def vncSetupStrategy(self): self.password = '******' logging.debug('%s Started.' % self) logging.debug('%s Connection started, sending protocol version: [%s]' % (self, rfb.protocolVersion())) self.request.sendall(rfb.protocolVersion()) cli_ver = self.request.recv(12) logging.debug('%s received client protocol [%s]' % (self, cli_ver)) # Offer security types if cli_ver[:11] == rfb.protocolVersion()[:11]: logging.debug('%s Sending security types to client' % self) self.request.sendall(rfb.securityTypes()) else: logging.debug("%s sending 'invalid version' to client" % self) self.request.sendall(rfb.invalidVersion()) logging.debug('%s Closed connection due to invalid version.' % self) self.request.close() # Receive client chosen security type cli_sec_type = self.request.recv(1) logging.debug('%s received security type [%s] from client' % (self, hexlify(cli_sec_type))) # VNC authentification: if cli_sec_type == rfb.security['VNC_AUTH']: logging.debug('%s sending auth challenge: [%s] to client' % (self, hexlify(rfb.vncStaticAuthChallenge()))) self.request.sendall(rfb.vncAuthChallenge()) cli_sec_response = self.request.recv(16) logging.debug('%s received security response [%s] from client' % (self, hexlify(cli_sec_response))) # logging.debug("%s decrypted response [%s] from client" % (self, hexlify(decrypt_response(self.password, cli_sec_response)))) # TODO: consider if verification of the userinputable jobidentifer can # be verified at this stage # if verify_response(self.password, data, rfb.vncAuthChallenge()): if 1: logging.debug('%s sending security result OK2 to client' % self) self.request.sendall(rfb.securityResult(True)) # THIS IS THE MAGIC: THE IDENTFIER IS FOUND! self.provider_identifier = hexlify(cli_sec_response) else: logging.debug( '%s Closed connection invalid authentification.' % self) self.request.sendall(rfb.securityResult(False)) self.closeConnection() elif cli_sec_type == rfb.security['NONE']: # None: TODO: block this since it not usefull for proxy-awareness logging.debug('%s sending security result OK1 to client' % self) self.request.sendall(rfb.securityResult(True)) else: # Implement other authentification mechanisms here if # specifications for TightVNC / UltraVNC can be found. # Note: this doesn't matter in the chase of proxy-awareness... anyway this is # where it would be done. logging.debug('%s sending security result BAD to client' % self) self.request.sendall(rfb.securityResult(False)) self.closeConnection()
def datareceived(self, data): # Receive protocol version, send protocol version if self.state == 0: logging.debug('%s received protocol [%s] from vncserver ' % (self, data)) if data == rfb.protocolVersion(): logging.debug('%s sending protocol [%s] to vncserver ' % (self, rfb.protocolVersion())) self.buffersize = 1 self.request.sendall(rfb.protocolVersion()) self.state += 10 else: logging.debug('%s Closed connection due to invalid version.' % self) self.closeConnection() # Receive security type count, choose one and send it back elif self.state == 10: self.securityTypeCount = unpack('!B', data) logging.debug('%s about to receive [%s] security types from vncserver' % (self, self.securityTypeCount)) if (self.securityTypeCount > 0): self.buffersize = self.securityTypeCount[0] self.state = 11 else: self.closeConnection() # Receive "self.securityTypeCount" security types, then pick one elif self.state == 11: logging.debug('%s received security types [%s] from vncserver ' % (self, hexlify(data))) logging.debug('%s sending choice [%s] to vncserver ' % (self, hexlify(rfb.securityType(self.secType)))) self.request.sendall(rfb.securityType(self.secType)) self.buffersize = 4 self.state = 30 # Do authentification, this is skipped when choosing security type None elif self.state == 20: response = generate_response(self.password, data) logging.debug('%s received auth challenge [%s]: ' % (self, hexlify(data))) logging.debug('%s sending encrypted response [%s]: ' % (self, hexlify(response))) self.request.sendall(rfb.vncAuthResponse(response)) # do auth based of chosen method self.state = 30 # Receive security result, send client init elif self.state == 30: secResult = unpack('!I', data) if secResult == (0,): # SUCCESS logging.debug('%s send client init message to vncserver' % self) self.request.sendall(rfb.clientInit(True)) self.buffersize = 24 self.state = 40 else: # FAILURE self.buffersize = secResult[0] self.state = 31 # Received auth failure reason elif self.state == 31: logging.debug('%s received security result [%s] from vncserver ' % (self, hexlify(data))) if data == rfb.securityResult(False): logging.debug('Closed connection due to invalid auth.') self.closeConnection() else: logging.debug('%s send client init message to vncserver' % self) self.request.sendall(rfb.clientInit(True)) self.buffersize = 24 self.state = 40 # Receive server init, start sending client messages elif self.state == 40: self.serverInit = unpack('!HHBBBBHHHBBBBBBI', data) logging.debug('%s received server init [%s] len %d hostlen %d' % (self, self.serverInit, len(self.serverInit), self.serverInit[15])) self.buffersize = self.serverInit[15] self.state = 41 # Receive server name, send pixelformat and encodings elif self.state == 41: hostname = data self.migraId = generate_response(hostname, rfb.vncAuthChallenge()) logging.info('[hostname=%s] [migraid=%s]' % (hostname, hexlify(self.migraId))) # Set pixel and set encodings self.request.sendall(rfb.setPixelFormat(32, 24, False, True, 255, 255, 255, 16, 8, 0)) self.request.sendall(rfb.setEncodings()) self.buffersize = 1024 self.state = 50 elif self.state == 50: # The first byte off all request are the messageType # Determine client request and based on policy: forward, local, drop the message. messageType = data[0:1] knownMessageType = False for messageTypesName, messageTypeValue in rfb.clientMessages.iteritems(): if messageTypeValue == messageType: knownMessageType = True logging.debug('%s Received message type [%s] from vncserver' % (self, messageTypesName)) # Forward request to client logging.debug("%s [clients=%d] >>" % (self, len(self.vnc_clients))) # Try to find a client connection if len(self.vnc_clients) == 0: logging.debug("%s Trying to find a matching vncclient" % self) self.lock.acquire() for t in self.threads: if t.__class__.__name__ == 'VncClientHandler' and \ t.migraId == self.migraId and \ t.migraId != None: logging.debug("%s found %s migraIds:[\n %s,\n %s]" % (self, t, hexlify(t.migraId), hexlify(self.migraId))) self.vnc_clients.append(t) self.lock.release() # Forward to client(s) if len(self.vnc_clients) > 0: for client in self.vnc_clients: logging.debug("%s [forwarding=%s,\n to client=%s\n from server %s]" % (self, hexlify(messageType), hexlify(client.migraId), hexlify(self.migraId))) try: client.request.sendall(data) except: self.vnc_clients.remove(client) logging.exception("%s client disconnected %s" % (self, hexlify(client.migraId))) logging.debug("%s client disconnected %s" % (self, hexlify(client.migraId))) logging.debug("%s <<" % self) else: logging.debug('%s Closed connection due to invalid/unknown state.' % self) self.closeConnection()
def vncSetupStrategy(self): self.password = '******' logging.debug("%s Started." % self) logging.debug("%s Connection started, sending protocol version: [%s]" % (self, rfb.protocolVersion())) self.request.sendall(rfb.protocolVersion()) cli_ver = self.request.recv(12) logging.debug("%s received client protocol [%s]" % (self, cli_ver)) # Offer security types if cli_ver[:11] == rfb.protocolVersion()[:11]: logging.debug("%s Sending security types to client" % self) self.request.sendall(rfb.securityTypes()) else: logging.debug("%s sending 'invalid version' to client" % self) self.request.sendall(rfb.invalidVersion()) logging.debug('%s Closed connection due to invalid version.' % self) self.request.close() # Receive client chosen security type cli_sec_type = self.request.recv(1) logging.debug("%s received security type [%s] from client" % (self, hexlify(cli_sec_type))) # VNC authentification: if cli_sec_type == rfb.security['VNC_AUTH']: logging.debug("%s sending auth challenge: [%s] to client" % (self, hexlify(rfb.vncStaticAuthChallenge()))) self.request.sendall(rfb.vncAuthChallenge()) cli_sec_response = self.request.recv(16) logging.debug("%s received security response [%s] from client" % (self, hexlify(cli_sec_response))) #logging.debug("%s decrypted response [%s] from client" % (self, hexlify(decrypt_response(self.password, cli_sec_response)))) # TODO: consider if verification of the userinputable jobidentifer can # be verified at this stage #if verify_response(self.password, data, rfb.vncAuthChallenge()): if 1: logging.debug("%s sending security result OK2 to client" % self) self.request.sendall(rfb.securityResult(True)) # THIS IS THE MAGIC: THE IDENTFIER IS FOUND! self.provider_identifier = hexlify(cli_sec_response) else: logging.debug('%s Closed connection invalid authentification.' % self) self.request.sendall(rfb.securityResult(False)) self.closeConnection() # None: TODO: block this since it not usefull for proxy-awareness elif cli_sec_type == rfb.security['NONE']: logging.debug("%s sending security result OK1 to client" % self) self.request.sendall(rfb.securityResult(True)) # Implement other authentification mechanisms here if # specifications for TightVNC / UltraVNC can be found. # Note: this doesn't matter in the chase of proxy-awareness... anyway this is # where it would be done. else: logging.debug("%s sending security result BAD to client" % self) self.request.sendall(rfb.securityResult(False)) self.closeConnection()
def datareceived(self, data): # receive protocol version and send security types if self.state == 0: logging.debug("%s received client protocol [%s]" % (self, data)) if data == rfb.protocolVersion(): logging.debug("%s Sending security types to client" % self) self.request.sendall(rfb.securityTypes()) self.buffersize = 1 self.state += 10 else: logging.debug("%s sending 'invalid auth' to client" % self) self.request.sendall(rfb.invalidVersion()) logging.debug('%s Closed connection due to invalid version.' % self) self.closeConnection() # received clients chosen security type, start authentification elif self.state == 10: logging.debug("%s received security type [%s] from client" % (self, hexlify(data))) # VNC authentification: if data == rfb.security['VNC_AUTH']: logging.debug("%s sending auth challenge: [%s] to client" % (self, hexlify(rfb.vncAuthChallenge()))) self.request.sendall(rfb.vncAuthChallenge()) self.state += 10 self.buffersize = 16 # None elif data == rfb.security['NONE']: logging.debug("%s sending security result OK1 to client" % self) self.request.sendall(rfb.securityResult(True)) self.buffersize = 0 self.state += 20 # Proceed to initilization (30) # Implement other authentification mechanisms here if # specifications for TightVNC / UltraVNC can be found. else: logging.debug("%s sending security result BAD to client" % self) self.request.sendall(rfb.securityResult(False)) self.closeConnection() # received security response from client, send security result back elif self.state == 20: logging.debug("%s received security response [%s] from client" % (self, hexlify(data))) logging.debug("%s decrypted response [%s] from client" % (self, hexlify(decrypt_response(self.password, data)))) self.buffersize = 1 # TODO: does this work?? # Do a stuff depending on auth method, currently only #if verify_response(self.password, data, rfb.vncAuthChallenge()): if 1: logging.debug("%s sending security result OK2 to client" % self) self.request.sendall(rfb.securityResult(True)) self.state += 10 # TODO: store the auth reponse self.migraId = data else: logging.debug('%s Closed connection invalid authentification.' % self) self.request.sendall(rfb.securityResult(False)) self.closeConnection() # received client init, sending server init elif self.state == 30: logging.debug("%s received client init [%s]" % (self, hexlify(data))) logging.debug("%s sending server init to client" % self) if 1: # TODO: Verify client message and store it in client structure serverInit = None # TODO: IMPROVE ON THIS self.lock.acquire() for t in self.threads: if t.__class__.__name__ == 'VncServerHandler' and \ t.migraId == self.migraId and \ t.migraId != None: serverInit = t.serverInit logging.debug("%s trying to find a serverInit [%s] [%s,%s]" % (self, serverInit, serverInit[0],serverInit[1])) self.lock.release() if serverInit != None: self.request.sendall(rfb.serverInit(serverInit[0], serverInit[1], rfb.PIXEL_FORMAT, 'MIG Virtual Machine.')) else: # TODO: do something better when server is not connected yet. self.request.sendall(rfb.serverInit(1024, 768, rfb.PIXEL_FORMAT, 'MIG Virtual Machine.')) self.buffersize = 1024 self.state += 10 else: logging.debug('%s Closed connection due to bad initialisation.' % self) self.closeConnection() # Vnc doing it's thing elif self.state == 40: # The first byte off all request are the messageType # Determine client request and based on policy: forward, local, drop the message. messageType = data[0:1] knownMessageType = False for messageTypesName, messageTypeValue in rfb.clientMessages.iteritems(): if messageTypeValue == messageType: knownMessageType = True logging.debug('%s Received message [%s]' % (self, messageTypesName)) if not knownMessageType: logging.debug('%s Unknown messagetype [%s]' % (self, messageType)) logging.debug("%s >>" % self) # Try to find a server connection if self.vnc_server == None: logging.debug("%s Trying to find a matching vncserver" % self) self.lock.acquire() for t in self.threads: if t.__class__.__name__ == 'VncServerHandler' and \ t.migraId == self.migraId and \ t.migraId != None: self.vnc_server = t logging.debug("%s found %s migraIds:[\n %s,\n %s]" % (self, self.vnc_server, hexlify(self.vnc_server.migraId), hexlify(self.migraId))) self.lock.release() # Forward request to server if self.vnc_server != None: try: logging.debug("%s [forwarding=%s,\n from client=%s\n to server %s]" % (self, hexlify(messageType), hexlify(self.migraId), hexlify(self.vnc_server.migraId))) self.vnc_server.request.sendall(data) except: logging.exception("%s server disconnected %s" % (self, hexlify(self.vnc_server.migraId))) self.vnc_server = None logging.debug("%s <<" % self) # Put this somewhere else, it's very sexy and very experimental :) # TODO: reverse the text, fix colors if messageType == rfb.clientMessages.get('FRAMEBUFFER_UPDATE_REQUEST') and self.vnc_server == None: logging.debug("%s trying to send fake framebufferupdate" % self) blockSize = 1024 * 768 * (32 / 8) input = open('/home/safl/proxy/vncmedia/wait.bmp', 'r') block = input.read(blockSize+70) # funny offset due to bmp representation block = block[70::] fakestatus = rfb.Rectangle(0, 0, 1024, 768, block) framebufferupdate = pack("!BBHHHHHi", 0, 0, 1, fakestatus.x, fakestatus.y, fakestatus.width, fakestatus.height, 0) try: self.request.sendall(framebufferupdate) self.request.sendall(block[::-1]) # reverse the order except: logging.exception('%s Closed connection due to failure in sending status image!' % self) self.closeConnection() else: logging.debug('%s Closed connection due to unknown data input!' % self) self.closeConnection()