8571d06737
- Build KVM (basic build, no tools yet) - Set ppc in ExcludeArch. This is temporary, just to fix one issue at a time. ppc users (IBM ? ;-)) please wait a little bit.
1604 lines
50 KiB
Diff
1604 lines
50 KiB
Diff
This patch adds the new SASL authentication protocol to the VNC server.
|
|
|
|
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
|
|
optionally provide encryption via its SSF layer, if a suitable mechanism
|
|
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
|
|
not available, then it should be combined with the x509 VNC authentication
|
|
protocol which provides encryption.
|
|
|
|
eg, if using GSSAPI
|
|
|
|
qemu -vnc localhost:1,sasl
|
|
|
|
eg if using TLS/x509 for encryption
|
|
|
|
qemu -vnc localhost:1,sasl,tls,x509
|
|
|
|
|
|
By default the Cyrus SASL library will look for its configuration in
|
|
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
|
|
by setting the SASL_CONF_PATH environment variable, eg to make it look in
|
|
$HOME/.sasl2. NB unprivileged users may not have access to the full range
|
|
of SASL mechanisms, since some of them require some administrative privileges
|
|
to configure. The patch includes an example SASL configuration file which
|
|
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
|
|
the latter is not really considered secure any more.
|
|
|
|
Most of the SASL authentication code is located in a separate source file,
|
|
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
|
|
glue, specifically parsing of command line flags / setup, and calls to
|
|
start the SASL auth process, to do encoding/decoding for data.
|
|
|
|
There are several possible stacks for reading & writing of data, depending
|
|
on the combo of VNC authentication methods in use
|
|
|
|
- Clear. read/write straight to socket
|
|
- TLS. read/write via GNUTLS helpers
|
|
- SASL. encode/decode via SASL SSF layer, then read/write to socket
|
|
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
|
|
|
|
Hence, the vnc_client_read & vnc_client_write methods have been refactored
|
|
a little.
|
|
|
|
vnc_client_read: main entry point for reading, calls either
|
|
|
|
- vnc_client_read_plain reading, with no intermediate decoding
|
|
- vnc_client_read_sasl reading, with SASL SSF decoding
|
|
|
|
These two methods, then call vnc_client_read_buf(). This decides
|
|
whether to write to the socket directly or write via GNUTLS.
|
|
|
|
The situation is the same for writing data. More extensive comments
|
|
have been added in the code / patch. The vnc_client_read_sasl and
|
|
vnc_client_write_sasl method implementations live in the separate
|
|
vnc-auth-sasl.c file.
|
|
|
|
The state required for the SASL auth mechanism is kept in a separate
|
|
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
|
|
main VncState.
|
|
|
|
The configure script probes for SASL and automatically enables it
|
|
if found, unless --disable-vnc-sasl was given to override it.
|
|
|
|
|
|
Makefile | 7
|
|
Makefile.target | 5
|
|
b/qemu.sasl | 34 ++
|
|
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
b/vnc-auth-sasl.h | 67 +++++
|
|
configure | 34 ++
|
|
qemu-doc.texi | 97 ++++++++
|
|
vnc-auth-vencrypt.c | 12
|
|
vnc.c | 249 ++++++++++++++++++--
|
|
vnc.h | 31 ++
|
|
10 files changed, 1129 insertions(+), 33 deletions(-)
|
|
|
|
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
Index: kvm-84.git-snapshot-20090303/qemu/Makefile
|
|
===================================================================
|
|
--- kvm-84.git-snapshot-20090303.orig/qemu/Makefile
|
|
+++ kvm-84.git-snapshot-20090303/qemu/Makefile
|
|
@@ -152,6 +152,9 @@ OBJS+=vnc.o d3des.o
|
|
ifdef CONFIG_VNC_TLS
|
|
OBJS+=vnc-tls.o vnc-auth-vencrypt.o
|
|
endif
|
|
+ifdef CONFIG_VNC_SASL
|
|
+OBJS+=vnc-auth-sasl.o
|
|
+endif
|
|
|
|
ifdef CONFIG_COCOA
|
|
OBJS+=cocoa.o
|
|
@@ -175,7 +178,7 @@ sdl.o: sdl.c keymaps.h sdl_keysym.h
|
|
|
|
sdl.o audio/sdlaudio.o: CFLAGS += $(SDL_CFLAGS)
|
|
|
|
-vnc.h: vnc-tls.h vnc-auth-vencrypt.h keymaps.h
|
|
+vnc.h: vnc-tls.h vnc-auth-vencrypt.h vnc-auth-sasl.h keymaps.h
|
|
|
|
vnc.o: vnc.c vnc.h vnc_keysym.h vnchextile.h d3des.c d3des.h
|
|
|
|
@@ -185,6 +188,8 @@ vnc-tls.o: vnc-tls.c vnc.h
|
|
|
|
vnc-auth-vencrypt.o: vnc-auth-vencrypt.c vnc.h
|
|
|
|
+vnc-auth-sasl.o: vnc-auth-sasl.c vnc.h
|
|
+
|
|
curses.o: curses.c keymaps.h curses_keys.h
|
|
|
|
bt-host.o: CFLAGS += $(CONFIG_BLUEZ_CFLAGS)
|
|
Index: kvm-84.git-snapshot-20090303/qemu/Makefile.target
|
|
===================================================================
|
|
--- kvm-84.git-snapshot-20090303.orig/qemu/Makefile.target
|
|
+++ kvm-84.git-snapshot-20090303/qemu/Makefile.target
|
|
@@ -613,6 +613,11 @@ CPPFLAGS += $(CONFIG_VNC_TLS_CFLAGS)
|
|
LIBS += $(CONFIG_VNC_TLS_LIBS)
|
|
endif
|
|
|
|
+ifdef CONFIG_VNC_SASL
|
|
+CPPFLAGS += $(CONFIG_VNC_SASL_CFLAGS)
|
|
+LIBS += $(CONFIG_VNC_SASL_LIBS)
|
|
+endif
|
|
+
|
|
ifdef CONFIG_BLUEZ
|
|
LIBS += $(CONFIG_BLUEZ_LIBS)
|
|
endif
|
|
Index: kvm-84.git-snapshot-20090303/qemu/configure
|
|
===================================================================
|
|
--- kvm-84.git-snapshot-20090303.orig/qemu/configure
|
|
+++ kvm-84.git-snapshot-20090303/qemu/configure
|
|
@@ -164,6 +164,7 @@ fmod_lib=""
|
|
fmod_inc=""
|
|
oss_lib=""
|
|
vnc_tls="yes"
|
|
+vnc_sasl="yes"
|
|
bsd="no"
|
|
linux="no"
|
|
solaris="no"
|
|
@@ -403,6 +404,8 @@ for opt do
|
|
;;
|
|
--disable-vnc-tls) vnc_tls="no"
|
|
;;
|
|
+ --disable-vnc-sasl) vnc_sasl="no"
|
|
+ ;;
|
|
--disable-slirp) slirp="no"
|
|
;;
|
|
--disable-vde) vde="no"
|
|
@@ -562,6 +565,7 @@ echo " Availab
|
|
echo " --enable-mixemu enable mixer emulation"
|
|
echo " --disable-brlapi disable BrlAPI"
|
|
echo " --disable-vnc-tls disable TLS encryption for VNC server"
|
|
+echo " --disable-vnc-sasl disable SASL encryption for VNC server"
|
|
echo " --disable-curses disable curses output"
|
|
echo " --disable-bluez disable bluez stack connectivity"
|
|
echo " --disable-kvm disable KVM acceleration support"
|
|
@@ -874,6 +878,25 @@ EOF
|
|
fi
|
|
|
|
##########################################
|
|
+# VNC SASL detection
|
|
+if test "$vnc_sasl" = "yes" ; then
|
|
+cat > $TMPC <<EOF
|
|
+#include <sasl/sasl.h>
|
|
+#include <stdio.h>
|
|
+int main(void) { sasl_server_init(NULL, "qemu"); return 0; }
|
|
+EOF
|
|
+ # Assuming Cyrus-SASL installed in /usr prefix
|
|
+ vnc_sasl_cflags=""
|
|
+ vnc_sasl_libs="-lsasl2"
|
|
+ if $cc $ARCH_CFLAGS -o $TMPE ${OS_CFLAGS} $vnc_sasl_cflags $TMPC \
|
|
+ $vnc_sasl_libs 2> /dev/null ; then
|
|
+ :
|
|
+ else
|
|
+ vnc_sasl="no"
|
|
+ fi
|
|
+fi
|
|
+
|
|
+##########################################
|
|
# vde libraries probe
|
|
if test "$vde" = "yes" ; then
|
|
cat > $TMPC << EOF
|
|
@@ -1208,6 +1231,11 @@ if test "$vnc_tls" = "yes" ; then
|
|
echo " TLS CFLAGS $vnc_tls_cflags"
|
|
echo " TLS LIBS $vnc_tls_libs"
|
|
fi
|
|
+echo "VNC SASL support $vnc_sasl"
|
|
+if test "$vnc_sasl" = "yes" ; then
|
|
+ echo " SASL CFLAGS $vnc_sasl_cflags"
|
|
+ echo " SASL LIBS $vnc_sasl_libs"
|
|
+fi
|
|
if test -n "$sparc_cpu"; then
|
|
echo "Target Sparc Arch $sparc_cpu"
|
|
fi
|
|
@@ -1451,6 +1479,12 @@ if test "$vnc_tls" = "yes" ; then
|
|
echo "CONFIG_VNC_TLS_LIBS=$vnc_tls_libs" >> $config_mak
|
|
echo "#define CONFIG_VNC_TLS 1" >> $config_h
|
|
fi
|
|
+if test "$vnc_sasl" = "yes" ; then
|
|
+ echo "CONFIG_VNC_SASL=yes" >> $config_mak
|
|
+ echo "CONFIG_VNC_SASL_CFLAGS=$vnc_sasl_cflags" >> $config_mak
|
|
+ echo "CONFIG_VNC_SASL_LIBS=$vnc_sasl_libs" >> $config_mak
|
|
+ echo "#define CONFIG_VNC_SASL 1" >> $config_h
|
|
+fi
|
|
qemu_version=`head $source_path/VERSION`
|
|
echo "VERSION=$qemu_version" >>$config_mak
|
|
echo "#define QEMU_VERSION \"$qemu_version\"" >> $config_h
|
|
Index: kvm-84.git-snapshot-20090303/qemu/qemu-doc.texi
|
|
===================================================================
|
|
--- kvm-84.git-snapshot-20090303.orig/qemu/qemu-doc.texi
|
|
+++ kvm-84.git-snapshot-20090303/qemu/qemu-doc.texi
|
|
@@ -624,6 +624,21 @@ path following this option specifies whe
|
|
be loaded from. See the @ref{vnc_security} section for details on generating
|
|
certificates.
|
|
|
|
+@item sasl
|
|
+
|
|
+Require that the client use SASL to authenticate with the VNC server.
|
|
+The exact choice of authentication method used is controlled from the
|
|
+system / user's SASL configuration file for the 'qemu' service. This
|
|
+is typically found in /etc/sasl2/qemu.conf. If running QEMU as an
|
|
+unprivileged user, an environment variable SASL_CONF_PATH can be used
|
|
+to make it search alternate locations for the service config.
|
|
+While some SASL auth methods can also provide data encryption (eg GSSAPI),
|
|
+it is recommended that SASL always be combined with the 'tls' and
|
|
+'x509' settings to enable use of SSL and server certificates. This
|
|
+ensures a data encryption preventing compromise of authentication
|
|
+credentials. See the @ref{vnc_security} section for details on using
|
|
+SASL authentication.
|
|
+
|
|
@end table
|
|
|
|
@end table
|
|
@@ -2058,7 +2073,10 @@ considerations depending on the deployme
|
|
* vnc_sec_certificate::
|
|
* vnc_sec_certificate_verify::
|
|
* vnc_sec_certificate_pw::
|
|
+* vnc_sec_sasl::
|
|
+* vnc_sec_certificate_sasl::
|
|
* vnc_generate_cert::
|
|
+* vnc_setup_sasl::
|
|
@end menu
|
|
@node vnc_sec_none
|
|
@subsection Without passwords
|
|
@@ -2141,6 +2159,41 @@ Password: ********
|
|
(qemu)
|
|
@end example
|
|
|
|
+
|
|
+@node vnc_sec_sasl
|
|
+@subsection With SASL authentication
|
|
+
|
|
+The SASL authentication method is a VNC extension, that provides an
|
|
+easily extendable, pluggable authentication method. This allows for
|
|
+integration with a wide range of authentication mechanisms, such as
|
|
+PAM, GSSAPI/Kerberos, LDAP, SQL databases, one-time keys and more.
|
|
+The strength of the authentication depends on the exact mechanism
|
|
+configured. If the chosen mechanism also provides a SSF layer, then
|
|
+it will encrypt the datastream as well.
|
|
+
|
|
+Refer to the later docs on how to choose the exact SASL mechanism
|
|
+used for authentication, but assuming use of one supporting SSF,
|
|
+then QEMU can be launched with:
|
|
+
|
|
+@example
|
|
+qemu [...OPTIONS...] -vnc :1,sasl -monitor stdio
|
|
+@end example
|
|
+
|
|
+@node vnc_sec_certificate_sasl
|
|
+@subsection With x509 certificates and SASL authentication
|
|
+
|
|
+If the desired SASL authentication mechanism does not supported
|
|
+SSF layers, then it is strongly advised to run it in combination
|
|
+with TLS and x509 certificates. This provides securely encrypted
|
|
+data stream, avoiding risk of compromising of the security
|
|
+credentials. This can be enabled, by combining the 'sasl' option
|
|
+with the aforementioned TLS + x509 options:
|
|
+
|
|
+@example
|
|
+qemu [...OPTIONS...] -vnc :1,tls,x509,sasl -monitor stdio
|
|
+@end example
|
|
+
|
|
+
|
|
@node vnc_generate_cert
|
|
@subsection Generating certificates for VNC
|
|
|
|
@@ -2252,6 +2305,50 @@ EOF
|
|
The @code{client-key.pem} and @code{client-cert.pem} files should now be securely
|
|
copied to the client for which they were generated.
|
|
|
|
+
|
|
+@node vnc_setup_sasl
|
|
+
|
|
+@subsection Configuring SASL mechanisms
|
|
+
|
|
+The following documentation assumes use of the Cyrus SASL implementation on a
|
|
+Linux host, but the principals should apply to any other SASL impl. When SASL
|
|
+is enabled, the mechanism configuration will be loaded from system default
|
|
+SASL service config /etc/sasl2/qemu.conf. If running QEMU as an
|
|
+unprivileged user, an environment variable SASL_CONF_PATH can be used
|
|
+to make it search alternate locations for the service config.
|
|
+
|
|
+The default configuration might contain
|
|
+
|
|
+@example
|
|
+mech_list: digest-md5
|
|
+sasldb_path: /etc/qemu/passwd.db
|
|
+@end example
|
|
+
|
|
+This says to use the 'Digest MD5' mechanism, which is similar to the HTTP
|
|
+Digest-MD5 mechanism. The list of valid usernames & passwords is maintained
|
|
+in the /etc/qemu/passwd.db file, and can be updated using the saslpasswd2
|
|
+command. While this mechanism is easy to configure and use, it is not
|
|
+considered secure by modern standards, so only suitable for developers /
|
|
+ad-hoc testing.
|
|
+
|
|
+A more serious deployment might use Kerberos, which is done with the 'gssapi'
|
|
+mechanism
|
|
+
|
|
+@example
|
|
+mech_list: gssapi
|
|
+keytab: /etc/qemu/krb5.tab
|
|
+@end example
|
|
+
|
|
+For this to work the administrator of your KDC must generate a Kerberos
|
|
+principal for the server, with a name of 'qemu/somehost.example.com@@EXAMPLE.COM'
|
|
+replacing 'somehost.example.com' with the fully qualified host name of the
|
|
+machine running QEMU, and 'EXAMPLE.COM' with the Keberos Realm.
|
|
+
|
|
+Other configurations will be left as an exercise for the reader. It should
|
|
+be noted that only Digest-MD5 and GSSAPI provides a SSF layer for data
|
|
+encryption. For all other mechanisms, VNC should always be configured to
|
|
+use TLS and x509 certificates to protect security credentials from snooping.
|
|
+
|
|
@node gdb_usage
|
|
@section GDB usage
|
|
|
|
Index: kvm-84.git-snapshot-20090303/qemu/qemu.sasl
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ kvm-84.git-snapshot-20090303/qemu/qemu.sasl
|
|
@@ -0,0 +1,34 @@
|
|
+# If you want to use the non-TLS socket, then you *must* include
|
|
+# the GSSAPI or DIGEST-MD5 mechanisms, because they are the only
|
|
+# ones that can offer session encryption as well as authentication.
|
|
+#
|
|
+# If you're only using TLS, then you can turn on any mechanisms
|
|
+# you like for authentication, because TLS provides the encryption
|
|
+#
|
|
+# Default to a simple username+password mechanism
|
|
+# NB digest-md5 is no longer considered secure by current standards
|
|
+mech_list: digest-md5
|
|
+
|
|
+# Before you can use GSSAPI, you need a service principle on the
|
|
+# KDC server for libvirt, and that to be exported to the keytab
|
|
+# file listed below
|
|
+#mech_list: gssapi
|
|
+#
|
|
+# You can also list many mechanisms at once, then the user can choose
|
|
+# by adding '?auth=sasl.gssapi' to their libvirt URI, eg
|
|
+# qemu+tcp://hostname/system?auth=sasl.gssapi
|
|
+#mech_list: digest-md5 gssapi
|
|
+
|
|
+# Some older builds of MIT kerberos on Linux ignore this option &
|
|
+# instead need KRB5_KTNAME env var.
|
|
+# For modern Linux, and other OS, this should be sufficient
|
|
+keytab: /etc/qemu/krb5.tab
|
|
+
|
|
+# If using digest-md5 for username/passwds, then this is the file
|
|
+# containing the passwds. Use 'saslpasswd2 -a qemu [username]'
|
|
+# to add entries, and 'sasldblistusers2 -a qemu' to browse it
|
|
+sasldb_path: /etc/qemu/passwd.db
|
|
+
|
|
+
|
|
+auxprop_plugin: sasldb
|
|
+
|
|
Index: kvm-84.git-snapshot-20090303/qemu/vnc-auth-sasl.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ kvm-84.git-snapshot-20090303/qemu/vnc-auth-sasl.c
|
|
@@ -0,0 +1,626 @@
|
|
+/*
|
|
+ * QEMU VNC display driver: SASL auth protocol
|
|
+ *
|
|
+ * Copyright (C) 2009 Red Hat, Inc
|
|
+ *
|
|
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
+ * of this software and associated documentation files (the "Software"), to deal
|
|
+ * in the Software without restriction, including without limitation the rights
|
|
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
+ * copies of the Software, and to permit persons to whom the Software is
|
|
+ * furnished to do so, subject to the following conditions:
|
|
+ *
|
|
+ * The above copyright notice and this permission notice shall be included in
|
|
+ * all copies or substantial portions of the Software.
|
|
+ *
|
|
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
+ * THE SOFTWARE.
|
|
+ */
|
|
+
|
|
+#include "vnc.h"
|
|
+
|
|
+/* Max amount of data we send/recv for SASL steps to prevent DOS */
|
|
+#define SASL_DATA_MAX_LEN (1024 * 1024)
|
|
+
|
|
+
|
|
+void vnc_sasl_client_cleanup(VncState *vs)
|
|
+{
|
|
+ if (vs->sasl.conn) {
|
|
+ vs->sasl.runSSF = vs->sasl.waitWriteSSF = vs->sasl.wantSSF = 0;
|
|
+ vs->sasl.encodedLength = vs->sasl.encodedOffset = 0;
|
|
+ vs->sasl.encoded = NULL;
|
|
+ free(vs->sasl.username);
|
|
+ free(vs->sasl.mechlist);
|
|
+ vs->sasl.username = vs->sasl.mechlist = NULL;
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ }
|
|
+}
|
|
+
|
|
+
|
|
+long vnc_client_write_sasl(VncState *vs)
|
|
+{
|
|
+ long ret;
|
|
+
|
|
+ VNC_DEBUG("Write SASL: Pending output %p size %d offset %d Encoded: %p size %d offset %d\n",
|
|
+ vs->output.buffer, vs->output.capacity, vs->output.offset,
|
|
+ vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset);
|
|
+
|
|
+ if (!vs->sasl.encoded) {
|
|
+ int err;
|
|
+ err = sasl_encode(vs->sasl.conn,
|
|
+ (char *)vs->output.buffer,
|
|
+ vs->output.offset,
|
|
+ (const char **)&vs->sasl.encoded,
|
|
+ &vs->sasl.encodedLength);
|
|
+ if (err != SASL_OK)
|
|
+ return vnc_client_io_error(vs, -1, EIO);
|
|
+
|
|
+ vs->sasl.encodedOffset = 0;
|
|
+ }
|
|
+
|
|
+ ret = vnc_client_write_buf(vs,
|
|
+ vs->sasl.encoded + vs->sasl.encodedOffset,
|
|
+ vs->sasl.encodedLength - vs->sasl.encodedOffset);
|
|
+ if (!ret)
|
|
+ return 0;
|
|
+
|
|
+ vs->sasl.encodedOffset += ret;
|
|
+ if (vs->sasl.encodedOffset == vs->sasl.encodedLength) {
|
|
+ vs->output.offset = 0;
|
|
+ vs->sasl.encoded = NULL;
|
|
+ vs->sasl.encodedOffset = vs->sasl.encodedLength = 0;
|
|
+ }
|
|
+
|
|
+ /* Can't merge this block with one above, because
|
|
+ * someone might have written more unencrypted
|
|
+ * data in vs->output while we were processing
|
|
+ * SASL encoded output
|
|
+ */
|
|
+ if (vs->output.offset == 0) {
|
|
+ qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
|
|
+ }
|
|
+
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+
|
|
+long vnc_client_read_sasl(VncState *vs)
|
|
+{
|
|
+ long ret;
|
|
+ uint8_t encoded[4096];
|
|
+ const char *decoded;
|
|
+ unsigned int decodedLen;
|
|
+ int err;
|
|
+
|
|
+ ret = vnc_client_read_buf(vs, encoded, sizeof(encoded));
|
|
+ if (!ret)
|
|
+ return 0;
|
|
+
|
|
+ err = sasl_decode(vs->sasl.conn,
|
|
+ (char *)encoded, ret,
|
|
+ &decoded, &decodedLen);
|
|
+
|
|
+ if (err != SASL_OK)
|
|
+ return vnc_client_io_error(vs, -1, -EIO);
|
|
+ VNC_DEBUG("Read SASL Encoded %p size %ld Decoded %p size %d\n",
|
|
+ encoded, ret, decoded, decodedLen);
|
|
+ buffer_reserve(&vs->input, decodedLen);
|
|
+ buffer_append(&vs->input, decoded, decodedLen);
|
|
+ return decodedLen;
|
|
+}
|
|
+
|
|
+
|
|
+static int vnc_auth_sasl_check_access(VncState *vs)
|
|
+{
|
|
+ const void *val;
|
|
+ int err;
|
|
+
|
|
+ err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val);
|
|
+ if (err != SASL_OK) {
|
|
+ VNC_DEBUG("cannot query SASL username on connection %d (%s)\n",
|
|
+ err, sasl_errstring(err, NULL, NULL));
|
|
+ return -1;
|
|
+ }
|
|
+ if (val == NULL) {
|
|
+ VNC_DEBUG("no client username was found\n");
|
|
+ return -1;
|
|
+ }
|
|
+ VNC_DEBUG("SASL client username %s\n", (const char *)val);
|
|
+
|
|
+ vs->sasl.username = qemu_strdup((const char*)val);
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int vnc_auth_sasl_check_ssf(VncState *vs)
|
|
+{
|
|
+ const void *val;
|
|
+ int err, ssf;
|
|
+
|
|
+ if (!vs->sasl.wantSSF)
|
|
+ return 1;
|
|
+
|
|
+ err = sasl_getprop(vs->sasl.conn, SASL_SSF, &val);
|
|
+ if (err != SASL_OK)
|
|
+ return 0;
|
|
+
|
|
+ ssf = *(const int *)val;
|
|
+ VNC_DEBUG("negotiated an SSF of %d\n", ssf);
|
|
+ if (ssf < 56)
|
|
+ return 0; /* 56 is good for Kerberos */
|
|
+
|
|
+ /* Only setup for read initially, because we're about to send an RPC
|
|
+ * reply which must be in plain text. When the next incoming RPC
|
|
+ * arrives, we'll switch on writes too
|
|
+ *
|
|
+ * cf qemudClientReadSASL in qemud.c
|
|
+ */
|
|
+ vs->sasl.runSSF = 1;
|
|
+
|
|
+ /* We have a SSF that's good enough */
|
|
+ return 1;
|
|
+}
|
|
+
|
|
+/*
|
|
+ * Step Msg
|
|
+ *
|
|
+ * Input from client:
|
|
+ *
|
|
+ * u32 clientin-length
|
|
+ * u8-array clientin-string
|
|
+ *
|
|
+ * Output to client:
|
|
+ *
|
|
+ * u32 serverout-length
|
|
+ * u8-array serverout-strin
|
|
+ * u8 continue
|
|
+ */
|
|
+
|
|
+static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len);
|
|
+
|
|
+static int protocol_client_auth_sasl_step(VncState *vs, uint8_t *data, size_t len)
|
|
+{
|
|
+ uint32_t datalen = len;
|
|
+ const char *serverout;
|
|
+ unsigned int serveroutlen;
|
|
+ int err;
|
|
+ char *clientdata = NULL;
|
|
+
|
|
+ /* NB, distinction of NULL vs "" is *critical* in SASL */
|
|
+ if (datalen) {
|
|
+ clientdata = (char*)data;
|
|
+ clientdata[datalen-1] = '\0'; /* Wire includes '\0', but make sure */
|
|
+ datalen--; /* Don't count NULL byte when passing to _start() */
|
|
+ }
|
|
+
|
|
+ VNC_DEBUG("Step using SASL Data %p (%d bytes)\n",
|
|
+ clientdata, datalen);
|
|
+ err = sasl_server_step(vs->sasl.conn,
|
|
+ clientdata,
|
|
+ datalen,
|
|
+ &serverout,
|
|
+ &serveroutlen);
|
|
+ if (err != SASL_OK &&
|
|
+ err != SASL_CONTINUE) {
|
|
+ VNC_DEBUG("sasl step failed %d (%s)\n",
|
|
+ err, sasl_errdetail(vs->sasl.conn));
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+
|
|
+ if (serveroutlen > SASL_DATA_MAX_LEN) {
|
|
+ VNC_DEBUG("sasl step reply data too long %d\n",
|
|
+ serveroutlen);
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+
|
|
+ VNC_DEBUG("SASL return data %d bytes, nil; %d\n",
|
|
+ serveroutlen, serverout ? 0 : 1);
|
|
+
|
|
+ if (serveroutlen) {
|
|
+ vnc_write_u32(vs, serveroutlen + 1);
|
|
+ vnc_write(vs, serverout, serveroutlen + 1);
|
|
+ } else {
|
|
+ vnc_write_u32(vs, 0);
|
|
+ }
|
|
+
|
|
+ /* Whether auth is complete */
|
|
+ vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);
|
|
+
|
|
+ if (err == SASL_CONTINUE) {
|
|
+ VNC_DEBUG("%s", "Authentication must continue\n");
|
|
+ /* Wait for step length */
|
|
+ vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
|
|
+ } else {
|
|
+ if (!vnc_auth_sasl_check_ssf(vs)) {
|
|
+ VNC_DEBUG("Authentication rejected for weak SSF %d\n", vs->csock);
|
|
+ goto authreject;
|
|
+ }
|
|
+
|
|
+ /* Check username whitelist ACL */
|
|
+ if (vnc_auth_sasl_check_access(vs) < 0) {
|
|
+ VNC_DEBUG("Authentication rejected for ACL %d\n", vs->csock);
|
|
+ goto authreject;
|
|
+ }
|
|
+
|
|
+ VNC_DEBUG("Authentication successful %d\n", vs->csock);
|
|
+ vnc_write_u32(vs, 0); /* Accept auth */
|
|
+ /*
|
|
+ * Delay writing in SSF encoded mode until pending output
|
|
+ * buffer is written
|
|
+ */
|
|
+ if (vs->sasl.runSSF)
|
|
+ vs->sasl.waitWriteSSF = vs->output.offset;
|
|
+ start_client_init(vs);
|
|
+ }
|
|
+
|
|
+ return 0;
|
|
+
|
|
+ authreject:
|
|
+ vnc_write_u32(vs, 1); /* Reject auth */
|
|
+ vnc_write_u32(vs, sizeof("Authentication failed"));
|
|
+ vnc_write(vs, "Authentication failed", sizeof("Authentication failed"));
|
|
+ vnc_flush(vs);
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+
|
|
+ authabort:
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+}
|
|
+
|
|
+static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len)
|
|
+{
|
|
+ uint32_t steplen = read_u32(data, 0);
|
|
+ VNC_DEBUG("Got client step len %d\n", steplen);
|
|
+ if (steplen > SASL_DATA_MAX_LEN) {
|
|
+ VNC_DEBUG("Too much SASL data %d\n", steplen);
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ if (steplen == 0)
|
|
+ return protocol_client_auth_sasl_step(vs, NULL, 0);
|
|
+ else
|
|
+ vnc_read_when(vs, protocol_client_auth_sasl_step, steplen);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+/*
|
|
+ * Start Msg
|
|
+ *
|
|
+ * Input from client:
|
|
+ *
|
|
+ * u32 clientin-length
|
|
+ * u8-array clientin-string
|
|
+ *
|
|
+ * Output to client:
|
|
+ *
|
|
+ * u32 serverout-length
|
|
+ * u8-array serverout-strin
|
|
+ * u8 continue
|
|
+ */
|
|
+
|
|
+#define SASL_DATA_MAX_LEN (1024 * 1024)
|
|
+
|
|
+static int protocol_client_auth_sasl_start(VncState *vs, uint8_t *data, size_t len)
|
|
+{
|
|
+ uint32_t datalen = len;
|
|
+ const char *serverout;
|
|
+ unsigned int serveroutlen;
|
|
+ int err;
|
|
+ char *clientdata = NULL;
|
|
+
|
|
+ /* NB, distinction of NULL vs "" is *critical* in SASL */
|
|
+ if (datalen) {
|
|
+ clientdata = (char*)data;
|
|
+ clientdata[datalen-1] = '\0'; /* Should be on wire, but make sure */
|
|
+ datalen--; /* Don't count NULL byte when passing to _start() */
|
|
+ }
|
|
+
|
|
+ VNC_DEBUG("Start SASL auth with mechanism %s. Data %p (%d bytes)\n",
|
|
+ vs->sasl.mechlist, clientdata, datalen);
|
|
+ err = sasl_server_start(vs->sasl.conn,
|
|
+ vs->sasl.mechlist,
|
|
+ clientdata,
|
|
+ datalen,
|
|
+ &serverout,
|
|
+ &serveroutlen);
|
|
+ if (err != SASL_OK &&
|
|
+ err != SASL_CONTINUE) {
|
|
+ VNC_DEBUG("sasl start failed %d (%s)\n",
|
|
+ err, sasl_errdetail(vs->sasl.conn));
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+ if (serveroutlen > SASL_DATA_MAX_LEN) {
|
|
+ VNC_DEBUG("sasl start reply data too long %d\n",
|
|
+ serveroutlen);
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+
|
|
+ VNC_DEBUG("SASL return data %d bytes, nil; %d\n",
|
|
+ serveroutlen, serverout ? 0 : 1);
|
|
+
|
|
+ if (serveroutlen) {
|
|
+ vnc_write_u32(vs, serveroutlen + 1);
|
|
+ vnc_write(vs, serverout, serveroutlen + 1);
|
|
+ } else {
|
|
+ vnc_write_u32(vs, 0);
|
|
+ }
|
|
+
|
|
+ /* Whether auth is complete */
|
|
+ vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);
|
|
+
|
|
+ if (err == SASL_CONTINUE) {
|
|
+ VNC_DEBUG("%s", "Authentication must continue\n");
|
|
+ /* Wait for step length */
|
|
+ vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
|
|
+ } else {
|
|
+ if (!vnc_auth_sasl_check_ssf(vs)) {
|
|
+ VNC_DEBUG("Authentication rejected for weak SSF %d\n", vs->csock);
|
|
+ goto authreject;
|
|
+ }
|
|
+
|
|
+ /* Check username whitelist ACL */
|
|
+ if (vnc_auth_sasl_check_access(vs) < 0) {
|
|
+ VNC_DEBUG("Authentication rejected for ACL %d\n", vs->csock);
|
|
+ goto authreject;
|
|
+ }
|
|
+
|
|
+ VNC_DEBUG("Authentication successful %d\n", vs->csock);
|
|
+ vnc_write_u32(vs, 0); /* Accept auth */
|
|
+ start_client_init(vs);
|
|
+ }
|
|
+
|
|
+ return 0;
|
|
+
|
|
+ authreject:
|
|
+ vnc_write_u32(vs, 1); /* Reject auth */
|
|
+ vnc_write_u32(vs, sizeof("Authentication failed"));
|
|
+ vnc_write(vs, "Authentication failed", sizeof("Authentication failed"));
|
|
+ vnc_flush(vs);
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+
|
|
+ authabort:
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+}
|
|
+
|
|
+static int protocol_client_auth_sasl_start_len(VncState *vs, uint8_t *data, size_t len)
|
|
+{
|
|
+ uint32_t startlen = read_u32(data, 0);
|
|
+ VNC_DEBUG("Got client start len %d\n", startlen);
|
|
+ if (startlen > SASL_DATA_MAX_LEN) {
|
|
+ VNC_DEBUG("Too much SASL data %d\n", startlen);
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ if (startlen == 0)
|
|
+ return protocol_client_auth_sasl_start(vs, NULL, 0);
|
|
+
|
|
+ vnc_read_when(vs, protocol_client_auth_sasl_start, startlen);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_t len)
|
|
+{
|
|
+ char *mechname = malloc(len + 1);
|
|
+ if (!mechname) {
|
|
+ VNC_DEBUG("Out of memory reading mechname\n");
|
|
+ vnc_client_error(vs);
|
|
+ }
|
|
+ strncpy(mechname, (char*)data, len);
|
|
+ mechname[len] = '\0';
|
|
+ VNC_DEBUG("Got client mechname '%s' check against '%s'\n",
|
|
+ mechname, vs->sasl.mechlist);
|
|
+
|
|
+ if (strncmp(vs->sasl.mechlist, mechname, len) == 0) {
|
|
+ if (vs->sasl.mechlist[len] != '\0' &&
|
|
+ vs->sasl.mechlist[len] != ',') {
|
|
+ VNC_DEBUG("One %d", vs->sasl.mechlist[len]);
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+ }
|
|
+ } else {
|
|
+ char *offset = strstr(vs->sasl.mechlist, mechname);
|
|
+ VNC_DEBUG("Two %p\n", offset);
|
|
+ if (!offset) {
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+ }
|
|
+ VNC_DEBUG("Two '%s'\n", offset);
|
|
+ if (offset[-1] != ',' ||
|
|
+ (offset[len] != '\0'&&
|
|
+ offset[len] != ',')) {
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ free(vs->sasl.mechlist);
|
|
+ vs->sasl.mechlist = mechname;
|
|
+
|
|
+ VNC_DEBUG("Validated mechname '%s'\n", mechname);
|
|
+ vnc_read_when(vs, protocol_client_auth_sasl_start_len, 4);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int protocol_client_auth_sasl_mechname_len(VncState *vs, uint8_t *data, size_t len)
|
|
+{
|
|
+ uint32_t mechlen = read_u32(data, 0);
|
|
+ VNC_DEBUG("Got client mechname len %d\n", mechlen);
|
|
+ if (mechlen > 100) {
|
|
+ VNC_DEBUG("Too long SASL mechname data %d\n", mechlen);
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+ }
|
|
+ if (mechlen < 1) {
|
|
+ VNC_DEBUG("Too short SASL mechname %d\n", mechlen);
|
|
+ vnc_client_error(vs);
|
|
+ return -1;
|
|
+ }
|
|
+ vnc_read_when(vs, protocol_client_auth_sasl_mechname,mechlen);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+#define USES_X509_AUTH(vs) \
|
|
+ ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
|
|
+ (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
|
|
+ (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN || \
|
|
+ (vs)->subauth == VNC_AUTH_VENCRYPT_X509SASL)
|
|
+
|
|
+
|
|
+void start_auth_sasl(VncState *vs)
|
|
+{
|
|
+ const char *mechlist = NULL;
|
|
+ sasl_security_properties_t secprops;
|
|
+ int err;
|
|
+ char *localAddr, *remoteAddr;
|
|
+ int mechlistlen;
|
|
+
|
|
+ VNC_DEBUG("Initialize SASL auth %d\n", vs->csock);
|
|
+
|
|
+ /* Get local & remote client addresses in form IPADDR;PORT */
|
|
+ if (!(localAddr = vnc_socket_local_addr("%s;%s", vs->csock)))
|
|
+ goto authabort;
|
|
+
|
|
+ if (!(remoteAddr = vnc_socket_remote_addr("%s;%s", vs->csock))) {
|
|
+ free(localAddr);
|
|
+ goto authabort;
|
|
+ }
|
|
+
|
|
+ err = sasl_server_new("vnc",
|
|
+ NULL, /* FQDN - just delegates to gethostname */
|
|
+ NULL, /* User realm */
|
|
+ localAddr,
|
|
+ remoteAddr,
|
|
+ NULL, /* Callbacks, not needed */
|
|
+ SASL_SUCCESS_DATA,
|
|
+ &vs->sasl.conn);
|
|
+ free(localAddr);
|
|
+ free(remoteAddr);
|
|
+ localAddr = remoteAddr = NULL;
|
|
+
|
|
+ if (err != SASL_OK) {
|
|
+ VNC_DEBUG("sasl context setup failed %d (%s)",
|
|
+ err, sasl_errstring(err, NULL, NULL));
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+
|
|
+#ifdef CONFIG_VNC_TLS
|
|
+ /* Inform SASL that we've got an external SSF layer from TLS/x509 */
|
|
+ if (vs->vd->auth == VNC_AUTH_VENCRYPT &&
|
|
+ vs->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL) {
|
|
+ gnutls_cipher_algorithm_t cipher;
|
|
+ sasl_ssf_t ssf;
|
|
+
|
|
+ cipher = gnutls_cipher_get(vs->tls.session);
|
|
+ if (!(ssf = (sasl_ssf_t)gnutls_cipher_get_key_size(cipher))) {
|
|
+ VNC_DEBUG("%s", "cannot TLS get cipher size\n");
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+ ssf *= 8; /* tls key size is bytes, sasl wants bits */
|
|
+
|
|
+ err = sasl_setprop(vs->sasl.conn, SASL_SSF_EXTERNAL, &ssf);
|
|
+ if (err != SASL_OK) {
|
|
+ VNC_DEBUG("cannot set SASL external SSF %d (%s)\n",
|
|
+ err, sasl_errstring(err, NULL, NULL));
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+ } else
|
|
+#endif /* CONFIG_VNC_TLS */
|
|
+ vs->sasl.wantSSF = 1;
|
|
+
|
|
+ memset (&secprops, 0, sizeof secprops);
|
|
+ /* Inform SASL that we've got an external SSF layer from TLS */
|
|
+ if (strncmp(vs->vd->display, "unix:", 5) == 0
|
|
+#ifdef CONFIG_VNC_TLS
|
|
+ /* Disable SSF, if using TLS+x509+SASL only. TLS without x509
|
|
+ is not sufficiently strong */
|
|
+ || (vs->vd->auth == VNC_AUTH_VENCRYPT &&
|
|
+ vs->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL)
|
|
+#endif /* CONFIG_VNC_TLS */
|
|
+ ) {
|
|
+ /* If we've got TLS or UNIX domain sock, we don't care about SSF */
|
|
+ secprops.min_ssf = 0;
|
|
+ secprops.max_ssf = 0;
|
|
+ secprops.maxbufsize = 8192;
|
|
+ secprops.security_flags = 0;
|
|
+ } else {
|
|
+ /* Plain TCP, better get an SSF layer */
|
|
+ secprops.min_ssf = 56; /* Good enough to require kerberos */
|
|
+ secprops.max_ssf = 100000; /* Arbitrary big number */
|
|
+ secprops.maxbufsize = 8192;
|
|
+ /* Forbid any anonymous or trivially crackable auth */
|
|
+ secprops.security_flags =
|
|
+ SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT;
|
|
+ }
|
|
+
|
|
+ err = sasl_setprop(vs->sasl.conn, SASL_SEC_PROPS, &secprops);
|
|
+ if (err != SASL_OK) {
|
|
+ VNC_DEBUG("cannot set SASL security props %d (%s)\n",
|
|
+ err, sasl_errstring(err, NULL, NULL));
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+
|
|
+ err = sasl_listmech(vs->sasl.conn,
|
|
+ NULL, /* Don't need to set user */
|
|
+ "", /* Prefix */
|
|
+ ",", /* Separator */
|
|
+ "", /* Suffix */
|
|
+ &mechlist,
|
|
+ NULL,
|
|
+ NULL);
|
|
+ if (err != SASL_OK) {
|
|
+ VNC_DEBUG("cannot list SASL mechanisms %d (%s)\n",
|
|
+ err, sasl_errdetail(vs->sasl.conn));
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+ VNC_DEBUG("Available mechanisms for client: '%s'\n", mechlist);
|
|
+
|
|
+ if (!(vs->sasl.mechlist = strdup(mechlist))) {
|
|
+ VNC_DEBUG("Out of memory");
|
|
+ sasl_dispose(&vs->sasl.conn);
|
|
+ vs->sasl.conn = NULL;
|
|
+ goto authabort;
|
|
+ }
|
|
+ mechlistlen = strlen(mechlist);
|
|
+ vnc_write_u32(vs, mechlistlen);
|
|
+ vnc_write(vs, mechlist, mechlistlen);
|
|
+ vnc_flush(vs);
|
|
+
|
|
+ VNC_DEBUG("Wait for client mechname length\n");
|
|
+ vnc_read_when(vs, protocol_client_auth_sasl_mechname_len, 4);
|
|
+
|
|
+ return;
|
|
+
|
|
+ authabort:
|
|
+ vnc_client_error(vs);
|
|
+ return;
|
|
+}
|
|
+
|
|
+
|
|
Index: kvm-84.git-snapshot-20090303/qemu/vnc-auth-sasl.h
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ kvm-84.git-snapshot-20090303/qemu/vnc-auth-sasl.h
|
|
@@ -0,0 +1,67 @@
|
|
+/*
|
|
+ * QEMU VNC display driver: SASL auth protocol
|
|
+ *
|
|
+ * Copyright (C) 2009 Red Hat, Inc
|
|
+ *
|
|
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
+ * of this software and associated documentation files (the "Software"), to deal
|
|
+ * in the Software without restriction, including without limitation the rights
|
|
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
+ * copies of the Software, and to permit persons to whom the Software is
|
|
+ * furnished to do so, subject to the following conditions:
|
|
+ *
|
|
+ * The above copyright notice and this permission notice shall be included in
|
|
+ * all copies or substantial portions of the Software.
|
|
+ *
|
|
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
+ * THE SOFTWARE.
|
|
+ */
|
|
+
|
|
+
|
|
+#ifndef __QEMU_VNC_AUTH_SASL_H__
|
|
+#define __QEMU_VNC_AUTH_SASL_H__
|
|
+
|
|
+
|
|
+#include <sasl/sasl.h>
|
|
+
|
|
+typedef struct VncStateSASL VncStateSASL;
|
|
+
|
|
+struct VncStateSASL {
|
|
+ sasl_conn_t *conn;
|
|
+ /* If we want to negotiate an SSF layer with client */
|
|
+ int wantSSF :1;
|
|
+ /* If we are now running the SSF layer */
|
|
+ int runSSF :1;
|
|
+ /*
|
|
+ * If this is non-zero, then wait for that many bytes
|
|
+ * to be written plain, before switching to SSF encoding
|
|
+ * This allows the VNC auth result to finish being
|
|
+ * written in plain.
|
|
+ */
|
|
+ unsigned int waitWriteSSF;
|
|
+
|
|
+ /*
|
|
+ * Buffering encoded data to allow more clear data
|
|
+ * to be stuffed onto the output buffer
|
|
+ */
|
|
+ const uint8_t *encoded;
|
|
+ unsigned int encodedLength;
|
|
+ unsigned int encodedOffset;
|
|
+ char *username;
|
|
+ char *mechlist;
|
|
+};
|
|
+
|
|
+void vnc_sasl_client_cleanup(VncState *vs);
|
|
+
|
|
+long vnc_client_read_sasl(VncState *vs);
|
|
+long vnc_client_write_sasl(VncState *vs);
|
|
+
|
|
+void start_auth_sasl(VncState *vs);
|
|
+
|
|
+#endif /* __QEMU_VNC_AUTH_SASL_H__ */
|
|
+
|
|
Index: kvm-84.git-snapshot-20090303/qemu/vnc-auth-vencrypt.c
|
|
===================================================================
|
|
--- kvm-84.git-snapshot-20090303.orig/qemu/vnc-auth-vencrypt.c
|
|
+++ kvm-84.git-snapshot-20090303/qemu/vnc-auth-vencrypt.c
|
|
@@ -43,8 +43,15 @@ static void start_auth_vencrypt_subauth(
|
|
start_auth_vnc(vs);
|
|
break;
|
|
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ case VNC_AUTH_VENCRYPT_TLSSASL:
|
|
+ case VNC_AUTH_VENCRYPT_X509SASL:
|
|
+ VNC_DEBUG("Start TLS auth SASL\n");
|
|
+ return start_auth_sasl(vs);
|
|
+#endif /* CONFIG_VNC_SASL */
|
|
+
|
|
default: /* Should not be possible, but just in case */
|
|
- VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
|
|
+ VNC_DEBUG("Reject subauth %d server bug\n", vs->vd->auth);
|
|
vnc_write_u8(vs, 1);
|
|
if (vs->minor >= 8) {
|
|
static const char err[] = "Unsupported authentication type";
|
|
@@ -105,7 +112,8 @@ static void vnc_tls_handshake_io(void *o
|
|
#define NEED_X509_AUTH(vs) \
|
|
((vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
|
|
(vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
|
|
- (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
|
|
+ (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509PLAIN || \
|
|
+ (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL)
|
|
|
|
|
|
static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
|
|
Index: kvm-84.git-snapshot-20090303/qemu/vnc.c
|
|
===================================================================
|
|
--- kvm-84.git-snapshot-20090303.orig/qemu/vnc.c
|
|
+++ kvm-84.git-snapshot-20090303/qemu/vnc.c
|
|
@@ -68,7 +68,8 @@ static char *addr_to_string(const char *
|
|
return addr;
|
|
}
|
|
|
|
-static char *vnc_socket_local_addr(const char *format, int fd) {
|
|
+
|
|
+char *vnc_socket_local_addr(const char *format, int fd) {
|
|
struct sockaddr_storage sa;
|
|
socklen_t salen;
|
|
|
|
@@ -79,7 +80,8 @@ static char *vnc_socket_local_addr(const
|
|
return addr_to_string(format, &sa, salen);
|
|
}
|
|
|
|
-static char *vnc_socket_remote_addr(const char *format, int fd) {
|
|
+
|
|
+char *vnc_socket_remote_addr(const char *format, int fd) {
|
|
struct sockaddr_storage sa;
|
|
socklen_t salen;
|
|
|
|
@@ -125,12 +127,18 @@ static const char *vnc_auth_name(VncDisp
|
|
return "vencrypt+x509+vnc";
|
|
case VNC_AUTH_VENCRYPT_X509PLAIN:
|
|
return "vencrypt+x509+plain";
|
|
+ case VNC_AUTH_VENCRYPT_TLSSASL:
|
|
+ return "vencrypt+tls+sasl";
|
|
+ case VNC_AUTH_VENCRYPT_X509SASL:
|
|
+ return "vencrypt+x509+sasl";
|
|
default:
|
|
return "vencrypt";
|
|
}
|
|
#else
|
|
return "vencrypt";
|
|
#endif
|
|
+ case VNC_AUTH_SASL:
|
|
+ return "sasl";
|
|
}
|
|
return "unknown";
|
|
}
|
|
@@ -278,7 +286,7 @@ static void vnc_framebuffer_update(VncSt
|
|
vnc_write_s32(vs, encoding);
|
|
}
|
|
|
|
-static void buffer_reserve(Buffer *buffer, size_t len)
|
|
+void buffer_reserve(Buffer *buffer, size_t len)
|
|
{
|
|
if ((buffer->capacity - buffer->offset) < len) {
|
|
buffer->capacity += (len + 1024);
|
|
@@ -290,22 +298,22 @@ static void buffer_reserve(Buffer *buffe
|
|
}
|
|
}
|
|
|
|
-static int buffer_empty(Buffer *buffer)
|
|
+int buffer_empty(Buffer *buffer)
|
|
{
|
|
return buffer->offset == 0;
|
|
}
|
|
|
|
-static uint8_t *buffer_end(Buffer *buffer)
|
|
+uint8_t *buffer_end(Buffer *buffer)
|
|
{
|
|
return buffer->buffer + buffer->offset;
|
|
}
|
|
|
|
-static void buffer_reset(Buffer *buffer)
|
|
+void buffer_reset(Buffer *buffer)
|
|
{
|
|
buffer->offset = 0;
|
|
}
|
|
|
|
-static void buffer_append(Buffer *buffer, const void *data, size_t len)
|
|
+void buffer_append(Buffer *buffer, const void *data, size_t len)
|
|
{
|
|
memcpy(buffer->buffer + buffer->offset, data, len);
|
|
buffer->offset += len;
|
|
@@ -821,7 +829,8 @@ static void audio_del(VncState *vs)
|
|
}
|
|
}
|
|
|
|
-static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
|
|
+
|
|
+int vnc_client_io_error(VncState *vs, int ret, int last_errno)
|
|
{
|
|
if (ret == 0 || ret == -1) {
|
|
if (ret == -1) {
|
|
@@ -847,6 +856,9 @@ static int vnc_client_io_error(VncState
|
|
#ifdef CONFIG_VNC_TLS
|
|
vnc_tls_client_cleanup(vs);
|
|
#endif /* CONFIG_VNC_TLS */
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ vnc_sasl_client_cleanup(vs);
|
|
+#endif /* CONFIG_VNC_SASL */
|
|
audio_del(vs);
|
|
|
|
VncState *p, *parent = NULL;
|
|
@@ -877,14 +889,28 @@ void vnc_client_error(VncState *vs)
|
|
vnc_client_io_error(vs, -1, EINVAL);
|
|
}
|
|
|
|
-void vnc_client_write(void *opaque)
|
|
+
|
|
+/*
|
|
+ * Called to write a chunk of data to the client socket. The data may
|
|
+ * be the raw data, or may have already been encoded by SASL.
|
|
+ * The data will be written either straight onto the socket, or
|
|
+ * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
|
|
+ *
|
|
+ * NB, it is theoretically possible to have 2 layers of encryption,
|
|
+ * both SASL, and this TLS layer. It is highly unlikely in practice
|
|
+ * though, since SASL encryption will typically be a no-op if TLS
|
|
+ * is active
|
|
+ *
|
|
+ * Returns the number of bytes written, which may be less than
|
|
+ * the requested 'datalen' if the socket would block. Returns
|
|
+ * -1 on error, and disconnects the client socket.
|
|
+ */
|
|
+long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
|
|
{
|
|
long ret;
|
|
- VncState *vs = opaque;
|
|
-
|
|
#ifdef CONFIG_VNC_TLS
|
|
if (vs->tls.session) {
|
|
- ret = gnutls_write(vs->tls.session, vs->output.buffer, vs->output.offset);
|
|
+ ret = gnutls_write(vs->tls.session, data, datalen);
|
|
if (ret < 0) {
|
|
if (ret == GNUTLS_E_AGAIN)
|
|
errno = EAGAIN;
|
|
@@ -894,10 +920,42 @@ void vnc_client_write(void *opaque)
|
|
}
|
|
} else
|
|
#endif /* CONFIG_VNC_TLS */
|
|
- ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
|
|
- ret = vnc_client_io_error(vs, ret, socket_error());
|
|
+ ret = send(vs->csock, data, datalen, 0);
|
|
+ VNC_DEBUG("Wrote wire %p %d -> %ld\n", data, datalen, ret);
|
|
+ return vnc_client_io_error(vs, ret, socket_error());
|
|
+}
|
|
+
|
|
+
|
|
+/*
|
|
+ * Called to write buffered data to the client socket, when not
|
|
+ * using any SASL SSF encryption layers. Will write as much data
|
|
+ * as possible without blocking. If all buffered data is written,
|
|
+ * will switch the FD poll() handler back to read monitoring.
|
|
+ *
|
|
+ * Returns the number of bytes written, which may be less than
|
|
+ * the buffered output data if the socket would block. Returns
|
|
+ * -1 on error, and disconnects the client socket.
|
|
+ */
|
|
+static long vnc_client_write_plain(VncState *vs)
|
|
+{
|
|
+ long ret;
|
|
+
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
|
|
+ vs->output.buffer, vs->output.capacity, vs->output.offset,
|
|
+ vs->sasl.waitWriteSSF);
|
|
+
|
|
+ if (vs->sasl.conn &&
|
|
+ vs->sasl.runSSF &&
|
|
+ vs->sasl.waitWriteSSF) {
|
|
+ ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
|
|
+ if (ret)
|
|
+ vs->sasl.waitWriteSSF -= ret;
|
|
+ } else
|
|
+#endif /* CONFIG_VNC_SASL */
|
|
+ ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
|
|
if (!ret)
|
|
- return;
|
|
+ return 0;
|
|
|
|
memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
|
|
vs->output.offset -= ret;
|
|
@@ -905,6 +963,29 @@ void vnc_client_write(void *opaque)
|
|
if (vs->output.offset == 0) {
|
|
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
|
|
}
|
|
+
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+
|
|
+/*
|
|
+ * First function called whenever there is data to be written to
|
|
+ * the client socket. Will delegate actual work according to whether
|
|
+ * SASL SSF layers are enabled (thus requiring encryption calls)
|
|
+ */
|
|
+void vnc_client_write(void *opaque)
|
|
+{
|
|
+ long ret;
|
|
+ VncState *vs = opaque;
|
|
+
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ if (vs->sasl.conn &&
|
|
+ vs->sasl.runSSF &&
|
|
+ !vs->sasl.waitWriteSSF)
|
|
+ ret = vnc_client_write_sasl(vs);
|
|
+ else
|
|
+#endif /* CONFIG_VNC_SASL */
|
|
+ ret = vnc_client_write_plain(vs);
|
|
}
|
|
|
|
void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
|
|
@@ -913,16 +994,28 @@ void vnc_read_when(VncState *vs, VncRead
|
|
vs->read_handler_expect = expecting;
|
|
}
|
|
|
|
-void vnc_client_read(void *opaque)
|
|
+
|
|
+/*
|
|
+ * Called to read a chunk of data from the client socket. The data may
|
|
+ * be the raw data, or may need to be further decoded by SASL.
|
|
+ * The data will be read either straight from to the socket, or
|
|
+ * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
|
|
+ *
|
|
+ * NB, it is theoretically possible to have 2 layers of encryption,
|
|
+ * both SASL, and this TLS layer. It is highly unlikely in practice
|
|
+ * though, since SASL encryption will typically be a no-op if TLS
|
|
+ * is active
|
|
+ *
|
|
+ * Returns the number of bytes read, which may be less than
|
|
+ * the requested 'datalen' if the socket would block. Returns
|
|
+ * -1 on error, and disconnects the client socket.
|
|
+ */
|
|
+long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
|
|
{
|
|
- VncState *vs = opaque;
|
|
long ret;
|
|
-
|
|
- buffer_reserve(&vs->input, 4096);
|
|
-
|
|
#ifdef CONFIG_VNC_TLS
|
|
if (vs->tls.session) {
|
|
- ret = gnutls_read(vs->tls.session, buffer_end(&vs->input), 4096);
|
|
+ ret = gnutls_read(vs->tls.session, data, datalen);
|
|
if (ret < 0) {
|
|
if (ret == GNUTLS_E_AGAIN)
|
|
errno = EAGAIN;
|
|
@@ -932,12 +1025,52 @@ void vnc_client_read(void *opaque)
|
|
}
|
|
} else
|
|
#endif /* CONFIG_VNC_TLS */
|
|
- ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
|
|
- ret = vnc_client_io_error(vs, ret, socket_error());
|
|
- if (!ret)
|
|
- return;
|
|
+ ret = recv(vs->csock, data, datalen, 0);
|
|
+ VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
|
|
+ return vnc_client_io_error(vs, ret, socket_error());
|
|
+}
|
|
|
|
+
|
|
+/*
|
|
+ * Called to read data from the client socket to the input buffer,
|
|
+ * when not using any SASL SSF encryption layers. Will read as much
|
|
+ * data as possible without blocking.
|
|
+ *
|
|
+ * Returns the number of bytes read. Returns -1 on error, and
|
|
+ * disconnects the client socket.
|
|
+ */
|
|
+static long vnc_client_read_plain(VncState *vs)
|
|
+{
|
|
+ int ret;
|
|
+ VNC_DEBUG("Read plain %p size %d offset %d\n",
|
|
+ vs->input.buffer, vs->input.capacity, vs->input.offset);
|
|
+ buffer_reserve(&vs->input, 4096);
|
|
+ ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
|
|
+ if (!ret)
|
|
+ return 0;
|
|
vs->input.offset += ret;
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+
|
|
+/*
|
|
+ * First function called whenever there is more data to be read from
|
|
+ * the client socket. Will delegate actual work according to whether
|
|
+ * SASL SSF layers are enabled (thus requiring decryption calls)
|
|
+ */
|
|
+void vnc_client_read(void *opaque)
|
|
+{
|
|
+ VncState *vs = opaque;
|
|
+ long ret;
|
|
+
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ if (vs->sasl.conn && vs->sasl.runSSF)
|
|
+ ret = vnc_client_read_sasl(vs);
|
|
+ else
|
|
+#endif /* CONFIG_VNC_SASL */
|
|
+ ret = vnc_client_read_plain(vs);
|
|
+ if (!ret)
|
|
+ return;
|
|
|
|
while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
|
|
size_t len = vs->read_handler_expect;
|
|
@@ -1722,6 +1855,13 @@ static int protocol_client_auth(VncState
|
|
break;
|
|
#endif /* CONFIG_VNC_TLS */
|
|
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ case VNC_AUTH_SASL:
|
|
+ VNC_DEBUG("Accept SASL auth\n");
|
|
+ start_auth_sasl(vs);
|
|
+ break;
|
|
+#endif /* CONFIG_VNC_SASL */
|
|
+
|
|
default: /* Should not be possible, but just in case */
|
|
VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
|
|
vnc_write_u8(vs, 1);
|
|
@@ -1923,6 +2063,10 @@ int vnc_display_open(DisplayState *ds, c
|
|
#ifdef CONFIG_VNC_TLS
|
|
int tls = 0, x509 = 0;
|
|
#endif
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ int sasl = 0;
|
|
+ int saslErr;
|
|
+#endif
|
|
|
|
if (!vnc_display)
|
|
return -1;
|
|
@@ -1942,6 +2086,10 @@ int vnc_display_open(DisplayState *ds, c
|
|
reverse = 1;
|
|
} else if (strncmp(options, "to=", 3) == 0) {
|
|
to_port = atoi(options+3) + 5900;
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ } else if (strncmp(options, "sasl", 4) == 0) {
|
|
+ sasl = 1; /* Require SASL auth */
|
|
+#endif
|
|
#ifdef CONFIG_VNC_TLS
|
|
} else if (strncmp(options, "tls", 3) == 0) {
|
|
tls = 1; /* Require TLS */
|
|
@@ -1978,6 +2126,22 @@ int vnc_display_open(DisplayState *ds, c
|
|
}
|
|
}
|
|
|
|
+ /*
|
|
+ * Combinations we support here:
|
|
+ *
|
|
+ * - no-auth (clear text, no auth)
|
|
+ * - password (clear text, weak auth)
|
|
+ * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
|
|
+ * - tls (encrypt, weak anonymous creds, no auth)
|
|
+ * - tls + password (encrypt, weak anonymous creds, weak auth)
|
|
+ * - tls + sasl (encrypt, weak anonymous creds, good auth)
|
|
+ * - tls + x509 (encrypt, good x509 creds, no auth)
|
|
+ * - tls + x509 + password (encrypt, good x509 creds, weak auth)
|
|
+ * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
|
|
+ *
|
|
+ * NB1. TLS is a stackable auth scheme.
|
|
+ * NB2. the x509 schemes have option to validate a client cert dname
|
|
+ */
|
|
if (password) {
|
|
#ifdef CONFIG_VNC_TLS
|
|
if (tls) {
|
|
@@ -1990,13 +2154,34 @@ int vnc_display_open(DisplayState *ds, c
|
|
vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
|
|
}
|
|
} else {
|
|
-#endif
|
|
+#endif /* CONFIG_VNC_TLS */
|
|
VNC_DEBUG("Initializing VNC server with password auth\n");
|
|
vs->auth = VNC_AUTH_VNC;
|
|
#ifdef CONFIG_VNC_TLS
|
|
vs->subauth = VNC_AUTH_INVALID;
|
|
}
|
|
-#endif
|
|
+#endif /* CONFIG_VNC_TLS */
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ } else if (sasl) {
|
|
+#ifdef CONFIG_VNC_TLS
|
|
+ if (tls) {
|
|
+ vs->auth = VNC_AUTH_VENCRYPT;
|
|
+ if (x509) {
|
|
+ VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
|
|
+ vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
|
|
+ } else {
|
|
+ VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
|
|
+ vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
|
|
+ }
|
|
+ } else {
|
|
+#endif /* CONFIG_VNC_TLS */
|
|
+ VNC_DEBUG("Initializing VNC server with SASL auth\n");
|
|
+ vs->auth = VNC_AUTH_SASL;
|
|
+#ifdef CONFIG_VNC_TLS
|
|
+ vs->subauth = VNC_AUTH_INVALID;
|
|
+ }
|
|
+#endif /* CONFIG_VNC_TLS */
|
|
+#endif /* CONFIG_VNC_SASL */
|
|
} else {
|
|
#ifdef CONFIG_VNC_TLS
|
|
if (tls) {
|
|
@@ -2018,6 +2203,16 @@ int vnc_display_open(DisplayState *ds, c
|
|
#endif
|
|
}
|
|
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
|
|
+ fprintf(stderr, "Failed to initialize SASL auth %s",
|
|
+ sasl_errstring(saslErr, NULL, NULL));
|
|
+ free(vs->display);
|
|
+ vs->display = NULL;
|
|
+ return -1;
|
|
+ }
|
|
+#endif
|
|
+
|
|
if (reverse) {
|
|
/* connect to viewer */
|
|
if (strncmp(display, "unix:", 5) == 0)
|
|
Index: kvm-84.git-snapshot-20090303/qemu/vnc.h
|
|
===================================================================
|
|
--- kvm-84.git-snapshot-20090303.orig/qemu/vnc.h
|
|
+++ kvm-84.git-snapshot-20090303/qemu/vnc.h
|
|
@@ -79,6 +79,10 @@ typedef struct VncDisplay VncDisplay;
|
|
#include "vnc-tls.h"
|
|
#include "vnc-auth-vencrypt.h"
|
|
#endif
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+#include "vnc-auth-sasl.h"
|
|
+#endif
|
|
+
|
|
|
|
struct VncDisplay
|
|
{
|
|
@@ -118,10 +122,12 @@ struct VncState
|
|
int minor;
|
|
|
|
char challenge[VNC_AUTH_CHALLENGE_SIZE];
|
|
-
|
|
#ifdef CONFIG_VNC_TLS
|
|
VncStateTLS tls;
|
|
#endif
|
|
+#ifdef CONFIG_VNC_SASL
|
|
+ VncStateSASL sasl;
|
|
+#endif
|
|
|
|
Buffer output;
|
|
Buffer input;
|
|
@@ -160,8 +166,9 @@ enum {
|
|
VNC_AUTH_RA2NE = 6,
|
|
VNC_AUTH_TIGHT = 16,
|
|
VNC_AUTH_ULTRA = 17,
|
|
- VNC_AUTH_TLS = 18,
|
|
- VNC_AUTH_VENCRYPT = 19
|
|
+ VNC_AUTH_TLS = 18, /* Supported in GTK-VNC & VINO */
|
|
+ VNC_AUTH_VENCRYPT = 19, /* Supported in GTK-VNC & VeNCrypt */
|
|
+ VNC_AUTH_SASL = 20, /* Supported in GTK-VNC & VINO */
|
|
};
|
|
|
|
enum {
|
|
@@ -172,6 +179,8 @@ enum {
|
|
VNC_AUTH_VENCRYPT_X509NONE = 260,
|
|
VNC_AUTH_VENCRYPT_X509VNC = 261,
|
|
VNC_AUTH_VENCRYPT_X509PLAIN = 262,
|
|
+ VNC_AUTH_VENCRYPT_X509SASL = 263,
|
|
+ VNC_AUTH_VENCRYPT_TLSSASL = 264,
|
|
};
|
|
|
|
|
|
@@ -255,6 +264,8 @@ enum {
|
|
void vnc_client_read(void *opaque);
|
|
void vnc_client_write(void *opaque);
|
|
|
|
+long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen);
|
|
+long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen);
|
|
|
|
/* Protocol I/O functions */
|
|
void vnc_write(VncState *vs, const void *data, size_t len);
|
|
@@ -274,8 +285,22 @@ uint32_t read_u32(uint8_t *data, size_t
|
|
|
|
/* Protocol stage functions */
|
|
void vnc_client_error(VncState *vs);
|
|
+int vnc_client_io_error(VncState *vs, int ret, int last_errno);
|
|
|
|
void start_client_init(VncState *vs);
|
|
void start_auth_vnc(VncState *vs);
|
|
|
|
+/* Buffer management */
|
|
+void buffer_reserve(Buffer *buffer, size_t len);
|
|
+int buffer_empty(Buffer *buffer);
|
|
+uint8_t *buffer_end(Buffer *buffer);
|
|
+void buffer_reset(Buffer *buffer);
|
|
+void buffer_append(Buffer *buffer, const void *data, size_t len);
|
|
+
|
|
+
|
|
+/* Misc helpers */
|
|
+
|
|
+char *vnc_socket_local_addr(const char *format, int fd);
|
|
+char *vnc_socket_remote_addr(const char *format, int fd);
|
|
+
|
|
#endif /* __QEMU_VNC_H */
|