jcarr
/
noVNC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'add-mslogonii' of https://github.com/pdlan/noVNC

This commit is contained in:
Pierre Ossman 2022-12-23 14:43:06 +01:00
parent 820b39c7d3 b776e1495e
commit e6fce71d6a
2 changed files with 141 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
core/rfb.js
View File

@ -62,6 +62,7 @@ const securityTypeTight = 16;
const securityTypeVeNCrypt = 19; const securityTypeVeNCrypt = 19;
const securityTypeXVP = 22; const securityTypeXVP = 22;
const securityTypeARD = 30; const securityTypeARD = 30;
const securityTypeMSLogonII = 113;
// Special Tight security types // Special Tight security types
const securityTypeUnixLogon = 129; const securityTypeUnixLogon = 129;
@ -1392,6 +1393,7 @@ export default class RFB extends EventTargetMixin {
securityTypeVeNCrypt, securityTypeVeNCrypt,
securityTypeXVP, securityTypeXVP,
securityTypeARD, securityTypeARD,
securityTypeMSLogonII,
securityTypePlain, securityTypePlain,
]; ];
@ -1903,6 +1905,62 @@ export default class RFB extends EventTargetMixin {
return false; return false;
} }
_negotiateMSLogonIIAuth() {
if (this._sock.rQwait("mslogonii dh param", 24)) { return false; }
if (this._rfbCredentials.username === undefined ||
this._rfbCredentials.password === undefined) {
this.dispatchEvent(new CustomEvent(
"credentialsrequired",
{ detail: { types: ["username", "password"] } }));
return false;
}
const g = this._sock.rQshiftBytes(8);
const p = this._sock.rQshiftBytes(8);
const A = this._sock.rQshiftBytes(8);
const b = window.crypto.getRandomValues(new Uint8Array(8));
const B = new Uint8Array(this._modPow(g, b, p));
const secret = new Uint8Array(this._modPow(A, b, p));
const des = new DES(secret);
const username = encodeUTF8(this._rfbCredentials.username).substring(0, 255);
const password = encodeUTF8(this._rfbCredentials.password).substring(0, 63);
const usernameBytes = new Uint8Array(256);
const passwordBytes = new Uint8Array(64);
window.crypto.getRandomValues(usernameBytes);
window.crypto.getRandomValues(passwordBytes);
for (let i = 0; i < username.length; i++) {
usernameBytes[i] = username.charCodeAt(i);
}
usernameBytes[username.length] = 0;
for (let i = 0; i < password.length; i++) {
passwordBytes[i] = password.charCodeAt(i);
}
passwordBytes[password.length] = 0;
let x = new Uint8Array(secret);
for (let i = 0; i < 32; i++) {
for (let j = 0; j < 8; j++) {
x[j] ^= usernameBytes[i * 8 + j];
}
x = des.enc8(x);
usernameBytes.set(x, i * 8);
}
x = new Uint8Array(secret);
for (let i = 0; i < 8; i++) {
for (let j = 0; j < 8; j++) {
x[j] ^= passwordBytes[i * 8 + j];
}
x = des.enc8(x);
passwordBytes.set(x, i * 8);
}
this._sock.send(B);
this._sock.send(usernameBytes);
this._sock.send(passwordBytes);
this._rfbInitState = "SecurityResult";
return true;
}
_negotiateAuthentication() { _negotiateAuthentication() {
switch (this._rfbAuthScheme) { switch (this._rfbAuthScheme) {
case securityTypeNone: case securityTypeNone:
@ -1933,6 +1991,9 @@ export default class RFB extends EventTargetMixin {
case securityTypeRA2ne: case securityTypeRA2ne:
return this._negotiateRA2neAuth(); return this._negotiateRA2neAuth();
case securityTypeMSLogonII:
return this._negotiateMSLogonIIAuth();
default: default:
return this._fail("Unsupported auth scheme (scheme: " + return this._fail("Unsupported auth scheme (scheme: " +
this._rfbAuthScheme + ")"); this._rfbAuthScheme + ")");

80
tests/test.rfb.js
View File

@ -1336,6 +1336,86 @@ describe('Remote Frame Buffer Protocol Client', function () {
}); });
}); });
describe('MSLogonII Authentication (type 113) Handler', function () {
function fakeGetRandomValues(arr) {
if (arr.length == 8) {
arr.set(new Uint8Array([0, 0, 0, 0, 5, 6, 7, 8]));
} else if (arr.length == 256) {
arr.set(new Uint8Array(256));
} else if (arr.length == 64) {
arr.set(new Uint8Array(64));
}
return arr;
}
const expected = new Uint8Array([
0x00, 0x00, 0x00, 0x00, 0x0a, 0xbc, 0x7c, 0xfd,
0x58, 0x34, 0xd2, 0x24, 0x44, 0x60, 0xf0, 0xd1,
0xa3, 0x73, 0x32, 0x02, 0x07, 0xce, 0xc1, 0x3f,
0x10, 0x53, 0xf1, 0xdd, 0x99, 0xad, 0x44, 0x18,
0xa1, 0xc4, 0xac, 0xc1, 0x1c, 0x13, 0x11, 0x85,
0x3a, 0x6f, 0xcb, 0xc6, 0xb1, 0x6c, 0x68, 0x47,
0x85, 0x01, 0xbb, 0xfa, 0x23, 0x8c, 0x59, 0x47,
0x67, 0x47, 0x56, 0x6e, 0x6f, 0x9f, 0x07, 0x76,
0x2e, 0x90, 0x1e, 0xdc, 0x80, 0xc4, 0x4b, 0x72,
0xd2, 0xd5, 0xcd, 0x4b, 0x14, 0xff, 0x05, 0x8b,
0x8d, 0xf1, 0x9b, 0xe0, 0xff, 0xa5, 0x3b, 0x56,
0xb9, 0x6f, 0x84, 0x3e, 0x15, 0x84, 0x31, 0x4e,
0x10, 0x0b, 0x56, 0xf4, 0x10, 0x05, 0x02, 0xc7,
0x05, 0x0b, 0xc9, 0x66, 0x75, 0x32, 0xd3, 0x74,
0xfc, 0x8c, 0xcf, 0xbd, 0x2d, 0x53, 0xd7, 0xa7,
0xca, 0x82, 0x12, 0xce, 0xbb, 0x33, 0x09, 0x3f,
0xff, 0x76, 0x7c, 0xdf, 0x2c, 0x2f, 0x4d, 0x95,
0x86, 0xe4, 0x10, 0x07, 0x75, 0x1a, 0x6d, 0xdb,
0x05, 0x91, 0x70, 0x34, 0x5c, 0x12, 0xbc, 0x4e,
0x5e, 0xd0, 0x21, 0x39, 0x25, 0x2b, 0x62, 0x19,
0x29, 0xa5, 0xe6, 0x93, 0x7b, 0xf8, 0x3f, 0xcf,
0xd7, 0x3f, 0x0c, 0xd2, 0x68, 0x2d, 0x1e, 0x01,
0x1a, 0x31, 0xc1, 0x59, 0x04, 0x06, 0xf6, 0x3b,
0xec, 0x38, 0xef, 0x1b, 0x5b, 0x39, 0x88, 0xd3,
0xe0, 0x5b, 0xb9, 0xef, 0xc3, 0x82, 0xfa, 0xdf,
0x04, 0xf7, 0x65, 0x56, 0x82, 0x77, 0xfd, 0x63,
0x10, 0xd7, 0xab, 0x0b, 0x5e, 0xd9, 0x07, 0x81,
0x9d, 0xce, 0x26, 0xfb, 0x5d, 0xa8, 0x59, 0x2a,
0xd9, 0xb8, 0xac, 0xcd, 0x6e, 0x61, 0x07, 0x39,
0x9f, 0x8d, 0xdf, 0x53, 0x44, 0xab, 0x28, 0x01,
0x86, 0x4d, 0x07, 0x8a, 0x5b, 0xdd, 0xc1, 0x18,
0x29, 0xaa, 0xa2, 0xbe, 0xe2, 0x9c, 0x9e, 0xb0,
0xb3, 0x2b, 0x2c, 0x93, 0x3e, 0x82, 0x07, 0xa6,
0xef, 0x21, 0x2c, 0xa7, 0xf0, 0x65, 0xba, 0xda,
0x13, 0xe4, 0x41, 0x87, 0x36, 0x1c, 0xa5, 0x81,
0xae, 0xf3, 0x3e, 0xda, 0x03, 0x09, 0x63, 0x4b,
0xb5, 0x29, 0x49, 0xfa, 0xbb, 0xa6, 0x31, 0x3c,
0xc8, 0x15, 0xfb, 0xfc, 0xd6, 0xff, 0x04, 0x92,
0x56, 0xbc, 0x66, 0xf1, 0x78, 0xfb, 0x14, 0x79,
0x48, 0xd2, 0xcf, 0x87, 0x60, 0x23, 0xcf, 0xdb,
0x1b, 0xad, 0x42, 0x32, 0x4e, 0x6d, 0x1f, 0x49,
]);
before(() => {
sinon.stub(window.crypto, "getRandomValues").callsFake(fakeGetRandomValues);
});
after(() => {
window.crypto.getRandomValues.restore();
});
it('should send public value and encrypted credentials', function () {
client._rfbCredentials = { username: 'username',
password: 'password123456' };
sendSecurity(113, client);
expect(client._sock).to.have.sent([113]);
const g = new Uint8Array([0, 0, 0, 0, 0, 1, 0, 1]);
const p = new Uint8Array([0, 0, 0, 0, 0x25, 0x18, 0x26, 0x17]);
const A = new Uint8Array([0, 0, 0, 0, 0x0e, 0x12, 0xd0, 0xf5]);
client._sock._websocket._receiveData(g);
client._sock._websocket._receiveData(p);
client._sock._websocket._receiveData(A);
expect(client._sock).to.have.sent(expected);
expect(client._rfbInitState).to.equal('SecurityResult');
});
});
describe('XVP Authentication (type 22) Handler', function () { describe('XVP Authentication (type 22) Handler', function () {
it('should fall through to standard VNC authentication upon completion', function () { it('should fall through to standard VNC authentication upon completion', function () {
client._rfbCredentials = { username: 'user', client._rfbCredentials = { username: 'user',