vnc-password

xen虚拟机源代码安装包

# HG changeset patch
# User kfraser@localhost.localdomain
# Node ID 02506a7443155611d6bbf03e49fbf193e96d24db
# Parent  328606e0705f0341bebda14cdd17962e463868e8
[HVM] Implement password authentication of VNC connections.

The specification is as mentioned at
http://lists.xensource.com/archives/html/xen-devel/2006-09/msg00666.html
(However, password came to describe plain text)

The difference is follows.
- protocol_authtype() without the necessity was deleted.
- The check on the protocol version was added.
- And, some small modification.

Signed-off-by: Masami Watanabe <masami.watanabe@jp.fujitsu.com>

Index: ioemu/Makefile.target
===================================================================
--- ioemu.orig/Makefile.target	2007-05-10 15:35:24.000000000 +0100
+++ ioemu/Makefile.target	2007-05-10 15:35:24.000000000 +0100
@@ -443,6 +443,7 @@
 VL_OBJS+=sdl.o x_keymap.o
 endif
 VL_OBJS+=vnc.o
+VL_OBJS+=d3des.o
 ifdef CONFIG_COCOA
 VL_OBJS+=cocoa.o
 COCOA_LIBS=-F/System/Library/Frameworks -framework Cocoa -framework IOKit
@@ -503,6 +504,9 @@
 vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h
 	$(CC) $(CFLAGS) $(CPPFLAGS) $(BASE_CFLAGS) -c -o $@ $<
 
+d3des.o: d3des.c d3des.h
+	$(CC) $(CFLAGS) $(DEFINES) -c -o $@ $<
+
 sdlaudio.o: sdlaudio.c
 	$(CC) $(CFLAGS) $(CPPFLAGS) $(SDL_CFLAGS) $(BASE_CFLAGS) -c -o $@ $<
 
Index: ioemu/vl.c
===================================================================
--- ioemu.orig/vl.c	2007-05-10 15:35:16.000000000 +0100
+++ ioemu/vl.c	2007-05-10 15:35:24.000000000 +0100
@@ -186,6 +186,9 @@
 char domain_name[1024] = { 'H','V', 'M', 'X', 'E', 'N', '-'};
 extern int domid;
 
+char vncpasswd[64];
+unsigned char challenge[AUTHCHALLENGESIZE];
+
 /***********************************************************/
 /* x86 ISA bus support */
 
@@ -6882,6 +6885,7 @@
     vncunused = 0;
     kernel_filename = NULL;
     kernel_cmdline = "";
+    *vncpasswd = '\0';
 #ifndef CONFIG_DM
 #ifdef TARGET_PPC
     cdrom_index = 1;
@@ -7621,6 +7625,10 @@
 
     init_ioports();
 
+    /* read vncpasswd from xenstore */
+    if (0 > xenstore_read_vncpasswd(domid))
+        exit(1);
+
     /* terminal init */
     if (nographic) {
         dumb_display_init(ds);
Index: ioemu/vl.h
===================================================================
--- ioemu.orig/vl.h	2007-05-10 15:35:24.000000000 +0100
+++ ioemu/vl.h	2007-05-10 15:35:24.000000000 +0100
@@ -1432,6 +1432,7 @@
 void xenstore_process_event(void *opaque);
 void xenstore_check_new_media_present(int timeout);
 void xenstore_write_vncport(int vnc_display);
+int xenstore_read_vncpasswd(int domid);
 
 int xenstore_vm_write(int domid, char *key, char *val);
 char *xenstore_vm_read(int domid, char *key, int *len);
@@ -1450,4 +1451,7 @@
 
 void destroy_hvm_domain(void);
 
+/* VNC Authentication */
+#define AUTHCHALLENGESIZE 16
+
 #endif /* VL_H */
Index: ioemu/vnc.c
===================================================================
--- ioemu.orig/vnc.c	2007-05-10 15:32:53.000000000 +0100
+++ ioemu/vnc.c	2007-05-10 15:35:24.000000000 +0100
@@ -44,6 +44,7 @@
 
 #include "vnc_keysym.h"
 #include "keymaps.c"
+#include "d3des.h"
 
 typedef struct Buffer
 {
@@ -160,6 +161,9 @@
 static void vnc_update_client(void *opaque);
 static void vnc_client_read(void *opaque);
 static void framebuffer_set_updated(VncState *vs, int x, int y, int w, int h);
+static int make_challenge(char *random, int size);
+static void set_seed(unsigned int *seedp);
+static void get_random(int len, unsigned char *buf);
 
 #if 0
 static inline void vnc_set_bit(uint32_t *d, int k)
@@ -1277,23 +1281,92 @@
     return 0;
 }
 
+static int protocol_response(VncState *vs, char *client_response, size_t len)
+{
+    extern char vncpasswd[64];
+    extern unsigned char challenge[AUTHCHALLENGESIZE];
+    unsigned char cryptchallenge[AUTHCHALLENGESIZE];
+    unsigned char key[8];
+    int passwdlen, i, j;
+
+    memcpy(cryptchallenge, challenge, AUTHCHALLENGESIZE);
+
+    /* Calculate the sent challenge */
+    passwdlen = strlen(vncpasswd);
+    for (i=0; i<8; i++)
+	key[i] = i<passwdlen ? vncpasswd[i] : 0;
+    deskey(key, EN0);
+    for (j = 0; j < AUTHCHALLENGESIZE; j += 8)
+	des(cryptchallenge+j, cryptchallenge+j);
+
+    /* Check the actual response */
+    if (memcmp(cryptchallenge, client_response, AUTHCHALLENGESIZE) != 0) {
+	/* password error */
+	vnc_write_u32(vs, 1);
+	vnc_write_u32(vs, 22);
+	vnc_write(vs, "Authentication failure", 22);
+	vnc_flush(vs);
+	fprintf(stderr, "VNC Password error.\n");
+	vnc_client_error(vs);
+	return 0;
+    }
+
+    vnc_write_u32(vs, 0);
+    vnc_flush(vs);
+
+    vnc_read_when(vs, protocol_client_init, 1);
+
+    return 0;
+}
+
 static int protocol_version(VncState *vs, char *version, size_t len)
 {
+    extern char vncpasswd[64];
+    extern unsigned char challenge[AUTHCHALLENGESIZE];
     char local[13];
-    int maj, min;
+    int  support, maj, min;
 
     memcpy(local, version, 12);
     local[12] = 0;
 
+    /* protocol version check */
     if (sscanf(local, "RFB %03d.%03d\n", &maj, &min) != 2) {
+	fprintf(stderr, "Protocol version error.\n");
 	vnc_client_error(vs);
 	return 0;
     }
 
-    vnc_write_u32(vs, 1); /* None */
-    vnc_flush(vs);
 
-    vnc_read_when(vs, protocol_client_init, 1);
+    support = 0;
+    if (maj = 3) {
+	if (min == 3 || min ==4) {
+	    support = 1;
+	}
+    }
+
+    if (! support) {
+	fprintf(stderr, "Client uses unsupported protocol version %d.%d.\n",
+		maj, min);
+	vnc_client_error(vs);
+	return 0;
+    }
+
+    if (*vncpasswd == '\0') {
+	/* AuthType is None */
+	vnc_write_u32(vs, 1);
+	vnc_flush(vs);
+	vnc_read_when(vs, protocol_client_init, 1);
+    } else {
+	/* AuthType is VncAuth */
+	vnc_write_u32(vs, 2);
+
+	/* Challenge-Responce authentication */
+	/* Send Challenge */
+	make_challenge(challenge, AUTHCHALLENGESIZE);
+	vnc_write(vs, challenge, AUTHCHALLENGESIZE);
+	vnc_flush(vs);
+	vnc_read_when(vs, protocol_response, AUTHCHALLENGESIZE);
+    }
 
     return 0;
 }
@@ -1459,3 +1532,32 @@
 	return pid;
     }
 }
+
+unsigned int seed;
+
+static int make_challenge(char *random, int size)
+{
+ 
+    set_seed(&seed);
+    get_random(size, random);
+
+    return 0;
+}
+
+static void set_seed(unsigned int *seedp)
+{
+    *seedp += (unsigned int)(time(NULL)+getpid()+getpid()*987654+rand());
+    srand(*seedp);
+
+    return;
+}
+
+static void get_random(int len, unsigned char *buf)
+{
+    int i;
+
+    for (i=0; i<len; i++)
+	buf[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
+
+    return;
+}
Index: ioemu/xenstore.c
===================================================================
--- ioemu.orig/xenstore.c	2007-05-10 15:32:53.000000000 +0100
+++ ioemu/xenstore.c	2007-05-10 15:35:24.000000000 +0100
@@ -253,6 +253,57 @@
     free(buf);
 }
 
+int xenstore_read_vncpasswd(int domid)
+{
+    extern char vncpasswd[64];
+    char *buf = NULL, *path, *uuid = NULL, *passwd = NULL;
+    unsigned int i, len, rc = 0;
+
+    if (xsh == NULL) {
+        return -1;
+    }
+
+    path = xs_get_domain_path(xsh, domid);
+    if (path == NULL) {
+        fprintf(logfile, "xs_get_domain_path() error. domid %d.\n", domid);
+        return -1;
+    }
+
+    pasprintf(&buf, "%s/vm", path);
+    uuid = xs_read(xsh, XBT_NULL, buf, &len);
+    if (uuid == NULL) {
+        fprintf(logfile, "xs_read(): uuid get error. %s.\n", buf);
+        free(path);
+        return -1;
+    }
+
+    pasprintf(&buf, "%s/vncpasswd", uuid);
+    passwd = xs_read(xsh, XBT_NULL, buf, &len);
+    if (passwd == NULL) {
+        fprintf(logfile, "xs_read(): vncpasswd get error. %s.\n", buf);
+        free(uuid);
+        free(path);
+        return rc;
+    }
+
+    for (i=0; i<len && i<63; i++) {
+        vncpasswd[i] = passwd[i];
+        passwd[i] = '\0';
+    }
+    vncpasswd[len] = '\0';
+    pasprintf(&buf, "%s/vncpasswd", uuid);
+    if (xs_write(xsh, XBT_NULL, buf, passwd, len) == 0) {
+        fprintf(logfile, "xs_write() vncpasswd failed.\n");
+        rc = -1;
+    }
+
+    free(passwd);
+    free(uuid);
+    free(path);
+
+    return rc;
+}
+
 char *xenstore_vm_read(int domid, char *key, int *len)
 {
     char *buf = NULL, *path = NULL, *value = NULL;
Index: ioemu/d3des.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ ioemu/d3des.c	2007-05-10 15:35:24.000000000 +0100
@@ -0,0 +1,434 @@
+/*
+ * This is D3DES (V5.09) by Richard Outerbridge with the double and
+ * triple-length support removed for use in VNC.  Also the bytebit[] array
+ * has been reversed so that the most significant bit in each byte of the
+ * key is ignored, not the least significant.
+ *
+ * These changes are:
+ *  Copyright (C) 1999 AT&T Laboratories Cambridge.  All Rights Reserved.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* D3DES (V5.09) -
+ *
+ * A portable, public domain, version of the Data Encryption Standard.
+ *
+ * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
+ * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
+ * code;  Jim Gillogly & Phil Karn for the DES key schedule code; Dennis
+ * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
+ * for humouring me on.
+ *
+ * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
+ * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
+ */
+
+#include "d3des.h"
+
+static void scrunch(unsigned char *, unsigned long *);
+static void unscrun(unsigned long *, unsigned char *);
+static void desfunc(unsigned long *, unsigned long *);
+static void cookey(unsigned long *);
+
+static unsigned long KnL[32] = { 0L };
+
+static unsigned short bytebit[8]	= {
+	01, 02, 04, 010, 020, 040, 0100, 0200 };
+
+static unsigned long bigbyte[24] = {
+	0x800000L,	0x400000L,	0x200000L,	0x100000L,
+	0x80000L,	0x40000L,	0x20000L,	0x10000L,
+	0x8000L,	0x4000L,	0x2000L,	0x1000L,
+	0x800L, 	0x400L, 	0x200L, 	0x100L,
+	0x80L,		0x40L,		0x20L,		0x10L,
+	0x8L,		0x4L,		0x2L,		0x1L	};
+
+/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */
+
+static unsigned char pc1[56] = {
+	56, 48, 40, 32, 24, 16,  8,	 0, 57, 49, 41, 33, 25, 17,
+	 9,  1, 58, 50, 42, 34, 26,	18, 10,  2, 59, 51, 43, 35,
+	62, 54, 46, 38, 30, 22, 14,	 6, 61, 53, 45, 37, 29, 21,
+	13,  5, 60, 52, 44, 36, 28,	20, 12,  4, 27, 19, 11,  3 };
+
+static unsigned char totrot[16] = {
+	1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 };
+
+static unsigned char pc2[48] = {
+	13, 16, 10, 23,  0,  4,  2, 27, 14,  5, 20,  9,
+	22, 18, 11,  3, 25,  7, 15,  6, 26, 19, 12,  1,
+	40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
+	43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 };
+
+void deskey(key, edf)	/* Thanks to James Gillogly & Phil Karn! */
+unsigned char *key;
+int edf;
+{
+	register int i, j, l, m, n;
+	unsigned char pc1m[56], pcr[56];
+	unsigned long kn[32];
+
+	for ( j = 0; j < 56; j++ ) {
+		l = pc1[j];
+		m = l & 07;
+		pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0;
+		}
+	for( i = 0; i < 16; i++ ) {
+		if( edf == DE1 ) m = (15 - i) << 1;
+		else m = i << 1;
+		n = m + 1;
+		kn[m] = kn[n] = 0L;
+		for( j = 0; j < 28; j++ ) {
+			l = j + totrot[i];
+			if( l < 28 ) pcr[j] = pc1m[l];
+			else pcr[j] = pc1m[l - 28];
+			}
+		for( j = 28; j < 56; j++ ) {
+		    l = j + totrot[i];