Blame 06-vnc-sasl.patch

Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/Makefile
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- qemu-kvm-0.10.orig/qemu/Makefile
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/Makefile
Glauber Costa 47b075
@@ -152,6 +152,9 @@ OBJS+=vnc.o d3des.o
Glauber Costa 47b075
 ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
 OBJS+=vnc-tls.o vnc-auth-vencrypt.o
Glauber Costa 47b075
 endif
Glauber Costa 47b075
+ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+OBJS+=vnc-auth-sasl.o
Glauber Costa 47b075
+endif
Glauber Costa 47b075
 
Glauber Costa 47b075
 ifdef CONFIG_COCOA
Glauber Costa 47b075
 OBJS+=cocoa.o
Glauber Costa 47b075
@@ -175,7 +178,7 @@ sdl.o: sdl.c keymaps.h sdl_keysym.h
Glauber Costa 47b075
 
Glauber Costa 47b075
 sdl.o audio/sdlaudio.o: CFLAGS += $(SDL_CFLAGS)
Glauber Costa 47b075
 
Glauber Costa 47b075
-vnc.h: vnc-tls.h vnc-auth-vencrypt.h keymaps.h
Glauber Costa 47b075
+vnc.h: vnc-tls.h vnc-auth-vencrypt.h vnc-auth-sasl.h keymaps.h
Glauber Costa 47b075
 
Glauber Costa 47b075
 vnc.o: vnc.c vnc.h vnc_keysym.h vnchextile.h d3des.c d3des.h
Glauber Costa 47b075
 
Glauber Costa 47b075
@@ -185,6 +188,8 @@ vnc-tls.o: vnc-tls.c vnc.h
Glauber Costa 47b075
 
Glauber Costa 47b075
 vnc-auth-vencrypt.o: vnc-auth-vencrypt.c vnc.h
Glauber Costa 47b075
 
Glauber Costa 47b075
+vnc-auth-sasl.o: vnc-auth-sasl.c vnc.h
Glauber Costa 47b075
+
Glauber Costa 47b075
 curses.o: curses.c keymaps.h curses_keys.h
Glauber Costa 47b075
 
Glauber Costa 47b075
 bt-host.o: CFLAGS += $(CONFIG_BLUEZ_CFLAGS)
Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/Makefile.target
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- qemu-kvm-0.10.orig/qemu/Makefile.target
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/Makefile.target
Glauber Costa 47b075
@@ -613,6 +613,11 @@ CPPFLAGS += $(CONFIG_VNC_TLS_CFLAGS)
Glauber Costa 47b075
 LIBS += $(CONFIG_VNC_TLS_LIBS)
Glauber Costa 47b075
 endif
Glauber Costa 47b075
 
Glauber Costa 47b075
+ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+CPPFLAGS += $(CONFIG_VNC_SASL_CFLAGS)
Glauber Costa 47b075
+LIBS += $(CONFIG_VNC_SASL_LIBS)
Glauber Costa 47b075
+endif
Glauber Costa 47b075
+
Glauber Costa 47b075
 ifdef CONFIG_BLUEZ
Glauber Costa 47b075
 LIBS += $(CONFIG_BLUEZ_LIBS)
Glauber Costa 47b075
 endif
Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/configure
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- qemu-kvm-0.10.orig/qemu/configure
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/configure
Glauber Costa 47b075
@@ -164,6 +164,7 @@ fmod_lib=""
Glauber Costa 47b075
 fmod_inc=""
Glauber Costa 47b075
 oss_lib=""
Glauber Costa 47b075
 vnc_tls="yes"
Glauber Costa 47b075
+vnc_sasl="yes"
Glauber Costa 47b075
 bsd="no"
Glauber Costa 47b075
 linux="no"
Glauber Costa 47b075
 solaris="no"
Glauber Costa 47b075
@@ -404,6 +405,8 @@ for opt do
Glauber Costa 47b075
   ;;
Glauber Costa 47b075
   --disable-vnc-tls) vnc_tls="no"
Glauber Costa 47b075
   ;;
Glauber Costa 47b075
+  --disable-vnc-sasl) vnc_sasl="no"
Glauber Costa 47b075
+  ;;
Glauber Costa 47b075
   --disable-slirp) slirp="no"
Glauber Costa 47b075
   ;;
Glauber Costa 47b075
   --disable-vde) vde="no"
Glauber Costa 47b075
@@ -563,6 +566,7 @@ echo "                           Availab
Glauber Costa 47b075
 echo "  --enable-mixemu          enable mixer emulation"
Glauber Costa 47b075
 echo "  --disable-brlapi         disable BrlAPI"
Glauber Costa 47b075
 echo "  --disable-vnc-tls        disable TLS encryption for VNC server"
Glauber Costa 47b075
+echo "  --disable-vnc-sasl       disable SASL encryption for VNC server"
Glauber Costa 47b075
 echo "  --disable-curses         disable curses output"
Glauber Costa 47b075
 echo "  --disable-bluez          disable bluez stack connectivity"
Glauber Costa 47b075
 echo "  --disable-kvm            disable KVM acceleration support"
Glauber Costa 47b075
@@ -890,6 +894,25 @@ EOF
Glauber Costa 47b075
 fi
Glauber Costa 47b075
 
Glauber Costa 47b075
 ##########################################
Glauber Costa 47b075
+# VNC SASL detection
Glauber Costa 47b075
+if test "$vnc_sasl" = "yes" ; then
Glauber Costa 47b075
+cat > $TMPC <
Glauber Costa 47b075
+#include <sasl/sasl.h>
Glauber Costa 47b075
+#include <stdio.h>
Glauber Costa 47b075
+int main(void) { sasl_server_init(NULL, "qemu"); return 0; }
Glauber Costa 47b075
+EOF
Glauber Costa 47b075
+    # Assuming Cyrus-SASL installed in /usr prefix
Glauber Costa 47b075
+    vnc_sasl_cflags=""
Glauber Costa 47b075
+    vnc_sasl_libs="-lsasl2"
Glauber Costa 47b075
+    if $cc $ARCH_CFLAGS -o $TMPE ${OS_CFLAGS} $vnc_sasl_cflags $TMPC \
Glauber Costa 47b075
+           $vnc_sasl_libs 2> /dev/null ; then
Glauber Costa 47b075
+	:
Glauber Costa 47b075
+    else
Glauber Costa 47b075
+	vnc_sasl="no"
Glauber Costa 47b075
+    fi
Glauber Costa 47b075
+fi
Glauber Costa 47b075
+
Glauber Costa 47b075
+##########################################
Glauber Costa 47b075
 # vde libraries probe
Glauber Costa 47b075
 if test "$vde" = "yes" ; then
Glauber Costa 47b075
   cat > $TMPC << EOF
Glauber Costa 47b075
@@ -1224,6 +1247,11 @@ if test "$vnc_tls" = "yes" ; then
Glauber Costa 47b075
     echo "    TLS CFLAGS    $vnc_tls_cflags"
Glauber Costa 47b075
     echo "    TLS LIBS      $vnc_tls_libs"
Glauber Costa 47b075
 fi
Glauber Costa 47b075
+echo "VNC SASL support  $vnc_sasl"
Glauber Costa 47b075
+if test "$vnc_sasl" = "yes" ; then
Glauber Costa 47b075
+    echo "    SASL CFLAGS    $vnc_sasl_cflags"
Glauber Costa 47b075
+    echo "    SASL LIBS      $vnc_sasl_libs"
Glauber Costa 47b075
+fi
Glauber Costa 47b075
 if test -n "$sparc_cpu"; then
Glauber Costa 47b075
     echo "Target Sparc Arch $sparc_cpu"
Glauber Costa 47b075
 fi
Glauber Costa 47b075
@@ -1467,6 +1495,12 @@ if test "$vnc_tls" = "yes" ; then
Glauber Costa 47b075
   echo "CONFIG_VNC_TLS_LIBS=$vnc_tls_libs" >> $config_mak
Glauber Costa 47b075
   echo "#define CONFIG_VNC_TLS 1" >> $config_h
Glauber Costa 47b075
 fi
Glauber Costa 47b075
+if test "$vnc_sasl" = "yes" ; then
Glauber Costa 47b075
+  echo "CONFIG_VNC_SASL=yes" >> $config_mak
Glauber Costa 47b075
+  echo "CONFIG_VNC_SASL_CFLAGS=$vnc_sasl_cflags" >> $config_mak
Glauber Costa 47b075
+  echo "CONFIG_VNC_SASL_LIBS=$vnc_sasl_libs" >> $config_mak
Glauber Costa 47b075
+  echo "#define CONFIG_VNC_SASL 1" >> $config_h
Glauber Costa 47b075
+fi
Glauber Costa 47b075
 qemu_version=`head $source_path/VERSION`
Glauber Costa 47b075
 echo "VERSION=$qemu_version" >>$config_mak
Glauber Costa 47b075
 echo "#define QEMU_VERSION \"$qemu_version\"" >> $config_h
Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/qemu-doc.texi
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- qemu-kvm-0.10.orig/qemu/qemu-doc.texi
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/qemu-doc.texi
Glauber Costa 47b075
@@ -624,6 +624,21 @@ path following this option specifies whe
Glauber Costa 47b075
 be loaded from. See the @ref{vnc_security} section for details on generating
Glauber Costa 47b075
 certificates.
Glauber Costa 47b075
 
Glauber Costa 47b075
+@item sasl
Glauber Costa 47b075
+
Glauber Costa 47b075
+Require that the client use SASL to authenticate with the VNC server.
Glauber Costa 47b075
+The exact choice of authentication method used is controlled from the
Glauber Costa 47b075
+system / user's SASL configuration file for the 'qemu' service. This
Glauber Costa 47b075
+is typically found in /etc/sasl2/qemu.conf. If running QEMU as an
Glauber Costa 47b075
+unprivileged user, an environment variable SASL_CONF_PATH can be used
Glauber Costa 47b075
+to make it search alternate locations for the service config.
Glauber Costa 47b075
+While some SASL auth methods can also provide data encryption (eg GSSAPI),
Glauber Costa 47b075
+it is recommended that SASL always be combined with the 'tls' and
Glauber Costa 47b075
+'x509' settings to enable use of SSL and server certificates. This
Glauber Costa 47b075
+ensures a data encryption preventing compromise of authentication
Glauber Costa 47b075
+credentials. See the @ref{vnc_security} section for details on using
Glauber Costa 47b075
+SASL authentication.
Glauber Costa 47b075
+
Glauber Costa 47b075
 @end table
Glauber Costa 47b075
 
Glauber Costa 47b075
 @end table
Glauber Costa 47b075
@@ -2069,7 +2084,10 @@ considerations depending on the deployme
Glauber Costa 47b075
 * vnc_sec_certificate::
Glauber Costa 47b075
 * vnc_sec_certificate_verify::
Glauber Costa 47b075
 * vnc_sec_certificate_pw::
Glauber Costa 47b075
+* vnc_sec_sasl::
Glauber Costa 47b075
+* vnc_sec_certificate_sasl::
Glauber Costa 47b075
 * vnc_generate_cert::
Glauber Costa 47b075
+* vnc_setup_sasl::
Glauber Costa 47b075
 @end menu
Glauber Costa 47b075
 @node vnc_sec_none
Glauber Costa 47b075
 @subsection Without passwords
Glauber Costa 47b075
@@ -2152,6 +2170,41 @@ Password: ********
Glauber Costa 47b075
 (qemu)
Glauber Costa 47b075
 @end example
Glauber Costa 47b075
 
Glauber Costa 47b075
+
Glauber Costa 47b075
+@node vnc_sec_sasl
Glauber Costa 47b075
+@subsection With SASL authentication
Glauber Costa 47b075
+
Glauber Costa 47b075
+The SASL authentication method is a VNC extension, that provides an
Glauber Costa 47b075
+easily extendable, pluggable authentication method. This allows for
Glauber Costa 47b075
+integration with a wide range of authentication mechanisms, such as
Glauber Costa 47b075
+PAM, GSSAPI/Kerberos, LDAP, SQL databases, one-time keys and more.
Glauber Costa 47b075
+The strength of the authentication depends on the exact mechanism
Glauber Costa 47b075
+configured. If the chosen mechanism also provides a SSF layer, then
Glauber Costa 47b075
+it will encrypt the datastream as well.
Glauber Costa 47b075
+
Glauber Costa 47b075
+Refer to the later docs on how to choose the exact SASL mechanism
Glauber Costa 47b075
+used for authentication, but assuming use of one supporting SSF,
Glauber Costa 47b075
+then QEMU can be launched with:
Glauber Costa 47b075
+
Glauber Costa 47b075
+@example
Glauber Costa 47b075
+qemu [...OPTIONS...] -vnc :1,sasl -monitor stdio
Glauber Costa 47b075
+@end example
Glauber Costa 47b075
+
Glauber Costa 47b075
+@node vnc_sec_certificate_sasl
Glauber Costa 47b075
+@subsection With x509 certificates and SASL authentication
Glauber Costa 47b075
+
Glauber Costa 47b075
+If the desired SASL authentication mechanism does not supported
Glauber Costa 47b075
+SSF layers, then it is strongly advised to run it in combination
Glauber Costa 47b075
+with TLS and x509 certificates. This provides securely encrypted
Glauber Costa 47b075
+data stream, avoiding risk of compromising of the security
Glauber Costa 47b075
+credentials. This can be enabled, by combining the 'sasl' option
Glauber Costa 47b075
+with the aforementioned TLS + x509 options:
Glauber Costa 47b075
+
Glauber Costa 47b075
+@example
Glauber Costa 47b075
+qemu [...OPTIONS...] -vnc :1,tls,x509,sasl -monitor stdio
Glauber Costa 47b075
+@end example
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
 @node vnc_generate_cert
Glauber Costa 47b075
 @subsection Generating certificates for VNC
Glauber Costa 47b075
 
Glauber Costa 47b075
@@ -2263,6 +2316,50 @@ EOF
Glauber Costa 47b075
 The @code{client-key.pem} and @code{client-cert.pem} files should now be securely
Glauber Costa 47b075
 copied to the client for which they were generated.
Glauber Costa 47b075
 
Glauber Costa 47b075
+
Glauber Costa 47b075
+@node vnc_setup_sasl
Glauber Costa 47b075
+
Glauber Costa 47b075
+@subsection Configuring SASL mechanisms
Glauber Costa 47b075
+
Glauber Costa 47b075
+The following documentation assumes use of the Cyrus SASL implementation on a
Glauber Costa 47b075
+Linux host, but the principals should apply to any other SASL impl. When SASL
Glauber Costa 47b075
+is enabled, the mechanism configuration will be loaded from system default
Glauber Costa 47b075
+SASL service config /etc/sasl2/qemu.conf. If running QEMU as an
Glauber Costa 47b075
+unprivileged user, an environment variable SASL_CONF_PATH can be used
Glauber Costa 47b075
+to make it search alternate locations for the service config.
Glauber Costa 47b075
+
Glauber Costa 47b075
+The default configuration might contain
Glauber Costa 47b075
+
Glauber Costa 47b075
+@example
Glauber Costa 47b075
+mech_list: digest-md5
Glauber Costa 47b075
+sasldb_path: /etc/qemu/passwd.db
Glauber Costa 47b075
+@end example
Glauber Costa 47b075
+
Glauber Costa 47b075
+This says to use the 'Digest MD5' mechanism, which is similar to the HTTP
Glauber Costa 47b075
+Digest-MD5 mechanism. The list of valid usernames & passwords is maintained
Glauber Costa 47b075
+in the /etc/qemu/passwd.db file, and can be updated using the saslpasswd2
Glauber Costa 47b075
+command. While this mechanism is easy to configure and use, it is not
Glauber Costa 47b075
+considered secure by modern standards, so only suitable for developers /
Glauber Costa 47b075
+ad-hoc testing.
Glauber Costa 47b075
+
Glauber Costa 47b075
+A more serious deployment might use Kerberos, which is done with the 'gssapi'
Glauber Costa 47b075
+mechanism
Glauber Costa 47b075
+
Glauber Costa 47b075
+@example
Glauber Costa 47b075
+mech_list: gssapi
Glauber Costa 47b075
+keytab: /etc/qemu/krb5.tab
Glauber Costa 47b075
+@end example
Glauber Costa 47b075
+
Glauber Costa 47b075
+For this to work the administrator of your KDC must generate a Kerberos
Glauber Costa 47b075
+principal for the server, with a name of  'qemu/somehost.example.com@@EXAMPLE.COM'
Glauber Costa 47b075
+replacing 'somehost.example.com' with the fully qualified host name of the
Glauber Costa 47b075
+machine running QEMU, and 'EXAMPLE.COM' with the Keberos Realm.
Glauber Costa 47b075
+
Glauber Costa 47b075
+Other configurations will be left as an exercise for the reader. It should
Glauber Costa 47b075
+be noted that only Digest-MD5 and GSSAPI provides a SSF layer for data
Glauber Costa 47b075
+encryption. For all other mechanisms, VNC should always be configured to
Glauber Costa 47b075
+use TLS and x509 certificates to protect security credentials from snooping.
Glauber Costa 47b075
+
Glauber Costa 47b075
 @node gdb_usage
Glauber Costa 47b075
 @section GDB usage
Glauber Costa 47b075
 
Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/qemu.sasl
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- /dev/null
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/qemu.sasl
Glauber Costa 47b075
@@ -0,0 +1,34 @@
Glauber Costa 47b075
+# If you want to use the non-TLS socket, then you *must* include
Glauber Costa 47b075
+# the GSSAPI or DIGEST-MD5 mechanisms, because they are the only
Glauber Costa 47b075
+# ones that can offer session encryption as well as authentication.
Glauber Costa 47b075
+#
Glauber Costa 47b075
+# If you're only using TLS, then you can turn on any mechanisms
Glauber Costa 47b075
+# you like for authentication, because TLS provides the encryption
Glauber Costa 47b075
+#
Glauber Costa 47b075
+# Default to a simple username+password mechanism
Glauber Costa 47b075
+# NB digest-md5 is no longer considered secure by current standards
Glauber Costa 47b075
+mech_list: digest-md5
Glauber Costa 47b075
+
Glauber Costa 47b075
+# Before you can use GSSAPI, you need a service principle on the
Glauber Costa 47b075
+# KDC server for libvirt, and that to be exported to the keytab
Glauber Costa 47b075
+# file listed below
Glauber Costa 47b075
+#mech_list: gssapi
Glauber Costa 47b075
+#
Glauber Costa 47b075
+# You can also list many mechanisms at once, then the user can choose
Glauber Costa 47b075
+# by adding  '?auth=sasl.gssapi' to their libvirt URI, eg
Glauber Costa 47b075
+#   qemu+tcp://hostname/system?auth=sasl.gssapi
Glauber Costa 47b075
+#mech_list: digest-md5 gssapi
Glauber Costa 47b075
+
Glauber Costa 47b075
+# Some older builds of MIT kerberos on Linux ignore this option &
Glauber Costa 47b075
+# instead need KRB5_KTNAME env var.
Glauber Costa 47b075
+# For modern Linux, and other OS, this should be sufficient
Glauber Costa 47b075
+keytab: /etc/qemu/krb5.tab
Glauber Costa 47b075
+
Glauber Costa 47b075
+# If using digest-md5 for username/passwds, then this is the file
Glauber Costa 47b075
+# containing the passwds. Use 'saslpasswd2 -a qemu [username]'
Glauber Costa 47b075
+# to add entries, and 'sasldblistusers2 -a qemu' to browse it
Glauber Costa 47b075
+sasldb_path: /etc/qemu/passwd.db
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+auxprop_plugin: sasldb
Glauber Costa 47b075
+
Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.c
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- /dev/null
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/vnc-auth-sasl.c
Glauber Costa 47b075
@@ -0,0 +1,626 @@
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * QEMU VNC display driver: SASL auth protocol
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Copyright (C) 2009 Red Hat, Inc
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
Glauber Costa 47b075
+ * of this software and associated documentation files (the "Software"), to deal
Glauber Costa 47b075
+ * in the Software without restriction, including without limitation the rights
Glauber Costa 47b075
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
Glauber Costa 47b075
+ * copies of the Software, and to permit persons to whom the Software is
Glauber Costa 47b075
+ * furnished to do so, subject to the following conditions:
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * The above copyright notice and this permission notice shall be included in
Glauber Costa 47b075
+ * all copies or substantial portions of the Software.
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
Glauber Costa 47b075
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
Glauber Costa 47b075
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
Glauber Costa 47b075
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
Glauber Costa 47b075
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
Glauber Costa 47b075
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
Glauber Costa 47b075
+ * THE SOFTWARE.
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+
Glauber Costa 47b075
+#include "vnc.h"
Glauber Costa 47b075
+
Glauber Costa 47b075
+/* Max amount of data we send/recv for SASL steps to prevent DOS */
Glauber Costa 47b075
+#define SASL_DATA_MAX_LEN (1024 * 1024)
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+void vnc_sasl_client_cleanup(VncState *vs)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    if (vs->sasl.conn) {
Glauber Costa 47b075
+	vs->sasl.runSSF = vs->sasl.waitWriteSSF = vs->sasl.wantSSF = 0;
Glauber Costa 47b075
+	vs->sasl.encodedLength = vs->sasl.encodedOffset = 0;
Glauber Costa 47b075
+	vs->sasl.encoded = NULL;
Glauber Costa 47b075
+	free(vs->sasl.username);
Glauber Costa 47b075
+	free(vs->sasl.mechlist);
Glauber Costa 47b075
+	vs->sasl.username = vs->sasl.mechlist = NULL;
Glauber Costa 47b075
+	sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	vs->sasl.conn = NULL;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+long vnc_client_write_sasl(VncState *vs)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    long ret;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    VNC_DEBUG("Write SASL: Pending output %p size %d offset %d Encoded: %p size %d offset %d\n",
Glauber Costa 47b075
+	      vs->output.buffer, vs->output.capacity, vs->output.offset,
Glauber Costa 47b075
+	      vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (!vs->sasl.encoded) {
Glauber Costa 47b075
+	int err;
Glauber Costa 47b075
+	err = sasl_encode(vs->sasl.conn,
Glauber Costa 47b075
+			  (char *)vs->output.buffer,
Glauber Costa 47b075
+			  vs->output.offset,
Glauber Costa 47b075
+			  (const char **)&vs->sasl.encoded,
Glauber Costa 47b075
+			  &vs->sasl.encodedLength);
Glauber Costa 47b075
+	if (err != SASL_OK)
Glauber Costa 47b075
+	    return vnc_client_io_error(vs, -1, EIO);
Glauber Costa 47b075
+
Glauber Costa 47b075
+	vs->sasl.encodedOffset = 0;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    ret = vnc_client_write_buf(vs,
Glauber Costa 47b075
+			       vs->sasl.encoded + vs->sasl.encodedOffset,
Glauber Costa 47b075
+			       vs->sasl.encodedLength - vs->sasl.encodedOffset);
Glauber Costa 47b075
+    if (!ret)
Glauber Costa 47b075
+	return 0;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    vs->sasl.encodedOffset += ret;
Glauber Costa 47b075
+    if (vs->sasl.encodedOffset == vs->sasl.encodedLength) {
Glauber Costa 47b075
+	vs->output.offset = 0;
Glauber Costa 47b075
+	vs->sasl.encoded = NULL;
Glauber Costa 47b075
+	vs->sasl.encodedOffset = vs->sasl.encodedLength = 0;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    /* Can't merge this block with one above, because
Glauber Costa 47b075
+     * someone might have written more unencrypted
Glauber Costa 47b075
+     * data in vs->output while we were processing
Glauber Costa 47b075
+     * SASL encoded output
Glauber Costa 47b075
+     */
Glauber Costa 47b075
+    if (vs->output.offset == 0) {
Glauber Costa 47b075
+	qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    return ret;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+long vnc_client_read_sasl(VncState *vs)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    long ret;
Glauber Costa 47b075
+    uint8_t encoded[4096];
Glauber Costa 47b075
+    const char *decoded;
Glauber Costa 47b075
+    unsigned int decodedLen;
Glauber Costa 47b075
+    int err;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    ret = vnc_client_read_buf(vs, encoded, sizeof(encoded));
Glauber Costa 47b075
+    if (!ret)
Glauber Costa 47b075
+	return 0;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    err = sasl_decode(vs->sasl.conn,
Glauber Costa 47b075
+		      (char *)encoded, ret,
Glauber Costa 47b075
+		      &decoded, &decodedLen);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (err != SASL_OK)
Glauber Costa 47b075
+	return vnc_client_io_error(vs, -1, -EIO);
Glauber Costa 47b075
+    VNC_DEBUG("Read SASL Encoded %p size %ld Decoded %p size %d\n",
Glauber Costa 47b075
+	      encoded, ret, decoded, decodedLen);
Glauber Costa 47b075
+    buffer_reserve(&vs->input, decodedLen);
Glauber Costa 47b075
+    buffer_append(&vs->input, decoded, decodedLen);
Glauber Costa 47b075
+    return decodedLen;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+static int vnc_auth_sasl_check_access(VncState *vs)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    const void *val;
Glauber Costa 47b075
+    int err;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val;;
Glauber Costa 47b075
+    if (err != SASL_OK) {
Glauber Costa 47b075
+	VNC_DEBUG("cannot query SASL username on connection %d (%s)\n",
Glauber Costa 47b075
+		  err, sasl_errstring(err, NULL, NULL));
Glauber Costa 47b075
+	return -1;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+    if (val == NULL) {
Glauber Costa 47b075
+	VNC_DEBUG("no client username was found\n");
Glauber Costa 47b075
+	return -1;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+    VNC_DEBUG("SASL client username %s\n", (const char *)val);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    vs->sasl.username = qemu_strdup((const char*)val);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    return 0;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+static int vnc_auth_sasl_check_ssf(VncState *vs)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    const void *val;
Glauber Costa 47b075
+    int err, ssf;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (!vs->sasl.wantSSF)
Glauber Costa 47b075
+	return 1;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    err = sasl_getprop(vs->sasl.conn, SASL_SSF, &val;;
Glauber Costa 47b075
+    if (err != SASL_OK)
Glauber Costa 47b075
+	return 0;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    ssf = *(const int *)val;
Glauber Costa 47b075
+    VNC_DEBUG("negotiated an SSF of %d\n", ssf);
Glauber Costa 47b075
+    if (ssf < 56)
Glauber Costa 47b075
+	return 0; /* 56 is good for Kerberos */
Glauber Costa 47b075
+
Glauber Costa 47b075
+    /* Only setup for read initially, because we're about to send an RPC
Glauber Costa 47b075
+     * reply which must be in plain text. When the next incoming RPC
Glauber Costa 47b075
+     * arrives, we'll switch on writes too
Glauber Costa 47b075
+     *
Glauber Costa 47b075
+     * cf qemudClientReadSASL  in qemud.c
Glauber Costa 47b075
+     */
Glauber Costa 47b075
+    vs->sasl.runSSF = 1;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    /* We have a SSF that's good enough */
Glauber Costa 47b075
+    return 1;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * Step Msg
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Input from client:
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * u32 clientin-length
Glauber Costa 47b075
+ * u8-array clientin-string
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Output to client:
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * u32 serverout-length
Glauber Costa 47b075
+ * u8-array serverout-strin
Glauber Costa 47b075
+ * u8 continue
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+
Glauber Costa 47b075
+static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len);
Glauber Costa 47b075
+
Glauber Costa 47b075
+static int protocol_client_auth_sasl_step(VncState *vs, uint8_t *data, size_t len)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    uint32_t datalen = len;
Glauber Costa 47b075
+    const char *serverout;
Glauber Costa 47b075
+    unsigned int serveroutlen;
Glauber Costa 47b075
+    int err;
Glauber Costa 47b075
+    char *clientdata = NULL;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    /* NB, distinction of NULL vs "" is *critical* in SASL */
Glauber Costa 47b075
+    if (datalen) {
Glauber Costa 47b075
+	clientdata = (char*)data;
Glauber Costa 47b075
+	clientdata[datalen-1] = '\0'; /* Wire includes '\0', but make sure */
Glauber Costa 47b075
+	datalen--; /* Don't count NULL byte when passing to _start() */
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    VNC_DEBUG("Step using SASL Data %p (%d bytes)\n",
Glauber Costa 47b075
+	      clientdata, datalen);
Glauber Costa 47b075
+    err = sasl_server_step(vs->sasl.conn,
Glauber Costa 47b075
+			   clientdata,
Glauber Costa 47b075
+			   datalen,
Glauber Costa 47b075
+			   &serverout,
Glauber Costa 47b075
+			   &serveroutlen);
Glauber Costa 47b075
+    if (err != SASL_OK &&
Glauber Costa 47b075
+	err != SASL_CONTINUE) {
Glauber Costa 47b075
+	VNC_DEBUG("sasl step failed %d (%s)\n",
Glauber Costa 47b075
+		  err, sasl_errdetail(vs->sasl.conn));
Glauber Costa 47b075
+	sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	vs->sasl.conn = NULL;
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (serveroutlen > SASL_DATA_MAX_LEN) {
Glauber Costa 47b075
+	VNC_DEBUG("sasl step reply data too long %d\n",
Glauber Costa 47b075
+		  serveroutlen);
Glauber Costa 47b075
+	sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	vs->sasl.conn = NULL;
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    VNC_DEBUG("SASL return data %d bytes, nil; %d\n",
Glauber Costa 47b075
+	      serveroutlen, serverout ? 0 : 1);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (serveroutlen) {
Glauber Costa 47b075
+	vnc_write_u32(vs, serveroutlen + 1);
Glauber Costa 47b075
+	vnc_write(vs, serverout, serveroutlen + 1);
Glauber Costa 47b075
+    } else {
Glauber Costa 47b075
+	vnc_write_u32(vs, 0);
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    /* Whether auth is complete */
Glauber Costa 47b075
+    vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (err == SASL_CONTINUE) {
Glauber Costa 47b075
+	VNC_DEBUG("%s", "Authentication must continue\n");
Glauber Costa 47b075
+	/* Wait for step length */
Glauber Costa 47b075
+	vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
Glauber Costa 47b075
+    } else {
Glauber Costa 47b075
+	if (!vnc_auth_sasl_check_ssf(vs)) {
Glauber Costa 47b075
+	    VNC_DEBUG("Authentication rejected for weak SSF %d\n", vs->csock);
Glauber Costa 47b075
+	    goto authreject;
Glauber Costa 47b075
+	}
Glauber Costa 47b075
+
Glauber Costa 47b075
+	/* Check username whitelist ACL */
Glauber Costa 47b075
+	if (vnc_auth_sasl_check_access(vs) < 0) {
Glauber Costa 47b075
+	    VNC_DEBUG("Authentication rejected for ACL %d\n", vs->csock);
Glauber Costa 47b075
+	    goto authreject;
Glauber Costa 47b075
+	}
Glauber Costa 47b075
+
Glauber Costa 47b075
+	VNC_DEBUG("Authentication successful %d\n", vs->csock);
Glauber Costa 47b075
+	vnc_write_u32(vs, 0); /* Accept auth */
Glauber Costa 47b075
+	/*
Glauber Costa 47b075
+	 * Delay writing in SSF encoded mode until pending output
Glauber Costa 47b075
+	 * buffer is written
Glauber Costa 47b075
+	 */
Glauber Costa 47b075
+	if (vs->sasl.runSSF)
Glauber Costa 47b075
+	    vs->sasl.waitWriteSSF = vs->output.offset;
Glauber Costa 47b075
+	start_client_init(vs);
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    return 0;
Glauber Costa 47b075
+
Glauber Costa 47b075
+ authreject:
Glauber Costa 47b075
+    vnc_write_u32(vs, 1); /* Reject auth */
Glauber Costa 47b075
+    vnc_write_u32(vs, sizeof("Authentication failed"));
Glauber Costa 47b075
+    vnc_write(vs, "Authentication failed", sizeof("Authentication failed"));
Glauber Costa 47b075
+    vnc_flush(vs);
Glauber Costa 47b075
+    vnc_client_error(vs);
Glauber Costa 47b075
+    return -1;
Glauber Costa 47b075
+
Glauber Costa 47b075
+ authabort:
Glauber Costa 47b075
+    vnc_client_error(vs);
Glauber Costa 47b075
+    return -1;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    uint32_t steplen = read_u32(data, 0);
Glauber Costa 47b075
+    VNC_DEBUG("Got client step len %d\n", steplen);
Glauber Costa 47b075
+    if (steplen > SASL_DATA_MAX_LEN) {
Glauber Costa 47b075
+	VNC_DEBUG("Too much SASL data %d\n", steplen);
Glauber Costa 47b075
+	vnc_client_error(vs);
Glauber Costa 47b075
+	return -1;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (steplen == 0)
Glauber Costa 47b075
+	return protocol_client_auth_sasl_step(vs, NULL, 0);
Glauber Costa 47b075
+    else
Glauber Costa 47b075
+	vnc_read_when(vs, protocol_client_auth_sasl_step, steplen);
Glauber Costa 47b075
+    return 0;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * Start Msg
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Input from client:
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * u32 clientin-length
Glauber Costa 47b075
+ * u8-array clientin-string
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Output to client:
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * u32 serverout-length
Glauber Costa 47b075
+ * u8-array serverout-strin
Glauber Costa 47b075
+ * u8 continue
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+
Glauber Costa 47b075
+#define SASL_DATA_MAX_LEN (1024 * 1024)
Glauber Costa 47b075
+
Glauber Costa 47b075
+static int protocol_client_auth_sasl_start(VncState *vs, uint8_t *data, size_t len)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    uint32_t datalen = len;
Glauber Costa 47b075
+    const char *serverout;
Glauber Costa 47b075
+    unsigned int serveroutlen;
Glauber Costa 47b075
+    int err;
Glauber Costa 47b075
+    char *clientdata = NULL;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    /* NB, distinction of NULL vs "" is *critical* in SASL */
Glauber Costa 47b075
+    if (datalen) {
Glauber Costa 47b075
+	clientdata = (char*)data;
Glauber Costa 47b075
+	clientdata[datalen-1] = '\0'; /* Should be on wire, but make sure */
Glauber Costa 47b075
+	datalen--; /* Don't count NULL byte when passing to _start() */
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    VNC_DEBUG("Start SASL auth with mechanism %s. Data %p (%d bytes)\n",
Glauber Costa 47b075
+	      vs->sasl.mechlist, clientdata, datalen);
Glauber Costa 47b075
+    err = sasl_server_start(vs->sasl.conn,
Glauber Costa 47b075
+			    vs->sasl.mechlist,
Glauber Costa 47b075
+			    clientdata,
Glauber Costa 47b075
+			    datalen,
Glauber Costa 47b075
+			    &serverout,
Glauber Costa 47b075
+			    &serveroutlen);
Glauber Costa 47b075
+    if (err != SASL_OK &&
Glauber Costa 47b075
+	err != SASL_CONTINUE) {
Glauber Costa 47b075
+	VNC_DEBUG("sasl start failed %d (%s)\n",
Glauber Costa 47b075
+		  err, sasl_errdetail(vs->sasl.conn));
Glauber Costa 47b075
+	sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	vs->sasl.conn = NULL;
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+    if (serveroutlen > SASL_DATA_MAX_LEN) {
Glauber Costa 47b075
+	VNC_DEBUG("sasl start reply data too long %d\n",
Glauber Costa 47b075
+		  serveroutlen);
Glauber Costa 47b075
+	sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	vs->sasl.conn = NULL;
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    VNC_DEBUG("SASL return data %d bytes, nil; %d\n",
Glauber Costa 47b075
+	      serveroutlen, serverout ? 0 : 1);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (serveroutlen) {
Glauber Costa 47b075
+	vnc_write_u32(vs, serveroutlen + 1);
Glauber Costa 47b075
+	vnc_write(vs, serverout, serveroutlen + 1);
Glauber Costa 47b075
+    } else {
Glauber Costa 47b075
+	vnc_write_u32(vs, 0);
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    /* Whether auth is complete */
Glauber Costa 47b075
+    vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (err == SASL_CONTINUE) {
Glauber Costa 47b075
+	VNC_DEBUG("%s", "Authentication must continue\n");
Glauber Costa 47b075
+	/* Wait for step length */
Glauber Costa 47b075
+	vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
Glauber Costa 47b075
+    } else {
Glauber Costa 47b075
+	if (!vnc_auth_sasl_check_ssf(vs)) {
Glauber Costa 47b075
+	    VNC_DEBUG("Authentication rejected for weak SSF %d\n", vs->csock);
Glauber Costa 47b075
+	    goto authreject;
Glauber Costa 47b075
+	}
Glauber Costa 47b075
+
Glauber Costa 47b075
+	/* Check username whitelist ACL */
Glauber Costa 47b075
+	if (vnc_auth_sasl_check_access(vs) < 0) {
Glauber Costa 47b075
+	    VNC_DEBUG("Authentication rejected for ACL %d\n", vs->csock);
Glauber Costa 47b075
+	    goto authreject;
Glauber Costa 47b075
+	}
Glauber Costa 47b075
+
Glauber Costa 47b075
+	VNC_DEBUG("Authentication successful %d\n", vs->csock);
Glauber Costa 47b075
+	vnc_write_u32(vs, 0); /* Accept auth */
Glauber Costa 47b075
+	start_client_init(vs);
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    return 0;
Glauber Costa 47b075
+
Glauber Costa 47b075
+ authreject:
Glauber Costa 47b075
+    vnc_write_u32(vs, 1); /* Reject auth */
Glauber Costa 47b075
+    vnc_write_u32(vs, sizeof("Authentication failed"));
Glauber Costa 47b075
+    vnc_write(vs, "Authentication failed", sizeof("Authentication failed"));
Glauber Costa 47b075
+    vnc_flush(vs);
Glauber Costa 47b075
+    vnc_client_error(vs);
Glauber Costa 47b075
+    return -1;
Glauber Costa 47b075
+
Glauber Costa 47b075
+ authabort:
Glauber Costa 47b075
+    vnc_client_error(vs);
Glauber Costa 47b075
+    return -1;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+static int protocol_client_auth_sasl_start_len(VncState *vs, uint8_t *data, size_t len)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    uint32_t startlen = read_u32(data, 0);
Glauber Costa 47b075
+    VNC_DEBUG("Got client start len %d\n", startlen);
Glauber Costa 47b075
+    if (startlen > SASL_DATA_MAX_LEN) {
Glauber Costa 47b075
+	VNC_DEBUG("Too much SASL data %d\n", startlen);
Glauber Costa 47b075
+	vnc_client_error(vs);
Glauber Costa 47b075
+	return -1;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (startlen == 0)
Glauber Costa 47b075
+	return protocol_client_auth_sasl_start(vs, NULL, 0);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    vnc_read_when(vs, protocol_client_auth_sasl_start, startlen);
Glauber Costa 47b075
+    return 0;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+static int protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_t len)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    char *mechname = malloc(len + 1);
Glauber Costa 47b075
+    if (!mechname) {
Glauber Costa 47b075
+	VNC_DEBUG("Out of memory reading mechname\n");
Glauber Costa 47b075
+	vnc_client_error(vs);
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+    strncpy(mechname, (char*)data, len);
Glauber Costa 47b075
+    mechname[len] = '\0';
Glauber Costa 47b075
+    VNC_DEBUG("Got client mechname '%s' check against '%s'\n",
Glauber Costa 47b075
+	      mechname, vs->sasl.mechlist);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (strncmp(vs->sasl.mechlist, mechname, len) == 0) {
Glauber Costa 47b075
+	if (vs->sasl.mechlist[len] != '\0' &&
Glauber Costa 47b075
+	    vs->sasl.mechlist[len] != ',') {
Glauber Costa 47b075
+	    VNC_DEBUG("One %d", vs->sasl.mechlist[len]);
Glauber Costa 47b075
+	    vnc_client_error(vs);
Glauber Costa 47b075
+	    return -1;
Glauber Costa 47b075
+	}
Glauber Costa 47b075
+    } else {
Glauber Costa 47b075
+	char *offset = strstr(vs->sasl.mechlist, mechname);
Glauber Costa 47b075
+	VNC_DEBUG("Two %p\n", offset);
Glauber Costa 47b075
+	if (!offset) {
Glauber Costa 47b075
+	    vnc_client_error(vs);
Glauber Costa 47b075
+	    return -1;
Glauber Costa 47b075
+	}
Glauber Costa 47b075
+	VNC_DEBUG("Two '%s'\n", offset);
Glauber Costa 47b075
+	if (offset[-1] != ',' ||
Glauber Costa 47b075
+	    (offset[len] != '\0'&&
Glauber Costa 47b075
+	     offset[len] != ',')) {
Glauber Costa 47b075
+	    vnc_client_error(vs);
Glauber Costa 47b075
+	    return -1;
Glauber Costa 47b075
+	}
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    free(vs->sasl.mechlist);
Glauber Costa 47b075
+    vs->sasl.mechlist = mechname;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    VNC_DEBUG("Validated mechname '%s'\n", mechname);
Glauber Costa 47b075
+    vnc_read_when(vs, protocol_client_auth_sasl_start_len, 4);
Glauber Costa 47b075
+    return 0;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+static int protocol_client_auth_sasl_mechname_len(VncState *vs, uint8_t *data, size_t len)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    uint32_t mechlen = read_u32(data, 0);
Glauber Costa 47b075
+    VNC_DEBUG("Got client mechname len %d\n", mechlen);
Glauber Costa 47b075
+    if (mechlen > 100) {
Glauber Costa 47b075
+	VNC_DEBUG("Too long SASL mechname data %d\n", mechlen);
Glauber Costa 47b075
+	vnc_client_error(vs);
Glauber Costa 47b075
+	return -1;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+    if (mechlen < 1) {
Glauber Costa 47b075
+	VNC_DEBUG("Too short SASL mechname %d\n", mechlen);
Glauber Costa 47b075
+	vnc_client_error(vs);
Glauber Costa 47b075
+	return -1;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+    vnc_read_when(vs, protocol_client_auth_sasl_mechname,mechlen);
Glauber Costa 47b075
+    return 0;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+#define USES_X509_AUTH(vs)			      \
Glauber Costa 47b075
+    ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE ||   \
Glauber Costa 47b075
+     (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC ||    \
Glauber Costa 47b075
+     (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN ||  \
Glauber Costa 47b075
+     (vs)->subauth == VNC_AUTH_VENCRYPT_X509SASL)
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+void start_auth_sasl(VncState *vs)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    const char *mechlist = NULL;
Glauber Costa 47b075
+    sasl_security_properties_t secprops;
Glauber Costa 47b075
+    int err;
Glauber Costa 47b075
+    char *localAddr, *remoteAddr;
Glauber Costa 47b075
+    int mechlistlen;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    VNC_DEBUG("Initialize SASL auth %d\n", vs->csock);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    /* Get local & remote client addresses in form  IPADDR;PORT */
Glauber Costa 47b075
+    if (!(localAddr = vnc_socket_local_addr("%s;%s", vs->csock)))
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (!(remoteAddr = vnc_socket_remote_addr("%s;%s", vs->csock))) {
Glauber Costa 47b075
+	free(localAddr);
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    err = sasl_server_new("vnc",
Glauber Costa 47b075
+			  NULL, /* FQDN - just delegates to gethostname */
Glauber Costa 47b075
+			  NULL, /* User realm */
Glauber Costa 47b075
+			  localAddr,
Glauber Costa 47b075
+			  remoteAddr,
Glauber Costa 47b075
+			  NULL, /* Callbacks, not needed */
Glauber Costa 47b075
+			  SASL_SUCCESS_DATA,
Glauber Costa 47b075
+			  &vs->sasl.conn);
Glauber Costa 47b075
+    free(localAddr);
Glauber Costa 47b075
+    free(remoteAddr);
Glauber Costa 47b075
+    localAddr = remoteAddr = NULL;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (err != SASL_OK) {
Glauber Costa 47b075
+	VNC_DEBUG("sasl context setup failed %d (%s)",
Glauber Costa 47b075
+		  err, sasl_errstring(err, NULL, NULL));
Glauber Costa 47b075
+	vs->sasl.conn = NULL;
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+#ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
+    /* Inform SASL that we've got an external SSF layer from TLS/x509 */
Glauber Costa 47b075
+    if (vs->vd->auth == VNC_AUTH_VENCRYPT &&
Glauber Costa 47b075
+	vs->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL) {
Glauber Costa 47b075
+	gnutls_cipher_algorithm_t cipher;
Glauber Costa 47b075
+	sasl_ssf_t ssf;
Glauber Costa 47b075
+
Glauber Costa 47b075
+	cipher = gnutls_cipher_get(vs->tls.session);
Glauber Costa 47b075
+	if (!(ssf = (sasl_ssf_t)gnutls_cipher_get_key_size(cipher))) {
Glauber Costa 47b075
+	    VNC_DEBUG("%s", "cannot TLS get cipher size\n");
Glauber Costa 47b075
+	    sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	    vs->sasl.conn = NULL;
Glauber Costa 47b075
+	    goto authabort;
Glauber Costa 47b075
+	}
Glauber Costa 47b075
+	ssf *= 8; /* tls key size is bytes, sasl wants bits */
Glauber Costa 47b075
+
Glauber Costa 47b075
+	err = sasl_setprop(vs->sasl.conn, SASL_SSF_EXTERNAL, &ssf;;
Glauber Costa 47b075
+	if (err != SASL_OK) {
Glauber Costa 47b075
+	    VNC_DEBUG("cannot set SASL external SSF %d (%s)\n",
Glauber Costa 47b075
+		      err, sasl_errstring(err, NULL, NULL));
Glauber Costa 47b075
+	    sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	    vs->sasl.conn = NULL;
Glauber Costa 47b075
+	    goto authabort;
Glauber Costa 47b075
+	}
Glauber Costa 47b075
+    } else
Glauber Costa 47b075
+#endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
+	vs->sasl.wantSSF = 1;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    memset (&secprops, 0, sizeof secprops);
Glauber Costa 47b075
+    /* Inform SASL that we've got an external SSF layer from TLS */
Glauber Costa 47b075
+    if (strncmp(vs->vd->display, "unix:", 5) == 0
Glauber Costa 47b075
+#ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
+	/* Disable SSF, if using TLS+x509+SASL only. TLS without x509
Glauber Costa 47b075
+	   is not sufficiently strong */
Glauber Costa 47b075
+	|| (vs->vd->auth == VNC_AUTH_VENCRYPT &&
Glauber Costa 47b075
+	    vs->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL)
Glauber Costa 47b075
+#endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
+	) {
Glauber Costa 47b075
+	/* If we've got TLS or UNIX domain sock, we don't care about SSF */
Glauber Costa 47b075
+	secprops.min_ssf = 0;
Glauber Costa 47b075
+	secprops.max_ssf = 0;
Glauber Costa 47b075
+	secprops.maxbufsize = 8192;
Glauber Costa 47b075
+	secprops.security_flags = 0;
Glauber Costa 47b075
+    } else {
Glauber Costa 47b075
+	/* Plain TCP, better get an SSF layer */
Glauber Costa 47b075
+	secprops.min_ssf = 56; /* Good enough to require kerberos */
Glauber Costa 47b075
+	secprops.max_ssf = 100000; /* Arbitrary big number */
Glauber Costa 47b075
+	secprops.maxbufsize = 8192;
Glauber Costa 47b075
+	/* Forbid any anonymous or trivially crackable auth */
Glauber Costa 47b075
+	secprops.security_flags =
Glauber Costa 47b075
+	    SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    err = sasl_setprop(vs->sasl.conn, SASL_SEC_PROPS, &secprops);
Glauber Costa 47b075
+    if (err != SASL_OK) {
Glauber Costa 47b075
+	VNC_DEBUG("cannot set SASL security props %d (%s)\n",
Glauber Costa 47b075
+		  err, sasl_errstring(err, NULL, NULL));
Glauber Costa 47b075
+	sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	vs->sasl.conn = NULL;
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    err = sasl_listmech(vs->sasl.conn,
Glauber Costa 47b075
+			NULL, /* Don't need to set user */
Glauber Costa 47b075
+			"", /* Prefix */
Glauber Costa 47b075
+			",", /* Separator */
Glauber Costa 47b075
+			"", /* Suffix */
Glauber Costa 47b075
+			&mechlist,
Glauber Costa 47b075
+			NULL,
Glauber Costa 47b075
+			NULL);
Glauber Costa 47b075
+    if (err != SASL_OK) {
Glauber Costa 47b075
+	VNC_DEBUG("cannot list SASL mechanisms %d (%s)\n",
Glauber Costa 47b075
+		  err, sasl_errdetail(vs->sasl.conn));
Glauber Costa 47b075
+	sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	vs->sasl.conn = NULL;
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+    VNC_DEBUG("Available mechanisms for client: '%s'\n", mechlist);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (!(vs->sasl.mechlist = strdup(mechlist))) {
Glauber Costa 47b075
+	VNC_DEBUG("Out of memory");
Glauber Costa 47b075
+	sasl_dispose(&vs->sasl.conn);
Glauber Costa 47b075
+	vs->sasl.conn = NULL;
Glauber Costa 47b075
+	goto authabort;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+    mechlistlen = strlen(mechlist);
Glauber Costa 47b075
+    vnc_write_u32(vs, mechlistlen);
Glauber Costa 47b075
+    vnc_write(vs, mechlist, mechlistlen);
Glauber Costa 47b075
+    vnc_flush(vs);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    VNC_DEBUG("Wait for client mechname length\n");
Glauber Costa 47b075
+    vnc_read_when(vs, protocol_client_auth_sasl_mechname_len, 4);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    return;
Glauber Costa 47b075
+
Glauber Costa 47b075
+ authabort:
Glauber Costa 47b075
+    vnc_client_error(vs);
Glauber Costa 47b075
+    return;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.h
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- /dev/null
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/vnc-auth-sasl.h
Glauber Costa 47b075
@@ -0,0 +1,67 @@
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * QEMU VNC display driver: SASL auth protocol
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Copyright (C) 2009 Red Hat, Inc
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
Glauber Costa 47b075
+ * of this software and associated documentation files (the "Software"), to deal
Glauber Costa 47b075
+ * in the Software without restriction, including without limitation the rights
Glauber Costa 47b075
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
Glauber Costa 47b075
+ * copies of the Software, and to permit persons to whom the Software is
Glauber Costa 47b075
+ * furnished to do so, subject to the following conditions:
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * The above copyright notice and this permission notice shall be included in
Glauber Costa 47b075
+ * all copies or substantial portions of the Software.
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
Glauber Costa 47b075
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
Glauber Costa 47b075
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
Glauber Costa 47b075
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
Glauber Costa 47b075
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
Glauber Costa 47b075
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
Glauber Costa 47b075
+ * THE SOFTWARE.
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+#ifndef __QEMU_VNC_AUTH_SASL_H__
Glauber Costa 47b075
+#define __QEMU_VNC_AUTH_SASL_H__
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+#include <sasl/sasl.h>
Glauber Costa 47b075
+
Glauber Costa 47b075
+typedef struct VncStateSASL VncStateSASL;
Glauber Costa 47b075
+
Glauber Costa 47b075
+struct VncStateSASL {
Glauber Costa 47b075
+    sasl_conn_t *conn;
Glauber Costa 47b075
+    /* If we want to negotiate an SSF layer with client */
Glauber Costa 47b075
+    int wantSSF :1;
Glauber Costa 47b075
+    /* If we are now running the SSF layer */
Glauber Costa 47b075
+    int runSSF :1;
Glauber Costa 47b075
+    /*
Glauber Costa 47b075
+     * If this is non-zero, then wait for that many bytes
Glauber Costa 47b075
+     * to be written plain, before switching to SSF encoding
Glauber Costa 47b075
+     * This allows the VNC auth result to finish being
Glauber Costa 47b075
+     * written in plain.
Glauber Costa 47b075
+     */
Glauber Costa 47b075
+    unsigned int waitWriteSSF;
Glauber Costa 47b075
+
Glauber Costa 47b075
+    /*
Glauber Costa 47b075
+     * Buffering encoded data to allow more clear data
Glauber Costa 47b075
+     * to be stuffed onto the output buffer
Glauber Costa 47b075
+     */
Glauber Costa 47b075
+    const uint8_t *encoded;
Glauber Costa 47b075
+    unsigned int encodedLength;
Glauber Costa 47b075
+    unsigned int encodedOffset;
Glauber Costa 47b075
+    char *username;
Glauber Costa 47b075
+    char *mechlist;
Glauber Costa 47b075
+};
Glauber Costa 47b075
+
Glauber Costa 47b075
+void vnc_sasl_client_cleanup(VncState *vs);
Glauber Costa 47b075
+
Glauber Costa 47b075
+long vnc_client_read_sasl(VncState *vs);
Glauber Costa 47b075
+long vnc_client_write_sasl(VncState *vs);
Glauber Costa 47b075
+
Glauber Costa 47b075
+void start_auth_sasl(VncState *vs);
Glauber Costa 47b075
+
Glauber Costa 47b075
+#endif /* __QEMU_VNC_AUTH_SASL_H__ */
Glauber Costa 47b075
+
Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/vnc-auth-vencrypt.c
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- qemu-kvm-0.10.orig/qemu/vnc-auth-vencrypt.c
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/vnc-auth-vencrypt.c
Glauber Costa 47b075
@@ -43,8 +43,15 @@ static void start_auth_vencrypt_subauth(
Glauber Costa 47b075
        start_auth_vnc(vs);
Glauber Costa 47b075
        break;
Glauber Costa 47b075
 
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+    case VNC_AUTH_VENCRYPT_TLSSASL:
Glauber Costa 47b075
+    case VNC_AUTH_VENCRYPT_X509SASL:
Glauber Costa 47b075
+      VNC_DEBUG("Start TLS auth SASL\n");
Glauber Costa 47b075
+      return start_auth_sasl(vs);
Glauber Costa 47b075
+#endif /* CONFIG_VNC_SASL */
Glauber Costa 47b075
+
Glauber Costa 47b075
     default: /* Should not be possible, but just in case */
Glauber Costa 47b075
-       VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
Glauber Costa 47b075
+       VNC_DEBUG("Reject subauth %d server bug\n", vs->vd->auth);
Glauber Costa 47b075
        vnc_write_u8(vs, 1);
Glauber Costa 47b075
        if (vs->minor >= 8) {
Glauber Costa 47b075
            static const char err[] = "Unsupported authentication type";
Glauber Costa 47b075
@@ -105,7 +112,8 @@ static void vnc_tls_handshake_io(void *o
Glauber Costa 47b075
 #define NEED_X509_AUTH(vs)			      \
Glauber Costa 47b075
     ((vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509NONE ||   \
Glauber Costa 47b075
      (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509VNC ||    \
Glauber Costa 47b075
-     (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
Glauber Costa 47b075
+     (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509PLAIN ||  \
Glauber Costa 47b075
+     (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509SASL)
Glauber Costa 47b075
 
Glauber Costa 47b075
 
Glauber Costa 47b075
 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/vnc.c
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- qemu-kvm-0.10.orig/qemu/vnc.c
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/vnc.c
Glauber Costa 47b075
@@ -68,7 +68,8 @@ static char *addr_to_string(const char *
Glauber Costa 47b075
     return addr;
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-static char *vnc_socket_local_addr(const char *format, int fd) {
Glauber Costa 47b075
+
Glauber Costa 47b075
+char *vnc_socket_local_addr(const char *format, int fd) {
Glauber Costa 47b075
     struct sockaddr_storage sa;
Glauber Costa 47b075
     socklen_t salen;
Glauber Costa 47b075
 
Glauber Costa 47b075
@@ -79,7 +80,8 @@ static char *vnc_socket_local_addr(const
Glauber Costa 47b075
     return addr_to_string(format, &sa, salen);
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-static char *vnc_socket_remote_addr(const char *format, int fd) {
Glauber Costa 47b075
+
Glauber Costa 47b075
+char *vnc_socket_remote_addr(const char *format, int fd) {
Glauber Costa 47b075
     struct sockaddr_storage sa;
Glauber Costa 47b075
     socklen_t salen;
Glauber Costa 47b075
 
Glauber Costa 47b075
@@ -125,12 +127,18 @@ static const char *vnc_auth_name(VncDisp
Glauber Costa 47b075
 	    return "vencrypt+x509+vnc";
Glauber Costa 47b075
 	case VNC_AUTH_VENCRYPT_X509PLAIN:
Glauber Costa 47b075
 	    return "vencrypt+x509+plain";
Glauber Costa 47b075
+	case VNC_AUTH_VENCRYPT_TLSSASL:
Glauber Costa 47b075
+	    return "vencrypt+tls+sasl";
Glauber Costa 47b075
+	case VNC_AUTH_VENCRYPT_X509SASL:
Glauber Costa 47b075
+	    return "vencrypt+x509+sasl";
Glauber Costa 47b075
 	default:
Glauber Costa 47b075
 	    return "vencrypt";
Glauber Costa 47b075
 	}
Glauber Costa 47b075
 #else
Glauber Costa 47b075
 	return "vencrypt";
Glauber Costa 47b075
 #endif
Glauber Costa 47b075
+    case VNC_AUTH_SASL:
Glauber Costa 47b075
+	return "sasl";
Glauber Costa 47b075
     }
Glauber Costa 47b075
     return "unknown";
Glauber Costa 47b075
 }
Glauber Costa 47b075
@@ -278,7 +286,7 @@ static void vnc_framebuffer_update(VncSt
Glauber Costa 47b075
     vnc_write_s32(vs, encoding);
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-static void buffer_reserve(Buffer *buffer, size_t len)
Glauber Costa 47b075
+void buffer_reserve(Buffer *buffer, size_t len)
Glauber Costa 47b075
 {
Glauber Costa 47b075
     if ((buffer->capacity - buffer->offset) < len) {
Glauber Costa 47b075
 	buffer->capacity += (len + 1024);
Glauber Costa 47b075
@@ -290,22 +298,22 @@ static void buffer_reserve(Buffer *buffe
Glauber Costa 47b075
     }
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-static int buffer_empty(Buffer *buffer)
Glauber Costa 47b075
+int buffer_empty(Buffer *buffer)
Glauber Costa 47b075
 {
Glauber Costa 47b075
     return buffer->offset == 0;
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-static uint8_t *buffer_end(Buffer *buffer)
Glauber Costa 47b075
+uint8_t *buffer_end(Buffer *buffer)
Glauber Costa 47b075
 {
Glauber Costa 47b075
     return buffer->buffer + buffer->offset;
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-static void buffer_reset(Buffer *buffer)
Glauber Costa 47b075
+void buffer_reset(Buffer *buffer)
Glauber Costa 47b075
 {
Glauber Costa 47b075
 	buffer->offset = 0;
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-static void buffer_append(Buffer *buffer, const void *data, size_t len)
Glauber Costa 47b075
+void buffer_append(Buffer *buffer, const void *data, size_t len)
Glauber Costa 47b075
 {
Glauber Costa 47b075
     memcpy(buffer->buffer + buffer->offset, data, len);
Glauber Costa 47b075
     buffer->offset += len;
Glauber Costa 47b075
@@ -821,7 +829,8 @@ static void audio_del(VncState *vs)
Glauber Costa 47b075
     }
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
Glauber Costa 47b075
+
Glauber Costa 47b075
+int vnc_client_io_error(VncState *vs, int ret, int last_errno)
Glauber Costa 47b075
 {
Glauber Costa 47b075
     if (ret == 0 || ret == -1) {
Glauber Costa 47b075
         if (ret == -1) {
Glauber Costa 47b075
@@ -847,6 +856,9 @@ static int vnc_client_io_error(VncState 
Glauber Costa 47b075
 #ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
 	vnc_tls_client_cleanup(vs);
Glauber Costa 47b075
 #endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+        vnc_sasl_client_cleanup(vs);
Glauber Costa 47b075
+#endif /* CONFIG_VNC_SASL */
Glauber Costa 47b075
         audio_del(vs);
Glauber Costa 47b075
 
Glauber Costa 47b075
         VncState *p, *parent = NULL;
Glauber Costa 47b075
@@ -877,14 +889,28 @@ void vnc_client_error(VncState *vs)
Glauber Costa 47b075
     vnc_client_io_error(vs, -1, EINVAL);
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-void vnc_client_write(void *opaque)
Glauber Costa 47b075
+
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * Called to write a chunk of data to the client socket. The data may
Glauber Costa 47b075
+ * be the raw data, or may have already been encoded by SASL.
Glauber Costa 47b075
+ * The data will be written either straight onto the socket, or
Glauber Costa 47b075
+ * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * NB, it is theoretically possible to have 2 layers of encryption,
Glauber Costa 47b075
+ * both SASL, and this TLS layer. It is highly unlikely in practice
Glauber Costa 47b075
+ * though, since SASL encryption will typically be a no-op if TLS
Glauber Costa 47b075
+ * is active
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Returns the number of bytes written, which may be less than
Glauber Costa 47b075
+ * the requested 'datalen' if the socket would block. Returns
Glauber Costa 47b075
+ * -1 on error, and disconnects the client socket.
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
Glauber Costa 47b075
 {
Glauber Costa 47b075
     long ret;
Glauber Costa 47b075
-    VncState *vs = opaque;
Glauber Costa 47b075
-
Glauber Costa 47b075
 #ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
     if (vs->tls.session) {
Glauber Costa 47b075
-	ret = gnutls_write(vs->tls.session, vs->output.buffer, vs->output.offset);
Glauber Costa 47b075
+	ret = gnutls_write(vs->tls.session, data, datalen);
Glauber Costa 47b075
 	if (ret < 0) {
Glauber Costa 47b075
 	    if (ret == GNUTLS_E_AGAIN)
Glauber Costa 47b075
 		errno = EAGAIN;
Glauber Costa 47b075
@@ -894,10 +920,42 @@ void vnc_client_write(void *opaque)
Glauber Costa 47b075
 	}
Glauber Costa 47b075
     } else
Glauber Costa 47b075
 #endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
-	ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
Glauber Costa 47b075
-    ret = vnc_client_io_error(vs, ret, socket_error());
Glauber Costa 47b075
+	ret = send(vs->csock, data, datalen, 0);
Glauber Costa 47b075
+    VNC_DEBUG("Wrote wire %p %d -> %ld\n", data, datalen, ret);
Glauber Costa 47b075
+    return vnc_client_io_error(vs, ret, socket_error());
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * Called to write buffered data to the client socket, when not
Glauber Costa 47b075
+ * using any SASL SSF encryption layers. Will write as much data
Glauber Costa 47b075
+ * as possible without blocking. If all buffered data is written,
Glauber Costa 47b075
+ * will switch the FD poll() handler back to read monitoring.
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Returns the number of bytes written, which may be less than
Glauber Costa 47b075
+ * the buffered output data if the socket would block. Returns
Glauber Costa 47b075
+ * -1 on error, and disconnects the client socket.
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+static long vnc_client_write_plain(VncState *vs)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    long ret;
Glauber Costa 47b075
+
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+    VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
Glauber Costa 47b075
+              vs->output.buffer, vs->output.capacity, vs->output.offset,
Glauber Costa 47b075
+              vs->sasl.waitWriteSSF);
Glauber Costa 47b075
+
Glauber Costa 47b075
+    if (vs->sasl.conn &&
Glauber Costa 47b075
+        vs->sasl.runSSF &&
Glauber Costa 47b075
+        vs->sasl.waitWriteSSF) {
Glauber Costa 47b075
+        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
Glauber Costa 47b075
+        if (ret)
Glauber Costa 47b075
+            vs->sasl.waitWriteSSF -= ret;
Glauber Costa 47b075
+    } else
Glauber Costa 47b075
+#endif /* CONFIG_VNC_SASL */
Glauber Costa 47b075
+        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
Glauber Costa 47b075
     if (!ret)
Glauber Costa 47b075
-	return;
Glauber Costa 47b075
+        return 0;
Glauber Costa 47b075
 
Glauber Costa 47b075
     memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
Glauber Costa 47b075
     vs->output.offset -= ret;
Glauber Costa 47b075
@@ -905,6 +963,29 @@ void vnc_client_write(void *opaque)
Glauber Costa 47b075
     if (vs->output.offset == 0) {
Glauber Costa 47b075
 	qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
Glauber Costa 47b075
     }
Glauber Costa 47b075
+
Glauber Costa 47b075
+    return ret;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * First function called whenever there is data to be written to
Glauber Costa 47b075
+ * the client socket. Will delegate actual work according to whether
Glauber Costa 47b075
+ * SASL SSF layers are enabled (thus requiring encryption calls)
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+void vnc_client_write(void *opaque)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    long ret;
Glauber Costa 47b075
+    VncState *vs = opaque;
Glauber Costa 47b075
+
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+    if (vs->sasl.conn &&
Glauber Costa 47b075
+        vs->sasl.runSSF &&
Glauber Costa 47b075
+        !vs->sasl.waitWriteSSF)
Glauber Costa 47b075
+        ret = vnc_client_write_sasl(vs);
Glauber Costa 47b075
+    else
Glauber Costa 47b075
+#endif /* CONFIG_VNC_SASL */
Glauber Costa 47b075
+        ret = vnc_client_write_plain(vs);
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
Glauber Costa 47b075
@@ -913,16 +994,28 @@ void vnc_read_when(VncState *vs, VncRead
Glauber Costa 47b075
     vs->read_handler_expect = expecting;
Glauber Costa 47b075
 }
Glauber Costa 47b075
 
Glauber Costa 47b075
-void vnc_client_read(void *opaque)
Glauber Costa 47b075
+
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * Called to read a chunk of data from the client socket. The data may
Glauber Costa 47b075
+ * be the raw data, or may need to be further decoded by SASL.
Glauber Costa 47b075
+ * The data will be read either straight from to the socket, or
Glauber Costa 47b075
+ * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * NB, it is theoretically possible to have 2 layers of encryption,
Glauber Costa 47b075
+ * both SASL, and this TLS layer. It is highly unlikely in practice
Glauber Costa 47b075
+ * though, since SASL encryption will typically be a no-op if TLS
Glauber Costa 47b075
+ * is active
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Returns the number of bytes read, which may be less than
Glauber Costa 47b075
+ * the requested 'datalen' if the socket would block. Returns
Glauber Costa 47b075
+ * -1 on error, and disconnects the client socket.
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
Glauber Costa 47b075
 {
Glauber Costa 47b075
-    VncState *vs = opaque;
Glauber Costa 47b075
     long ret;
Glauber Costa 47b075
-
Glauber Costa 47b075
-    buffer_reserve(&vs->input, 4096);
Glauber Costa 47b075
-
Glauber Costa 47b075
 #ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
     if (vs->tls.session) {
Glauber Costa 47b075
-	ret = gnutls_read(vs->tls.session, buffer_end(&vs->input), 4096);
Glauber Costa 47b075
+	ret = gnutls_read(vs->tls.session, data, datalen);
Glauber Costa 47b075
 	if (ret < 0) {
Glauber Costa 47b075
 	    if (ret == GNUTLS_E_AGAIN)
Glauber Costa 47b075
 		errno = EAGAIN;
Glauber Costa 47b075
@@ -932,12 +1025,52 @@ void vnc_client_read(void *opaque)
Glauber Costa 47b075
 	}
Glauber Costa 47b075
     } else
Glauber Costa 47b075
 #endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
-	ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
Glauber Costa 47b075
-    ret = vnc_client_io_error(vs, ret, socket_error());
Glauber Costa 47b075
-    if (!ret)
Glauber Costa 47b075
-	return;
Glauber Costa 47b075
+	ret = recv(vs->csock, data, datalen, 0);
Glauber Costa 47b075
+    VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
Glauber Costa 47b075
+    return vnc_client_io_error(vs, ret, socket_error());
Glauber Costa 47b075
+}
Glauber Costa 47b075
 
Glauber Costa 47b075
+
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * Called to read data from the client socket to the input buffer,
Glauber Costa 47b075
+ * when not using any SASL SSF encryption layers. Will read as much
Glauber Costa 47b075
+ * data as possible without blocking.
Glauber Costa 47b075
+ *
Glauber Costa 47b075
+ * Returns the number of bytes read. Returns -1 on error, and
Glauber Costa 47b075
+ * disconnects the client socket.
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+static long vnc_client_read_plain(VncState *vs)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    int ret;
Glauber Costa 47b075
+    VNC_DEBUG("Read plain %p size %d offset %d\n",
Glauber Costa 47b075
+              vs->input.buffer, vs->input.capacity, vs->input.offset);
Glauber Costa 47b075
+    buffer_reserve(&vs->input, 4096);
Glauber Costa 47b075
+    ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
Glauber Costa 47b075
+    if (!ret)
Glauber Costa 47b075
+        return 0;
Glauber Costa 47b075
     vs->input.offset += ret;
Glauber Costa 47b075
+    return ret;
Glauber Costa 47b075
+}
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+/*
Glauber Costa 47b075
+ * First function called whenever there is more data to be read from
Glauber Costa 47b075
+ * the client socket. Will delegate actual work according to whether
Glauber Costa 47b075
+ * SASL SSF layers are enabled (thus requiring decryption calls)
Glauber Costa 47b075
+ */
Glauber Costa 47b075
+void vnc_client_read(void *opaque)
Glauber Costa 47b075
+{
Glauber Costa 47b075
+    VncState *vs = opaque;
Glauber Costa 47b075
+    long ret;
Glauber Costa 47b075
+
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+    if (vs->sasl.conn && vs->sasl.runSSF)
Glauber Costa 47b075
+        ret = vnc_client_read_sasl(vs);
Glauber Costa 47b075
+    else
Glauber Costa 47b075
+#endif /* CONFIG_VNC_SASL */
Glauber Costa 47b075
+        ret = vnc_client_read_plain(vs);
Glauber Costa 47b075
+    if (!ret)
Glauber Costa 47b075
+	return;
Glauber Costa 47b075
 
Glauber Costa 47b075
     while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
Glauber Costa 47b075
 	size_t len = vs->read_handler_expect;
Glauber Costa 47b075
@@ -1722,6 +1855,13 @@ static int protocol_client_auth(VncState
Glauber Costa 47b075
            break;
Glauber Costa 47b075
 #endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
 
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+       case VNC_AUTH_SASL:
Glauber Costa 47b075
+           VNC_DEBUG("Accept SASL auth\n");
Glauber Costa 47b075
+           start_auth_sasl(vs);
Glauber Costa 47b075
+           break;
Glauber Costa 47b075
+#endif /* CONFIG_VNC_SASL */
Glauber Costa 47b075
+
Glauber Costa 47b075
        default: /* Should not be possible, but just in case */
Glauber Costa 47b075
            VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
Glauber Costa 47b075
            vnc_write_u8(vs, 1);
Glauber Costa 47b075
@@ -1923,6 +2063,10 @@ int vnc_display_open(DisplayState *ds, c
Glauber Costa 47b075
 #ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
     int tls = 0, x509 = 0;
Glauber Costa 47b075
 #endif
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+    int sasl = 0;
Glauber Costa 47b075
+    int saslErr;
Glauber Costa 47b075
+#endif
Glauber Costa 47b075
 
Glauber Costa 47b075
     if (!vnc_display)
Glauber Costa 47b075
         return -1;
Glauber Costa 47b075
@@ -1942,6 +2086,10 @@ int vnc_display_open(DisplayState *ds, c
Glauber Costa 47b075
 	    reverse = 1;
Glauber Costa 47b075
 	} else if (strncmp(options, "to=", 3) == 0) {
Glauber Costa 47b075
             to_port = atoi(options+3) + 5900;
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+	} else if (strncmp(options, "sasl", 4) == 0) {
Glauber Costa 47b075
+	    sasl = 1; /* Require SASL auth */
Glauber Costa 47b075
+#endif
Glauber Costa 47b075
 #ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
 	} else if (strncmp(options, "tls", 3) == 0) {
Glauber Costa 47b075
 	    tls = 1; /* Require TLS */
Glauber Costa 47b075
@@ -1978,6 +2126,22 @@ int vnc_display_open(DisplayState *ds, c
Glauber Costa 47b075
 	}
Glauber Costa 47b075
     }
Glauber Costa 47b075
 
Glauber Costa 47b075
+    /*
Glauber Costa 47b075
+     * Combinations we support here:
Glauber Costa 47b075
+     *
Glauber Costa 47b075
+     *  - no-auth                (clear text, no auth)
Glauber Costa 47b075
+     *  - password               (clear text, weak auth)
Glauber Costa 47b075
+     *  - sasl                   (encrypt, good auth *IF* using Kerberos via GSSAPI)
Glauber Costa 47b075
+     *  - tls                    (encrypt, weak anonymous creds, no auth)
Glauber Costa 47b075
+     *  - tls + password         (encrypt, weak anonymous creds, weak auth)
Glauber Costa 47b075
+     *  - tls + sasl             (encrypt, weak anonymous creds, good auth)
Glauber Costa 47b075
+     *  - tls + x509             (encrypt, good x509 creds, no auth)
Glauber Costa 47b075
+     *  - tls + x509 + password  (encrypt, good x509 creds, weak auth)
Glauber Costa 47b075
+     *  - tls + x509 + sasl      (encrypt, good x509 creds, good auth)
Glauber Costa 47b075
+     *
Glauber Costa 47b075
+     * NB1. TLS is a stackable auth scheme.
Glauber Costa 47b075
+     * NB2. the x509 schemes have option to validate a client cert dname
Glauber Costa 47b075
+     */
Glauber Costa 47b075
     if (password) {
Glauber Costa 47b075
 #ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
 	if (tls) {
Glauber Costa 47b075
@@ -1990,13 +2154,34 @@ int vnc_display_open(DisplayState *ds, c
Glauber Costa 47b075
 		vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
Glauber Costa 47b075
 	    }
Glauber Costa 47b075
 	} else {
Glauber Costa 47b075
-#endif
Glauber Costa 47b075
+#endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
 	    VNC_DEBUG("Initializing VNC server with password auth\n");
Glauber Costa 47b075
 	    vs->auth = VNC_AUTH_VNC;
Glauber Costa 47b075
 #ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
 	    vs->subauth = VNC_AUTH_INVALID;
Glauber Costa 47b075
 	}
Glauber Costa 47b075
-#endif
Glauber Costa 47b075
+#endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+    } else if (sasl) {
Glauber Costa 47b075
+#ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
+        if (tls) {
Glauber Costa 47b075
+            vs->auth = VNC_AUTH_VENCRYPT;
Glauber Costa 47b075
+            if (x509) {
Glauber Costa 47b075
+		VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
Glauber Costa 47b075
+                vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
Glauber Costa 47b075
+            } else {
Glauber Costa 47b075
+		VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
Glauber Costa 47b075
+                vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
Glauber Costa 47b075
+            }
Glauber Costa 47b075
+        } else {
Glauber Costa 47b075
+#endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
+	    VNC_DEBUG("Initializing VNC server with SASL auth\n");
Glauber Costa 47b075
+            vs->auth = VNC_AUTH_SASL;
Glauber Costa 47b075
+#ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
+            vs->subauth = VNC_AUTH_INVALID;
Glauber Costa 47b075
+        }
Glauber Costa 47b075
+#endif /* CONFIG_VNC_TLS */
Glauber Costa 47b075
+#endif /* CONFIG_VNC_SASL */
Glauber Costa 47b075
     } else {
Glauber Costa 47b075
 #ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
 	if (tls) {
Glauber Costa 47b075
@@ -2018,6 +2203,16 @@ int vnc_display_open(DisplayState *ds, c
Glauber Costa 47b075
 #endif
Glauber Costa 47b075
     }
Glauber Costa 47b075
 
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+    if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
Glauber Costa 47b075
+        fprintf(stderr, "Failed to initialize SASL auth %s",
Glauber Costa 47b075
+                sasl_errstring(saslErr, NULL, NULL));
Glauber Costa 47b075
+        free(vs->display);
Glauber Costa 47b075
+        vs->display = NULL;
Glauber Costa 47b075
+        return -1;
Glauber Costa 47b075
+    }
Glauber Costa 47b075
+#endif
Glauber Costa 47b075
+
Glauber Costa 47b075
     if (reverse) {
Glauber Costa 47b075
         /* connect to viewer */
Glauber Costa 47b075
         if (strncmp(display, "unix:", 5) == 0)
Glauber Costa 47b075
Index: qemu-kvm-0.10/qemu/vnc.h
Glauber Costa 47b075
===================================================================
Glauber Costa 47b075
--- qemu-kvm-0.10.orig/qemu/vnc.h
Glauber Costa 47b075
+++ qemu-kvm-0.10/qemu/vnc.h
Glauber Costa 47b075
@@ -79,6 +79,10 @@ typedef struct VncDisplay VncDisplay;
Glauber Costa 47b075
 #include "vnc-tls.h"
Glauber Costa 47b075
 #include "vnc-auth-vencrypt.h"
Glauber Costa 47b075
 #endif
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+#include "vnc-auth-sasl.h"
Glauber Costa 47b075
+#endif
Glauber Costa 47b075
+
Glauber Costa 47b075
 
Glauber Costa 47b075
 struct VncDisplay
Glauber Costa 47b075
 {
Glauber Costa 47b075
@@ -118,10 +122,12 @@ struct VncState
Glauber Costa 47b075
     int minor;
Glauber Costa 47b075
 
Glauber Costa 47b075
     char challenge[VNC_AUTH_CHALLENGE_SIZE];
Glauber Costa 47b075
-
Glauber Costa 47b075
 #ifdef CONFIG_VNC_TLS
Glauber Costa 47b075
     VncStateTLS tls;
Glauber Costa 47b075
 #endif
Glauber Costa 47b075
+#ifdef CONFIG_VNC_SASL
Glauber Costa 47b075
+    VncStateSASL sasl;
Glauber Costa 47b075
+#endif
Glauber Costa 47b075
 
Glauber Costa 47b075
     Buffer output;
Glauber Costa 47b075
     Buffer input;
Glauber Costa 47b075
@@ -160,8 +166,9 @@ enum {
Glauber Costa 47b075
     VNC_AUTH_RA2NE = 6,
Glauber Costa 47b075
     VNC_AUTH_TIGHT = 16,
Glauber Costa 47b075
     VNC_AUTH_ULTRA = 17,
Glauber Costa 47b075
-    VNC_AUTH_TLS = 18,
Glauber Costa 47b075
-    VNC_AUTH_VENCRYPT = 19
Glauber Costa 47b075
+    VNC_AUTH_TLS = 18,      /* Supported in GTK-VNC & VINO */
Glauber Costa 47b075
+    VNC_AUTH_VENCRYPT = 19, /* Supported in GTK-VNC & VeNCrypt */
Glauber Costa 47b075
+    VNC_AUTH_SASL = 20,     /* Supported in GTK-VNC & VINO */
Glauber Costa 47b075
 };
Glauber Costa 47b075
 
Glauber Costa 47b075
 enum {
Glauber Costa 47b075
@@ -172,6 +179,8 @@ enum {
Glauber Costa 47b075
     VNC_AUTH_VENCRYPT_X509NONE = 260,
Glauber Costa 47b075
     VNC_AUTH_VENCRYPT_X509VNC = 261,
Glauber Costa 47b075
     VNC_AUTH_VENCRYPT_X509PLAIN = 262,
Glauber Costa 47b075
+    VNC_AUTH_VENCRYPT_X509SASL = 263,
Glauber Costa 47b075
+    VNC_AUTH_VENCRYPT_TLSSASL = 264,
Glauber Costa 47b075
 };
Glauber Costa 47b075
 
Glauber Costa 47b075
 
Glauber Costa 47b075
@@ -255,6 +264,8 @@ enum {
Glauber Costa 47b075
 void vnc_client_read(void *opaque);
Glauber Costa 47b075
 void vnc_client_write(void *opaque);
Glauber Costa 47b075
 
Glauber Costa 47b075
+long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen);
Glauber Costa 47b075
+long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen);
Glauber Costa 47b075
 
Glauber Costa 47b075
 /* Protocol I/O functions */
Glauber Costa 47b075
 void vnc_write(VncState *vs, const void *data, size_t len);
Glauber Costa 47b075
@@ -274,8 +285,22 @@ uint32_t read_u32(uint8_t *data, size_t 
Glauber Costa 47b075
 
Glauber Costa 47b075
 /* Protocol stage functions */
Glauber Costa 47b075
 void vnc_client_error(VncState *vs);
Glauber Costa 47b075
+int vnc_client_io_error(VncState *vs, int ret, int last_errno);
Glauber Costa 47b075
 
Glauber Costa 47b075
 void start_client_init(VncState *vs);
Glauber Costa 47b075
 void start_auth_vnc(VncState *vs);
Glauber Costa 47b075
 
Glauber Costa 47b075
+/* Buffer management */
Glauber Costa 47b075
+void buffer_reserve(Buffer *buffer, size_t len);
Glauber Costa 47b075
+int buffer_empty(Buffer *buffer);
Glauber Costa 47b075
+uint8_t *buffer_end(Buffer *buffer);
Glauber Costa 47b075
+void buffer_reset(Buffer *buffer);
Glauber Costa 47b075
+void buffer_append(Buffer *buffer, const void *data, size_t len);
Glauber Costa 47b075
+
Glauber Costa 47b075
+
Glauber Costa 47b075
+/* Misc helpers */
Glauber Costa 47b075
+
Glauber Costa 47b075
+char *vnc_socket_local_addr(const char *format, int fd);
Glauber Costa 47b075
+char *vnc_socket_remote_addr(const char *format, int fd);
Glauber Costa 47b075
+
Glauber Costa 47b075
 #endif /* __QEMU_VNC_H */