Initial commit

unix/vncpasswd/.gitignore

@@ -0,0 +1 @@
+vncpasswd

unix/vncpasswd/CMakeLists.txt

@@ -0,0 +1,9 @@
+include_directories(${CMAKE_SOURCE_DIR}/common)
+
+add_executable(vncpasswd 
+  vncpasswd.cxx)
+
+target_link_libraries(vncpasswd tx rfb os)
+
+install(TARGETS vncpasswd DESTINATION ${BIN_DIR})
+install(FILES vncpasswd.man DESTINATION ${MAN_DIR}/man1 RENAME vncpasswd.1)

unix/vncpasswd/vncpasswd.cxx

@@ -0,0 +1,188 @@
+/* Copyright (C) 2002-2005 RealVNC Ltd.  All Rights Reserved.
+ * Copyright (C) 2010 Antoine Martin.  All Rights Reserved.
+ * Copyright (C) 2010 D. R. Commander.  All Rights Reserved.
+ * 
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <os/os.h>
+#include <rfb/Password.h>
+#include <rfb/util.h>
+
+#include <termios.h>
+
+
+using namespace rfb;
+
+char* prog;
+
+static void usage()
+{
+  fprintf(stderr,"usage: %s [file]\n", prog);
+  fprintf(stderr,"       %s -f\n", prog);
+  exit(1);
+}
+
+
+static void enableEcho(bool enable) {
+  termios attrs;
+  tcgetattr(fileno(stdin), &attrs);
+  if (enable)
+    attrs.c_lflag |= ECHO;
+  else
+    attrs.c_lflag &= ~ECHO;
+  attrs.c_lflag |= ECHONL;
+  tcsetattr(fileno(stdin), TCSAFLUSH, &attrs);
+}
+
+static char* getpassword(const char* prompt) {
+  PlainPasswd buf(256);
+  if (prompt) fputs(prompt, stdout);
+  enableEcho(false);
+  char* result = fgets(buf.buf, 256, stdin);
+  enableEcho(true);
+  if (result) {
+    if (result[strlen(result)-1] == '\n')
+      result[strlen(result)-1] = 0;
+    return buf.takeBuf();
+  }
+  return 0;
+}
+
+// Reads passwords from stdin and prints encrypted passwords to stdout.
+static int encrypt_pipe() {
+  int i;
+
+  // We support a maximum of two passwords right now
+  for (i = 0;i < 2;i++) {
+    char *result = getpassword(NULL);
+    if (!result)
+      break;
+
+    ObfuscatedPasswd obfuscated(result);
+    if (fwrite(obfuscated.buf, obfuscated.length, 1, stdout) != 1) {
+      fprintf(stderr,"Writing to stdout failed\n");
+      return 1;
+    }
+  }
+
+  // Did we fail to produce even one password?
+  if (i == 0)
+    return 1;
+
+  return 0;
+}
+
+static ObfuscatedPasswd* readpassword() {
+  while (true) {
+    PlainPasswd passwd(getpassword("Password:"));
+    if (!passwd.buf) {
+      perror("getpassword error");
+      exit(1);
+    }
+    if (strlen(passwd.buf) < 6) {
+      if (strlen(passwd.buf) == 0) {
+        fprintf(stderr,"Password not changed\n");
+        exit(1);
+      }
+      fprintf(stderr,"Password must be at least 6 characters - try again\n");
+      continue;
+    }
+
+    PlainPasswd passwd2(getpassword("Verify:"));
+    if (!passwd2.buf) {
+      perror("getpass error");
+      exit(1);
+    }
+    if (strcmp(passwd.buf, passwd2.buf) != 0) {
+      fprintf(stderr,"Passwords don't match - try again\n");
+      continue;
+    }
+
+    return new ObfuscatedPasswd(passwd);
+  }
+}
+
+int main(int argc, char** argv)
+{
+  prog = argv[0];
+
+  char* fname = 0;
+
+  for (int i = 1; i < argc; i++) {
+    if (strcmp(argv[i], "-q") == 0) { // allowed for backwards compatibility
+    } else if (strncmp(argv[i], "-f", 2) == 0) {
+      return encrypt_pipe();
+    } else if (argv[i][0] == '-') {
+      usage();
+    } else if (!fname) {
+      fname = argv[i];
+    } else {
+      usage();
+    }
+  }
+
+  if (!fname) {
+    char *homeDir = NULL;
+    if (getvnchomedir(&homeDir) == -1) {
+      fprintf(stderr, "Can't obtain VNC home directory\n");
+      exit(1);
+    }
+    mkdir(homeDir, 0777);
+    fname = new char[strlen(homeDir) + 7];
+    sprintf(fname, "%spasswd", homeDir);
+    delete [] homeDir;
+  }
+
+  while (true) {
+    ObfuscatedPasswd* obfuscated = readpassword();
+    ObfuscatedPasswd* obfuscatedReadOnly = 0;
+
+    fprintf(stderr, "Would you like to enter a view-only password (y/n)? ");
+    char yesno[3];
+    if (fgets(yesno, 3, stdin) != NULL && (yesno[0] == 'y' || yesno[0] == 'Y')) {
+      obfuscatedReadOnly = readpassword();
+    }
+
+    FILE* fp = fopen(fname,"w");
+    if (!fp) {
+      fprintf(stderr,"Couldn't open %s for writing\n",fname);
+      exit(1);
+    }
+    chmod(fname, S_IRUSR|S_IWUSR);
+
+    if (fwrite(obfuscated->buf, obfuscated->length, 1, fp) != 1) {
+      fprintf(stderr,"Writing to %s failed\n",fname);
+      exit(1);
+    }
+
+    if (obfuscatedReadOnly) {
+      if (fwrite(obfuscatedReadOnly->buf, obfuscatedReadOnly->length, 1, fp) != 1) {
+        fprintf(stderr,"Writing to %s failed\n",fname);
+        exit(1);
+      }
+    }
+
+    fclose(fp);
+
+    return 0;
+  }
+}

unix/vncpasswd/vncpasswd.man

@@ -0,0 +1,59 @@
+.TH vncpasswd 1 "" "KasmVNC" "Virtual Network Computing"
+.SH NAME
+vncpasswd \- change the VNC password
+.SH SYNOPSIS
+\fBvncpasswd\fR [\fIpasswd-file\fR]
+.br
+\fBvncpasswd\fR \-f
+.SH DESCRIPTION
+.B vncpasswd
+allows you to set the password used to access VNC desktops.  Its default
+behavior is to prompt for a VNC password and then store an obfuscated version
+of this password to \fIpasswd-file\fR (or to $HOME/.vnc/passwd if no password
+file is specified.)  The \fBvncserver\fP script runs \fBvncpasswd\fP the first
+time you start a VNC desktop, and it invokes \fBXvnc\fP with the appropriate
+\fB\-rfbauth\fP option.  \fBvncviewer\fP can also be given a password file to
+use via the \fB\-passwd\fP option.
+
+The password must be at least six characters long (unless the \fB\-f\fR
+command-line option is used-- see below), and only the first eight
+characters are significant.  Note that the stored password is \fBnot\fP
+encrypted securely - anyone who has access to this file can trivially find out
+the plain-text password, so \fBvncpasswd\fP always sets appropriate permissions
+(read and write only by the owner.)  However, when accessing a VNC desktop, a
+challenge-response mechanism is used over the wire making it hard for anyone to
+crack the password simply by snooping on the network.
+
+.SH OPTIONS
+
+.TP
+.B \-f
+Filter mode.  Read a plain-text password from stdin and write an encrypted
+version to stdout.  Note that in filter mode, short or even empty passwords
+will be silently accepted.
+
+A view-only password must be separated from the normal password by a newline
+character.
+
+
+.SH FILES
+.TP
+$HOME/.vnc/passwd
+Default location of the VNC password file.
+
+.SH SEE ALSO
+.BR vncviewer (1),
+.BR vncserver (1),
+.BR Xvnc (1)
+.BR vncconfig (1),
+.br
+http://kasmweb.com
+
+.SH AUTHORS
+Tristan Richardson, RealVNC Ltd., Antoine Martin, D. R. Commander and others.
+
+VNC was originally developed by the RealVNC team while at Olivetti
+Research Ltd / AT&T Laboratories Cambridge.  TightVNC additions were
+implemented by Constantin Kaplinsky. Many other people have since
+participated in development, testing and support. This manual is part
+of the KasmVNC software suite.