Problems with OTP
89 views
Skip to first unread message
Rafael Guimaraes
Apr 7, 2020, 10:10:21 AM4/7/20
to turbovn...@googlegroups.com
Hi Folks,
I am having some problem on using TurboVNC with OTP in one specific computer. I have always used OTP and it has never let me down. However, in this specific computer, I ask VNC server to generate an OTP (through vncpasswd), it provides me a number but, when I try using it to access the session, VNC server tells me that no OTP was set.
Any suggestions? Where do VNC server stores OTP? Could this be a simple permission issue?
Cheers,
Rafael Guimarães
DRC
Apr 7, 2020, 2:40:53 PM4/7/20
to turbovn...@googlegroups.com
The OTP is stored in a root window property (VNC_OTP) on the TurboVNC X
display, but that property is ephemeral. When vncpasswd sets the root
property, the TurboVNC Server immediately reads the property, copies the
value into an internal variable, and deletes the property.
The best way to verify the OTP value is to modify the TurboVNC Server as
follows:
--------- BEGIN PATCH ----------
--- a/unix/Xvnc/programs/Xserver/hw/vnc/init.c
+++ b/unix/Xvnc/programs/Xserver/hw/vnc/init.c
@@ -1380,10 +1380,22 @@ void rfbRootPropertyChange(PropertyPtr pProp)
}
} else if ((pProp->size == MAXPWLEN) || (pProp->size == (MAXPWLEN *
2))) {
+ char passwdFullControl[MAXPWLEN + 1] = "\0";
+ char passwdViewOnly[MAXPWLEN + 1] = "\0";
+
free(rfbAuthOTPValue);
rfbAuthOTPValueLen = pProp->size;
rfbAuthOTPValue = (char *)rfbAlloc(pProp->size);
memcpy(rfbAuthOTPValue, pProp->data, pProp->size);
+
+ memcpy(passwdFullControl, rfbAuthOTPValue, MAXPWLEN);
+ passwdFullControl[MAXPWLEN] = '\0';
+ rfbLog("Full control one-time password: %s\n", passwdFullControl);
+ if (rfbAuthOTPValueLen / MAXPWLEN > 1) {
+ memcpy(passwdViewOnly, rfbAuthOTPValue + MAXPWLEN, MAXPWLEN);
+ passwdViewOnly[MAXPWLEN] = '\0';
+ rfbLog("View-only one-time password: %s\n", passwdViewOnly);
+ }
}
memset(pProp->data, 0, pProp->size);
--------- END PATCH ----------
If I were a betting man, I would bet that the failing machine has an
issue with /dev/urandom.
DRC
display, but that property is ephemeral. When vncpasswd sets the root
property, the TurboVNC Server immediately reads the property, copies the
value into an internal variable, and deletes the property.
The best way to verify the OTP value is to modify the TurboVNC Server as
follows:
--------- BEGIN PATCH ----------
--- a/unix/Xvnc/programs/Xserver/hw/vnc/init.c
+++ b/unix/Xvnc/programs/Xserver/hw/vnc/init.c
@@ -1380,10 +1380,22 @@ void rfbRootPropertyChange(PropertyPtr pProp)
}
} else if ((pProp->size == MAXPWLEN) || (pProp->size == (MAXPWLEN *
2))) {
+ char passwdFullControl[MAXPWLEN + 1] = "\0";
+ char passwdViewOnly[MAXPWLEN + 1] = "\0";
+
free(rfbAuthOTPValue);
rfbAuthOTPValueLen = pProp->size;
rfbAuthOTPValue = (char *)rfbAlloc(pProp->size);
memcpy(rfbAuthOTPValue, pProp->data, pProp->size);
+
+ memcpy(passwdFullControl, rfbAuthOTPValue, MAXPWLEN);
+ passwdFullControl[MAXPWLEN] = '\0';
+ rfbLog("Full control one-time password: %s\n", passwdFullControl);
+ if (rfbAuthOTPValueLen / MAXPWLEN > 1) {
+ memcpy(passwdViewOnly, rfbAuthOTPValue + MAXPWLEN, MAXPWLEN);
+ passwdViewOnly[MAXPWLEN] = '\0';
+ rfbLog("View-only one-time password: %s\n", passwdViewOnly);
+ }
}
memset(pProp->data, 0, pProp->size);
--------- END PATCH ----------
If I were a betting man, I would bet that the failing machine has an
issue with /dev/urandom.
DRC
Rafael Guimaraes
Apr 8, 2020, 4:00:48 PM4/8/20
to turbovn...@googlegroups.com
What kind of /dev/urandom issue do you mean? I have executed "hexdump -C -n 800 /dev/urandom" and it seems to be generating fine random numbers (at least, visually)... Moreover, when I run vncpasswd, it returns me an OTP number... So it seems to be generating OTPs correctly. However, when I try to connect to the VNC session, the server tells me that no OTP was generated... Very weird...
--
You received this message because you are subscribed to the Google Groups "TurboVNC User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turbovnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/db34acef-4ff4-822c-ac07-039249a815b9%40virtualgl.org.
DRC
Apr 8, 2020, 4:25:33 PM4/8/20
to turbovn...@googlegroups.com
OK, well, your next step is-- as I suggested-- to add the
diagnostic code to the server so you can see whether it is
properly receiving the OTP. I can't proceed without that
information.
To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/CAMCG4__j817fsqLKLjURSBqOOU9Tud%3DTVxqBkbF2XBfxyzSuww%40mail.gmail.com.
DRC
Jan 27, 2021, 2:41:19 PM1/27/21
to turbovn...@googlegroups.com
Any update on this issue?
On 4/8/20 3:25 PM, DRC wrote:
> OK, well, your next step is-- as I suggested-- to add the diagnostic
> code to the server so you can see whether it is properly receiving the
> OTP. I can't proceed without that information.
>
> On 4/8/20 3:00 PM, Rafael Guimaraes wrote:
>> What kind of /dev/urandom issue do you mean? I have executed "hexdump
>> -C -n 800 /dev/urandom" and it seems to be generating fine random
>> numbers (at least, visually)... Moreover, when I run vncpasswd, it
>> returns me an OTP number... So it seems to be generating OTPs
>> correctly. However, when I try to connect to the VNC session, the
>> server tells me that no OTP was generated... Very weird...
>>
>> Em ter., 7 de abr. de 2020 às 15:40, DRC <d...@virtualgl.org
>> <mailto:d...@virtualgl.org>> escreveu:
On 4/8/20 3:25 PM, DRC wrote:
> OK, well, your next step is-- as I suggested-- to add the diagnostic
> code to the server so you can see whether it is properly receiving the
> OTP. I can't proceed without that information.
>
> On 4/8/20 3:00 PM, Rafael Guimaraes wrote:
>> What kind of /dev/urandom issue do you mean? I have executed "hexdump
>> -C -n 800 /dev/urandom" and it seems to be generating fine random
>> numbers (at least, visually)... Moreover, when I run vncpasswd, it
>> returns me an OTP number... So it seems to be generating OTPs
>> correctly. However, when I try to connect to the VNC session, the
>> server tells me that no OTP was generated... Very weird...
>>
>> Em ter., 7 de abr. de 2020 às 15:40, DRC <d...@virtualgl.org
Rafael Guimaraes
Feb 1, 2021, 2:33:17 PM2/1/21
to turbovn...@googlegroups.com
In fact, the server had to be replaced, and the problem no longer occurred...
Thanks anyway.
--
You received this message because you are subscribed to the Google Groups "TurboVNC User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turbovnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/673885f0-406e-6706-c182-afc4abd4544d%40virtualgl.org.
Reply all
Reply to author
Forward
0 new messages