summaryrefslogtreecommitdiffstats
path: root/nselib/vnc.lua
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--nselib/vnc.lua828
1 files changed, 828 insertions, 0 deletions
diff --git a/nselib/vnc.lua b/nselib/vnc.lua
new file mode 100644
index 0000000..3f70617
--- /dev/null
+++ b/nselib/vnc.lua
@@ -0,0 +1,828 @@
+---
+-- The VNC library provides some basic functionality needed in order to
+-- communicate with VNC servers, and derivatives such as Tight- or Ultra-
+-- VNC.
+--
+-- Summary
+-- -------
+-- The library currently supports the VNC Authentication security type only.
+-- This security type is supported by default in VNC, TightVNC and
+-- "Remote Desktop Sharing" in eg. Ubuntu. For servers that do not support
+-- this authentication security type the login method will fail.
+--
+-- Overview
+-- --------
+-- The library contains the following classes:
+--
+-- o VNC
+-- - This class contains the core functions needed to communicate with VNC
+--
+
+-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
+-- @author Patrik Karlsson <patrik@cqure.net>
+
+-- Version 0.1
+-- Created 07/07/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
+
+local bits = require "bits"
+local match = require "match"
+local nmap = require "nmap"
+local stdnse = require "stdnse"
+local string = require "string"
+local table = require "table"
+local tableaux = require "tableaux"
+_ENV = stdnse.module("vnc", stdnse.seeall)
+
+local HAVE_SSL, openssl = pcall(require,'openssl')
+
+VENCRYPT_SUBTYPES = {
+ PLAIN = 256,
+ TLSNONE = 257,
+ TLSVNC = 258,
+ TLSPLAIN = 259,
+ X509NONE = 260,
+ X509VNC = 261,
+ X509PLAIN = 262,
+ X509SASL = 263,
+ TLSSASL = 264,
+}
+VENCRYPT_SUBTYPES_STR = {
+ [256] = "Plain",
+ [257] = "None, Anonymous TLS",
+ [258] = "VNC auth, Anonymous TLS",
+ [259] = "Plain, Anonymous TLS",
+ [260] = "None, Server-authenticated TLS",
+ [261] = "VNC auth, Server-authenticated TLS",
+ [262] = "Plain, Server-authenticated TLS",
+ [263] = "SASL, Server-authenticated TLS",
+ [264] = "SASL, Anonymous TLS",
+}
+
+local function process_error(socket)
+ local status, tmp = socket:receive_buf(match.numbytes(4), true)
+ if( not(status) ) then
+ return false, "VNC:handshake failed to retrieve error message"
+ end
+ local len = string.unpack(">I4", tmp)
+ local status, err = socket:receive_buf(match.numbytes(len), true)
+ if( not(status) ) then
+ return false, "VNC:handshake failed to retrieve error message"
+ end
+ return false, err
+end
+
+local function first_of (list, lookup)
+ for i=1, #list do
+ if tableaux.contains(lookup, list[i]) then
+ return list[i]
+ end
+ end
+end
+
+-- generalized output formatter for security types and subtypes
+local function get_types_as_table (types, lookup)
+ local tmp = {}
+ local typemt = {
+ __tostring = function(me)
+ return ("%s (%s)"):format(me.name, me.type)
+ end
+ }
+ for i=1, types.count do
+ local t = {name = lookup[types.types[i]] or "Unknown security type", type=types.types[i]}
+ setmetatable(t, typemt)
+ table.insert( tmp, t )
+ end
+ return tmp
+end
+
+VNC = {
+
+ versions = {
+ ["RFB 003.003"] = "3.3",
+ ["RFB 003.007"] = "3.7",
+ ["RFB 003.008"] = "3.8",
+
+ -- Mac Screen Sharing, could probably be used to fingerprint OS
+ ["RFB 003.889"] = "3.889",
+ },
+
+ sectypes = {
+ INVALID = 0,
+ NONE = 1,
+ VNCAUTH = 2,
+ RA2 = 5,
+ RA2NE = 6,
+ TIGHT = 16,
+ ULTRA = 17,
+ TLS = 18,
+ VENCRYPT = 19,
+ GTK_VNC_SASL = 20,
+ MD5 = 21,
+ COLIN_DEAN_XVP = 22,
+ MAC_OSX_SECTYPE_30 = 30,
+ MAC_OSX_SECTYPE_35 = 35,
+ MSLOGON = 0xfffffffa,
+ },
+
+ -- Security types are fetched from the rfbproto.pdf
+ sectypes_str = {
+ [0] = "Invalid security type",
+ [1] = "None",
+ [2] = "VNC Authentication",
+ [5] = "RA2",
+ [6] = "RA2ne",
+ [16]= "Tight",
+ [17]= "Ultra",
+ [18]= "TLS",
+ [19]= "VeNCrypt",
+ [20]= "GTK-VNC SASL",
+ [21]= "MD5 hash authentication",
+ [22]= "Colin Dean xvp",
+ -- Mac OS X screen sharing uses 30 and 35
+ [30]= "Apple Remote Desktop",
+ [35]= "Mac OS X security type",
+ [0xfffffffa] = "UltraVNC MS Logon",
+ },
+
+ new = function(self, host, port, socket)
+ local o = {
+ host = host,
+ port = port,
+ socket = socket or nmap.new_socket(),
+ }
+ o.socket:set_timeout(5000)
+ setmetatable(o, self)
+ self.__index = self
+ return o
+ end,
+
+ --- Connects the VNC socket
+ connect = function(self)
+ return self.socket:connect(self.host, self.port, "tcp")
+ end,
+
+ --- Disconnects the VNC socket
+ disconnect = function(self)
+ return self.socket:close()
+ end,
+
+ --- Performs the VNC handshake and determines
+ -- * The RFB Protocol to use
+ -- * The supported authentication security types
+ --
+ -- @return status, true on success, false on failure
+ -- @return error string containing error message if status is false
+ handshake = function(self)
+ local status, data = self.socket:receive_buf(match.pattern_limit("[\r\n]+", 16), true)
+ if not status or not string.match(data, "^RFB %d%d%d%.%d%d%d[\r\n]") then
+ stdnse.debug1("ERROR: Not a VNC port. Banner: %s", data)
+ return false, "Not a VNC port."
+ end
+ data = data:sub(1,11)
+ local vncsec = {
+ count = 1,
+ types = {}
+ }
+
+ if ( not(status) ) then
+ return status, "ERROR: VNC:handshake failed to receive protocol version"
+ end
+
+ self.protover = VNC.versions[data]
+ local cli_version = data
+ if ( not(self.protover) ) then
+ stdnse.debug1("ERROR: VNC:handshake unsupported version (%s)", data)
+ self.protover = string.match(data, "^RFB (%d+%.%d+)")
+ --return false, ("Unsupported version (%s)"):format(data:sub(1,11))
+ local versions = {
+ "RFB 003.003",
+ "RFB 003.007",
+ "RFB 003.008",
+ "RFB 003.889",
+ }
+ for i=1, #versions do
+ if versions[i] >= data then
+ break
+ end
+ cli_version = versions[i]
+ end
+ end
+
+ self.client_version = VNC.versions[cli_version or "RFB 003.889"]
+ status = self.socket:send( (cli_version or "RFB 003.889") .. "\n" )
+ if ( not(status) ) then
+ stdnse.debug1("ERROR: VNC:handshake failed to send client version")
+ return false, "ERROR: VNC:handshake failed"
+ end
+
+ if ( self.client_version == "3.3" ) then
+ local status, tmp = self.socket:receive_buf(match.numbytes(4), true)
+ if( not(status) ) then
+ return false, "VNC:handshake failed to receive security data"
+ end
+
+ vncsec.types[1] = string.unpack(">I4", tmp)
+ self.vncsec = vncsec
+
+ -- do we have an invalid security type, if so we need to handle an
+ -- error condition
+ if ( vncsec.types[1] == 0 ) then
+ return process_error(self.socket)
+ end
+ else
+ local status, tmp = self.socket:receive_buf(match.numbytes(1), true)
+ if ( not(status) ) then
+ stdnse.debug1("ERROR: VNC:handshake failed to receive security data")
+ return false, "ERROR: VNC:handshake failed to receive security data"
+ end
+
+ vncsec.count = string.unpack("B", tmp)
+ if ( vncsec.count == 0 ) then
+ return process_error(self.socket)
+ end
+ status, tmp = self.socket:receive_buf(match.numbytes(vncsec.count), true)
+
+ if ( not(status) ) then
+ stdnse.debug1("ERROR: VNC:handshake failed to receive security data")
+ return false, "ERROR: VNC:handshake failed to receive security data"
+ end
+
+ for i=1, vncsec.count do
+ table.insert( vncsec.types, (string.unpack("B", tmp, i)) )
+ end
+ self.vncsec = vncsec
+ end
+
+ return true
+ end,
+
+ --- Creates the password bit-flip needed before DES encryption
+ --
+ -- @param password string containing the password to process
+ -- @return password string containing the processed password
+ createVNCDESKey = function( self, password )
+ -- exactly 8 chars needed
+ if #password > 8 then
+ password = password:sub(1,8)
+ elseif #password < 8 then
+ password = password .. string.rep('\0', 8 - #password)
+ end
+ return password:gsub(".", function(c) return string.char(bits.reverse(c:byte())) end)
+ end,
+
+ --- Encrypts a password with the server's challenge to create the challenge response
+ --
+ -- @param password string containing the password to process
+ -- @param challenge string containing the server challenge
+ -- @return the challenge response string
+ encryptVNCDES = function (self, password, challenge)
+ local key = self:createVNCDESKey(password)
+ return openssl.encrypt("des-ecb", key, nil, challenge, false)
+ end,
+
+ sendSecType = function (self, sectype)
+ return self.socket:send( string.pack("B", sectype))
+ end,
+
+ --- Attempts to login to the VNC service using any supported method
+ --
+ -- @param username string, could be anything when VNCAuth is used
+ -- @param password string containing the password to use for authentication
+ -- @param authtype The VNC auth type from the <code>VNC.sectypes</code> table (default: best available method)
+ -- @return status true on success, false on failure
+ -- @return err string containing error message when status is false
+ login = function( self, username, password, authtype )
+ if ( not(password) ) then
+ return false, "No password was supplied"
+ end
+
+ if not authtype then
+ if self:supportsSecType( VNC.sectypes.NONE ) then
+ self:sendSecType(VNC.sectypes.NONE)
+ return self:login_none()
+
+ elseif self:supportsSecType( VNC.sectypes.VNCAUTH ) then
+ self:sendSecType(VNC.sectypes.VNCAUTH)
+ return self:login_vncauth(username, password)
+
+ elseif self:supportsSecType( VNC.sectypes.TLS ) then
+ self:sendSecType(VNC.sectypes.TLS)
+ return self:login_tls(username, password)
+
+ elseif self:supportsSecType( VNC.sectypes.VENCRYPT ) then
+ self:sendSecType(VNC.sectypes.VENCRYPT)
+ return self:login_vencrypt(username, password)
+
+ elseif self:supportsSecType( VNC.sectypes.TIGHT ) then
+ self:sendSecType(VNC.sectypes.TIGHT)
+ return self:login_tight(username, password)
+
+ elseif self:supportsSecType( VNC.sectypes.MAC_OSX_SECTYPE_30 ) then
+ self:sendSecType(VNC.sectypes.MAC_OSX_SECTYPE_30)
+ return self:login_ard(username, password)
+
+ else
+ return false, "The server does not support any matching security type"
+ end
+ elseif ( not( self:supportsSecType( authtype ) ) ) then
+ return false, string.format(
+ 'The server does not support the "%s" security type.', VNC.sectypes_str[authtype])
+ end
+
+ end,
+
+ login_none = function (self)
+ if self.client_version == "3.8" then
+ return self:check_auth_result()
+ end
+ -- nothing to do here!
+ return true
+ end,
+
+ --- Attempts to login to the VNC service using VNC Authentication
+ --
+ -- @param username string, could be anything when VNCAuth is used
+ -- @param password string containing the password to use for authentication
+ -- @return status true on success, false on failure
+ -- @return err string containing error message when status is false
+ login_vncauth = function( self, username, password )
+ local status, chall = self.socket:receive_buf(match.numbytes(16), true)
+ if ( not(status) ) then
+ return false, "Failed to receive authentication challenge"
+ end
+
+ local resp = self:encryptVNCDES(password, chall)
+
+ status = self.socket:send( resp )
+ if ( not(status) ) then
+ return false, "Failed to send authentication response to server"
+ end
+ return self:check_auth_result()
+ end,
+
+ check_auth_result = function(self)
+ local status, result = self.socket:receive_buf(match.numbytes(4), true)
+ if ( not(status) ) then
+ return false, "Failed to retrieve authentication status from server"
+ end
+
+ if string.unpack(">I4", result) ~= 0 then
+ return false, "Authentication failed"
+ end
+ return true
+ end,
+
+ handshake_aten = function(self, buffer)
+ -- buffer is 24 bytes, currently unused, no idea what it's for.
+ if #buffer ~= 24 then
+ return false
+ end
+ self.aten = buffer
+ return true
+ end,
+
+ login_aten = function(self, username, password)
+ username = username or ""
+ self.socket:send(username .. ("\0"):rep(24 - #username) .. password .. ("\0"):rep(24 - #password))
+ return self:check_auth_result()
+ end,
+
+ handshake_tight = function(self)
+ -- TightVNC security type
+ -- https://vncdotool.readthedocs.org/en/0.8.0/rfbproto.html#tight-security-type
+ -- Sometimes also ATEN KVM VNC:
+ -- https://github.com/thefloweringash/chicken-aten-ikvm
+ local status, buf = self.socket:receive_bytes(4)
+ if not status then
+ return false, "Failed to get number of tunnels"
+ end
+ -- If it's ATEN, it sends 24 bytes right away. Need to try parsing these
+ -- in case it's TightVNC instead, though.
+ local aten = #buf == 24 and buf
+ local ntunnels, pos = string.unpack(">I4", buf)
+ -- reasonable limits: ATEN might send a huge number here
+ if ntunnels > 0x10000 then
+ return self:handshake_aten(aten)
+ end
+ local tight = {
+ tunnels = {},
+ types = {}
+ }
+ if ntunnels > 0 then
+ local have = #buf - pos + 1
+ if have < 16 * ntunnels then
+ local newbuf
+ status, newbuf = self.socket:receive_bytes(16 * ntunnels - have)
+ if not status then
+ if aten then
+ return self:handshake_aten(aten)
+ end
+ return false, "Failed to get list of tunnels"
+ end
+ buf = buf .. newbuf
+ aten = false -- we must have read something beyond 24 bytes
+ end
+
+ local have_none_tunnel = false
+ for i=1, ntunnels do
+ local tunnel = {}
+ tunnel.code, tunnel.vendor, tunnel.signature, pos = string.unpack(">I4 c4 c8", buf, pos)
+ if tunnel.code == 0 then
+ have_none_tunnel = true
+ end
+ tight.tunnels[#tight.tunnels+1] = tunnel
+ end
+
+ -- at this point, might still be ATEN with a first byte of 1, but chances are it's Tight
+ if have_none_tunnel then
+ -- Try the "NOTUNNEL" tunnel, for simplicity, if it's available.
+ self.socket:send("\0\0\0\0")
+ else
+ -- for now, just return the first one. TODO: choose a supported tunnel type
+ self.socket:send(string.pack(">I4", tight.tunnels[1].code))
+ end
+ end
+
+ local have = #buf - pos + 1
+ if have < 4 then
+ local newbuf
+ status, newbuf = self.socket:receive_bytes(4 - have)
+ if not status then
+ if aten then
+ return self:handshake_aten(aten)
+ end
+ return false, "Failed to get number of Tight auth types"
+ end
+ buf = buf .. newbuf
+ if #buf > 24 then aten = false end
+ end
+ local nauth
+ nauth, pos = string.unpack(">I4", buf, pos)
+ -- reasonable limits: ATEN might send a huge number here
+ if nauth > 0x10000 then
+ return self:handshake_aten(aten)
+ end
+ if nauth > 0 then
+ have = #buf - pos + 1
+ if have < 16 * nauth then
+ local newbuf
+ status, newbuf = self.socket:receive_bytes(16 * nauth - have)
+ if not status then
+ if aten then
+ return self:handshake_aten(aten)
+ end
+ return false, "Failed to get list of Tight auth types"
+ end
+ buf = buf .. newbuf
+ if #buf > 24 then aten = false end
+ end
+
+ for i=1, nauth do
+ local auth = {}
+ auth.code, auth.vendor, auth.signature, pos = string.unpack(">I4 c4 c8", buf, pos)
+ tight.types[#tight.types+1] = auth
+ end
+ end
+
+ if aten and pos < 24 then
+ -- server sent 24 bytes but we could only parse some of them. Probably ATEN KVM
+ return self:handshake_aten(aten)
+ end
+
+ self.tight = tight
+
+ return true
+ end,
+
+ login_tight = function(self, username, password)
+ local status, err = self:handshake_tight()
+ if not status then
+ return status, err
+ end
+
+ if self.aten then
+ return self:login_aten(username, password)
+ end
+
+ if #self.tight.types == 0 then
+ -- nothing further, no auth
+ return true
+ end
+
+ -- choose a supported auth type
+ for _, auth in ipairs({
+ {1, "login_none"},
+ {2, "login_vncauth"},
+ {19, "login_vencrypt"},
+ }) do
+ for _, t in ipairs(self.tight.types) do
+ if t.code == auth[1] then
+ self.socket:send(string.pack(">I4", t.code))
+ return self[auth[2]](self, username, password)
+ end
+ end
+ end
+ return false, "The server does not support any supported Tight security type"
+ end,
+
+ handshake_tls = function(self)
+ local status, err = self.socket:reconnect_ssl()
+ if not status then
+ return false, "Failed to reconnect SSL"
+ end
+
+ local status, tmp = self.socket:receive_buf(match.numbytes(1), true)
+ if ( not(status) ) then
+ stdnse.debug1("ERROR: VNC:handshake failed to receive security data")
+ return false, "ERROR: VNC:handshake failed to receive security data"
+ end
+
+ local vncsec = {
+ count = 1,
+ types = {}
+ }
+ vncsec.count = string.unpack("B", tmp)
+ if ( vncsec.count == 0 ) then
+ return process_error(self.socket)
+ end
+ status, tmp = self.socket:receive_buf(match.numbytes(vncsec.count), true)
+
+ if ( not(status) ) then
+ stdnse.debug1("ERROR: VNC:handshake failed to receive security data")
+ return false, "ERROR: VNC:handshake failed to receive security data"
+ end
+ for i=1, vncsec.count do
+ table.insert( vncsec.types, (string.unpack("B", tmp, i)) )
+ end
+ self.vncsec = vncsec
+ return true
+ end,
+
+ login_tls = function( self, username, password )
+ local status, err = self:handshake_tls()
+ if not status then
+ return status, err
+ end
+ return self:login(username, password)
+ end,
+
+ handshake_vencrypt = function(self)
+ local status, buf = self.socket:receive_buf(match.numbytes(2), true)
+ local maj, min, pos = string.unpack("BB", buf)
+ if maj ~= 0 or min ~= 2 then
+ return false, string.format("Unknown VeNCrypt version: %d.%d", maj, min)
+ end
+ self.socket:send(string.pack("BB", maj, min))
+ status, buf = self.socket:receive_buf(match.numbytes(1), true)
+ status, pos = string.unpack("B", buf)
+ if status ~= 0 then
+ return false, string.format("Server refused VeNCrypt version %d.%d", maj, min)
+ end
+
+ status, buf = self.socket:receive_buf(match.numbytes(1), true)
+ local nauth, pos = string.unpack("B", buf)
+ if nauth == 0 then
+ return false, "No VeNCrypt auth subtypes received"
+ end
+
+ -- vencrypt auth types are u32
+ status, buf = self.socket:receive_buf(match.numbytes(nauth * 4), true)
+ pos = 1
+ local vencrypt = {
+ count = nauth,
+ types = {}
+ }
+ for i=1, nauth do
+ local auth
+ auth, pos = string.unpack(">I4", buf, pos)
+ table.insert(vencrypt.types, auth)
+ end
+ self.vencrypt = vencrypt
+ return true
+ end,
+
+ login_vencrypt = function(self, username, password)
+ local status, err = self:handshake_vencrypt()
+ if not status then
+ return status, err
+ end
+
+ local subauth = first_of({
+ VENCRYPT_SUBTYPES.TLSNONE,
+ VENCRYPT_SUBTYPES.X509NONE,
+ VENCRYPT_SUBTYPES.PLAIN,
+ VENCRYPT_SUBTYPES.TLSPLAIN,
+ VENCRYPT_SUBTYPES.X509PLAIN,
+ VENCRYPT_SUBTYPES.TLSVNC,
+ VENCRYPT_SUBTYPES.X509VNC,
+ -- These not supported yet
+ --VENCRYPT_SUBTYPES.TLSSASL,
+ --VENCRYPT_SUBTYPES.X509SASL,
+ }, self.vencrypt.types)
+
+ if not subauth then
+ return false, "The server does not support any supported security type"
+ end
+
+ self.socket:send(string.pack(">I4", subauth))
+ local status, buf = self.socket:receive_buf(match.numbytes(1), true)
+ if not status or string.byte(buf, 1) ~= 1 then
+ return false, "VeNCrypt auth subtype refused"
+ end
+
+ if subauth == VENCRYPT_SUBTYPES.PLAIN then
+ return self:login_plain(username, password)
+ end
+
+ status, err = self.socket:reconnect_ssl()
+ if not status then
+ return false, "Failed to reconnect SSL to VNC server"
+ end
+
+ if subauth == VENCRYPT_SUBTYPES.TLSNONE or subauth == VENCRYPT_SUBTYPES.X509NONE then
+ return self:check_auth_result()
+ elseif subauth == VENCRYPT_SUBTYPES.TLSVNC or subauth == VENCRYPT_SUBTYPES.X509VNC then
+ return self:login_vncauth(username, password)
+ elseif subauth == VENCRYPT_SUBTYPES.TLSPLAIN or subauth == VENCRYPT_SUBTYPES.X509PLAIN then
+ return self:login_plain(username, password)
+ elseif subauth == VENCRYPT_SUBTYPES.TLSSASL or subauth == VENCRYPT_SUBTYPES.X509SASL then
+ return self:login_sasl(username, password)
+ end
+
+ end,
+
+ login_plain = function(self, username, password)
+ username = username or ""
+ local status = self.socket:send(string.pack(">I4 I4", #username, #password) .. username .. password)
+ if not status then
+ return false, "Failed to send plain auth"
+ end
+
+ return self:check_auth_result()
+ end,
+
+ login_sasl = function(self, username, password)
+ -- TODO: support this!
+ return false, "Unsupported"
+ end,
+
+ login_ard = function(self, username, password)
+ -- Thanks to David Simmons for describing this protocol:
+ -- https://cafbit.com/post/apple_remote_desktop_quirks/
+ local status, buf = self.socket:receive_bytes(4)
+ if not status then
+ return false, "Failed to get auth material lengths"
+ end
+ local gen, keylen, pos = string.unpack(">I2I2", buf)
+ if #buf - (pos - 1) < 2*keylen then
+ local status, buf2 = self.socket:receive_bytes(2*keylen - #buf)
+ if not status then
+ return false, "Failed to get auth material"
+ end
+ buf = buf .. buf2
+ end
+ local modulus, pos = string.unpack("c"..keylen, buf, pos)
+ local pubkey, pos = string.unpack("c"..keylen, buf, pos)
+
+ -- DH key exchange
+ pubkey = openssl.bignum_bin2bn(pubkey)
+ modulus = openssl.bignum_bin2bn(modulus)
+ gen = openssl.bignum_dec2bn(gen)
+
+ local secret = openssl.bignum_pseudo_rand(512) -- 512 bit DH? yeah, ok.
+ local ourkey = openssl.bignum_mod_exp(gen, secret, modulus)
+ local shared = openssl.bignum_mod_exp(pubkey, secret, modulus)
+
+ -- Pad shared secret with nulls
+ shared = openssl.bignum_bn2bin(shared)
+ shared = ('\0'):rep(keylen - #shared) .. shared
+
+ -- Generate AES key as MD5 of shared DH secret
+ local aeskey = openssl.md5(shared)
+
+ -- Encrypt username and password with AES in ECB mode
+ local blob = username .. ('\0'):rep(64 - #username) .. password .. ('\0'):rep(64 - #password)
+ local hash = openssl.encrypt('aes-128-ecb', aeskey, '', blob, false)
+
+ -- Send encrypted blob and DH public key
+ local tmpkey = openssl.bignum_bn2bin(ourkey)
+ -- pad public key on the left with nulls
+ self.socket:send(hash .. ('\0'):rep(keylen - #tmpkey) .. tmpkey)
+
+ return self:check_auth_result()
+ end,
+
+ --- Returns all supported security types as a table
+ --
+ -- @return table containing a entry for each security type
+ getSecTypesAsTable = function( self )
+ return get_types_as_table(self.vncsec, VNC.sectypes_str)
+ end,
+ getVencryptTypesAsTable = function (self)
+ return get_types_as_table(self.vencrypt, VENCRYPT_SUBTYPES_STR)
+ end,
+
+ --- Checks if the supplied security type is supported or not
+ --
+ -- @param sectype number containing the security type to check for
+ -- @return status true if supported, false if not supported
+ supportsSecType = function( self, sectype )
+ for i=1, self.vncsec.count do
+ if ( self.vncsec.types[i] == sectype ) then
+ return true
+ end
+ end
+ return false
+ end,
+
+ --- Returns the protocol version reported by the server
+ --
+ -- @param version string containing the version number
+ getProtocolVersion = function( self )
+ return self.protover
+ end,
+
+ --- Send a ClientInit message.
+ --@param shared boolean determining whether the screen should be shared, or whether other logged-on users should be booted.
+ --@return status true if message was successful, false otherwise
+ --@return table containing contents of ServerInit message, or error message.
+ client_init = function (self, shared)
+ self.socket:send(shared and "\x01" or "\x00")
+ local status, buf = self.socket:receive_buf(match.numbytes(24), true)
+ if not status then
+ return false, "Did not receive ServerInit message"
+ end
+ local width, height, bpp, depth, bigendian, truecolor, rmax, gmax, bmax, rshift, gshift, bshift, pad1, pad2, namelen, pos = string.unpack(">I2I2 BBBB I2I2 I2BB BI2B I4", buf)
+ local status, buf = self.socket:receive_buf(match.numbytes(namelen), true)
+ if not status then
+ return false, "Did not receive ServerInit desktop name"
+ end
+ local name = buf:sub(1,namelen)
+ return true, {
+ width = width,
+ height = height,
+ bpp = bpp,
+ depth = depth,
+ bigendian = bigendian,
+ truecolor = truecolor,
+ rmax = rmax,
+ gmax = gmax,
+ bmax = bmax,
+ rshift = rshift,
+ gshift = gshift,
+ bshift = bshift,
+ name = name
+ }
+
+ end
+}
+
+if not HAVE_SSL then
+ local login_unsupported = function()
+ return false, "Login type unsupported without OpenSSL"
+ end
+ VNC.login_vncauth = login_unsupported
+ VNC.login_tls = login_unsupported
+ VNC.login_ard = login_unsupported
+end
+
+local unittest = require "unittest"
+if not unittest.testing() then
+ return _ENV
+end
+
+test_suite = unittest.TestSuite:new()
+-- Crypto tests require OpenSSL
+if HAVE_SSL then
+ local test_vectors = {
+ -- from John the Ripper's vnc_fmt_plug.c
+ -- pass, challenge, response
+ {
+ "1234567890",
+ "\x2f\x75\x32\xb3\xef\xd1\x7e\xea\x5d\xd3\xa0\x94\x9f\xfd\xf1\xd8",
+ "\x0e\xb4\x2d\x4d\x9a\xc1\xef\x1b\x6e\xf6\x64\x7b\x95\x94\xa6\x21"
+ },
+ {
+ "123",
+ "\x79\x63\xf9\xbb\x7b\xa6\xa4\x2a\x08\x57\x63\x80\x81\x56\xf5\x70",
+ "\x47\x5b\x10\xd0\x56\x48\xe4\x11\x0d\x77\xf0\x39\x16\x10\x6f\x98"
+ },
+ {
+ "Password",
+ "\x08\x05\xb7\x90\xb5\x8e\x96\x7f\x2a\x35\x0a\x0c\x99\xde\x38\x81",
+ "\xae\xcb\x26\xfa\xea\xaa\x62\xd7\x96\x36\xa5\x93\x4b\xac\x10\x78"
+ },
+ {
+ "pass\xc2\xA3",
+ "\x84\x07\x6f\x04\x05\x50\xee\xa9\x34\x19\x67\x63\x3b\x5f\x38\x55",
+ "\x80\x75\x75\x68\x95\x82\x37\x9f\x7d\x80\x7f\x73\x6d\xe9\xe4\x34"
+ },
+ }
+
+ for _, v in ipairs(test_vectors) do
+ test_suite:add_test(unittest.equal(
+ VNC:encryptVNCDES(v[1], v[2]), v[3]), v[1])
+ end
+end
+
+return _ENV