|
|
}
|
|
if err := binary.Read(c, binary.BigEndian, &minor); err != nil {
|
|
return err
|
|
}
|
|
res := uint8(1)
|
|
if major == 0 && minor == 2 {
|
|
res = uint8(0)
|
|
}
|
|
if err := binary.Write(c, binary.BigEndian, res); err != nil {
|
|
return err
|
|
}
|
|
c.Flush()
|
|
if err := binary.Write(c, binary.BigEndian, uint8(1)); err != nil {
|
|
return err
|
|
}
|
|
if err := binary.Write(c, binary.BigEndian, auth.SubType()); err != nil {
|
|
return err
|
|
}
|
|
if err := c.Flush(); err != nil {
|
|
return err
|
|
}
|
|
var secType SecuritySubType
|
|
if err := binary.Read(c, binary.BigEndian, &secType); err != nil {
|
|
return err
|
|
}
|
|
if secType != auth.SubType() {
|
|
binary.Write(c, binary.BigEndian, uint8(1))
|
|
c.Flush()
|
|
return fmt.Errorf("invalid sectype")
|
|
}
|
|
if len(auth.Password) == 0 || len(auth.Username) == 0 {
|
|
return fmt.Errorf("Security Handshake failed; no username and/or password provided for VeNCryptAuth.")
|
|
}
|
|
/*
|
|
if err := binary.Write(c, binary.BigEndian, uint32(len(auth.Username))); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := binary.Write(c, binary.BigEndian, uint32(len(auth.Password))); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := binary.Write(c, binary.BigEndian, auth.Username); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := binary.Write(c, binary.BigEndian, auth.Password); err != nil {
|
|
return err
|
|
}
|
|
*/
|
|
var (
|
|
uLength, pLength uint32
|
|
)
|
|
if err := binary.Read(c, binary.BigEndian, &uLength); err != nil {
|
|
return err
|
|
}
|
|
if err := binary.Read(c, binary.BigEndian, &pLength); err != nil {
|
|
return err
|
|
}
|
|
|
|
username := make([]byte, uLength)
|
|
password := make([]byte, pLength)
|
|
if err := binary.Read(c, binary.BigEndian, &username); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := binary.Read(c, binary.BigEndian, &password); err != nil {
|
|
return err
|
|
}
|
|
if !bytes.Equal(auth.Username, username) || !bytes.Equal(auth.Password, password) {
|
|
return fmt.Errorf("invalid username/password")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ServerAuthVNC is the standard password authentication. See 7.2.2.
|
|
type ServerAuthVNC struct{}
|
|
|
|
func (*ServerAuthVNC) Type() SecurityType {
|
|
return SecTypeVNC
|
|
}
|
|
func (*ServerAuthVNC) SubType() SecuritySubType {
|
|
return SecSubTypeUnknown
|
|
}
|
|
|
|
func (auth *ServerAuthVNC) Auth(c Conn) error {
|
|
return nil
|
|
}
|
|
|
|
// ClientAuthVNC is the standard password authentication. See 7.2.2.
|
|
type ClientAuthVNC struct {
|
|
Challenge [16]byte
|
|
Password []byte
|
|
}
|
|
|
|
func (*ClientAuthVNC) Type() SecurityType {
|
|
return SecTypeVNC
|
|
}
|
|
func (*ClientAuthVNC) SubType() SecuritySubType {
|
|
return SecSubTypeUnknown
|
|
}
|
|
|
|
func (auth *ClientAuthVNC) Auth(c Conn) error {
|
|
if len(auth.Password) == 0 {
|
|
return fmt.Errorf("Security Handshake failed; no password provided for VNCAuth.")
|
|
}
|
|
|
|
if err := binary.Read(c, binary.BigEndian, auth.Challenge); err != nil {
|
|
return err
|
|
}
|
|
|
|
auth.encode()
|
|
|
|
// Send the encrypted challenge back to server
|
|
if err := binary.Write(c, binary.BigEndian, auth.Challenge); err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.Flush()
|
|
}
|
|
|
|
func (auth *ClientAuthVNC) encode() error {
|
|
// Copy password string to 8 byte 0-padded slice
|
|
key := make([]byte, 8)
|
|
copy(key, auth.Password)
|
|
|
|
// Each byte of the password needs to be reversed. This is a
|
|
// non RFC-documented behaviour of VNC clients and servers
|
|
for i := range key {
|
|
key[i] = (key[i]&0x55)<<1 | (key[i]&0xAA)>>1 // Swap adjacent bits
|
|
key[i] = (key[i]&0x33)<<2 | (key[i]&0xCC)>>2 // Swap adjacent pairs
|
|
key[i] = (key[i]&0x0F)<<4 | (key[i]&0xF0)>>4 // Swap the 2 halves
|
|
}
|
|
|
|
// Encrypt challenge with key.
|
|
cipher, err := des.NewCipher(key)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for i := 0; i < len(auth.Challenge); i += cipher.BlockSize() {
|
|
cipher.Encrypt(auth.Challenge[i:i+cipher.BlockSize()], auth.Challenge[i:i+cipher.BlockSize()])
|
|
}
|
|
|
|
return nil
|
|
}
|