提交 28a76be8 编写于 作者: A aliguori

Remove tabs introduced from VNC ACL series

Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6727 c046a42c-6fe2-441c-8c8c-71466251a162
上级 76655d6d
......@@ -41,8 +41,8 @@ qemu_acl *qemu_acl_find(const char *aclname)
{
int i;
for (i = 0 ; i < nacls ; i++) {
if (strcmp(acls[i]->aclname, aclname) == 0)
return acls[i];
if (strcmp(acls[i]->aclname, aclname) == 0)
return acls[i];
}
return NULL;
......@@ -54,7 +54,7 @@ qemu_acl *qemu_acl_init(const char *aclname)
acl = qemu_acl_find(aclname);
if (acl)
return acl;
return acl;
acl = qemu_malloc(sizeof(*acl));
acl->aclname = qemu_strdup(aclname);
......@@ -74,19 +74,19 @@ qemu_acl *qemu_acl_init(const char *aclname)
}
int qemu_acl_party_is_allowed(qemu_acl *acl,
const char *party)
const char *party)
{
qemu_acl_entry *entry;
TAILQ_FOREACH(entry, &acl->entries, next) {
#ifdef HAVE_FNMATCH_H
if (fnmatch(entry->match, party, 0) == 0)
return entry->deny ? 0 : 1;
if (fnmatch(entry->match, party, 0) == 0)
return entry->deny ? 0 : 1;
#else
/* No fnmatch, so fallback to exact string matching
* instead of allowing wildcards */
if (strcmp(entry->match, party) == 0)
return entry->deny ? 0 : 1;
/* No fnmatch, so fallback to exact string matching
* instead of allowing wildcards */
if (strcmp(entry->match, party) == 0)
return entry->deny ? 0 : 1;
#endif
}
......@@ -103,17 +103,17 @@ void qemu_acl_reset(qemu_acl *acl)
* access control list */
acl->defaultDeny = 1;
TAILQ_FOREACH(entry, &acl->entries, next) {
TAILQ_REMOVE(&acl->entries, entry, next);
free(entry->match);
free(entry);
TAILQ_REMOVE(&acl->entries, entry, next);
free(entry->match);
free(entry);
}
acl->nentries = 0;
}
int qemu_acl_append(qemu_acl *acl,
int deny,
const char *match)
int deny,
const char *match)
{
qemu_acl_entry *entry;
......@@ -129,18 +129,18 @@ int qemu_acl_append(qemu_acl *acl,
int qemu_acl_insert(qemu_acl *acl,
int deny,
const char *match,
int index)
int deny,
const char *match,
int index)
{
qemu_acl_entry *entry;
qemu_acl_entry *tmp;
int i = 0;
if (index <= 0)
return -1;
return -1;
if (index >= acl->nentries)
return qemu_acl_append(acl, deny, match);
return qemu_acl_append(acl, deny, match);
entry = qemu_malloc(sizeof(*entry));
......@@ -148,29 +148,29 @@ int qemu_acl_insert(qemu_acl *acl,
entry->deny = deny;
TAILQ_FOREACH(tmp, &acl->entries, next) {
i++;
if (i == index) {
TAILQ_INSERT_BEFORE(tmp, entry, next);
acl->nentries++;
break;
}
i++;
if (i == index) {
TAILQ_INSERT_BEFORE(tmp, entry, next);
acl->nentries++;
break;
}
}
return i;
}
int qemu_acl_remove(qemu_acl *acl,
const char *match)
const char *match)
{
qemu_acl_entry *entry;
int i = 0;
TAILQ_FOREACH(entry, &acl->entries, next) {
i++;
if (strcmp(entry->match, match) == 0) {
TAILQ_REMOVE(&acl->entries, entry, next);
return i;
}
i++;
if (strcmp(entry->match, match) == 0) {
TAILQ_REMOVE(&acl->entries, entry, next);
return i;
}
}
return -1;
}
......
......@@ -160,25 +160,25 @@ void monitor_print_filename(Monitor *mon, const char *filename)
int i;
for (i = 0; filename[i]; i++) {
switch (filename[i]) {
case ' ':
case '"':
case '\\':
monitor_printf(mon, "\\%c", filename[i]);
break;
case '\t':
monitor_printf(mon, "\\t");
break;
case '\r':
monitor_printf(mon, "\\r");
break;
case '\n':
monitor_printf(mon, "\\n");
break;
default:
monitor_printf(mon, "%c", filename[i]);
break;
}
switch (filename[i]) {
case ' ':
case '"':
case '\\':
monitor_printf(mon, "\\%c", filename[i]);
break;
case '\t':
monitor_printf(mon, "\\t");
break;
case '\r':
monitor_printf(mon, "\\r");
break;
case '\n':
monitor_printf(mon, "\\n");
break;
default:
monitor_printf(mon, "%c", filename[i]);
break;
}
}
}
......@@ -474,17 +474,17 @@ static void change_vnc_password_cb(Monitor *mon, const char *password,
static void do_change_vnc(Monitor *mon, const char *target, const char *arg)
{
if (strcmp(target, "passwd") == 0 ||
strcmp(target, "password") == 0) {
if (arg) {
strcmp(target, "password") == 0) {
if (arg) {
char password[9];
strncpy(password, arg, sizeof(password));
password[sizeof(password) - 1] = '\0';
strncpy(password, arg, sizeof(password));
password[sizeof(password) - 1] = '\0';
change_vnc_password_cb(mon, password, NULL);
} else {
monitor_read_password(mon, change_vnc_password_cb, NULL);
}
} else {
if (vnc_display_open(NULL, target) < 0)
if (vnc_display_open(NULL, target) < 0)
monitor_printf(mon, "could not start VNC server on %s\n", target);
}
}
......@@ -493,9 +493,9 @@ static void do_change(Monitor *mon, const char *device, const char *target,
const char *arg)
{
if (strcmp(device, "vnc") == 0) {
do_change_vnc(mon, target, arg);
do_change_vnc(mon, target, arg);
} else {
do_change_block(mon, device, target, arg);
do_change_block(mon, device, target, arg);
}
}
......@@ -1535,81 +1535,81 @@ static void do_info_balloon(Monitor *mon)
static void do_acl(Monitor *mon,
const char *command,
const char *aclname,
const char *match,
int has_index,
int index)
const char *aclname,
const char *match,
int has_index,
int index)
{
qemu_acl *acl;
acl = qemu_acl_find(aclname);
if (!acl) {
monitor_printf(mon, "acl: unknown list '%s'\n", aclname);
return;
monitor_printf(mon, "acl: unknown list '%s'\n", aclname);
return;
}
if (strcmp(command, "show") == 0) {
int i = 0;
qemu_acl_entry *entry;
monitor_printf(mon, "policy: %s\n",
int i = 0;
qemu_acl_entry *entry;
monitor_printf(mon, "policy: %s\n",
acl->defaultDeny ? "deny" : "allow");
TAILQ_FOREACH(entry, &acl->entries, next) {
i++;
monitor_printf(mon, "%d: %s %s\n", i,
TAILQ_FOREACH(entry, &acl->entries, next) {
i++;
monitor_printf(mon, "%d: %s %s\n", i,
entry->deny ? "deny" : "allow",
entry->match);
}
}
} else if (strcmp(command, "reset") == 0) {
qemu_acl_reset(acl);
monitor_printf(mon, "acl: removed all rules\n");
qemu_acl_reset(acl);
monitor_printf(mon, "acl: removed all rules\n");
} else if (strcmp(command, "policy") == 0) {
if (!match) {
monitor_printf(mon, "acl: missing policy parameter\n");
return;
}
if (strcmp(match, "allow") == 0) {
acl->defaultDeny = 0;
monitor_printf(mon, "acl: policy set to 'allow'\n");
} else if (strcmp(match, "deny") == 0) {
acl->defaultDeny = 1;
monitor_printf(mon, "acl: policy set to 'deny'\n");
} else {
monitor_printf(mon, "acl: unknown policy '%s', expected 'deny' or 'allow'\n", match);
}
if (!match) {
monitor_printf(mon, "acl: missing policy parameter\n");
return;
}
if (strcmp(match, "allow") == 0) {
acl->defaultDeny = 0;
monitor_printf(mon, "acl: policy set to 'allow'\n");
} else if (strcmp(match, "deny") == 0) {
acl->defaultDeny = 1;
monitor_printf(mon, "acl: policy set to 'deny'\n");
} else {
monitor_printf(mon, "acl: unknown policy '%s', expected 'deny' or 'allow'\n", match);
}
} else if ((strcmp(command, "allow") == 0) ||
(strcmp(command, "deny") == 0)) {
int deny = strcmp(command, "deny") == 0 ? 1 : 0;
int ret;
if (!match) {
monitor_printf(mon, "acl: missing match parameter\n");
return;
}
if (has_index)
ret = qemu_acl_insert(acl, deny, match, index);
else
ret = qemu_acl_append(acl, deny, match);
if (ret < 0)
monitor_printf(mon, "acl: unable to add acl entry\n");
else
monitor_printf(mon, "acl: added rule at position %d\n", ret);
(strcmp(command, "deny") == 0)) {
int deny = strcmp(command, "deny") == 0 ? 1 : 0;
int ret;
if (!match) {
monitor_printf(mon, "acl: missing match parameter\n");
return;
}
if (has_index)
ret = qemu_acl_insert(acl, deny, match, index);
else
ret = qemu_acl_append(acl, deny, match);
if (ret < 0)
monitor_printf(mon, "acl: unable to add acl entry\n");
else
monitor_printf(mon, "acl: added rule at position %d\n", ret);
} else if (strcmp(command, "remove") == 0) {
int ret;
if (!match) {
monitor_printf(mon, "acl: missing match parameter\n");
return;
}
ret = qemu_acl_remove(acl, match);
if (ret < 0)
monitor_printf(mon, "acl: no matching acl entry\n");
else
monitor_printf(mon, "acl: removed rule at position %d\n", ret);
int ret;
if (!match) {
monitor_printf(mon, "acl: missing match parameter\n");
return;
}
ret = qemu_acl_remove(acl, match);
if (ret < 0)
monitor_printf(mon, "acl: no matching acl entry\n");
else
monitor_printf(mon, "acl: removed rule at position %d\n", ret);
} else {
monitor_printf(mon, "acl: unknown command '%s'\n", command);
monitor_printf(mon, "acl: unknown command '%s'\n", command);
}
}
......@@ -1839,7 +1839,7 @@ static target_long monitor_get_ccr (const struct MonitorDef *md, int val)
u = 0;
for (i = 0; i < 8; i++)
u |= env->crf[i] << (32 - (4 * i));
u |= env->crf[i] << (32 - (4 * i));
return u;
}
......
......@@ -31,14 +31,14 @@
void vnc_sasl_client_cleanup(VncState *vs)
{
if (vs->sasl.conn) {
vs->sasl.runSSF = vs->sasl.waitWriteSSF = vs->sasl.wantSSF = 0;
vs->sasl.encodedLength = vs->sasl.encodedOffset = 0;
vs->sasl.encoded = NULL;
free(vs->sasl.username);
free(vs->sasl.mechlist);
vs->sasl.username = vs->sasl.mechlist = NULL;
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
vs->sasl.runSSF = vs->sasl.waitWriteSSF = vs->sasl.wantSSF = 0;
vs->sasl.encodedLength = vs->sasl.encodedOffset = 0;
vs->sasl.encoded = NULL;
free(vs->sasl.username);
free(vs->sasl.mechlist);
vs->sasl.username = vs->sasl.mechlist = NULL;
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
}
}
......@@ -48,33 +48,33 @@ long vnc_client_write_sasl(VncState *vs)
long ret;
VNC_DEBUG("Write SASL: Pending output %p size %d offset %d Encoded: %p size %d offset %d\n",
vs->output.buffer, vs->output.capacity, vs->output.offset,
vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset);
vs->output.buffer, vs->output.capacity, vs->output.offset,
vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset);
if (!vs->sasl.encoded) {
int err;
err = sasl_encode(vs->sasl.conn,
(char *)vs->output.buffer,
vs->output.offset,
(const char **)&vs->sasl.encoded,
&vs->sasl.encodedLength);
if (err != SASL_OK)
return vnc_client_io_error(vs, -1, EIO);
vs->sasl.encodedOffset = 0;
int err;
err = sasl_encode(vs->sasl.conn,
(char *)vs->output.buffer,
vs->output.offset,
(const char **)&vs->sasl.encoded,
&vs->sasl.encodedLength);
if (err != SASL_OK)
return vnc_client_io_error(vs, -1, EIO);
vs->sasl.encodedOffset = 0;
}
ret = vnc_client_write_buf(vs,
vs->sasl.encoded + vs->sasl.encodedOffset,
vs->sasl.encodedLength - vs->sasl.encodedOffset);
vs->sasl.encoded + vs->sasl.encodedOffset,
vs->sasl.encodedLength - vs->sasl.encodedOffset);
if (!ret)
return 0;
return 0;
vs->sasl.encodedOffset += ret;
if (vs->sasl.encodedOffset == vs->sasl.encodedLength) {
vs->output.offset = 0;
vs->sasl.encoded = NULL;
vs->sasl.encodedOffset = vs->sasl.encodedLength = 0;
vs->output.offset = 0;
vs->sasl.encoded = NULL;
vs->sasl.encodedOffset = vs->sasl.encodedLength = 0;
}
/* Can't merge this block with one above, because
......@@ -83,7 +83,7 @@ long vnc_client_write_sasl(VncState *vs)
* SASL encoded output
*/
if (vs->output.offset == 0) {
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
}
return ret;
......@@ -100,16 +100,16 @@ long vnc_client_read_sasl(VncState *vs)
ret = vnc_client_read_buf(vs, encoded, sizeof(encoded));
if (!ret)
return 0;
return 0;
err = sasl_decode(vs->sasl.conn,
(char *)encoded, ret,
&decoded, &decodedLen);
(char *)encoded, ret,
&decoded, &decodedLen);
if (err != SASL_OK)
return vnc_client_io_error(vs, -1, -EIO);
return vnc_client_io_error(vs, -1, -EIO);
VNC_DEBUG("Read SASL Encoded %p size %ld Decoded %p size %d\n",
encoded, ret, decoded, decodedLen);
encoded, ret, decoded, decodedLen);
buffer_reserve(&vs->input, decodedLen);
buffer_append(&vs->input, decoded, decodedLen);
return decodedLen;
......@@ -124,27 +124,27 @@ static int vnc_auth_sasl_check_access(VncState *vs)
err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val);
if (err != SASL_OK) {
VNC_DEBUG("cannot query SASL username on connection %d (%s), denying access\n",
err, sasl_errstring(err, NULL, NULL));
return -1;
VNC_DEBUG("cannot query SASL username on connection %d (%s), denying access\n",
err, sasl_errstring(err, NULL, NULL));
return -1;
}
if (val == NULL) {
VNC_DEBUG("no client username was found, denying access\n");
return -1;
VNC_DEBUG("no client username was found, denying access\n");
return -1;
}
VNC_DEBUG("SASL client username %s\n", (const char *)val);
vs->sasl.username = qemu_strdup((const char*)val);
if (vs->vd->sasl.acl == NULL) {
VNC_DEBUG("no ACL activated, allowing access\n");
return 0;
VNC_DEBUG("no ACL activated, allowing access\n");
return 0;
}
allow = qemu_acl_party_is_allowed(vs->vd->sasl.acl, vs->sasl.username);
VNC_DEBUG("SASL client %s %s by ACL\n", vs->sasl.username,
allow ? "allowed" : "denied");
allow ? "allowed" : "denied");
return allow ? 0 : -1;
}
......@@ -154,16 +154,16 @@ static int vnc_auth_sasl_check_ssf(VncState *vs)
int err, ssf;
if (!vs->sasl.wantSSF)
return 1;
return 1;
err = sasl_getprop(vs->sasl.conn, SASL_SSF, &val);
if (err != SASL_OK)
return 0;
return 0;
ssf = *(const int *)val;
VNC_DEBUG("negotiated an SSF of %d\n", ssf);
if (ssf < 56)
return 0; /* 56 is good for Kerberos */
return 0; /* 56 is good for Kerberos */
/* Only setup for read initially, because we're about to send an RPC
* reply which must be in plain text. When the next incoming RPC
......@@ -204,73 +204,73 @@ static int protocol_client_auth_sasl_step(VncState *vs, uint8_t *data, size_t le
/* NB, distinction of NULL vs "" is *critical* in SASL */
if (datalen) {
clientdata = (char*)data;
clientdata[datalen-1] = '\0'; /* Wire includes '\0', but make sure */
datalen--; /* Don't count NULL byte when passing to _start() */
clientdata = (char*)data;
clientdata[datalen-1] = '\0'; /* Wire includes '\0', but make sure */
datalen--; /* Don't count NULL byte when passing to _start() */
}
VNC_DEBUG("Step using SASL Data %p (%d bytes)\n",
clientdata, datalen);
clientdata, datalen);
err = sasl_server_step(vs->sasl.conn,
clientdata,
datalen,
&serverout,
&serveroutlen);
clientdata,
datalen,
&serverout,
&serveroutlen);
if (err != SASL_OK &&
err != SASL_CONTINUE) {
VNC_DEBUG("sasl step failed %d (%s)\n",
err, sasl_errdetail(vs->sasl.conn));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
err != SASL_CONTINUE) {
VNC_DEBUG("sasl step failed %d (%s)\n",
err, sasl_errdetail(vs->sasl.conn));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
if (serveroutlen > SASL_DATA_MAX_LEN) {
VNC_DEBUG("sasl step reply data too long %d\n",
serveroutlen);
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
VNC_DEBUG("sasl step reply data too long %d\n",
serveroutlen);
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
VNC_DEBUG("SASL return data %d bytes, nil; %d\n",
serveroutlen, serverout ? 0 : 1);
serveroutlen, serverout ? 0 : 1);
if (serveroutlen) {
vnc_write_u32(vs, serveroutlen + 1);
vnc_write(vs, serverout, serveroutlen + 1);
vnc_write_u32(vs, serveroutlen + 1);
vnc_write(vs, serverout, serveroutlen + 1);
} else {
vnc_write_u32(vs, 0);
vnc_write_u32(vs, 0);
}
/* Whether auth is complete */
vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);
if (err == SASL_CONTINUE) {
VNC_DEBUG("%s", "Authentication must continue\n");
/* Wait for step length */
vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
VNC_DEBUG("%s", "Authentication must continue\n");
/* Wait for step length */
vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
} else {
if (!vnc_auth_sasl_check_ssf(vs)) {
VNC_DEBUG("Authentication rejected for weak SSF %d\n", vs->csock);
goto authreject;
}
/* Check username whitelist ACL */
if (vnc_auth_sasl_check_access(vs) < 0) {
VNC_DEBUG("Authentication rejected for ACL %d\n", vs->csock);
goto authreject;
}
VNC_DEBUG("Authentication successful %d\n", vs->csock);
vnc_write_u32(vs, 0); /* Accept auth */
/*
* Delay writing in SSF encoded mode until pending output
* buffer is written
*/
if (vs->sasl.runSSF)
vs->sasl.waitWriteSSF = vs->output.offset;
start_client_init(vs);
if (!vnc_auth_sasl_check_ssf(vs)) {
VNC_DEBUG("Authentication rejected for weak SSF %d\n", vs->csock);
goto authreject;
}
/* Check username whitelist ACL */
if (vnc_auth_sasl_check_access(vs) < 0) {
VNC_DEBUG("Authentication rejected for ACL %d\n", vs->csock);
goto authreject;
}
VNC_DEBUG("Authentication successful %d\n", vs->csock);
vnc_write_u32(vs, 0); /* Accept auth */
/*
* Delay writing in SSF encoded mode until pending output
* buffer is written
*/
if (vs->sasl.runSSF)
vs->sasl.waitWriteSSF = vs->output.offset;
start_client_init(vs);
}
return 0;
......@@ -293,15 +293,15 @@ static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_
uint32_t steplen = read_u32(data, 0);
VNC_DEBUG("Got client step len %d\n", steplen);
if (steplen > SASL_DATA_MAX_LEN) {
VNC_DEBUG("Too much SASL data %d\n", steplen);
vnc_client_error(vs);
return -1;
VNC_DEBUG("Too much SASL data %d\n", steplen);
vnc_client_error(vs);
return -1;
}
if (steplen == 0)
return protocol_client_auth_sasl_step(vs, NULL, 0);
return protocol_client_auth_sasl_step(vs, NULL, 0);
else
vnc_read_when(vs, protocol_client_auth_sasl_step, steplen);
vnc_read_when(vs, protocol_client_auth_sasl_step, steplen);
return 0;
}
......@@ -332,67 +332,67 @@ static int protocol_client_auth_sasl_start(VncState *vs, uint8_t *data, size_t l
/* NB, distinction of NULL vs "" is *critical* in SASL */
if (datalen) {
clientdata = (char*)data;
clientdata[datalen-1] = '\0'; /* Should be on wire, but make sure */
datalen--; /* Don't count NULL byte when passing to _start() */
clientdata = (char*)data;
clientdata[datalen-1] = '\0'; /* Should be on wire, but make sure */
datalen--; /* Don't count NULL byte when passing to _start() */
}
VNC_DEBUG("Start SASL auth with mechanism %s. Data %p (%d bytes)\n",
vs->sasl.mechlist, clientdata, datalen);
vs->sasl.mechlist, clientdata, datalen);
err = sasl_server_start(vs->sasl.conn,
vs->sasl.mechlist,
clientdata,
datalen,
&serverout,
&serveroutlen);
vs->sasl.mechlist,
clientdata,
datalen,
&serverout,
&serveroutlen);
if (err != SASL_OK &&
err != SASL_CONTINUE) {
VNC_DEBUG("sasl start failed %d (%s)\n",
err, sasl_errdetail(vs->sasl.conn));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
err != SASL_CONTINUE) {
VNC_DEBUG("sasl start failed %d (%s)\n",
err, sasl_errdetail(vs->sasl.conn));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
if (serveroutlen > SASL_DATA_MAX_LEN) {
VNC_DEBUG("sasl start reply data too long %d\n",
serveroutlen);
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
VNC_DEBUG("sasl start reply data too long %d\n",
serveroutlen);
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
VNC_DEBUG("SASL return data %d bytes, nil; %d\n",
serveroutlen, serverout ? 0 : 1);
serveroutlen, serverout ? 0 : 1);
if (serveroutlen) {
vnc_write_u32(vs, serveroutlen + 1);
vnc_write(vs, serverout, serveroutlen + 1);
vnc_write_u32(vs, serveroutlen + 1);
vnc_write(vs, serverout, serveroutlen + 1);
} else {
vnc_write_u32(vs, 0);
vnc_write_u32(vs, 0);
}
/* Whether auth is complete */
vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);
if (err == SASL_CONTINUE) {
VNC_DEBUG("%s", "Authentication must continue\n");
/* Wait for step length */
vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
VNC_DEBUG("%s", "Authentication must continue\n");
/* Wait for step length */
vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
} else {
if (!vnc_auth_sasl_check_ssf(vs)) {
VNC_DEBUG("Authentication rejected for weak SSF %d\n", vs->csock);
goto authreject;
}
/* Check username whitelist ACL */
if (vnc_auth_sasl_check_access(vs) < 0) {
VNC_DEBUG("Authentication rejected for ACL %d\n", vs->csock);
goto authreject;
}
VNC_DEBUG("Authentication successful %d\n", vs->csock);
vnc_write_u32(vs, 0); /* Accept auth */
start_client_init(vs);
if (!vnc_auth_sasl_check_ssf(vs)) {
VNC_DEBUG("Authentication rejected for weak SSF %d\n", vs->csock);
goto authreject;
}
/* Check username whitelist ACL */
if (vnc_auth_sasl_check_access(vs) < 0) {
VNC_DEBUG("Authentication rejected for ACL %d\n", vs->csock);
goto authreject;
}
VNC_DEBUG("Authentication successful %d\n", vs->csock);
vnc_write_u32(vs, 0); /* Accept auth */
start_client_init(vs);
}
return 0;
......@@ -415,13 +415,13 @@ static int protocol_client_auth_sasl_start_len(VncState *vs, uint8_t *data, size
uint32_t startlen = read_u32(data, 0);
VNC_DEBUG("Got client start len %d\n", startlen);
if (startlen > SASL_DATA_MAX_LEN) {
VNC_DEBUG("Too much SASL data %d\n", startlen);
vnc_client_error(vs);
return -1;
VNC_DEBUG("Too much SASL data %d\n", startlen);
vnc_client_error(vs);
return -1;
}
if (startlen == 0)
return protocol_client_auth_sasl_start(vs, NULL, 0);
return protocol_client_auth_sasl_start(vs, NULL, 0);
vnc_read_when(vs, protocol_client_auth_sasl_start, startlen);
return 0;
......@@ -431,35 +431,35 @@ static int protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_
{
char *mechname = malloc(len + 1);
if (!mechname) {
VNC_DEBUG("Out of memory reading mechname\n");
vnc_client_error(vs);
VNC_DEBUG("Out of memory reading mechname\n");
vnc_client_error(vs);
}
strncpy(mechname, (char*)data, len);
mechname[len] = '\0';
VNC_DEBUG("Got client mechname '%s' check against '%s'\n",
mechname, vs->sasl.mechlist);
mechname, vs->sasl.mechlist);
if (strncmp(vs->sasl.mechlist, mechname, len) == 0) {
if (vs->sasl.mechlist[len] != '\0' &&
vs->sasl.mechlist[len] != ',') {
VNC_DEBUG("One %d", vs->sasl.mechlist[len]);
vnc_client_error(vs);
return -1;
}
if (vs->sasl.mechlist[len] != '\0' &&
vs->sasl.mechlist[len] != ',') {
VNC_DEBUG("One %d", vs->sasl.mechlist[len]);
vnc_client_error(vs);
return -1;
}
} else {
char *offset = strstr(vs->sasl.mechlist, mechname);
VNC_DEBUG("Two %p\n", offset);
if (!offset) {
vnc_client_error(vs);
return -1;
}
VNC_DEBUG("Two '%s'\n", offset);
if (offset[-1] != ',' ||
(offset[len] != '\0'&&
offset[len] != ',')) {
vnc_client_error(vs);
return -1;
}
char *offset = strstr(vs->sasl.mechlist, mechname);
VNC_DEBUG("Two %p\n", offset);
if (!offset) {
vnc_client_error(vs);
return -1;
}
VNC_DEBUG("Two '%s'\n", offset);
if (offset[-1] != ',' ||
(offset[len] != '\0'&&
offset[len] != ',')) {
vnc_client_error(vs);
return -1;
}
}
free(vs->sasl.mechlist);
......@@ -475,20 +475,20 @@ static int protocol_client_auth_sasl_mechname_len(VncState *vs, uint8_t *data, s
uint32_t mechlen = read_u32(data, 0);
VNC_DEBUG("Got client mechname len %d\n", mechlen);
if (mechlen > 100) {
VNC_DEBUG("Too long SASL mechname data %d\n", mechlen);
vnc_client_error(vs);
return -1;
VNC_DEBUG("Too long SASL mechname data %d\n", mechlen);
vnc_client_error(vs);
return -1;
}
if (mechlen < 1) {
VNC_DEBUG("Too short SASL mechname %d\n", mechlen);
vnc_client_error(vs);
return -1;
VNC_DEBUG("Too short SASL mechname %d\n", mechlen);
vnc_client_error(vs);
return -1;
}
vnc_read_when(vs, protocol_client_auth_sasl_mechname,mechlen);
return 0;
}
#define USES_X509_AUTH(vs) \
#define USES_X509_AUTH(vs) \
((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
(vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
(vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN || \
......@@ -507,116 +507,116 @@ void start_auth_sasl(VncState *vs)
/* Get local & remote client addresses in form IPADDR;PORT */
if (!(localAddr = vnc_socket_local_addr("%s;%s", vs->csock)))
goto authabort;
goto authabort;
if (!(remoteAddr = vnc_socket_remote_addr("%s;%s", vs->csock))) {
free(localAddr);
goto authabort;
free(localAddr);
goto authabort;
}
err = sasl_server_new("vnc",
NULL, /* FQDN - just delegates to gethostname */
NULL, /* User realm */
localAddr,
remoteAddr,
NULL, /* Callbacks, not needed */
SASL_SUCCESS_DATA,
&vs->sasl.conn);
NULL, /* FQDN - just delegates to gethostname */
NULL, /* User realm */
localAddr,
remoteAddr,
NULL, /* Callbacks, not needed */
SASL_SUCCESS_DATA,
&vs->sasl.conn);
free(localAddr);
free(remoteAddr);
localAddr = remoteAddr = NULL;
if (err != SASL_OK) {
VNC_DEBUG("sasl context setup failed %d (%s)",
err, sasl_errstring(err, NULL, NULL));
vs->sasl.conn = NULL;
goto authabort;
VNC_DEBUG("sasl context setup failed %d (%s)",
err, sasl_errstring(err, NULL, NULL));
vs->sasl.conn = NULL;
goto authabort;
}
#ifdef CONFIG_VNC_TLS
/* Inform SASL that we've got an external SSF layer from TLS/x509 */
if (vs->vd->auth == VNC_AUTH_VENCRYPT &&
vs->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL) {
gnutls_cipher_algorithm_t cipher;
sasl_ssf_t ssf;
cipher = gnutls_cipher_get(vs->tls.session);
if (!(ssf = (sasl_ssf_t)gnutls_cipher_get_key_size(cipher))) {
VNC_DEBUG("%s", "cannot TLS get cipher size\n");
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
ssf *= 8; /* tls key size is bytes, sasl wants bits */
err = sasl_setprop(vs->sasl.conn, SASL_SSF_EXTERNAL, &ssf);
if (err != SASL_OK) {
VNC_DEBUG("cannot set SASL external SSF %d (%s)\n",
err, sasl_errstring(err, NULL, NULL));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
vs->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL) {
gnutls_cipher_algorithm_t cipher;
sasl_ssf_t ssf;
cipher = gnutls_cipher_get(vs->tls.session);
if (!(ssf = (sasl_ssf_t)gnutls_cipher_get_key_size(cipher))) {
VNC_DEBUG("%s", "cannot TLS get cipher size\n");
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
ssf *= 8; /* tls key size is bytes, sasl wants bits */
err = sasl_setprop(vs->sasl.conn, SASL_SSF_EXTERNAL, &ssf);
if (err != SASL_OK) {
VNC_DEBUG("cannot set SASL external SSF %d (%s)\n",
err, sasl_errstring(err, NULL, NULL));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
} else
#endif /* CONFIG_VNC_TLS */
vs->sasl.wantSSF = 1;
vs->sasl.wantSSF = 1;
memset (&secprops, 0, sizeof secprops);
/* Inform SASL that we've got an external SSF layer from TLS */
if (strncmp(vs->vd->display, "unix:", 5) == 0
#ifdef CONFIG_VNC_TLS
/* Disable SSF, if using TLS+x509+SASL only. TLS without x509
is not sufficiently strong */
|| (vs->vd->auth == VNC_AUTH_VENCRYPT &&
vs->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL)
/* Disable SSF, if using TLS+x509+SASL only. TLS without x509
is not sufficiently strong */
|| (vs->vd->auth == VNC_AUTH_VENCRYPT &&
vs->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL)
#endif /* CONFIG_VNC_TLS */
) {
/* If we've got TLS or UNIX domain sock, we don't care about SSF */
secprops.min_ssf = 0;
secprops.max_ssf = 0;
secprops.maxbufsize = 8192;
secprops.security_flags = 0;
) {
/* If we've got TLS or UNIX domain sock, we don't care about SSF */
secprops.min_ssf = 0;
secprops.max_ssf = 0;
secprops.maxbufsize = 8192;
secprops.security_flags = 0;
} else {
/* Plain TCP, better get an SSF layer */
secprops.min_ssf = 56; /* Good enough to require kerberos */
secprops.max_ssf = 100000; /* Arbitrary big number */
secprops.maxbufsize = 8192;
/* Forbid any anonymous or trivially crackable auth */
secprops.security_flags =
SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT;
/* Plain TCP, better get an SSF layer */
secprops.min_ssf = 56; /* Good enough to require kerberos */
secprops.max_ssf = 100000; /* Arbitrary big number */
secprops.maxbufsize = 8192;
/* Forbid any anonymous or trivially crackable auth */
secprops.security_flags =
SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT;
}
err = sasl_setprop(vs->sasl.conn, SASL_SEC_PROPS, &secprops);
if (err != SASL_OK) {
VNC_DEBUG("cannot set SASL security props %d (%s)\n",
err, sasl_errstring(err, NULL, NULL));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
VNC_DEBUG("cannot set SASL security props %d (%s)\n",
err, sasl_errstring(err, NULL, NULL));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
err = sasl_listmech(vs->sasl.conn,
NULL, /* Don't need to set user */
"", /* Prefix */
",", /* Separator */
"", /* Suffix */
&mechlist,
NULL,
NULL);
NULL, /* Don't need to set user */
"", /* Prefix */
",", /* Separator */
"", /* Suffix */
&mechlist,
NULL,
NULL);
if (err != SASL_OK) {
VNC_DEBUG("cannot list SASL mechanisms %d (%s)\n",
err, sasl_errdetail(vs->sasl.conn));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
VNC_DEBUG("cannot list SASL mechanisms %d (%s)\n",
err, sasl_errdetail(vs->sasl.conn));
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
VNC_DEBUG("Available mechanisms for client: '%s'\n", mechlist);
if (!(vs->sasl.mechlist = strdup(mechlist))) {
VNC_DEBUG("Out of memory");
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
VNC_DEBUG("Out of memory");
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
goto authabort;
}
mechlistlen = strlen(mechlist);
vnc_write_u32(vs, mechlistlen);
......
......@@ -128,10 +128,10 @@ static const char *vnc_auth_name(VncDisplay *vd) {
return "vencrypt+x509+vnc";
case VNC_AUTH_VENCRYPT_X509PLAIN:
return "vencrypt+x509+plain";
case VNC_AUTH_VENCRYPT_TLSSASL:
return "vencrypt+tls+sasl";
case VNC_AUTH_VENCRYPT_X509SASL:
return "vencrypt+x509+sasl";
case VNC_AUTH_VENCRYPT_TLSSASL:
return "vencrypt+tls+sasl";
case VNC_AUTH_VENCRYPT_X509SASL:
return "vencrypt+x509+sasl";
default:
return "vencrypt";
}
......@@ -139,7 +139,7 @@ static const char *vnc_auth_name(VncDisplay *vd) {
return "vencrypt";
#endif
case VNC_AUTH_SASL:
return "sasl";
return "sasl";
}
return "unknown";
}
......@@ -160,17 +160,17 @@ static void do_info_vnc_client(Monitor *mon, VncState *client)
#ifdef CONFIG_VNC_TLS
if (client->tls.session &&
client->tls.dname)
monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
client->tls.dname)
monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
else
monitor_printf(mon, " x509 dname: none\n");
monitor_printf(mon, " x509 dname: none\n");
#endif
#ifdef CONFIG_VNC_SASL
if (client->sasl.conn &&
client->sasl.username)
monitor_printf(mon, " username: %s\n", client->sasl.username);
client->sasl.username)
monitor_printf(mon, " username: %s\n", client->sasl.username);
else
monitor_printf(mon, " username: none\n");
monitor_printf(mon, " username: none\n");
#endif
}
......@@ -277,8 +277,8 @@ static void vnc_update(VncState *vs, int x, int y, int w, int h)
h = MIN(h, vs->serverds.height);
for (; y < h; y++)
for (i = 0; i < w; i += 16)
vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
for (i = 0; i < w; i += 16)
vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
}
static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
......@@ -292,7 +292,7 @@ static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
}
static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
int32_t encoding)
int32_t encoding)
{
vnc_write_u16(vs, x);
vnc_write_u16(vs, y);
......@@ -305,12 +305,12 @@ static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
void buffer_reserve(Buffer *buffer, size_t len)
{
if ((buffer->capacity - buffer->offset) < len) {
buffer->capacity += (len + 1024);
buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
if (buffer->buffer == NULL) {
fprintf(stderr, "vnc: out of memory\n");
exit(1);
}
buffer->capacity += (len + 1024);
buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
if (buffer->buffer == NULL) {
fprintf(stderr, "vnc: out of memory\n");
exit(1);
}
}
}
......@@ -326,7 +326,7 @@ uint8_t *buffer_end(Buffer *buffer)
void buffer_reset(Buffer *buffer)
{
buffer->offset = 0;
buffer->offset = 0;
}
void buffer_append(Buffer *buffer, const void *data, size_t len)
......@@ -344,8 +344,8 @@ static void vnc_resize(VncState *vs)
vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
if (vs->old_data == NULL) {
fprintf(stderr, "vnc: memory allocation failed\n");
exit(1);
fprintf(stderr, "vnc: memory allocation failed\n");
exit(1);
}
if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
......@@ -469,8 +469,8 @@ static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h
row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
for (i = 0; i < h; i++) {
vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
row += ds_get_linesize(vs->ds);
vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
row += ds_get_linesize(vs->ds);
}
}
......@@ -520,11 +520,11 @@ static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, i
last_bg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
has_fg = has_bg = 0;
for (j = y; j < (y + h); j += 16) {
for (i = x; i < (x + w); i += 16) {
for (i = x; i < (x + w); i += 16) {
vs->send_hextile_tile(vs, i, j,
MIN(16, x + w - i), MIN(16, y + h - j),
last_bg, last_fg, &has_bg, &has_fg);
}
}
}
free(last_fg);
free(last_bg);
......@@ -630,17 +630,17 @@ static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int
static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
{
switch(vs->vnc_encoding) {
case VNC_ENCODING_ZLIB:
send_framebuffer_update_zlib(vs, x, y, w, h);
break;
case VNC_ENCODING_HEXTILE:
vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
send_framebuffer_update_hextile(vs, x, y, w, h);
break;
default:
vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
send_framebuffer_update_raw(vs, x, y, w, h);
break;
case VNC_ENCODING_ZLIB:
send_framebuffer_update_zlib(vs, x, y, w, h);
break;
case VNC_ENCODING_HEXTILE:
vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
send_framebuffer_update_hextile(vs, x, y, w, h);
break;
default:
vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
send_framebuffer_update_raw(vs, x, y, w, h);
break;
}
}
......@@ -675,11 +675,11 @@ static int find_dirty_height(VncState *vs, int y, int last_x, int x)
int h;
for (h = 1; h < (vs->serverds.height - y); h++) {
int tmp_x;
if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
break;
for (tmp_x = last_x; tmp_x < x; tmp_x++)
vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
int tmp_x;
if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
break;
for (tmp_x = last_x; tmp_x < x; tmp_x++)
vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
}
return h;
......@@ -689,88 +689,88 @@ static void vnc_update_client(void *opaque)
{
VncState *vs = opaque;
if (vs->need_update && vs->csock != -1) {
int y;
uint8_t *row;
char *old_row;
uint32_t width_mask[VNC_DIRTY_WORDS];
int n_rectangles;
int saved_offset;
int has_dirty = 0;
int y;
uint8_t *row;
char *old_row;
uint32_t width_mask[VNC_DIRTY_WORDS];
int n_rectangles;
int saved_offset;
int has_dirty = 0;
vga_hw_update();
vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
/* Walk through the dirty map and eliminate tiles that
really aren't dirty */
row = ds_get_data(vs->ds);
old_row = vs->old_data;
for (y = 0; y < ds_get_height(vs->ds); y++) {
if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
int x;
uint8_t *ptr;
char *old_ptr;
ptr = row;
old_ptr = (char*)old_row;
for (x = 0; x < ds_get_width(vs->ds); x += 16) {
if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
vnc_clear_bit(vs->dirty_row[y], (x / 16));
} else {
has_dirty = 1;
memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
}
ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
}
}
row += ds_get_linesize(vs->ds);
old_row += ds_get_linesize(vs->ds);
}
if (!has_dirty && !vs->audio_cap) {
qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
return;
}
/* Count rectangles */
n_rectangles = 0;
vnc_write_u8(vs, 0); /* msg id */
vnc_write_u8(vs, 0);
saved_offset = vs->output.offset;
vnc_write_u16(vs, 0);
for (y = 0; y < vs->serverds.height; y++) {
int x;
int last_x = -1;
for (x = 0; x < vs->serverds.width / 16; x++) {
if (vnc_get_bit(vs->dirty_row[y], x)) {
if (last_x == -1) {
last_x = x;
}
vnc_clear_bit(vs->dirty_row[y], x);
} else {
if (last_x != -1) {
int h = find_dirty_height(vs, y, last_x, x);
send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
n_rectangles++;
}
last_x = -1;
}
}
if (last_x != -1) {
int h = find_dirty_height(vs, y, last_x, x);
send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
n_rectangles++;
}
}
vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
vnc_flush(vs);
/* Walk through the dirty map and eliminate tiles that
really aren't dirty */
row = ds_get_data(vs->ds);
old_row = vs->old_data;
for (y = 0; y < ds_get_height(vs->ds); y++) {
if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
int x;
uint8_t *ptr;
char *old_ptr;
ptr = row;
old_ptr = (char*)old_row;
for (x = 0; x < ds_get_width(vs->ds); x += 16) {
if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
vnc_clear_bit(vs->dirty_row[y], (x / 16));
} else {
has_dirty = 1;
memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
}
ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
}
}
row += ds_get_linesize(vs->ds);
old_row += ds_get_linesize(vs->ds);
}
if (!has_dirty && !vs->audio_cap) {
qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
return;
}
/* Count rectangles */
n_rectangles = 0;
vnc_write_u8(vs, 0); /* msg id */
vnc_write_u8(vs, 0);
saved_offset = vs->output.offset;
vnc_write_u16(vs, 0);
for (y = 0; y < vs->serverds.height; y++) {
int x;
int last_x = -1;
for (x = 0; x < vs->serverds.width / 16; x++) {
if (vnc_get_bit(vs->dirty_row[y], x)) {
if (last_x == -1) {
last_x = x;
}
vnc_clear_bit(vs->dirty_row[y], x);
} else {
if (last_x != -1) {
int h = find_dirty_height(vs, y, last_x, x);
send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
n_rectangles++;
}
last_x = -1;
}
}
if (last_x != -1) {
int h = find_dirty_height(vs, y, last_x, x);
send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
n_rectangles++;
}
}
vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
vnc_flush(vs);
}
......@@ -863,15 +863,15 @@ int vnc_client_io_error(VncState *vs, int ret, int last_errno)
}
}
VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
closesocket(vs->csock);
VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
closesocket(vs->csock);
qemu_del_timer(vs->timer);
qemu_free_timer(vs->timer);
if (vs->input.buffer) qemu_free(vs->input.buffer);
if (vs->output.buffer) qemu_free(vs->output.buffer);
#ifdef CONFIG_VNC_TLS
vnc_tls_client_cleanup(vs);
vnc_tls_client_cleanup(vs);
#endif /* CONFIG_VNC_TLS */
#ifdef CONFIG_VNC_SASL
vnc_sasl_client_cleanup(vs);
......@@ -895,7 +895,7 @@ int vnc_client_io_error(VncState *vs, int ret, int last_errno)
qemu_free(vs->old_data);
qemu_free(vs);
return 0;
return 0;
}
return ret;
}
......@@ -927,17 +927,17 @@ long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
long ret;
#ifdef CONFIG_VNC_TLS
if (vs->tls.session) {
ret = gnutls_write(vs->tls.session, data, datalen);
if (ret < 0) {
if (ret == GNUTLS_E_AGAIN)
errno = EAGAIN;
else
errno = EIO;
ret = -1;
}
ret = gnutls_write(vs->tls.session, data, datalen);
if (ret < 0) {
if (ret == GNUTLS_E_AGAIN)
errno = EAGAIN;
else
errno = EIO;
ret = -1;
}
} else
#endif /* CONFIG_VNC_TLS */
ret = send(vs->csock, data, datalen, 0);
ret = send(vs->csock, data, datalen, 0);
VNC_DEBUG("Wrote wire %p %d -> %ld\n", data, datalen, ret);
return vnc_client_io_error(vs, ret, socket_error());
}
......@@ -978,7 +978,7 @@ static long vnc_client_write_plain(VncState *vs)
vs->output.offset -= ret;
if (vs->output.offset == 0) {
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
}
return ret;
......@@ -1032,17 +1032,17 @@ long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
long ret;
#ifdef CONFIG_VNC_TLS
if (vs->tls.session) {
ret = gnutls_read(vs->tls.session, data, datalen);
if (ret < 0) {
if (ret == GNUTLS_E_AGAIN)
errno = EAGAIN;
else
errno = EIO;
ret = -1;
}
ret = gnutls_read(vs->tls.session, data, datalen);
if (ret < 0) {
if (ret == GNUTLS_E_AGAIN)
errno = EAGAIN;
else
errno = EIO;
ret = -1;
}
} else
#endif /* CONFIG_VNC_TLS */
ret = recv(vs->csock, data, datalen, 0);
ret = recv(vs->csock, data, datalen, 0);
VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
return vnc_client_io_error(vs, ret, socket_error());
}
......@@ -1087,22 +1087,22 @@ void vnc_client_read(void *opaque)
#endif /* CONFIG_VNC_SASL */
ret = vnc_client_read_plain(vs);
if (!ret)
return;
return;
while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
size_t len = vs->read_handler_expect;
int ret;
ret = vs->read_handler(vs, vs->input.buffer, len);
if (vs->csock == -1)
return;
if (!ret) {
memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
vs->input.offset -= len;
} else {
vs->read_handler_expect = ret;
}
size_t len = vs->read_handler_expect;
int ret;
ret = vs->read_handler(vs, vs->input.buffer, len);
if (vs->csock == -1)
return;
if (!ret) {
memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
vs->input.offset -= len;
} else {
vs->read_handler_expect = ret;
}
}
}
......@@ -1111,7 +1111,7 @@ void vnc_write(VncState *vs, const void *data, size_t len)
buffer_reserve(&vs->output, len);
if (buffer_empty(&vs->output)) {
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
}
buffer_append(&vs->output, data, len);
......@@ -1152,7 +1152,7 @@ void vnc_write_u8(VncState *vs, uint8_t value)
void vnc_flush(VncState *vs)
{
if (vs->output.offset)
vnc_client_write(vs);
vnc_client_write(vs);
}
uint8_t read_u8(uint8_t *data, size_t offset)
......@@ -1168,13 +1168,13 @@ uint16_t read_u16(uint8_t *data, size_t offset)
int32_t read_s32(uint8_t *data, size_t offset)
{
return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
(data[offset + 2] << 8) | data[offset + 3]);
(data[offset + 2] << 8) | data[offset + 3]);
}
uint32_t read_u32(uint8_t *data, size_t offset)
{
return ((data[offset] << 24) | (data[offset + 1] << 16) |
(data[offset + 2] << 8) | data[offset + 3]);
(data[offset + 2] << 8) | data[offset + 3]);
}
static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
......@@ -1184,13 +1184,13 @@ static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
static void check_pointer_type_change(VncState *vs, int absolute)
{
if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
vnc_write_u8(vs, 0);
vnc_write_u8(vs, 0);
vnc_write_u16(vs, 1);
vnc_framebuffer_update(vs, absolute, 0,
ds_get_width(vs->ds), ds_get_height(vs->ds),
vnc_write_u8(vs, 0);
vnc_write_u8(vs, 0);
vnc_write_u16(vs, 1);
vnc_framebuffer_update(vs, absolute, 0,
ds_get_width(vs->ds), ds_get_height(vs->ds),
VNC_ENCODING_POINTER_TYPE_CHANGE);
vnc_flush(vs);
vnc_flush(vs);
}
vs->absolute = absolute;
}
......@@ -1201,32 +1201,32 @@ static void pointer_event(VncState *vs, int button_mask, int x, int y)
int dz = 0;
if (button_mask & 0x01)
buttons |= MOUSE_EVENT_LBUTTON;
buttons |= MOUSE_EVENT_LBUTTON;
if (button_mask & 0x02)
buttons |= MOUSE_EVENT_MBUTTON;
buttons |= MOUSE_EVENT_MBUTTON;
if (button_mask & 0x04)
buttons |= MOUSE_EVENT_RBUTTON;
buttons |= MOUSE_EVENT_RBUTTON;
if (button_mask & 0x08)
dz = -1;
dz = -1;
if (button_mask & 0x10)
dz = 1;
dz = 1;
if (vs->absolute) {
kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
y * 0x7FFF / (ds_get_height(vs->ds) - 1),
dz, buttons);
kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
y * 0x7FFF / (ds_get_height(vs->ds) - 1),
dz, buttons);
} else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
x -= 0x7FFF;
y -= 0x7FFF;
x -= 0x7FFF;
y -= 0x7FFF;
kbd_mouse_event(x, y, dz, buttons);
kbd_mouse_event(x, y, dz, buttons);
} else {
if (vs->last_x != -1)
kbd_mouse_event(x - vs->last_x,
y - vs->last_y,
dz, buttons);
vs->last_x = x;
vs->last_y = y;
if (vs->last_x != -1)
kbd_mouse_event(x - vs->last_x,
y - vs->last_y,
dz, buttons);
vs->last_x = x;
vs->last_y = y;
}
check_pointer_type_change(vs, kbd_mouse_is_absolute());
......@@ -1274,8 +1274,8 @@ static void do_key_event(VncState *vs, int down, int keycode, int sym)
return;
}
break;
case 0x3a: /* CapsLock */
case 0x45: /* NumLock */
case 0x3a: /* CapsLock */
case 0x45: /* NumLock */
if (!down)
vs->modifiers_state[keycode] ^= 1;
break;
......@@ -1357,7 +1357,7 @@ static void key_event(VncState *vs, int down, uint32_t sym)
int keycode;
if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
sym = sym - 'A' + 'a';
sym = sym - 'A' + 'a';
keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
do_key_event(vs, down, keycode, sym);
......@@ -1374,8 +1374,8 @@ static void ext_key_event(VncState *vs, int down,
}
static void framebuffer_update_request(VncState *vs, int incremental,
int x_position, int y_position,
int w, int h)
int x_position, int y_position,
int w, int h)
{
if (x_position > ds_get_width(vs->ds))
x_position = ds_get_width(vs->ds);
......@@ -1389,14 +1389,14 @@ static void framebuffer_update_request(VncState *vs, int incremental,
int i;
vs->need_update = 1;
if (!incremental) {
char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
for (i = 0; i < h; i++) {
for (i = 0; i < h; i++) {
vnc_set_bits(vs->dirty_row[y_position + i],
(ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
old_row += ds_get_linesize(vs->ds);
}
memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
old_row += ds_get_linesize(vs->ds);
}
}
}
......@@ -1513,13 +1513,13 @@ static void set_pixel_conversion(VncState *vs)
}
static void set_pixel_format(VncState *vs,
int bits_per_pixel, int depth,
int big_endian_flag, int true_color_flag,
int red_max, int green_max, int blue_max,
int red_shift, int green_shift, int blue_shift)
int bits_per_pixel, int depth,
int big_endian_flag, int true_color_flag,
int red_max, int green_max, int blue_max,
int red_shift, int green_shift, int blue_shift)
{
if (!true_color_flag) {
vnc_client_error(vs);
vnc_client_error(vs);
return;
}
......@@ -1606,65 +1606,65 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
switch (data[0]) {
case 0:
if (len == 1)
return 20;
set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
read_u8(data, 6), read_u8(data, 7),
read_u16(data, 8), read_u16(data, 10),
read_u16(data, 12), read_u8(data, 14),
read_u8(data, 15), read_u8(data, 16));
break;
if (len == 1)
return 20;
set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
read_u8(data, 6), read_u8(data, 7),
read_u16(data, 8), read_u16(data, 10),
read_u16(data, 12), read_u8(data, 14),
read_u8(data, 15), read_u8(data, 16));
break;
case 2:
if (len == 1)
return 4;
if (len == 1)
return 4;
if (len == 4) {
if (len == 4) {
limit = read_u16(data, 2);
if (limit > 0)
return 4 + (limit * 4);
} else
limit = read_u16(data, 2);
for (i = 0; i < limit; i++) {
int32_t val = read_s32(data, 4 + (i * 4));
memcpy(data + 4 + (i * 4), &val, sizeof(val));
}
for (i = 0; i < limit; i++) {
int32_t val = read_s32(data, 4 + (i * 4));
memcpy(data + 4 + (i * 4), &val, sizeof(val));
}
set_encodings(vs, (int32_t *)(data + 4), limit);
break;
set_encodings(vs, (int32_t *)(data + 4), limit);
break;
case 3:
if (len == 1)
return 10;
if (len == 1)
return 10;
framebuffer_update_request(vs,
read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
read_u16(data, 6), read_u16(data, 8));
break;
framebuffer_update_request(vs,
read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
read_u16(data, 6), read_u16(data, 8));
break;
case 4:
if (len == 1)
return 8;
if (len == 1)
return 8;
key_event(vs, read_u8(data, 1), read_u32(data, 4));
break;
key_event(vs, read_u8(data, 1), read_u32(data, 4));
break;
case 5:
if (len == 1)
return 6;
if (len == 1)
return 6;
pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
break;
pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
break;
case 6:
if (len == 1)
return 8;
if (len == 1)
return 8;
if (len == 8) {
if (len == 8) {
uint32_t dlen = read_u32(data, 4);
if (dlen > 0)
return 8 + dlen;
}
client_cut_text(vs, read_u32(data, 4), data + 8);
break;
client_cut_text(vs, read_u32(data, 4), data + 8);
break;
case 255:
if (len == 1)
return 2;
......@@ -1726,9 +1726,9 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
}
break;
default:
printf("Msg: %d\n", data[0]);
vnc_client_error(vs);
break;
printf("Msg: %d\n", data[0]);
vnc_client_error(vs);
break;
}
vnc_read_when(vs, protocol_client_msg, 1);
......@@ -1781,16 +1781,16 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
unsigned char key[8];
if (!vs->vd->password || !vs->vd->password[0]) {
VNC_DEBUG("No password configured on server");
vnc_write_u32(vs, 1); /* Reject auth */
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
vnc_write_u32(vs, sizeof(err));
vnc_write(vs, err, sizeof(err));
}
vnc_flush(vs);
vnc_client_error(vs);
return 0;
VNC_DEBUG("No password configured on server");
vnc_write_u32(vs, 1); /* Reject auth */
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
vnc_write_u32(vs, sizeof(err));
vnc_write(vs, err, sizeof(err));
}
vnc_flush(vs);
vnc_client_error(vs);
return 0;
}
memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
......@@ -1805,19 +1805,19 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
/* Compare expected vs actual challenge response */
if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
VNC_DEBUG("Client challenge reponse did not match\n");
vnc_write_u32(vs, 1); /* Reject auth */
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
vnc_write_u32(vs, sizeof(err));
vnc_write(vs, err, sizeof(err));
}
vnc_flush(vs);
vnc_client_error(vs);
VNC_DEBUG("Client challenge reponse did not match\n");
vnc_write_u32(vs, 1); /* Reject auth */
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
vnc_write_u32(vs, sizeof(err));
vnc_write(vs, err, sizeof(err));
}
vnc_flush(vs);
vnc_client_error(vs);
} else {
VNC_DEBUG("Accepting VNC challenge response\n");
vnc_write_u32(vs, 0); /* Accept auth */
vnc_flush(vs);
VNC_DEBUG("Accepting VNC challenge response\n");
vnc_write_u32(vs, 0); /* Accept auth */
vnc_flush(vs);
start_client_init(vs);
}
......@@ -1901,35 +1901,35 @@ static int protocol_version(VncState *vs, uint8_t *version, size_t len)
local[12] = 0;
if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
VNC_DEBUG("Malformed protocol version %s\n", local);
vnc_client_error(vs);
return 0;
VNC_DEBUG("Malformed protocol version %s\n", local);
vnc_client_error(vs);
return 0;
}
VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
if (vs->major != 3 ||
(vs->minor != 3 &&
vs->minor != 4 &&
vs->minor != 5 &&
vs->minor != 7 &&
vs->minor != 8)) {
VNC_DEBUG("Unsupported client version\n");
vnc_write_u32(vs, VNC_AUTH_INVALID);
vnc_flush(vs);
vnc_client_error(vs);
return 0;
(vs->minor != 3 &&
vs->minor != 4 &&
vs->minor != 5 &&
vs->minor != 7 &&
vs->minor != 8)) {
VNC_DEBUG("Unsupported client version\n");
vnc_write_u32(vs, VNC_AUTH_INVALID);
vnc_flush(vs);
vnc_client_error(vs);
return 0;
}
/* Some broken clients report v3.4 or v3.5, which spec requires to be treated
* as equivalent to v3.3 by servers
*/
if (vs->minor == 4 || vs->minor == 5)
vs->minor = 3;
vs->minor = 3;
if (vs->minor == 3) {
if (vs->vd->auth == VNC_AUTH_NONE) {
if (vs->vd->auth == VNC_AUTH_NONE) {
VNC_DEBUG("Tell client auth none\n");
vnc_write_u32(vs, vs->vd->auth);
vnc_flush(vs);
start_client_init(vs);
start_client_init(vs);
} else if (vs->vd->auth == VNC_AUTH_VNC) {
VNC_DEBUG("Tell client VNC auth\n");
vnc_write_u32(vs, vs->vd->auth);
......@@ -1942,11 +1942,11 @@ static int protocol_version(VncState *vs, uint8_t *version, size_t len)
vnc_client_error(vs);
}
} else {
VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
vnc_write_u8(vs, 1); /* num auth */
vnc_write_u8(vs, vs->vd->auth);
vnc_read_when(vs, protocol_client_auth, 1);
vnc_flush(vs);
VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
vnc_write_u8(vs, 1); /* num auth */
vnc_write_u8(vs, vs->vd->auth);
vnc_read_when(vs, protocol_client_auth, 1);
vnc_flush(vs);
}
return 0;
......@@ -2022,7 +2022,7 @@ void vnc_display_init(DisplayState *ds)
vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
if (!vs->kbd_layout)
exit(1);
exit(1);
dcl->dpy_copy = vnc_dpy_copy;
dcl->dpy_update = vnc_dpy_update;
......@@ -2039,13 +2039,13 @@ void vnc_display_close(DisplayState *ds)
if (!vs)
return;
if (vs->display) {
qemu_free(vs->display);
vs->display = NULL;
qemu_free(vs->display);
vs->display = NULL;
}
if (vs->lsock != -1) {
qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
close(vs->lsock);
vs->lsock = -1;
qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
close(vs->lsock);
vs->lsock = -1;
}
vs->auth = VNC_AUTH_INVALID;
#ifdef CONFIG_VNC_TLS
......@@ -2059,12 +2059,12 @@ int vnc_display_password(DisplayState *ds, const char *password)
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
if (vs->password) {
qemu_free(vs->password);
vs->password = NULL;
qemu_free(vs->password);
vs->password = NULL;
}
if (password && password[0]) {
if (!(vs->password = qemu_strdup(password)))
return -1;
if (!(vs->password = qemu_strdup(password)))
return -1;
}
return 0;
......@@ -2090,76 +2090,76 @@ int vnc_display_open(DisplayState *ds, const char *display)
return -1;
vnc_display_close(ds);
if (strcmp(display, "none") == 0)
return 0;
return 0;
if (!(vs->display = strdup(display)))
return -1;
return -1;
options = display;
while ((options = strchr(options, ','))) {
options++;
if (strncmp(options, "password", 8) == 0) {
password = 1; /* Require password auth */
} else if (strncmp(options, "reverse", 7) == 0) {
reverse = 1;
} else if (strncmp(options, "to=", 3) == 0) {
options++;
if (strncmp(options, "password", 8) == 0) {
password = 1; /* Require password auth */
} else if (strncmp(options, "reverse", 7) == 0) {
reverse = 1;
} else if (strncmp(options, "to=", 3) == 0) {
to_port = atoi(options+3) + 5900;
#ifdef CONFIG_VNC_SASL
} else if (strncmp(options, "sasl", 4) == 0) {
sasl = 1; /* Require SASL auth */
} else if (strncmp(options, "sasl", 4) == 0) {
sasl = 1; /* Require SASL auth */
#endif
#ifdef CONFIG_VNC_TLS
} else if (strncmp(options, "tls", 3) == 0) {
tls = 1; /* Require TLS */
} else if (strncmp(options, "x509", 4) == 0) {
char *start, *end;
x509 = 1; /* Require x509 certificates */
if (strncmp(options, "x509verify", 10) == 0)
vs->tls.x509verify = 1; /* ...and verify client certs */
/* Now check for 'x509=/some/path' postfix
* and use that to setup x509 certificate/key paths */
start = strchr(options, '=');
end = strchr(options, ',');
if (start && (!end || (start < end))) {
int len = end ? end-(start+1) : strlen(start+1);
char *path = qemu_strndup(start + 1, len);
VNC_DEBUG("Trying certificate path '%s'\n", path);
if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
qemu_free(path);
qemu_free(vs->display);
vs->display = NULL;
return -1;
}
qemu_free(path);
} else {
fprintf(stderr, "No certificate path provided\n");
qemu_free(vs->display);
vs->display = NULL;
return -1;
}
} else if (strncmp(options, "tls", 3) == 0) {
tls = 1; /* Require TLS */
} else if (strncmp(options, "x509", 4) == 0) {
char *start, *end;
x509 = 1; /* Require x509 certificates */
if (strncmp(options, "x509verify", 10) == 0)
vs->tls.x509verify = 1; /* ...and verify client certs */
/* Now check for 'x509=/some/path' postfix
* and use that to setup x509 certificate/key paths */
start = strchr(options, '=');
end = strchr(options, ',');
if (start && (!end || (start < end))) {
int len = end ? end-(start+1) : strlen(start+1);
char *path = qemu_strndup(start + 1, len);
VNC_DEBUG("Trying certificate path '%s'\n", path);
if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
qemu_free(path);
qemu_free(vs->display);
vs->display = NULL;
return -1;
}
qemu_free(path);
} else {
fprintf(stderr, "No certificate path provided\n");
qemu_free(vs->display);
vs->display = NULL;
return -1;
}
#endif
} else if (strncmp(options, "acl", 3) == 0) {
acl = 1;
}
} else if (strncmp(options, "acl", 3) == 0) {
acl = 1;
}
}
#ifdef CONFIG_VNC_TLS
if (acl && x509 && vs->tls.x509verify) {
if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
fprintf(stderr, "Failed to create x509 dname ACL\n");
exit(1);
}
if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
fprintf(stderr, "Failed to create x509 dname ACL\n");
exit(1);
}
}
#endif
#ifdef CONFIG_VNC_SASL
if (acl && sasl) {
if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
fprintf(stderr, "Failed to create username ACL\n");
exit(1);
}
if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
fprintf(stderr, "Failed to create username ACL\n");
exit(1);
}
}
#endif
......@@ -2181,22 +2181,22 @@ int vnc_display_open(DisplayState *ds, const char *display)
*/
if (password) {
#ifdef CONFIG_VNC_TLS
if (tls) {
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 password auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
} else {
VNC_DEBUG("Initializing VNC server with TLS password auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
}
} else {
if (tls) {
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 password auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
} else {
VNC_DEBUG("Initializing VNC server with TLS password auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
}
} else {
#endif /* CONFIG_VNC_TLS */
VNC_DEBUG("Initializing VNC server with password auth\n");
vs->auth = VNC_AUTH_VNC;
VNC_DEBUG("Initializing VNC server with password auth\n");
vs->auth = VNC_AUTH_VNC;
#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
}
vs->subauth = VNC_AUTH_INVALID;
}
#endif /* CONFIG_VNC_TLS */
#ifdef CONFIG_VNC_SASL
} else if (sasl) {
......@@ -2204,15 +2204,15 @@ int vnc_display_open(DisplayState *ds, const char *display)
if (tls) {
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
} else {
VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
}
} else {
#endif /* CONFIG_VNC_TLS */
VNC_DEBUG("Initializing VNC server with SASL auth\n");
VNC_DEBUG("Initializing VNC server with SASL auth\n");
vs->auth = VNC_AUTH_SASL;
#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
......@@ -2221,22 +2221,22 @@ int vnc_display_open(DisplayState *ds, const char *display)
#endif /* CONFIG_VNC_SASL */
} else {
#ifdef CONFIG_VNC_TLS
if (tls) {
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 no auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
} else {
VNC_DEBUG("Initializing VNC server with TLS no auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
}
} else {
if (tls) {
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 no auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
} else {
VNC_DEBUG("Initializing VNC server with TLS no auth\n");
vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
}
} else {
#endif
VNC_DEBUG("Initializing VNC server with no auth\n");
vs->auth = VNC_AUTH_NONE;
VNC_DEBUG("Initializing VNC server with no auth\n");
vs->auth = VNC_AUTH_NONE;
#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
}
vs->subauth = VNC_AUTH_INVALID;
}
#endif
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册