mirror of
https://github.com/KDE/krfb
synced 2026-07-01 15:51:18 -07:00
Prompt User only when client is authenticated
FIXED: Krfb prompts user about incoming connection before authentication ADDED: Krfb prompts user depending upon password used by client
This commit is contained in:
@@ -18,6 +18,7 @@
|
||||
You should have received a copy of the GNU Lesser General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include "rfb.h"
|
||||
#include "invitationsrfbclient.h"
|
||||
#include "invitationsrfbserver.h"
|
||||
#include "krfbconfig.h"
|
||||
@@ -25,33 +26,48 @@
|
||||
#include "connectiondialog.h"
|
||||
#include <KNotification>
|
||||
#include <KLocale>
|
||||
#include <QtCore/QSocketNotifier>
|
||||
#include <poll.h>
|
||||
|
||||
bool InvitationsRfbClient::checkPassword(const QByteArray & encryptedPassword)
|
||||
struct PendingInvitationsRfbClient::Private
|
||||
{
|
||||
QByteArray password ;
|
||||
kDebug() << "about to start autentication";
|
||||
Private(rfbClientPtr client) :
|
||||
client(client),
|
||||
askOnConnect(true)
|
||||
{}
|
||||
|
||||
if(InvitationsRfbServer::instance->allowUnattendedAccess() && vncAuthCheckPassword(
|
||||
InvitationsRfbServer::instance->unattendedPassword().toLocal8Bit(),
|
||||
encryptedPassword) ) {
|
||||
return true;
|
||||
}
|
||||
rfbClientPtr client;
|
||||
QSocketNotifier *notifier;
|
||||
bool askOnConnect;
|
||||
};
|
||||
|
||||
return vncAuthCheckPassword(
|
||||
InvitationsRfbServer::instance->desktopPassword().toLocal8Bit(),
|
||||
encryptedPassword);
|
||||
PendingInvitationsRfbClient::PendingInvitationsRfbClient(rfbClientPtr client, QObject *parent) :
|
||||
PendingRfbClient(client, parent),
|
||||
d(new Private(client))
|
||||
{
|
||||
d->notifier = new QSocketNotifier(client->sock, QSocketNotifier::Read, this);
|
||||
d->notifier->setEnabled(true);
|
||||
connect(d->notifier, SIGNAL(activated(int)),
|
||||
this, SLOT(onSocketActivated()));
|
||||
}
|
||||
|
||||
PendingInvitationsRfbClient::~PendingInvitationsRfbClient()
|
||||
{
|
||||
delete d;
|
||||
}
|
||||
|
||||
void PendingInvitationsRfbClient::processNewClient()
|
||||
{
|
||||
QString host = peerAddress(m_rfbClient->sock) + ":" + QString::number(peerPort(m_rfbClient->sock));
|
||||
|
||||
if (InvitationsRfbServer::instance->allowUnattendedAccess()) {
|
||||
if (d->askOnConnect == false) {
|
||||
|
||||
KNotification::event("NewConnectionAutoAccepted",
|
||||
i18n("Accepted connection from %1", host));
|
||||
accept(new InvitationsRfbClient(m_rfbClient, parent()));
|
||||
|
||||
} else {
|
||||
|
||||
KNotification::event("NewConnectionOnHold",
|
||||
i18n("Received connection from %1, on hold (waiting for confirmation)",
|
||||
host));
|
||||
@@ -67,6 +83,59 @@ void PendingInvitationsRfbClient::processNewClient()
|
||||
}
|
||||
}
|
||||
|
||||
static void clientGoneHookNoop(rfbClientPtr cl) { Q_UNUSED(cl); }
|
||||
|
||||
void PendingInvitationsRfbClient::onSocketActivated()
|
||||
{
|
||||
//Process not only one, but all pending messages.
|
||||
//poll() idea/code copied from vino:
|
||||
// Copyright (C) 2003 Sun Microsystems, Inc.
|
||||
// License: GPL v2 or later
|
||||
struct pollfd pollfd = { d->client->sock, POLLIN|POLLPRI, 0 };
|
||||
|
||||
while(poll(&pollfd, 1, 0) == 1) {
|
||||
|
||||
if(d->client->state == rfbClientRec::RFB_INITIALISATION) {
|
||||
d->notifier->setEnabled(false);
|
||||
//Client is Authenticated
|
||||
processNewClient();
|
||||
break;
|
||||
}
|
||||
rfbProcessClientMessage(d->client);
|
||||
|
||||
//This is how we handle disconnection.
|
||||
//if rfbProcessClientMessage() finds out that it can't read the socket,
|
||||
//it closes it and sets it to -1. So, we just have to check this here
|
||||
//and call rfbClientConnectionGone() if necessary. This will call
|
||||
//the clientGoneHook which in turn will remove this RfbClient instance
|
||||
//from the server manager and will call deleteLater() to delete it
|
||||
if (d->client->sock == -1) {
|
||||
d->client->clientGoneHook = clientGoneHookNoop;
|
||||
kDebug() << "disconnected from socket signal";
|
||||
d->notifier->setEnabled(false);
|
||||
rfbClientConnectionGone(d->client);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
bool PendingInvitationsRfbClient::checkPassword(const QByteArray & encryptedPassword)
|
||||
{
|
||||
QByteArray password ;
|
||||
kDebug() << "about to start autentication";
|
||||
|
||||
if(InvitationsRfbServer::instance->allowUnattendedAccess() && vncAuthCheckPassword(
|
||||
InvitationsRfbServer::instance->unattendedPassword().toLocal8Bit(),
|
||||
encryptedPassword) ) {
|
||||
d->askOnConnect = false;
|
||||
return true;
|
||||
}
|
||||
|
||||
return vncAuthCheckPassword(
|
||||
InvitationsRfbServer::instance->desktopPassword().toLocal8Bit(),
|
||||
encryptedPassword);
|
||||
}
|
||||
|
||||
void PendingInvitationsRfbClient::dialogAccepted()
|
||||
{
|
||||
InvitationsConnectionDialog *dialog = qobject_cast<InvitationsConnectionDialog *>(sender());
|
||||
|
||||
@@ -25,9 +25,6 @@ class InvitationsRfbClient : public RfbClient
|
||||
public:
|
||||
InvitationsRfbClient(rfbClientPtr client, QObject* parent = 0)
|
||||
: RfbClient(client, parent) {}
|
||||
|
||||
protected:
|
||||
virtual bool checkPassword(const QByteArray & encryptedPassword);
|
||||
};
|
||||
|
||||
|
||||
@@ -35,14 +32,20 @@ class PendingInvitationsRfbClient : public PendingRfbClient
|
||||
{
|
||||
Q_OBJECT
|
||||
public:
|
||||
PendingInvitationsRfbClient(rfbClientPtr client, QObject *parent = 0)
|
||||
: PendingRfbClient(client, parent) {}
|
||||
PendingInvitationsRfbClient(rfbClientPtr client, QObject *parent = 0);
|
||||
virtual ~PendingInvitationsRfbClient();
|
||||
|
||||
protected Q_SLOTS:
|
||||
virtual void processNewClient();
|
||||
virtual void onSocketActivated();
|
||||
virtual bool checkPassword(const QByteArray & encryptedPassword);
|
||||
|
||||
private Q_SLOTS:
|
||||
void dialogAccepted();
|
||||
|
||||
private:
|
||||
struct Private;
|
||||
Private* const d;
|
||||
};
|
||||
|
||||
#endif // INVITATIONSRFBCLIENT_H
|
||||
|
||||
@@ -117,34 +117,6 @@ void RfbClient::handleMouseEvent(int buttonMask, int x, int y)
|
||||
}
|
||||
}
|
||||
|
||||
bool RfbClient::checkPassword(const QByteArray & encryptedPassword)
|
||||
{
|
||||
Q_UNUSED(encryptedPassword);
|
||||
|
||||
return d->client->screen->authPasswdData == (void*)0;
|
||||
}
|
||||
|
||||
bool RfbClient::vncAuthCheckPassword(const QByteArray& password, const QByteArray& encryptedPassword) const
|
||||
{
|
||||
if (password.isEmpty() && encryptedPassword.isEmpty()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
char passwd[MAXPWLEN];
|
||||
unsigned char challenge[CHALLENGESIZE];
|
||||
|
||||
memcpy(challenge, d->client->authChallenge, CHALLENGESIZE);
|
||||
bzero(passwd, MAXPWLEN);
|
||||
|
||||
if (!password.isEmpty()) {
|
||||
strncpy(passwd, password,
|
||||
(MAXPWLEN <= password.size()) ? MAXPWLEN : password.size());
|
||||
}
|
||||
|
||||
rfbEncryptBytes(challenge, passwd);
|
||||
return memcmp(challenge, encryptedPassword, encryptedPassword.size()) == 0;
|
||||
}
|
||||
|
||||
void RfbClient::onSocketActivated()
|
||||
{
|
||||
//Process not only one, but all pending messages.
|
||||
@@ -193,14 +165,11 @@ void RfbClient::update()
|
||||
PendingRfbClient::PendingRfbClient(rfbClientPtr client, QObject *parent)
|
||||
: QObject(parent), m_rfbClient(client)
|
||||
{
|
||||
kDebug();
|
||||
QMetaObject::invokeMethod(this, "processNewClient", Qt::QueuedConnection);
|
||||
m_rfbClient->clientData = this;
|
||||
}
|
||||
|
||||
PendingRfbClient::~PendingRfbClient()
|
||||
{
|
||||
kDebug();
|
||||
}
|
||||
{}
|
||||
|
||||
void PendingRfbClient::accept(RfbClient *newClient)
|
||||
{
|
||||
@@ -228,5 +197,32 @@ void PendingRfbClient::reject()
|
||||
deleteLater();
|
||||
}
|
||||
|
||||
bool PendingRfbClient::checkPassword(const QByteArray & encryptedPassword)
|
||||
{
|
||||
Q_UNUSED(encryptedPassword);
|
||||
|
||||
return m_rfbClient->screen->authPasswdData == (void*)0;
|
||||
}
|
||||
|
||||
bool PendingRfbClient::vncAuthCheckPassword(const QByteArray& password, const QByteArray& encryptedPassword) const
|
||||
{
|
||||
if (password.isEmpty() && encryptedPassword.isEmpty()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
char passwd[MAXPWLEN];
|
||||
unsigned char challenge[CHALLENGESIZE];
|
||||
|
||||
memcpy(challenge, m_rfbClient->authChallenge, CHALLENGESIZE);
|
||||
bzero(passwd, MAXPWLEN);
|
||||
|
||||
if (!password.isEmpty()) {
|
||||
strncpy(passwd, password,
|
||||
(MAXPWLEN <= password.size()) ? MAXPWLEN : password.size());
|
||||
}
|
||||
|
||||
rfbEncryptBytes(challenge, passwd);
|
||||
return memcmp(challenge, encryptedPassword, encryptedPassword.size()) == 0;
|
||||
}
|
||||
|
||||
#include "rfbclient.moc"
|
||||
|
||||
@@ -54,20 +54,6 @@ protected:
|
||||
virtual void handleKeyboardEvent(bool down, rfbKeySym keySym);
|
||||
virtual void handleMouseEvent(int buttonMask, int x, int y);
|
||||
|
||||
/** This method is supposed to check if the provided \a encryptedPassword
|
||||
* matches the criteria for authenticating the client.
|
||||
* The default implementation returns false if a password is required.
|
||||
* Reimplement to do more useful stuff.
|
||||
*/
|
||||
virtual bool checkPassword(const QByteArray & encryptedPassword);
|
||||
|
||||
/** This method checks if the \a encryptedPassword that was sent from the remote
|
||||
* user matches the \a password that you have specified localy to be the password
|
||||
* for this connection. This assumes that the standard VNC authentication mechanism
|
||||
* is used. Returns true if the password matches or false otherwise.
|
||||
*/
|
||||
bool vncAuthCheckPassword(const QByteArray & password, const QByteArray & encryptedPassword) const;
|
||||
|
||||
private Q_SLOTS:
|
||||
void onSocketActivated();
|
||||
|
||||
@@ -99,6 +85,23 @@ protected Q_SLOTS:
|
||||
void reject();
|
||||
|
||||
protected:
|
||||
|
||||
friend class RfbServer; //Following two methods are handled by RfbServer
|
||||
|
||||
/** This method is supposed to check if the provided \a encryptedPassword
|
||||
* matches the criteria for authenticating the client.
|
||||
* The default implementation returns false if a password is required.
|
||||
* Reimplement to do more useful stuff.
|
||||
*/
|
||||
virtual bool checkPassword(const QByteArray & encryptedPassword);
|
||||
|
||||
/** This method checks if the \a encryptedPassword that was sent from the remote
|
||||
* user matches the \a password that you have specified localy to be the password
|
||||
* for this connection. This assumes that the standard VNC authentication mechanism
|
||||
* is used. Returns true if the password matches or false otherwise.
|
||||
*/
|
||||
bool vncAuthCheckPassword(const QByteArray & password, const QByteArray & encryptedPassword) const;
|
||||
|
||||
rfbClientPtr m_rfbClient;
|
||||
};
|
||||
|
||||
|
||||
@@ -241,7 +241,8 @@ void RfbServer::clientGoneHook(rfbClientPtr cl)
|
||||
//static
|
||||
rfbBool RfbServer::passwordCheck(rfbClientPtr cl, const char *encryptedPassword, int len)
|
||||
{
|
||||
RfbClient *client = static_cast<RfbClient*>(cl->clientData);
|
||||
PendingRfbClient *client = static_cast<PendingRfbClient*>(cl->clientData);
|
||||
Q_ASSERT(client);
|
||||
return client->checkPassword(QByteArray::fromRawData(encryptedPassword, len));
|
||||
}
|
||||
|
||||
|
||||
@@ -27,6 +27,14 @@ QString TubesRfbClient::name() const
|
||||
return m_contact->alias();
|
||||
}
|
||||
|
||||
//********
|
||||
|
||||
PendingTubesRfbClient::PendingTubesRfbClient(rfbClientPtr client, QObject* parent) :
|
||||
PendingRfbClient(client, parent),
|
||||
m_processNewClientCalled(false)
|
||||
{
|
||||
processNewClient();
|
||||
}
|
||||
|
||||
void PendingTubesRfbClient::setContact(const Tp::ContactPtr & contact)
|
||||
{
|
||||
|
||||
@@ -24,8 +24,10 @@
|
||||
class TubesRfbClient : public RfbClient
|
||||
{
|
||||
public:
|
||||
TubesRfbClient(rfbClientPtr client, const Tp::ContactPtr & contact, QObject* parent = 0)
|
||||
: RfbClient(client, parent), m_contact(contact) {}
|
||||
TubesRfbClient(rfbClientPtr client,
|
||||
const Tp::ContactPtr &contact, QObject *parent=0)
|
||||
: RfbClient(client, parent), m_contact(contact)
|
||||
{}
|
||||
|
||||
virtual QString name() const;
|
||||
|
||||
@@ -33,13 +35,13 @@ private:
|
||||
Tp::ContactPtr m_contact;
|
||||
};
|
||||
|
||||
//*********
|
||||
|
||||
class PendingTubesRfbClient : public PendingRfbClient
|
||||
{
|
||||
Q_OBJECT
|
||||
public:
|
||||
PendingTubesRfbClient(rfbClientPtr client, QObject* parent = 0)
|
||||
: PendingRfbClient(client, parent), m_processNewClientCalled(false) {}
|
||||
PendingTubesRfbClient(rfbClientPtr client, QObject* parent = 0);
|
||||
|
||||
void setContact(const Tp::ContactPtr & contact);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user