search

LibVNC / libvncserver

LibVNCServer/LibVNCClient are cross-platform C libraries that allow you to easily implement VNC server or client functionality in your program.
GNU General Public License v2.0
1.1k stars 482 forks source link

libvncclient: implement UltraVNC's MSLogonII authentication scheme #480

Closed kevans91 closed 2 years ago

kevans91 commented 3 years ago

UltraVNC's MSLogonII protocol is relatively simple; the server sends along DH parameters, we generate a shared secret, and we encrypt both the username and password with it. The pubkey, username, and password then get written back to the server.

Fixes #372

kevans91 commented 3 years ago

AFAICT they have a UltraMSLogon protocol that's similar-ish, but the newer server simply won't offer it now so it's probably OK to just pretend it doesn't exist (but I added the ID for completeness)

(edit to note) tested on a FreeBSD host with Remmina.

bk138 commented 3 years ago

Thanks so much for the contribution! What would be a simple test case?

kevans91 commented 3 years ago

Thanks so much for the contribution! What would be a simple test case?

In my case (I don't typically use UltraVNC either, I was summoned here to implement it by a friend), the steps were roughly:

  1. Install UltraVNC: https://www.uvnc.com/downloads/ultravnc/135-download-ultravnc-1-3-2.html -- I didn't bother touching the server configuration to run it as a service, though I did later test with it as a service. I let it start ultravnc after installation
  2. Right click the eye-book looking icon in the task tray thing and click "Admin Settings"
  3. On the right half of the settings dialog, choose both "MS Logon" then "New MS Logon" -- the former alone still triggers this, but I couldn't get the configuration to actually work. "Configure MS Logon Groups" and set up a group on your machine for access via the "Add..." button. I used a group on the domain this machine is on, but you can hit "locations..." and select the machine name then use "Administrators" in the object name.
  4. Click "Apply"
  5. Attempt to connect with the updated libvncclient (with the machine still logged in and awake, unless you switch to the service); I used Remmina on FreeBSD
Neustradamus commented 2 years ago

cc @RudiDeVos.

bk138 commented 2 years ago

Run-tested successfully connecting from MacOS to Windows 10.

bk138 commented 2 years ago

Sorry for taking so long to review this, been busy with $$$-work and family.

kevans91 commented 2 years ago

Sorry for taking so long to review this, been busy with $$$-work and family.

No worries, thanks a lot! :-)