From patchwork Tue Mar 17 13:42:55 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 450983 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 32F8314010F for ; Wed, 18 Mar 2015 00:45:35 +1100 (AEDT) Received: from localhost ([::1]:54699 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YXroL-0004n5-CJ for incoming@patchwork.ozlabs.org; Tue, 17 Mar 2015 09:45:33 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50410) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YXrmC-0000mS-1l for qemu-devel@nongnu.org; Tue, 17 Mar 2015 09:43:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YXrm6-0006FY-JT for qemu-devel@nongnu.org; Tue, 17 Mar 2015 09:43:19 -0400 Received: from mx1.redhat.com ([209.132.183.28]:41486) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YXrm6-0006FK-Ad for qemu-devel@nongnu.org; Tue, 17 Mar 2015 09:43:14 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t2HDhDlT011234 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 17 Mar 2015 09:43:13 -0400 Received: from localhost.localdomain.com (vpn1-6-118.ams2.redhat.com [10.36.6.118]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t2HDh8lu004558; Tue, 17 Mar 2015 09:43:12 -0400 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 17 Mar 2015 13:42:55 +0000 Message-Id: <1426599780-3264-4-git-send-email-berrange@redhat.com> In-Reply-To: <1426599780-3264-1-git-send-email-berrange@redhat.com> References: <1426599780-3264-1-git-send-email-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: Gerd Hoffmann Subject: [Qemu-devel] [PATCH v2 3/8] ui: report error if user requests VNC option that is unsupported X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org If the VNC server is built without tls, sasl or websocket support and the user requests one of these features, they are just silently ignored. This is bad because it means the VNC server ends up running in a configuration that is less secure than the user asked for. It also leads to an tangled mass of preprocessor conditionals when configuring the VNC server. This ensures that the tls, sasl & websocket options are always processed and an error is reported back to the user if any of them were disabled at build time. Signed-off-by: Daniel P. Berrange --- ui/vnc.c | 51 +++++++++++++++++++++------------------------------ ui/vnc.h | 4 ++-- 2 files changed, 23 insertions(+), 32 deletions(-) diff --git a/ui/vnc.c b/ui/vnc.c index 80dc63b..903ed8b 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -3010,14 +3010,10 @@ static void vnc_connect(VncDisplay *vd, int csock, if (skipauth) { vs->auth = VNC_AUTH_NONE; -#ifdef CONFIG_VNC_TLS vs->subauth = VNC_AUTH_INVALID; -#endif } else { vs->auth = vd->auth; -#ifdef CONFIG_VNC_TLS vs->subauth = vd->subauth; -#endif } vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); @@ -3206,8 +3202,8 @@ static void vnc_display_close(VncDisplay *vs) } #endif /* CONFIG_VNC_WS */ vs->auth = VNC_AUTH_INVALID; -#ifdef CONFIG_VNC_TLS vs->subauth = VNC_AUTH_INVALID; +#ifdef CONFIG_VNC_TLS vs->tls.x509verify = 0; #endif } @@ -3332,15 +3328,13 @@ void vnc_display_open(const char *id, Error **errp) char *h; bool has_ipv4 = false; bool has_ipv6 = false; -#ifdef CONFIG_VNC_WS const char *websocket; -#endif -#ifdef CONFIG_VNC_TLS bool tls = false, x509 = false; +#ifdef CONFIG_VNC_TLS const char *path; #endif -#ifdef CONFIG_VNC_SASL bool sasl = false; +#ifdef CONFIG_VNC_SASL int saslErr; #endif #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) @@ -3404,11 +3398,15 @@ void vnc_display_open(const char *id, Error **errp) reverse = qemu_opt_get_bool(opts, "reverse", false); lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); -#ifdef CONFIG_VNC_SASL sasl = qemu_opt_get_bool(opts, "sasl", false); -#endif -#ifdef CONFIG_VNC_TLS +#ifndef CONFIG_VNC_SASL + if (sasl) { + error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); + goto fail; + } +#endif /* CONFIG_VNC_SASL */ tls = qemu_opt_get_bool(opts, "tls", false); +#ifdef CONFIG_VNC_TLS path = qemu_opt_get(opts, "x509"); if (!path) { path = qemu_opt_get(opts, "x509verify"); @@ -3424,7 +3422,12 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } } -#endif +#else /* ! CONFIG_VNC_TLS */ + if (tls) { + error_setg(errp, "VNC TLS auth requires gnutls support"); + goto fail; + } +#endif /* ! CONFIG_VNC_TLS */ #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) acl = qemu_opt_get_bool(opts, "acl", false); #endif @@ -3446,14 +3449,16 @@ void vnc_display_open(const char *id, Error **errp) } vs->connections_limit = qemu_opt_get_number(opts, "connections", 32); - #ifdef CONFIG_VNC_WS websocket = qemu_opt_get(opts, "websocket"); if (websocket) { +#ifdef CONFIG_VNC_WS vs->ws_enabled = true; qemu_opt_set(wsopts, "port", websocket, &error_abort); - +#else /* ! CONFIG_VNC_WS */ + error_setg(errp, "Websockets protocol requires gnutls support"); + goto fail; +#endif /* ! CONFIG_VNC_WS */ } -#endif /* CONFIG_VNC_WS */ #ifdef CONFIG_VNC_JPEG vs->lossy = qemu_opt_get_bool(opts, "lossy", false); @@ -3518,7 +3523,6 @@ void vnc_display_open(const char *id, Error **errp) * NB2. the x509 schemes have option to validate a client cert dname */ if (password) { -#ifdef CONFIG_VNC_TLS if (tls) { vs->auth = VNC_AUTH_VENCRYPT; if (x509) { @@ -3529,16 +3533,11 @@ void vnc_display_open(const char *id, Error **errp) vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; } } else { -#endif /* CONFIG_VNC_TLS */ VNC_DEBUG("Initializing VNC server with password auth\n"); vs->auth = VNC_AUTH_VNC; -#ifdef CONFIG_VNC_TLS vs->subauth = VNC_AUTH_INVALID; } -#endif /* CONFIG_VNC_TLS */ -#ifdef CONFIG_VNC_SASL } else if (sasl) { -#ifdef CONFIG_VNC_TLS if (tls) { vs->auth = VNC_AUTH_VENCRYPT; if (x509) { @@ -3549,16 +3548,11 @@ void vnc_display_open(const char *id, Error **errp) vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; } } else { -#endif /* CONFIG_VNC_TLS */ VNC_DEBUG("Initializing VNC server with SASL auth\n"); vs->auth = VNC_AUTH_SASL; -#ifdef CONFIG_VNC_TLS vs->subauth = VNC_AUTH_INVALID; } -#endif /* CONFIG_VNC_TLS */ -#endif /* CONFIG_VNC_SASL */ } else { -#ifdef CONFIG_VNC_TLS if (tls) { vs->auth = VNC_AUTH_VENCRYPT; if (x509) { @@ -3569,13 +3563,10 @@ void vnc_display_open(const char *id, Error **errp) vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; } } else { -#endif VNC_DEBUG("Initializing VNC server with no auth\n"); vs->auth = VNC_AUTH_NONE; -#ifdef CONFIG_VNC_TLS vs->subauth = VNC_AUTH_INVALID; } -#endif } #ifdef CONFIG_VNC_SASL diff --git a/ui/vnc.h b/ui/vnc.h index 66a0298..90b2592 100644 --- a/ui/vnc.h +++ b/ui/vnc.h @@ -180,10 +180,10 @@ struct VncDisplay char *password; time_t expires; int auth; + int subauth; /* Used by VeNCrypt */ bool lossy; bool non_adaptive; #ifdef CONFIG_VNC_TLS - int subauth; /* Used by VeNCrypt */ VncDisplayTLS tls; #endif #ifdef CONFIG_VNC_SASL @@ -284,9 +284,9 @@ struct VncState int minor; int auth; + int subauth; /* Used by VeNCrypt */ char challenge[VNC_AUTH_CHALLENGE_SIZE]; #ifdef CONFIG_VNC_TLS - int subauth; /* Used by VeNCrypt */ VncStateTLS tls; #endif #ifdef CONFIG_VNC_SASL