ref: c6b681c48e27d4d5d258c393567878b55d1a43e2
dir: /sys/src/cmd/vnc/auth.c/
#include "vnc.h"
#include <libsec.h>
#include <auth.h>
int
vncsrvhandshake(Vnc *v)
{
	char msg[VerLen+1];
	vncwrbytes(v, "RFB 003.003\n", VerLen);
	vncflush(v);
	vncrdbytes(v, msg, VerLen);
	if(verbose)
		fprint(2, "client version: %s\n", msg);
	return 0;
}
int
vnchandshake(Vnc *v)
{
	char msg[VerLen + 1];
	msg[VerLen] = 0;
	vncrdbytes(v, msg, VerLen);
	if(verbose)
		fprint(2, "server version: %s\n", msg);
	if(strncmp(msg, "RFB 003.003\n", VerLen) == 0)
		v->vers = 33;
	else if(strncmp(msg, "RFB 003.007\n", VerLen) == 0)
		v->vers = 37;
	else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0)
		v->vers = 38;
	else /* RFC6143: Any other should be treated as 3.3. */
		v->vers = 33;
	strcpy(msg, "RFB 003.008\n");
	vncwrbytes(v, msg, VerLen);
	vncflush(v);
	return 0;
}
int
vncauth(Vnc *v, char *keypattern)
{
	uchar chal[VncChalLen];
	ulong auth, type;
	int i, ntypes;
	char *err;
	if(keypattern == nil)
		keypattern = "";
	auth = AFailed;
	if(v->vers == 33)
		auth = vncrdlong(v);
	else{
		ntypes = vncrdchar(v);
		for(i = 0; i < ntypes; i++){
			type = vncrdchar(v);
			if(verbose)
				fprint(2, "auth type %uld\n", type);
			if(type > auth && type <= AVncAuth)
				auth = type;
		}
		if(auth == AFailed){
			werrstr("no supported auth types");
			return -1;
		}
	}
	switch(auth){
	default:
		werrstr("unknown auth type 0x%lux", auth);
		if(verbose)
			fprint(2, "unknown auth type 0x%lux\n", auth);
		return -1;
	case AFailed:
		err = vncrdstring(v);
		werrstr("%s", err);
		if(verbose)
			fprint(2, "auth failed: %s\n", err);
		return -1;
	case ANoAuth:
		if(v->vers == 38){
			vncwrchar(v, auth);
			vncflush(v);
		}
		if(verbose)
			fprint(2, "no auth needed\n");
		break;
	case AVncAuth:
		if(v->vers == 38){
			vncwrchar(v, auth);
			vncflush(v);
		}
		vncrdbytes(v, chal, VncChalLen);
		if(auth_respond(chal, VncChalLen, nil, 0, chal, VncChalLen, auth_getkey,
			"proto=vnc role=client server=%s %s", v->srvaddr, keypattern) != VncChalLen){
			return -1;
		}
		vncwrbytes(v, chal, VncChalLen);
		vncflush(v);
		break;
	}
	/* in version 3.8 the auth status is always sent, in 3.3 and 3.7, only in AVncAuth */
	if(v->vers == 38 || auth == AVncAuth){
		auth = vncrdlong(v); /* auth status */
		switch(auth){
		default:
			werrstr("unknown server response 0x%lux", auth);
			return -1;
		case VncAuthFailed:
			err = (v->vers == 38) ? vncrdstring(v) : "rejected";
			werrstr("%s", err);
			if(verbose)
				fprint(2, "auth failed: %s\n", err);
			return -1;
		case VncAuthTooMany:
			werrstr("server says too many tries");
			return -1;
		case VncAuthOK:
			break;
		}
	}
	return 0;
}
int
vncsrvauth(Vnc *v)
{
	Chalstate *c;
	AuthInfo *ai;
	if((c = auth_challenge("proto=vnc role=server user=%q", getuser()))==nil)
		sysfatal("vncchal: %r");
	if(c->nchal != VncChalLen)
		sysfatal("vncchal got %d bytes wanted %d", c->nchal, VncChalLen);
	vncwrlong(v, AVncAuth);
	vncwrbytes(v, c->chal, VncChalLen);
	vncflush(v);
	vncrdbytes(v, c->chal, VncChalLen);
	c->resp = c->chal;
	c->nresp = VncChalLen;
	ai = auth_response(c);
	auth_freechal(c);
	if(ai == nil){
		fprint(2, "vnc auth failed: server factotum: %r\n");
		vncwrlong(v, VncAuthFailed);
		vncflush(v);
		return -1;
	}
	auth_freeAI(ai);
	vncwrlong(v, VncAuthOK);
	vncflush(v);
	return 0;
}