Prompt User only when client is authenticated

FIXED: Krfb prompts user about incoming connection before authentication
ADDED: Krfb prompts user depending upon password used by client
This commit is contained in:
Amandeep Singh
2013-10-09 00:33:11 +05:30
parent c5c415c042
commit c87064a797
7 changed files with 151 additions and 69 deletions

View File

@@ -18,6 +18,7 @@
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "rfb.h"
#include "invitationsrfbclient.h"
#include "invitationsrfbserver.h"
#include "krfbconfig.h"
@@ -25,33 +26,48 @@
#include "connectiondialog.h"
#include <KNotification>
#include <KLocale>
#include <QtCore/QSocketNotifier>
#include <poll.h>
bool InvitationsRfbClient::checkPassword(const QByteArray & encryptedPassword)
struct PendingInvitationsRfbClient::Private
{
QByteArray password ;
kDebug() << "about to start autentication";
Private(rfbClientPtr client) :
client(client),
askOnConnect(true)
{}
if(InvitationsRfbServer::instance->allowUnattendedAccess() && vncAuthCheckPassword(
InvitationsRfbServer::instance->unattendedPassword().toLocal8Bit(),
encryptedPassword) ) {
return true;
}
rfbClientPtr client;
QSocketNotifier *notifier;
bool askOnConnect;
};
return vncAuthCheckPassword(
InvitationsRfbServer::instance->desktopPassword().toLocal8Bit(),
encryptedPassword);
PendingInvitationsRfbClient::PendingInvitationsRfbClient(rfbClientPtr client, QObject *parent) :
PendingRfbClient(client, parent),
d(new Private(client))
{
d->notifier = new QSocketNotifier(client->sock, QSocketNotifier::Read, this);
d->notifier->setEnabled(true);
connect(d->notifier, SIGNAL(activated(int)),
this, SLOT(onSocketActivated()));
}
PendingInvitationsRfbClient::~PendingInvitationsRfbClient()
{
delete d;
}
void PendingInvitationsRfbClient::processNewClient()
{
QString host = peerAddress(m_rfbClient->sock) + ":" + QString::number(peerPort(m_rfbClient->sock));
if (InvitationsRfbServer::instance->allowUnattendedAccess()) {
if (d->askOnConnect == false) {
KNotification::event("NewConnectionAutoAccepted",
i18n("Accepted connection from %1", host));
accept(new InvitationsRfbClient(m_rfbClient, parent()));
} else {
KNotification::event("NewConnectionOnHold",
i18n("Received connection from %1, on hold (waiting for confirmation)",
host));
@@ -67,6 +83,59 @@ void PendingInvitationsRfbClient::processNewClient()
}
}
static void clientGoneHookNoop(rfbClientPtr cl) { Q_UNUSED(cl); }
void PendingInvitationsRfbClient::onSocketActivated()
{
//Process not only one, but all pending messages.
//poll() idea/code copied from vino:
// Copyright (C) 2003 Sun Microsystems, Inc.
// License: GPL v2 or later
struct pollfd pollfd = { d->client->sock, POLLIN|POLLPRI, 0 };
while(poll(&pollfd, 1, 0) == 1) {
if(d->client->state == rfbClientRec::RFB_INITIALISATION) {
d->notifier->setEnabled(false);
//Client is Authenticated
processNewClient();
break;
}
rfbProcessClientMessage(d->client);
//This is how we handle disconnection.
//if rfbProcessClientMessage() finds out that it can't read the socket,
//it closes it and sets it to -1. So, we just have to check this here
//and call rfbClientConnectionGone() if necessary. This will call
//the clientGoneHook which in turn will remove this RfbClient instance
//from the server manager and will call deleteLater() to delete it
if (d->client->sock == -1) {
d->client->clientGoneHook = clientGoneHookNoop;
kDebug() << "disconnected from socket signal";
d->notifier->setEnabled(false);
rfbClientConnectionGone(d->client);
break;
}
}
}
bool PendingInvitationsRfbClient::checkPassword(const QByteArray & encryptedPassword)
{
QByteArray password ;
kDebug() << "about to start autentication";
if(InvitationsRfbServer::instance->allowUnattendedAccess() && vncAuthCheckPassword(
InvitationsRfbServer::instance->unattendedPassword().toLocal8Bit(),
encryptedPassword) ) {
d->askOnConnect = false;
return true;
}
return vncAuthCheckPassword(
InvitationsRfbServer::instance->desktopPassword().toLocal8Bit(),
encryptedPassword);
}
void PendingInvitationsRfbClient::dialogAccepted()
{
InvitationsConnectionDialog *dialog = qobject_cast<InvitationsConnectionDialog *>(sender());

View File

@@ -25,9 +25,6 @@ class InvitationsRfbClient : public RfbClient
public:
InvitationsRfbClient(rfbClientPtr client, QObject* parent = 0)
: RfbClient(client, parent) {}
protected:
virtual bool checkPassword(const QByteArray & encryptedPassword);
};
@@ -35,14 +32,20 @@ class PendingInvitationsRfbClient : public PendingRfbClient
{
Q_OBJECT
public:
PendingInvitationsRfbClient(rfbClientPtr client, QObject *parent = 0)
: PendingRfbClient(client, parent) {}
PendingInvitationsRfbClient(rfbClientPtr client, QObject *parent = 0);
virtual ~PendingInvitationsRfbClient();
protected Q_SLOTS:
virtual void processNewClient();
virtual void onSocketActivated();
virtual bool checkPassword(const QByteArray & encryptedPassword);
private Q_SLOTS:
void dialogAccepted();
private:
struct Private;
Private* const d;
};
#endif // INVITATIONSRFBCLIENT_H

View File

@@ -117,34 +117,6 @@ void RfbClient::handleMouseEvent(int buttonMask, int x, int y)
}
}
bool RfbClient::checkPassword(const QByteArray & encryptedPassword)
{
Q_UNUSED(encryptedPassword);
return d->client->screen->authPasswdData == (void*)0;
}
bool RfbClient::vncAuthCheckPassword(const QByteArray& password, const QByteArray& encryptedPassword) const
{
if (password.isEmpty() && encryptedPassword.isEmpty()) {
return true;
}
char passwd[MAXPWLEN];
unsigned char challenge[CHALLENGESIZE];
memcpy(challenge, d->client->authChallenge, CHALLENGESIZE);
bzero(passwd, MAXPWLEN);
if (!password.isEmpty()) {
strncpy(passwd, password,
(MAXPWLEN <= password.size()) ? MAXPWLEN : password.size());
}
rfbEncryptBytes(challenge, passwd);
return memcmp(challenge, encryptedPassword, encryptedPassword.size()) == 0;
}
void RfbClient::onSocketActivated()
{
//Process not only one, but all pending messages.
@@ -193,14 +165,11 @@ void RfbClient::update()
PendingRfbClient::PendingRfbClient(rfbClientPtr client, QObject *parent)
: QObject(parent), m_rfbClient(client)
{
kDebug();
QMetaObject::invokeMethod(this, "processNewClient", Qt::QueuedConnection);
m_rfbClient->clientData = this;
}
PendingRfbClient::~PendingRfbClient()
{
kDebug();
}
{}
void PendingRfbClient::accept(RfbClient *newClient)
{
@@ -228,5 +197,32 @@ void PendingRfbClient::reject()
deleteLater();
}
bool PendingRfbClient::checkPassword(const QByteArray & encryptedPassword)
{
Q_UNUSED(encryptedPassword);
return m_rfbClient->screen->authPasswdData == (void*)0;
}
bool PendingRfbClient::vncAuthCheckPassword(const QByteArray& password, const QByteArray& encryptedPassword) const
{
if (password.isEmpty() && encryptedPassword.isEmpty()) {
return true;
}
char passwd[MAXPWLEN];
unsigned char challenge[CHALLENGESIZE];
memcpy(challenge, m_rfbClient->authChallenge, CHALLENGESIZE);
bzero(passwd, MAXPWLEN);
if (!password.isEmpty()) {
strncpy(passwd, password,
(MAXPWLEN <= password.size()) ? MAXPWLEN : password.size());
}
rfbEncryptBytes(challenge, passwd);
return memcmp(challenge, encryptedPassword, encryptedPassword.size()) == 0;
}
#include "rfbclient.moc"

View File

@@ -54,20 +54,6 @@ protected:
virtual void handleKeyboardEvent(bool down, rfbKeySym keySym);
virtual void handleMouseEvent(int buttonMask, int x, int y);
/** This method is supposed to check if the provided \a encryptedPassword
* matches the criteria for authenticating the client.
* The default implementation returns false if a password is required.
* Reimplement to do more useful stuff.
*/
virtual bool checkPassword(const QByteArray & encryptedPassword);
/** This method checks if the \a encryptedPassword that was sent from the remote
* user matches the \a password that you have specified localy to be the password
* for this connection. This assumes that the standard VNC authentication mechanism
* is used. Returns true if the password matches or false otherwise.
*/
bool vncAuthCheckPassword(const QByteArray & password, const QByteArray & encryptedPassword) const;
private Q_SLOTS:
void onSocketActivated();
@@ -99,6 +85,23 @@ protected Q_SLOTS:
void reject();
protected:
friend class RfbServer; //Following two methods are handled by RfbServer
/** This method is supposed to check if the provided \a encryptedPassword
* matches the criteria for authenticating the client.
* The default implementation returns false if a password is required.
* Reimplement to do more useful stuff.
*/
virtual bool checkPassword(const QByteArray & encryptedPassword);
/** This method checks if the \a encryptedPassword that was sent from the remote
* user matches the \a password that you have specified localy to be the password
* for this connection. This assumes that the standard VNC authentication mechanism
* is used. Returns true if the password matches or false otherwise.
*/
bool vncAuthCheckPassword(const QByteArray & password, const QByteArray & encryptedPassword) const;
rfbClientPtr m_rfbClient;
};

View File

@@ -241,7 +241,8 @@ void RfbServer::clientGoneHook(rfbClientPtr cl)
//static
rfbBool RfbServer::passwordCheck(rfbClientPtr cl, const char *encryptedPassword, int len)
{
RfbClient *client = static_cast<RfbClient*>(cl->clientData);
PendingRfbClient *client = static_cast<PendingRfbClient*>(cl->clientData);
Q_ASSERT(client);
return client->checkPassword(QByteArray::fromRawData(encryptedPassword, len));
}

View File

@@ -27,6 +27,14 @@ QString TubesRfbClient::name() const
return m_contact->alias();
}
//********
PendingTubesRfbClient::PendingTubesRfbClient(rfbClientPtr client, QObject* parent) :
PendingRfbClient(client, parent),
m_processNewClientCalled(false)
{
processNewClient();
}
void PendingTubesRfbClient::setContact(const Tp::ContactPtr & contact)
{

View File

@@ -24,8 +24,10 @@
class TubesRfbClient : public RfbClient
{
public:
TubesRfbClient(rfbClientPtr client, const Tp::ContactPtr & contact, QObject* parent = 0)
: RfbClient(client, parent), m_contact(contact) {}
TubesRfbClient(rfbClientPtr client,
const Tp::ContactPtr &contact, QObject *parent=0)
: RfbClient(client, parent), m_contact(contact)
{}
virtual QString name() const;
@@ -33,13 +35,13 @@ private:
Tp::ContactPtr m_contact;
};
//*********
class PendingTubesRfbClient : public PendingRfbClient
{
Q_OBJECT
public:
PendingTubesRfbClient(rfbClientPtr client, QObject* parent = 0)
: PendingRfbClient(client, parent), m_processNewClientCalled(false) {}
PendingTubesRfbClient(rfbClientPtr client, QObject* parent = 0);
void setContact(const Tp::ContactPtr & contact);