]>
Commit | Line | Data |
---|---|---|
2f9606b3 AL |
1 | /* |
2 | * QEMU VNC display driver: SASL auth protocol | |
3 | * | |
4 | * Copyright (C) 2009 Red Hat, Inc | |
5 | * | |
6 | * Permission is hereby granted, free of charge, to any person obtaining a copy | |
7 | * of this software and associated documentation files (the "Software"), to deal | |
8 | * in the Software without restriction, including without limitation the rights | |
9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
10 | * copies of the Software, and to permit persons to whom the Software is | |
11 | * furnished to do so, subject to the following conditions: | |
12 | * | |
13 | * The above copyright notice and this permission notice shall be included in | |
14 | * all copies or substantial portions of the Software. | |
15 | * | |
16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | |
19 | * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
22 | * THE SOFTWARE. | |
23 | */ | |
24 | ||
e16f4c87 | 25 | #include "qemu/osdep.h" |
da34e65c | 26 | #include "qapi/error.h" |
b76806d4 | 27 | #include "authz/base.h" |
2f9606b3 | 28 | #include "vnc.h" |
7364dbda | 29 | #include "trace.h" |
2f9606b3 | 30 | |
b65310ab PB |
31 | /* |
32 | * Apple has deprecated sasl.h functions in OS X 10.11. Therefore, | |
33 | * files that use SASL API need to disable -Wdeprecated-declarations. | |
34 | */ | |
35 | #ifdef CONFIG_DARWIN | |
36 | #pragma GCC diagnostic ignored "-Wdeprecated-declarations" | |
37 | #endif | |
38 | ||
2f9606b3 AL |
39 | /* Max amount of data we send/recv for SASL steps to prevent DOS */ |
40 | #define SASL_DATA_MAX_LEN (1024 * 1024) | |
41 | ||
42 | ||
b65310ab PB |
43 | bool vnc_sasl_server_init(Error **errp) |
44 | { | |
45 | int saslErr = sasl_server_init(NULL, "qemu"); | |
46 | ||
47 | if (saslErr != SASL_OK) { | |
48 | error_setg(errp, "Failed to initialize SASL auth: %s", | |
49 | sasl_errstring(saslErr, NULL, NULL)); | |
50 | return false; | |
51 | } | |
52 | return true; | |
53 | } | |
54 | ||
2f9606b3 AL |
55 | void vnc_sasl_client_cleanup(VncState *vs) |
56 | { | |
57 | if (vs->sasl.conn) { | |
ee032ca1 SW |
58 | vs->sasl.runSSF = false; |
59 | vs->sasl.wantSSF = false; | |
60 | vs->sasl.waitWriteSSF = 0; | |
28a76be8 AL |
61 | vs->sasl.encodedLength = vs->sasl.encodedOffset = 0; |
62 | vs->sasl.encoded = NULL; | |
ae878b17 | 63 | g_free(vs->sasl.username); |
302d9d6f | 64 | g_free(vs->sasl.mechlist); |
28a76be8 AL |
65 | vs->sasl.username = vs->sasl.mechlist = NULL; |
66 | sasl_dispose(&vs->sasl.conn); | |
67 | vs->sasl.conn = NULL; | |
2f9606b3 AL |
68 | } |
69 | } | |
70 | ||
71 | ||
30b80fd5 | 72 | size_t vnc_client_write_sasl(VncState *vs) |
2f9606b3 | 73 | { |
30b80fd5 | 74 | size_t ret; |
2f9606b3 | 75 | |
bc47d201 CC |
76 | VNC_DEBUG("Write SASL: Pending output %p size %zd offset %zd " |
77 | "Encoded: %p size %d offset %d\n", | |
28a76be8 AL |
78 | vs->output.buffer, vs->output.capacity, vs->output.offset, |
79 | vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset); | |
2f9606b3 AL |
80 | |
81 | if (!vs->sasl.encoded) { | |
28a76be8 AL |
82 | int err; |
83 | err = sasl_encode(vs->sasl.conn, | |
84 | (char *)vs->output.buffer, | |
85 | vs->output.offset, | |
86 | (const char **)&vs->sasl.encoded, | |
87 | &vs->sasl.encodedLength); | |
88 | if (err != SASL_OK) | |
04d2529d | 89 | return vnc_client_io_error(vs, -1, NULL); |
28a76be8 | 90 | |
8f61f1c5 | 91 | vs->sasl.encodedRawLength = vs->output.offset; |
28a76be8 | 92 | vs->sasl.encodedOffset = 0; |
2f9606b3 AL |
93 | } |
94 | ||
95 | ret = vnc_client_write_buf(vs, | |
28a76be8 AL |
96 | vs->sasl.encoded + vs->sasl.encodedOffset, |
97 | vs->sasl.encodedLength - vs->sasl.encodedOffset); | |
2f9606b3 | 98 | if (!ret) |
28a76be8 | 99 | return 0; |
2f9606b3 AL |
100 | |
101 | vs->sasl.encodedOffset += ret; | |
102 | if (vs->sasl.encodedOffset == vs->sasl.encodedLength) { | |
d50f09ff DB |
103 | bool throttled = vs->force_update_offset != 0; |
104 | size_t offset; | |
ada8d2e4 DB |
105 | if (vs->sasl.encodedRawLength >= vs->force_update_offset) { |
106 | vs->force_update_offset = 0; | |
107 | } else { | |
108 | vs->force_update_offset -= vs->sasl.encodedRawLength; | |
109 | } | |
d50f09ff DB |
110 | if (throttled && vs->force_update_offset == 0) { |
111 | trace_vnc_client_unthrottle_forced(vs, vs->ioc); | |
112 | } | |
113 | offset = vs->output.offset; | |
627ebec2 | 114 | buffer_advance(&vs->output, vs->sasl.encodedRawLength); |
d50f09ff DB |
115 | if (offset >= vs->throttle_output_offset && |
116 | vs->output.offset < vs->throttle_output_offset) { | |
117 | trace_vnc_client_unthrottle_incremental(vs, vs->ioc, | |
118 | vs->output.offset); | |
119 | } | |
28a76be8 AL |
120 | vs->sasl.encoded = NULL; |
121 | vs->sasl.encodedOffset = vs->sasl.encodedLength = 0; | |
2f9606b3 AL |
122 | } |
123 | ||
124 | /* Can't merge this block with one above, because | |
125 | * someone might have written more unencrypted | |
126 | * data in vs->output while we were processing | |
127 | * SASL encoded output | |
128 | */ | |
129 | if (vs->output.offset == 0) { | |
04d2529d DB |
130 | if (vs->ioc_tag) { |
131 | g_source_remove(vs->ioc_tag); | |
132 | } | |
133 | vs->ioc_tag = qio_channel_add_watch( | |
2ddafce7 DH |
134 | vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, |
135 | vnc_client_io, vs, NULL); | |
2f9606b3 AL |
136 | } |
137 | ||
138 | return ret; | |
139 | } | |
140 | ||
141 | ||
30b80fd5 | 142 | size_t vnc_client_read_sasl(VncState *vs) |
2f9606b3 | 143 | { |
30b80fd5 | 144 | size_t ret; |
2f9606b3 AL |
145 | uint8_t encoded[4096]; |
146 | const char *decoded; | |
147 | unsigned int decodedLen; | |
148 | int err; | |
149 | ||
150 | ret = vnc_client_read_buf(vs, encoded, sizeof(encoded)); | |
151 | if (!ret) | |
28a76be8 | 152 | return 0; |
2f9606b3 AL |
153 | |
154 | err = sasl_decode(vs->sasl.conn, | |
28a76be8 AL |
155 | (char *)encoded, ret, |
156 | &decoded, &decodedLen); | |
2f9606b3 AL |
157 | |
158 | if (err != SASL_OK) | |
04d2529d | 159 | return vnc_client_io_error(vs, -1, NULL); |
2f9606b3 | 160 | VNC_DEBUG("Read SASL Encoded %p size %ld Decoded %p size %d\n", |
28a76be8 | 161 | encoded, ret, decoded, decodedLen); |
2f9606b3 AL |
162 | buffer_reserve(&vs->input, decodedLen); |
163 | buffer_append(&vs->input, decoded, decodedLen); | |
164 | return decodedLen; | |
165 | } | |
166 | ||
167 | ||
168 | static int vnc_auth_sasl_check_access(VncState *vs) | |
169 | { | |
170 | const void *val; | |
b76806d4 DB |
171 | int rv; |
172 | Error *err = NULL; | |
173 | bool allow; | |
2f9606b3 | 174 | |
b76806d4 DB |
175 | rv = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val); |
176 | if (rv != SASL_OK) { | |
7364dbda | 177 | trace_vnc_auth_fail(vs, vs->auth, "Cannot fetch SASL username", |
b76806d4 | 178 | sasl_errstring(rv, NULL, NULL)); |
28a76be8 | 179 | return -1; |
2f9606b3 AL |
180 | } |
181 | if (val == NULL) { | |
7364dbda | 182 | trace_vnc_auth_fail(vs, vs->auth, "No SASL username set", ""); |
28a76be8 | 183 | return -1; |
2f9606b3 | 184 | } |
2f9606b3 | 185 | |
7267c094 | 186 | vs->sasl.username = g_strdup((const char*)val); |
7364dbda | 187 | trace_vnc_auth_sasl_username(vs, vs->sasl.username); |
2f9606b3 | 188 | |
b76806d4 | 189 | if (vs->vd->sasl.authzid == NULL) { |
7364dbda | 190 | trace_vnc_auth_sasl_acl(vs, 1); |
28a76be8 | 191 | return 0; |
76655d6d AL |
192 | } |
193 | ||
b76806d4 DB |
194 | allow = qauthz_is_allowed_by_id(vs->vd->sasl.authzid, |
195 | vs->sasl.username, &err); | |
196 | if (err) { | |
197 | trace_vnc_auth_fail(vs, vs->auth, "Error from authz", | |
198 | error_get_pretty(err)); | |
199 | error_free(err); | |
200 | return -1; | |
201 | } | |
76655d6d | 202 | |
7364dbda | 203 | trace_vnc_auth_sasl_acl(vs, allow); |
76655d6d | 204 | return allow ? 0 : -1; |
2f9606b3 AL |
205 | } |
206 | ||
207 | static int vnc_auth_sasl_check_ssf(VncState *vs) | |
208 | { | |
209 | const void *val; | |
210 | int err, ssf; | |
211 | ||
212 | if (!vs->sasl.wantSSF) | |
28a76be8 | 213 | return 1; |
2f9606b3 AL |
214 | |
215 | err = sasl_getprop(vs->sasl.conn, SASL_SSF, &val); | |
216 | if (err != SASL_OK) | |
28a76be8 | 217 | return 0; |
2f9606b3 AL |
218 | |
219 | ssf = *(const int *)val; | |
7364dbda DB |
220 | |
221 | trace_vnc_auth_sasl_ssf(vs, ssf); | |
222 | ||
2f9606b3 | 223 | if (ssf < 56) |
28a76be8 | 224 | return 0; /* 56 is good for Kerberos */ |
2f9606b3 AL |
225 | |
226 | /* Only setup for read initially, because we're about to send an RPC | |
227 | * reply which must be in plain text. When the next incoming RPC | |
228 | * arrives, we'll switch on writes too | |
229 | * | |
230 | * cf qemudClientReadSASL in qemud.c | |
231 | */ | |
232 | vs->sasl.runSSF = 1; | |
233 | ||
234 | /* We have a SSF that's good enough */ | |
235 | return 1; | |
236 | } | |
237 | ||
238 | /* | |
239 | * Step Msg | |
240 | * | |
241 | * Input from client: | |
242 | * | |
243 | * u32 clientin-length | |
244 | * u8-array clientin-string | |
245 | * | |
246 | * Output to client: | |
247 | * | |
248 | * u32 serverout-length | |
249 | * u8-array serverout-strin | |
250 | * u8 continue | |
251 | */ | |
252 | ||
253 | static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len); | |
254 | ||
255 | static int protocol_client_auth_sasl_step(VncState *vs, uint8_t *data, size_t len) | |
256 | { | |
257 | uint32_t datalen = len; | |
258 | const char *serverout; | |
259 | unsigned int serveroutlen; | |
260 | int err; | |
261 | char *clientdata = NULL; | |
262 | ||
263 | /* NB, distinction of NULL vs "" is *critical* in SASL */ | |
264 | if (datalen) { | |
28a76be8 AL |
265 | clientdata = (char*)data; |
266 | clientdata[datalen-1] = '\0'; /* Wire includes '\0', but make sure */ | |
267 | datalen--; /* Don't count NULL byte when passing to _start() */ | |
2f9606b3 AL |
268 | } |
269 | ||
2f9606b3 | 270 | err = sasl_server_step(vs->sasl.conn, |
28a76be8 AL |
271 | clientdata, |
272 | datalen, | |
273 | &serverout, | |
274 | &serveroutlen); | |
7364dbda | 275 | trace_vnc_auth_sasl_step(vs, data, len, serverout, serveroutlen, err); |
2f9606b3 | 276 | if (err != SASL_OK && |
28a76be8 | 277 | err != SASL_CONTINUE) { |
7364dbda DB |
278 | trace_vnc_auth_fail(vs, vs->auth, "Cannot step SASL auth", |
279 | sasl_errdetail(vs->sasl.conn)); | |
28a76be8 AL |
280 | sasl_dispose(&vs->sasl.conn); |
281 | vs->sasl.conn = NULL; | |
282 | goto authabort; | |
2f9606b3 AL |
283 | } |
284 | ||
285 | if (serveroutlen > SASL_DATA_MAX_LEN) { | |
7364dbda | 286 | trace_vnc_auth_fail(vs, vs->auth, "SASL data too long", ""); |
28a76be8 AL |
287 | sasl_dispose(&vs->sasl.conn); |
288 | vs->sasl.conn = NULL; | |
289 | goto authabort; | |
2f9606b3 AL |
290 | } |
291 | ||
2f9606b3 | 292 | if (serveroutlen) { |
28a76be8 AL |
293 | vnc_write_u32(vs, serveroutlen + 1); |
294 | vnc_write(vs, serverout, serveroutlen + 1); | |
2f9606b3 | 295 | } else { |
28a76be8 | 296 | vnc_write_u32(vs, 0); |
2f9606b3 AL |
297 | } |
298 | ||
299 | /* Whether auth is complete */ | |
300 | vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1); | |
301 | ||
302 | if (err == SASL_CONTINUE) { | |
28a76be8 AL |
303 | /* Wait for step length */ |
304 | vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4); | |
2f9606b3 | 305 | } else { |
28a76be8 | 306 | if (!vnc_auth_sasl_check_ssf(vs)) { |
7364dbda | 307 | trace_vnc_auth_fail(vs, vs->auth, "SASL SSF too weak", ""); |
28a76be8 AL |
308 | goto authreject; |
309 | } | |
310 | ||
75ae7c46 | 311 | /* Check the username access control list */ |
28a76be8 | 312 | if (vnc_auth_sasl_check_access(vs) < 0) { |
28a76be8 AL |
313 | goto authreject; |
314 | } | |
315 | ||
7364dbda | 316 | trace_vnc_auth_pass(vs, vs->auth); |
28a76be8 AL |
317 | vnc_write_u32(vs, 0); /* Accept auth */ |
318 | /* | |
319 | * Delay writing in SSF encoded mode until pending output | |
320 | * buffer is written | |
321 | */ | |
322 | if (vs->sasl.runSSF) | |
323 | vs->sasl.waitWriteSSF = vs->output.offset; | |
324 | start_client_init(vs); | |
2f9606b3 AL |
325 | } |
326 | ||
327 | return 0; | |
328 | ||
329 | authreject: | |
330 | vnc_write_u32(vs, 1); /* Reject auth */ | |
331 | vnc_write_u32(vs, sizeof("Authentication failed")); | |
332 | vnc_write(vs, "Authentication failed", sizeof("Authentication failed")); | |
333 | vnc_flush(vs); | |
334 | vnc_client_error(vs); | |
335 | return -1; | |
336 | ||
337 | authabort: | |
338 | vnc_client_error(vs); | |
339 | return -1; | |
340 | } | |
341 | ||
342 | static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len) | |
343 | { | |
344 | uint32_t steplen = read_u32(data, 0); | |
7364dbda | 345 | |
2f9606b3 | 346 | if (steplen > SASL_DATA_MAX_LEN) { |
7364dbda | 347 | trace_vnc_auth_fail(vs, vs->auth, "SASL step len too large", ""); |
28a76be8 AL |
348 | vnc_client_error(vs); |
349 | return -1; | |
2f9606b3 AL |
350 | } |
351 | ||
352 | if (steplen == 0) | |
28a76be8 | 353 | return protocol_client_auth_sasl_step(vs, NULL, 0); |
2f9606b3 | 354 | else |
28a76be8 | 355 | vnc_read_when(vs, protocol_client_auth_sasl_step, steplen); |
2f9606b3 AL |
356 | return 0; |
357 | } | |
358 | ||
359 | /* | |
360 | * Start Msg | |
361 | * | |
362 | * Input from client: | |
363 | * | |
364 | * u32 clientin-length | |
365 | * u8-array clientin-string | |
366 | * | |
367 | * Output to client: | |
368 | * | |
369 | * u32 serverout-length | |
370 | * u8-array serverout-strin | |
371 | * u8 continue | |
372 | */ | |
373 | ||
374 | #define SASL_DATA_MAX_LEN (1024 * 1024) | |
375 | ||
376 | static int protocol_client_auth_sasl_start(VncState *vs, uint8_t *data, size_t len) | |
377 | { | |
378 | uint32_t datalen = len; | |
379 | const char *serverout; | |
380 | unsigned int serveroutlen; | |
381 | int err; | |
382 | char *clientdata = NULL; | |
383 | ||
384 | /* NB, distinction of NULL vs "" is *critical* in SASL */ | |
385 | if (datalen) { | |
28a76be8 AL |
386 | clientdata = (char*)data; |
387 | clientdata[datalen-1] = '\0'; /* Should be on wire, but make sure */ | |
388 | datalen--; /* Don't count NULL byte when passing to _start() */ | |
2f9606b3 AL |
389 | } |
390 | ||
2f9606b3 | 391 | err = sasl_server_start(vs->sasl.conn, |
28a76be8 AL |
392 | vs->sasl.mechlist, |
393 | clientdata, | |
394 | datalen, | |
395 | &serverout, | |
396 | &serveroutlen); | |
7364dbda | 397 | trace_vnc_auth_sasl_start(vs, data, len, serverout, serveroutlen, err); |
2f9606b3 | 398 | if (err != SASL_OK && |
28a76be8 | 399 | err != SASL_CONTINUE) { |
7364dbda DB |
400 | trace_vnc_auth_fail(vs, vs->auth, "Cannot start SASL auth", |
401 | sasl_errdetail(vs->sasl.conn)); | |
28a76be8 AL |
402 | sasl_dispose(&vs->sasl.conn); |
403 | vs->sasl.conn = NULL; | |
404 | goto authabort; | |
2f9606b3 AL |
405 | } |
406 | if (serveroutlen > SASL_DATA_MAX_LEN) { | |
7364dbda | 407 | trace_vnc_auth_fail(vs, vs->auth, "SASL data too long", ""); |
28a76be8 AL |
408 | sasl_dispose(&vs->sasl.conn); |
409 | vs->sasl.conn = NULL; | |
410 | goto authabort; | |
2f9606b3 AL |
411 | } |
412 | ||
2f9606b3 | 413 | if (serveroutlen) { |
28a76be8 AL |
414 | vnc_write_u32(vs, serveroutlen + 1); |
415 | vnc_write(vs, serverout, serveroutlen + 1); | |
2f9606b3 | 416 | } else { |
28a76be8 | 417 | vnc_write_u32(vs, 0); |
2f9606b3 AL |
418 | } |
419 | ||
420 | /* Whether auth is complete */ | |
421 | vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1); | |
422 | ||
423 | if (err == SASL_CONTINUE) { | |
28a76be8 AL |
424 | /* Wait for step length */ |
425 | vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4); | |
2f9606b3 | 426 | } else { |
28a76be8 | 427 | if (!vnc_auth_sasl_check_ssf(vs)) { |
7364dbda | 428 | trace_vnc_auth_fail(vs, vs->auth, "SASL SSF too weak", ""); |
28a76be8 AL |
429 | goto authreject; |
430 | } | |
431 | ||
75ae7c46 | 432 | /* Check the username access control list */ |
28a76be8 | 433 | if (vnc_auth_sasl_check_access(vs) < 0) { |
28a76be8 AL |
434 | goto authreject; |
435 | } | |
436 | ||
7364dbda | 437 | trace_vnc_auth_pass(vs, vs->auth); |
28a76be8 AL |
438 | vnc_write_u32(vs, 0); /* Accept auth */ |
439 | start_client_init(vs); | |
2f9606b3 AL |
440 | } |
441 | ||
442 | return 0; | |
443 | ||
444 | authreject: | |
445 | vnc_write_u32(vs, 1); /* Reject auth */ | |
446 | vnc_write_u32(vs, sizeof("Authentication failed")); | |
447 | vnc_write(vs, "Authentication failed", sizeof("Authentication failed")); | |
448 | vnc_flush(vs); | |
449 | vnc_client_error(vs); | |
450 | return -1; | |
451 | ||
452 | authabort: | |
453 | vnc_client_error(vs); | |
454 | return -1; | |
455 | } | |
456 | ||
457 | static int protocol_client_auth_sasl_start_len(VncState *vs, uint8_t *data, size_t len) | |
458 | { | |
459 | uint32_t startlen = read_u32(data, 0); | |
7364dbda | 460 | |
2f9606b3 | 461 | if (startlen > SASL_DATA_MAX_LEN) { |
7364dbda | 462 | trace_vnc_auth_fail(vs, vs->auth, "SASL start len too large", ""); |
28a76be8 AL |
463 | vnc_client_error(vs); |
464 | return -1; | |
2f9606b3 AL |
465 | } |
466 | ||
467 | if (startlen == 0) | |
28a76be8 | 468 | return protocol_client_auth_sasl_start(vs, NULL, 0); |
2f9606b3 AL |
469 | |
470 | vnc_read_when(vs, protocol_client_auth_sasl_start, startlen); | |
471 | return 0; | |
472 | } | |
473 | ||
474 | static int protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_t len) | |
475 | { | |
5847d9e1 | 476 | char *mechname = g_strndup((const char *) data, len); |
7364dbda | 477 | trace_vnc_auth_sasl_mech_choose(vs, mechname); |
2f9606b3 AL |
478 | |
479 | if (strncmp(vs->sasl.mechlist, mechname, len) == 0) { | |
28a76be8 AL |
480 | if (vs->sasl.mechlist[len] != '\0' && |
481 | vs->sasl.mechlist[len] != ',') { | |
8ce7d352 | 482 | goto fail; |
28a76be8 | 483 | } |
2f9606b3 | 484 | } else { |
28a76be8 | 485 | char *offset = strstr(vs->sasl.mechlist, mechname); |
28a76be8 | 486 | if (!offset) { |
8ce7d352 | 487 | goto fail; |
28a76be8 | 488 | } |
28a76be8 AL |
489 | if (offset[-1] != ',' || |
490 | (offset[len] != '\0'&& | |
491 | offset[len] != ',')) { | |
8ce7d352 | 492 | goto fail; |
28a76be8 | 493 | } |
2f9606b3 AL |
494 | } |
495 | ||
302d9d6f | 496 | g_free(vs->sasl.mechlist); |
2f9606b3 AL |
497 | vs->sasl.mechlist = mechname; |
498 | ||
2f9606b3 AL |
499 | vnc_read_when(vs, protocol_client_auth_sasl_start_len, 4); |
500 | return 0; | |
8ce7d352 BS |
501 | |
502 | fail: | |
7364dbda | 503 | trace_vnc_auth_fail(vs, vs->auth, "Unsupported mechname", mechname); |
8ce7d352 | 504 | vnc_client_error(vs); |
302d9d6f | 505 | g_free(mechname); |
8ce7d352 | 506 | return -1; |
2f9606b3 AL |
507 | } |
508 | ||
509 | static int protocol_client_auth_sasl_mechname_len(VncState *vs, uint8_t *data, size_t len) | |
510 | { | |
511 | uint32_t mechlen = read_u32(data, 0); | |
7364dbda | 512 | |
2f9606b3 | 513 | if (mechlen > 100) { |
7364dbda | 514 | trace_vnc_auth_fail(vs, vs->auth, "SASL mechname too long", ""); |
28a76be8 AL |
515 | vnc_client_error(vs); |
516 | return -1; | |
2f9606b3 AL |
517 | } |
518 | if (mechlen < 1) { | |
7364dbda | 519 | trace_vnc_auth_fail(vs, vs->auth, "SASL mechname too short", ""); |
28a76be8 AL |
520 | vnc_client_error(vs); |
521 | return -1; | |
2f9606b3 AL |
522 | } |
523 | vnc_read_when(vs, protocol_client_auth_sasl_mechname,mechlen); | |
524 | return 0; | |
525 | } | |
526 | ||
04d2529d DB |
527 | static char * |
528 | vnc_socket_ip_addr_string(QIOChannelSocket *ioc, | |
529 | bool local, | |
530 | Error **errp) | |
531 | { | |
bd269ebc | 532 | SocketAddress *addr; |
04d2529d DB |
533 | char *ret; |
534 | ||
535 | if (local) { | |
536 | addr = qio_channel_socket_get_local_address(ioc, errp); | |
537 | } else { | |
538 | addr = qio_channel_socket_get_remote_address(ioc, errp); | |
539 | } | |
540 | if (!addr) { | |
541 | return NULL; | |
542 | } | |
543 | ||
bd269ebc | 544 | if (addr->type != SOCKET_ADDRESS_TYPE_INET) { |
04d2529d | 545 | error_setg(errp, "Not an inet socket type"); |
7791acaf | 546 | qapi_free_SocketAddress(addr); |
04d2529d DB |
547 | return NULL; |
548 | } | |
bd269ebc MA |
549 | ret = g_strdup_printf("%s;%s", addr->u.inet.host, addr->u.inet.port); |
550 | qapi_free_SocketAddress(addr); | |
04d2529d DB |
551 | return ret; |
552 | } | |
553 | ||
2f9606b3 AL |
554 | void start_auth_sasl(VncState *vs) |
555 | { | |
556 | const char *mechlist = NULL; | |
557 | sasl_security_properties_t secprops; | |
558 | int err; | |
7364dbda | 559 | Error *local_err = NULL; |
2f9606b3 AL |
560 | char *localAddr, *remoteAddr; |
561 | int mechlistlen; | |
562 | ||
2f9606b3 | 563 | /* Get local & remote client addresses in form IPADDR;PORT */ |
7364dbda | 564 | localAddr = vnc_socket_ip_addr_string(vs->sioc, true, &local_err); |
04d2529d | 565 | if (!localAddr) { |
7364dbda DB |
566 | trace_vnc_auth_fail(vs, vs->auth, "Cannot format local IP", |
567 | error_get_pretty(local_err)); | |
28a76be8 | 568 | goto authabort; |
04d2529d | 569 | } |
2f9606b3 | 570 | |
7364dbda | 571 | remoteAddr = vnc_socket_ip_addr_string(vs->sioc, false, &local_err); |
04d2529d | 572 | if (!remoteAddr) { |
7364dbda DB |
573 | trace_vnc_auth_fail(vs, vs->auth, "Cannot format remote IP", |
574 | error_get_pretty(local_err)); | |
ae878b17 | 575 | g_free(localAddr); |
28a76be8 | 576 | goto authabort; |
2f9606b3 AL |
577 | } |
578 | ||
579 | err = sasl_server_new("vnc", | |
28a76be8 AL |
580 | NULL, /* FQDN - just delegates to gethostname */ |
581 | NULL, /* User realm */ | |
582 | localAddr, | |
583 | remoteAddr, | |
584 | NULL, /* Callbacks, not needed */ | |
585 | SASL_SUCCESS_DATA, | |
586 | &vs->sasl.conn); | |
ae878b17 SW |
587 | g_free(localAddr); |
588 | g_free(remoteAddr); | |
2f9606b3 AL |
589 | localAddr = remoteAddr = NULL; |
590 | ||
591 | if (err != SASL_OK) { | |
7364dbda DB |
592 | trace_vnc_auth_fail(vs, vs->auth, "SASL context setup failed", |
593 | sasl_errstring(err, NULL, NULL)); | |
28a76be8 AL |
594 | vs->sasl.conn = NULL; |
595 | goto authabort; | |
2f9606b3 AL |
596 | } |
597 | ||
2f9606b3 | 598 | /* Inform SASL that we've got an external SSF layer from TLS/x509 */ |
7e7e2ebc DB |
599 | if (vs->auth == VNC_AUTH_VENCRYPT && |
600 | vs->subauth == VNC_AUTH_VENCRYPT_X509SASL) { | |
3e305e4a | 601 | int keysize; |
28a76be8 AL |
602 | sasl_ssf_t ssf; |
603 | ||
3e305e4a DB |
604 | keysize = qcrypto_tls_session_get_key_size(vs->tls, |
605 | &local_err); | |
606 | if (keysize < 0) { | |
7364dbda DB |
607 | trace_vnc_auth_fail(vs, vs->auth, "cannot TLS get cipher size", |
608 | error_get_pretty(local_err)); | |
28a76be8 AL |
609 | sasl_dispose(&vs->sasl.conn); |
610 | vs->sasl.conn = NULL; | |
611 | goto authabort; | |
612 | } | |
3e305e4a | 613 | ssf = keysize * CHAR_BIT; /* tls key size is bytes, sasl wants bits */ |
28a76be8 AL |
614 | |
615 | err = sasl_setprop(vs->sasl.conn, SASL_SSF_EXTERNAL, &ssf); | |
616 | if (err != SASL_OK) { | |
7364dbda DB |
617 | trace_vnc_auth_fail(vs, vs->auth, "cannot set SASL external SSF", |
618 | sasl_errstring(err, NULL, NULL)); | |
28a76be8 AL |
619 | sasl_dispose(&vs->sasl.conn); |
620 | vs->sasl.conn = NULL; | |
621 | goto authabort; | |
622 | } | |
3e305e4a | 623 | } else { |
28a76be8 | 624 | vs->sasl.wantSSF = 1; |
3e305e4a | 625 | } |
2f9606b3 AL |
626 | |
627 | memset (&secprops, 0, sizeof secprops); | |
3e305e4a DB |
628 | /* Inform SASL that we've got an external SSF layer from TLS. |
629 | * | |
630 | * Disable SSF, if using TLS+x509+SASL only. TLS without x509 | |
631 | * is not sufficiently strong | |
632 | */ | |
633 | if (vs->vd->is_unix || | |
634 | (vs->auth == VNC_AUTH_VENCRYPT && | |
635 | vs->subauth == VNC_AUTH_VENCRYPT_X509SASL)) { | |
28a76be8 AL |
636 | /* If we've got TLS or UNIX domain sock, we don't care about SSF */ |
637 | secprops.min_ssf = 0; | |
638 | secprops.max_ssf = 0; | |
639 | secprops.maxbufsize = 8192; | |
640 | secprops.security_flags = 0; | |
2f9606b3 | 641 | } else { |
28a76be8 AL |
642 | /* Plain TCP, better get an SSF layer */ |
643 | secprops.min_ssf = 56; /* Good enough to require kerberos */ | |
644 | secprops.max_ssf = 100000; /* Arbitrary big number */ | |
645 | secprops.maxbufsize = 8192; | |
646 | /* Forbid any anonymous or trivially crackable auth */ | |
647 | secprops.security_flags = | |
648 | SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT; | |
2f9606b3 AL |
649 | } |
650 | ||
651 | err = sasl_setprop(vs->sasl.conn, SASL_SEC_PROPS, &secprops); | |
652 | if (err != SASL_OK) { | |
7364dbda DB |
653 | trace_vnc_auth_fail(vs, vs->auth, "cannot set SASL security props", |
654 | sasl_errstring(err, NULL, NULL)); | |
28a76be8 AL |
655 | sasl_dispose(&vs->sasl.conn); |
656 | vs->sasl.conn = NULL; | |
657 | goto authabort; | |
2f9606b3 AL |
658 | } |
659 | ||
660 | err = sasl_listmech(vs->sasl.conn, | |
28a76be8 AL |
661 | NULL, /* Don't need to set user */ |
662 | "", /* Prefix */ | |
663 | ",", /* Separator */ | |
664 | "", /* Suffix */ | |
665 | &mechlist, | |
666 | NULL, | |
667 | NULL); | |
2f9606b3 | 668 | if (err != SASL_OK) { |
7364dbda DB |
669 | trace_vnc_auth_fail(vs, vs->auth, "cannot list SASL mechanisms", |
670 | sasl_errdetail(vs->sasl.conn)); | |
28a76be8 AL |
671 | sasl_dispose(&vs->sasl.conn); |
672 | vs->sasl.conn = NULL; | |
673 | goto authabort; | |
2f9606b3 | 674 | } |
7364dbda | 675 | trace_vnc_auth_sasl_mech_list(vs, mechlist); |
2f9606b3 | 676 | |
302d9d6f | 677 | vs->sasl.mechlist = g_strdup(mechlist); |
2f9606b3 AL |
678 | mechlistlen = strlen(mechlist); |
679 | vnc_write_u32(vs, mechlistlen); | |
680 | vnc_write(vs, mechlist, mechlistlen); | |
681 | vnc_flush(vs); | |
682 | ||
2f9606b3 AL |
683 | vnc_read_when(vs, protocol_client_auth_sasl_mechname_len, 4); |
684 | ||
685 | return; | |
686 | ||
687 | authabort: | |
7364dbda | 688 | error_free(local_err); |
2f9606b3 | 689 | vnc_client_error(vs); |
2f9606b3 AL |
690 | } |
691 | ||
692 |