]>
Commit | Line | Data |
---|---|---|
2f9606b3 AL |
1 | /* |
2 | * QEMU VNC display driver: SASL auth protocol | |
3 | * | |
4 | * Copyright (C) 2009 Red Hat, Inc | |
5 | * | |
6 | * Permission is hereby granted, free of charge, to any person obtaining a copy | |
7 | * of this software and associated documentation files (the "Software"), to deal | |
8 | * in the Software without restriction, including without limitation the rights | |
9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
10 | * copies of the Software, and to permit persons to whom the Software is | |
11 | * furnished to do so, subject to the following conditions: | |
12 | * | |
13 | * The above copyright notice and this permission notice shall be included in | |
14 | * all copies or substantial portions of the Software. | |
15 | * | |
16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | |
19 | * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
22 | * THE SOFTWARE. | |
23 | */ | |
24 | ||
e16f4c87 | 25 | #include "qemu/osdep.h" |
2f9606b3 AL |
26 | #include "vnc.h" |
27 | ||
28 | /* Max amount of data we send/recv for SASL steps to prevent DOS */ | |
29 | #define SASL_DATA_MAX_LEN (1024 * 1024) | |
30 | ||
31 | ||
32 | void vnc_sasl_client_cleanup(VncState *vs) | |
33 | { | |
34 | if (vs->sasl.conn) { | |
ee032ca1 SW |
35 | vs->sasl.runSSF = false; |
36 | vs->sasl.wantSSF = false; | |
37 | vs->sasl.waitWriteSSF = 0; | |
28a76be8 AL |
38 | vs->sasl.encodedLength = vs->sasl.encodedOffset = 0; |
39 | vs->sasl.encoded = NULL; | |
ae878b17 | 40 | g_free(vs->sasl.username); |
302d9d6f | 41 | g_free(vs->sasl.mechlist); |
28a76be8 AL |
42 | vs->sasl.username = vs->sasl.mechlist = NULL; |
43 | sasl_dispose(&vs->sasl.conn); | |
44 | vs->sasl.conn = NULL; | |
2f9606b3 AL |
45 | } |
46 | } | |
47 | ||
48 | ||
49 | long vnc_client_write_sasl(VncState *vs) | |
50 | { | |
51 | long ret; | |
52 | ||
bc47d201 CC |
53 | VNC_DEBUG("Write SASL: Pending output %p size %zd offset %zd " |
54 | "Encoded: %p size %d offset %d\n", | |
28a76be8 AL |
55 | vs->output.buffer, vs->output.capacity, vs->output.offset, |
56 | vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset); | |
2f9606b3 AL |
57 | |
58 | if (!vs->sasl.encoded) { | |
28a76be8 AL |
59 | int err; |
60 | err = sasl_encode(vs->sasl.conn, | |
61 | (char *)vs->output.buffer, | |
62 | vs->output.offset, | |
63 | (const char **)&vs->sasl.encoded, | |
64 | &vs->sasl.encodedLength); | |
65 | if (err != SASL_OK) | |
04d2529d | 66 | return vnc_client_io_error(vs, -1, NULL); |
28a76be8 AL |
67 | |
68 | vs->sasl.encodedOffset = 0; | |
2f9606b3 AL |
69 | } |
70 | ||
71 | ret = vnc_client_write_buf(vs, | |
28a76be8 AL |
72 | vs->sasl.encoded + vs->sasl.encodedOffset, |
73 | vs->sasl.encodedLength - vs->sasl.encodedOffset); | |
2f9606b3 | 74 | if (!ret) |
28a76be8 | 75 | return 0; |
2f9606b3 AL |
76 | |
77 | vs->sasl.encodedOffset += ret; | |
78 | if (vs->sasl.encodedOffset == vs->sasl.encodedLength) { | |
28a76be8 AL |
79 | vs->output.offset = 0; |
80 | vs->sasl.encoded = NULL; | |
81 | vs->sasl.encodedOffset = vs->sasl.encodedLength = 0; | |
2f9606b3 AL |
82 | } |
83 | ||
84 | /* Can't merge this block with one above, because | |
85 | * someone might have written more unencrypted | |
86 | * data in vs->output while we were processing | |
87 | * SASL encoded output | |
88 | */ | |
89 | if (vs->output.offset == 0) { | |
04d2529d DB |
90 | if (vs->ioc_tag) { |
91 | g_source_remove(vs->ioc_tag); | |
92 | } | |
93 | vs->ioc_tag = qio_channel_add_watch( | |
94 | vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); | |
2f9606b3 AL |
95 | } |
96 | ||
97 | return ret; | |
98 | } | |
99 | ||
100 | ||
101 | long vnc_client_read_sasl(VncState *vs) | |
102 | { | |
103 | long ret; | |
104 | uint8_t encoded[4096]; | |
105 | const char *decoded; | |
106 | unsigned int decodedLen; | |
107 | int err; | |
108 | ||
109 | ret = vnc_client_read_buf(vs, encoded, sizeof(encoded)); | |
110 | if (!ret) | |
28a76be8 | 111 | return 0; |
2f9606b3 AL |
112 | |
113 | err = sasl_decode(vs->sasl.conn, | |
28a76be8 AL |
114 | (char *)encoded, ret, |
115 | &decoded, &decodedLen); | |
2f9606b3 AL |
116 | |
117 | if (err != SASL_OK) | |
04d2529d | 118 | return vnc_client_io_error(vs, -1, NULL); |
2f9606b3 | 119 | VNC_DEBUG("Read SASL Encoded %p size %ld Decoded %p size %d\n", |
28a76be8 | 120 | encoded, ret, decoded, decodedLen); |
2f9606b3 AL |
121 | buffer_reserve(&vs->input, decodedLen); |
122 | buffer_append(&vs->input, decoded, decodedLen); | |
123 | return decodedLen; | |
124 | } | |
125 | ||
126 | ||
127 | static int vnc_auth_sasl_check_access(VncState *vs) | |
128 | { | |
129 | const void *val; | |
130 | int err; | |
76655d6d | 131 | int allow; |
2f9606b3 AL |
132 | |
133 | err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val); | |
134 | if (err != SASL_OK) { | |
28a76be8 AL |
135 | VNC_DEBUG("cannot query SASL username on connection %d (%s), denying access\n", |
136 | err, sasl_errstring(err, NULL, NULL)); | |
137 | return -1; | |
2f9606b3 AL |
138 | } |
139 | if (val == NULL) { | |
28a76be8 AL |
140 | VNC_DEBUG("no client username was found, denying access\n"); |
141 | return -1; | |
2f9606b3 AL |
142 | } |
143 | VNC_DEBUG("SASL client username %s\n", (const char *)val); | |
144 | ||
7267c094 | 145 | vs->sasl.username = g_strdup((const char*)val); |
2f9606b3 | 146 | |
76655d6d | 147 | if (vs->vd->sasl.acl == NULL) { |
28a76be8 AL |
148 | VNC_DEBUG("no ACL activated, allowing access\n"); |
149 | return 0; | |
76655d6d AL |
150 | } |
151 | ||
152 | allow = qemu_acl_party_is_allowed(vs->vd->sasl.acl, vs->sasl.username); | |
153 | ||
154 | VNC_DEBUG("SASL client %s %s by ACL\n", vs->sasl.username, | |
28a76be8 | 155 | allow ? "allowed" : "denied"); |
76655d6d | 156 | return allow ? 0 : -1; |
2f9606b3 AL |
157 | } |
158 | ||
159 | static int vnc_auth_sasl_check_ssf(VncState *vs) | |
160 | { | |
161 | const void *val; | |
162 | int err, ssf; | |
163 | ||
164 | if (!vs->sasl.wantSSF) | |
28a76be8 | 165 | return 1; |
2f9606b3 AL |
166 | |
167 | err = sasl_getprop(vs->sasl.conn, SASL_SSF, &val); | |
168 | if (err != SASL_OK) | |
28a76be8 | 169 | return 0; |
2f9606b3 AL |
170 | |
171 | ssf = *(const int *)val; | |
172 | VNC_DEBUG("negotiated an SSF of %d\n", ssf); | |
173 | if (ssf < 56) | |
28a76be8 | 174 | return 0; /* 56 is good for Kerberos */ |
2f9606b3 AL |
175 | |
176 | /* Only setup for read initially, because we're about to send an RPC | |
177 | * reply which must be in plain text. When the next incoming RPC | |
178 | * arrives, we'll switch on writes too | |
179 | * | |
180 | * cf qemudClientReadSASL in qemud.c | |
181 | */ | |
182 | vs->sasl.runSSF = 1; | |
183 | ||
184 | /* We have a SSF that's good enough */ | |
185 | return 1; | |
186 | } | |
187 | ||
188 | /* | |
189 | * Step Msg | |
190 | * | |
191 | * Input from client: | |
192 | * | |
193 | * u32 clientin-length | |
194 | * u8-array clientin-string | |
195 | * | |
196 | * Output to client: | |
197 | * | |
198 | * u32 serverout-length | |
199 | * u8-array serverout-strin | |
200 | * u8 continue | |
201 | */ | |
202 | ||
203 | static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len); | |
204 | ||
205 | static int protocol_client_auth_sasl_step(VncState *vs, uint8_t *data, size_t len) | |
206 | { | |
207 | uint32_t datalen = len; | |
208 | const char *serverout; | |
209 | unsigned int serveroutlen; | |
210 | int err; | |
211 | char *clientdata = NULL; | |
212 | ||
213 | /* NB, distinction of NULL vs "" is *critical* in SASL */ | |
214 | if (datalen) { | |
28a76be8 AL |
215 | clientdata = (char*)data; |
216 | clientdata[datalen-1] = '\0'; /* Wire includes '\0', but make sure */ | |
217 | datalen--; /* Don't count NULL byte when passing to _start() */ | |
2f9606b3 AL |
218 | } |
219 | ||
220 | VNC_DEBUG("Step using SASL Data %p (%d bytes)\n", | |
28a76be8 | 221 | clientdata, datalen); |
2f9606b3 | 222 | err = sasl_server_step(vs->sasl.conn, |
28a76be8 AL |
223 | clientdata, |
224 | datalen, | |
225 | &serverout, | |
226 | &serveroutlen); | |
2f9606b3 | 227 | if (err != SASL_OK && |
28a76be8 AL |
228 | err != SASL_CONTINUE) { |
229 | VNC_DEBUG("sasl step failed %d (%s)\n", | |
230 | err, sasl_errdetail(vs->sasl.conn)); | |
231 | sasl_dispose(&vs->sasl.conn); | |
232 | vs->sasl.conn = NULL; | |
233 | goto authabort; | |
2f9606b3 AL |
234 | } |
235 | ||
236 | if (serveroutlen > SASL_DATA_MAX_LEN) { | |
28a76be8 AL |
237 | VNC_DEBUG("sasl step reply data too long %d\n", |
238 | serveroutlen); | |
239 | sasl_dispose(&vs->sasl.conn); | |
240 | vs->sasl.conn = NULL; | |
241 | goto authabort; | |
2f9606b3 AL |
242 | } |
243 | ||
244 | VNC_DEBUG("SASL return data %d bytes, nil; %d\n", | |
28a76be8 | 245 | serveroutlen, serverout ? 0 : 1); |
2f9606b3 AL |
246 | |
247 | if (serveroutlen) { | |
28a76be8 AL |
248 | vnc_write_u32(vs, serveroutlen + 1); |
249 | vnc_write(vs, serverout, serveroutlen + 1); | |
2f9606b3 | 250 | } else { |
28a76be8 | 251 | vnc_write_u32(vs, 0); |
2f9606b3 AL |
252 | } |
253 | ||
254 | /* Whether auth is complete */ | |
255 | vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1); | |
256 | ||
257 | if (err == SASL_CONTINUE) { | |
28a76be8 AL |
258 | VNC_DEBUG("%s", "Authentication must continue\n"); |
259 | /* Wait for step length */ | |
260 | vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4); | |
2f9606b3 | 261 | } else { |
28a76be8 | 262 | if (!vnc_auth_sasl_check_ssf(vs)) { |
04d2529d | 263 | VNC_DEBUG("Authentication rejected for weak SSF %p\n", vs->ioc); |
28a76be8 AL |
264 | goto authreject; |
265 | } | |
266 | ||
267 | /* Check username whitelist ACL */ | |
268 | if (vnc_auth_sasl_check_access(vs) < 0) { | |
04d2529d | 269 | VNC_DEBUG("Authentication rejected for ACL %p\n", vs->ioc); |
28a76be8 AL |
270 | goto authreject; |
271 | } | |
272 | ||
04d2529d | 273 | VNC_DEBUG("Authentication successful %p\n", vs->ioc); |
28a76be8 AL |
274 | vnc_write_u32(vs, 0); /* Accept auth */ |
275 | /* | |
276 | * Delay writing in SSF encoded mode until pending output | |
277 | * buffer is written | |
278 | */ | |
279 | if (vs->sasl.runSSF) | |
280 | vs->sasl.waitWriteSSF = vs->output.offset; | |
281 | start_client_init(vs); | |
2f9606b3 AL |
282 | } |
283 | ||
284 | return 0; | |
285 | ||
286 | authreject: | |
287 | vnc_write_u32(vs, 1); /* Reject auth */ | |
288 | vnc_write_u32(vs, sizeof("Authentication failed")); | |
289 | vnc_write(vs, "Authentication failed", sizeof("Authentication failed")); | |
290 | vnc_flush(vs); | |
291 | vnc_client_error(vs); | |
292 | return -1; | |
293 | ||
294 | authabort: | |
295 | vnc_client_error(vs); | |
296 | return -1; | |
297 | } | |
298 | ||
299 | static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len) | |
300 | { | |
301 | uint32_t steplen = read_u32(data, 0); | |
302 | VNC_DEBUG("Got client step len %d\n", steplen); | |
303 | if (steplen > SASL_DATA_MAX_LEN) { | |
28a76be8 AL |
304 | VNC_DEBUG("Too much SASL data %d\n", steplen); |
305 | vnc_client_error(vs); | |
306 | return -1; | |
2f9606b3 AL |
307 | } |
308 | ||
309 | if (steplen == 0) | |
28a76be8 | 310 | return protocol_client_auth_sasl_step(vs, NULL, 0); |
2f9606b3 | 311 | else |
28a76be8 | 312 | vnc_read_when(vs, protocol_client_auth_sasl_step, steplen); |
2f9606b3 AL |
313 | return 0; |
314 | } | |
315 | ||
316 | /* | |
317 | * Start Msg | |
318 | * | |
319 | * Input from client: | |
320 | * | |
321 | * u32 clientin-length | |
322 | * u8-array clientin-string | |
323 | * | |
324 | * Output to client: | |
325 | * | |
326 | * u32 serverout-length | |
327 | * u8-array serverout-strin | |
328 | * u8 continue | |
329 | */ | |
330 | ||
331 | #define SASL_DATA_MAX_LEN (1024 * 1024) | |
332 | ||
333 | static int protocol_client_auth_sasl_start(VncState *vs, uint8_t *data, size_t len) | |
334 | { | |
335 | uint32_t datalen = len; | |
336 | const char *serverout; | |
337 | unsigned int serveroutlen; | |
338 | int err; | |
339 | char *clientdata = NULL; | |
340 | ||
341 | /* NB, distinction of NULL vs "" is *critical* in SASL */ | |
342 | if (datalen) { | |
28a76be8 AL |
343 | clientdata = (char*)data; |
344 | clientdata[datalen-1] = '\0'; /* Should be on wire, but make sure */ | |
345 | datalen--; /* Don't count NULL byte when passing to _start() */ | |
2f9606b3 AL |
346 | } |
347 | ||
348 | VNC_DEBUG("Start SASL auth with mechanism %s. Data %p (%d bytes)\n", | |
28a76be8 | 349 | vs->sasl.mechlist, clientdata, datalen); |
2f9606b3 | 350 | err = sasl_server_start(vs->sasl.conn, |
28a76be8 AL |
351 | vs->sasl.mechlist, |
352 | clientdata, | |
353 | datalen, | |
354 | &serverout, | |
355 | &serveroutlen); | |
2f9606b3 | 356 | if (err != SASL_OK && |
28a76be8 AL |
357 | err != SASL_CONTINUE) { |
358 | VNC_DEBUG("sasl start failed %d (%s)\n", | |
359 | err, sasl_errdetail(vs->sasl.conn)); | |
360 | sasl_dispose(&vs->sasl.conn); | |
361 | vs->sasl.conn = NULL; | |
362 | goto authabort; | |
2f9606b3 AL |
363 | } |
364 | if (serveroutlen > SASL_DATA_MAX_LEN) { | |
28a76be8 AL |
365 | VNC_DEBUG("sasl start reply data too long %d\n", |
366 | serveroutlen); | |
367 | sasl_dispose(&vs->sasl.conn); | |
368 | vs->sasl.conn = NULL; | |
369 | goto authabort; | |
2f9606b3 AL |
370 | } |
371 | ||
372 | VNC_DEBUG("SASL return data %d bytes, nil; %d\n", | |
28a76be8 | 373 | serveroutlen, serverout ? 0 : 1); |
2f9606b3 AL |
374 | |
375 | if (serveroutlen) { | |
28a76be8 AL |
376 | vnc_write_u32(vs, serveroutlen + 1); |
377 | vnc_write(vs, serverout, serveroutlen + 1); | |
2f9606b3 | 378 | } else { |
28a76be8 | 379 | vnc_write_u32(vs, 0); |
2f9606b3 AL |
380 | } |
381 | ||
382 | /* Whether auth is complete */ | |
383 | vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1); | |
384 | ||
385 | if (err == SASL_CONTINUE) { | |
28a76be8 AL |
386 | VNC_DEBUG("%s", "Authentication must continue\n"); |
387 | /* Wait for step length */ | |
388 | vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4); | |
2f9606b3 | 389 | } else { |
28a76be8 | 390 | if (!vnc_auth_sasl_check_ssf(vs)) { |
04d2529d | 391 | VNC_DEBUG("Authentication rejected for weak SSF %p\n", vs->ioc); |
28a76be8 AL |
392 | goto authreject; |
393 | } | |
394 | ||
395 | /* Check username whitelist ACL */ | |
396 | if (vnc_auth_sasl_check_access(vs) < 0) { | |
04d2529d | 397 | VNC_DEBUG("Authentication rejected for ACL %p\n", vs->ioc); |
28a76be8 AL |
398 | goto authreject; |
399 | } | |
400 | ||
04d2529d | 401 | VNC_DEBUG("Authentication successful %p\n", vs->ioc); |
28a76be8 AL |
402 | vnc_write_u32(vs, 0); /* Accept auth */ |
403 | start_client_init(vs); | |
2f9606b3 AL |
404 | } |
405 | ||
406 | return 0; | |
407 | ||
408 | authreject: | |
409 | vnc_write_u32(vs, 1); /* Reject auth */ | |
410 | vnc_write_u32(vs, sizeof("Authentication failed")); | |
411 | vnc_write(vs, "Authentication failed", sizeof("Authentication failed")); | |
412 | vnc_flush(vs); | |
413 | vnc_client_error(vs); | |
414 | return -1; | |
415 | ||
416 | authabort: | |
417 | vnc_client_error(vs); | |
418 | return -1; | |
419 | } | |
420 | ||
421 | static int protocol_client_auth_sasl_start_len(VncState *vs, uint8_t *data, size_t len) | |
422 | { | |
423 | uint32_t startlen = read_u32(data, 0); | |
424 | VNC_DEBUG("Got client start len %d\n", startlen); | |
425 | if (startlen > SASL_DATA_MAX_LEN) { | |
28a76be8 AL |
426 | VNC_DEBUG("Too much SASL data %d\n", startlen); |
427 | vnc_client_error(vs); | |
428 | return -1; | |
2f9606b3 AL |
429 | } |
430 | ||
431 | if (startlen == 0) | |
28a76be8 | 432 | return protocol_client_auth_sasl_start(vs, NULL, 0); |
2f9606b3 AL |
433 | |
434 | vnc_read_when(vs, protocol_client_auth_sasl_start, startlen); | |
435 | return 0; | |
436 | } | |
437 | ||
438 | static int protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_t len) | |
439 | { | |
5847d9e1 | 440 | char *mechname = g_strndup((const char *) data, len); |
2f9606b3 | 441 | VNC_DEBUG("Got client mechname '%s' check against '%s'\n", |
28a76be8 | 442 | mechname, vs->sasl.mechlist); |
2f9606b3 AL |
443 | |
444 | if (strncmp(vs->sasl.mechlist, mechname, len) == 0) { | |
28a76be8 AL |
445 | if (vs->sasl.mechlist[len] != '\0' && |
446 | vs->sasl.mechlist[len] != ',') { | |
447 | VNC_DEBUG("One %d", vs->sasl.mechlist[len]); | |
8ce7d352 | 448 | goto fail; |
28a76be8 | 449 | } |
2f9606b3 | 450 | } else { |
28a76be8 AL |
451 | char *offset = strstr(vs->sasl.mechlist, mechname); |
452 | VNC_DEBUG("Two %p\n", offset); | |
453 | if (!offset) { | |
8ce7d352 | 454 | goto fail; |
28a76be8 AL |
455 | } |
456 | VNC_DEBUG("Two '%s'\n", offset); | |
457 | if (offset[-1] != ',' || | |
458 | (offset[len] != '\0'&& | |
459 | offset[len] != ',')) { | |
8ce7d352 | 460 | goto fail; |
28a76be8 | 461 | } |
2f9606b3 AL |
462 | } |
463 | ||
302d9d6f | 464 | g_free(vs->sasl.mechlist); |
2f9606b3 AL |
465 | vs->sasl.mechlist = mechname; |
466 | ||
467 | VNC_DEBUG("Validated mechname '%s'\n", mechname); | |
468 | vnc_read_when(vs, protocol_client_auth_sasl_start_len, 4); | |
469 | return 0; | |
8ce7d352 BS |
470 | |
471 | fail: | |
472 | vnc_client_error(vs); | |
302d9d6f | 473 | g_free(mechname); |
8ce7d352 | 474 | return -1; |
2f9606b3 AL |
475 | } |
476 | ||
477 | static int protocol_client_auth_sasl_mechname_len(VncState *vs, uint8_t *data, size_t len) | |
478 | { | |
479 | uint32_t mechlen = read_u32(data, 0); | |
480 | VNC_DEBUG("Got client mechname len %d\n", mechlen); | |
481 | if (mechlen > 100) { | |
28a76be8 AL |
482 | VNC_DEBUG("Too long SASL mechname data %d\n", mechlen); |
483 | vnc_client_error(vs); | |
484 | return -1; | |
2f9606b3 AL |
485 | } |
486 | if (mechlen < 1) { | |
28a76be8 AL |
487 | VNC_DEBUG("Too short SASL mechname %d\n", mechlen); |
488 | vnc_client_error(vs); | |
489 | return -1; | |
2f9606b3 AL |
490 | } |
491 | vnc_read_when(vs, protocol_client_auth_sasl_mechname,mechlen); | |
492 | return 0; | |
493 | } | |
494 | ||
04d2529d DB |
495 | static char * |
496 | vnc_socket_ip_addr_string(QIOChannelSocket *ioc, | |
497 | bool local, | |
498 | Error **errp) | |
499 | { | |
500 | SocketAddress *addr; | |
501 | char *ret; | |
502 | ||
503 | if (local) { | |
504 | addr = qio_channel_socket_get_local_address(ioc, errp); | |
505 | } else { | |
506 | addr = qio_channel_socket_get_remote_address(ioc, errp); | |
507 | } | |
508 | if (!addr) { | |
509 | return NULL; | |
510 | } | |
511 | ||
512 | if (addr->type != SOCKET_ADDRESS_KIND_INET) { | |
513 | error_setg(errp, "Not an inet socket type"); | |
514 | return NULL; | |
515 | } | |
32bafa8f EB |
516 | ret = g_strdup_printf("%s;%s", addr->u.inet.data->host, |
517 | addr->u.inet.data->port); | |
04d2529d DB |
518 | qapi_free_SocketAddress(addr); |
519 | return ret; | |
520 | } | |
521 | ||
2f9606b3 AL |
522 | void start_auth_sasl(VncState *vs) |
523 | { | |
524 | const char *mechlist = NULL; | |
525 | sasl_security_properties_t secprops; | |
526 | int err; | |
527 | char *localAddr, *remoteAddr; | |
528 | int mechlistlen; | |
529 | ||
04d2529d | 530 | VNC_DEBUG("Initialize SASL auth %p\n", vs->ioc); |
2f9606b3 AL |
531 | |
532 | /* Get local & remote client addresses in form IPADDR;PORT */ | |
04d2529d DB |
533 | localAddr = vnc_socket_ip_addr_string(vs->sioc, true, NULL); |
534 | if (!localAddr) { | |
28a76be8 | 535 | goto authabort; |
04d2529d | 536 | } |
2f9606b3 | 537 | |
04d2529d DB |
538 | remoteAddr = vnc_socket_ip_addr_string(vs->sioc, false, NULL); |
539 | if (!remoteAddr) { | |
ae878b17 | 540 | g_free(localAddr); |
28a76be8 | 541 | goto authabort; |
2f9606b3 AL |
542 | } |
543 | ||
544 | err = sasl_server_new("vnc", | |
28a76be8 AL |
545 | NULL, /* FQDN - just delegates to gethostname */ |
546 | NULL, /* User realm */ | |
547 | localAddr, | |
548 | remoteAddr, | |
549 | NULL, /* Callbacks, not needed */ | |
550 | SASL_SUCCESS_DATA, | |
551 | &vs->sasl.conn); | |
ae878b17 SW |
552 | g_free(localAddr); |
553 | g_free(remoteAddr); | |
2f9606b3 AL |
554 | localAddr = remoteAddr = NULL; |
555 | ||
556 | if (err != SASL_OK) { | |
28a76be8 AL |
557 | VNC_DEBUG("sasl context setup failed %d (%s)", |
558 | err, sasl_errstring(err, NULL, NULL)); | |
559 | vs->sasl.conn = NULL; | |
560 | goto authabort; | |
2f9606b3 AL |
561 | } |
562 | ||
2f9606b3 | 563 | /* Inform SASL that we've got an external SSF layer from TLS/x509 */ |
7e7e2ebc DB |
564 | if (vs->auth == VNC_AUTH_VENCRYPT && |
565 | vs->subauth == VNC_AUTH_VENCRYPT_X509SASL) { | |
3e305e4a DB |
566 | Error *local_err = NULL; |
567 | int keysize; | |
28a76be8 AL |
568 | sasl_ssf_t ssf; |
569 | ||
3e305e4a DB |
570 | keysize = qcrypto_tls_session_get_key_size(vs->tls, |
571 | &local_err); | |
572 | if (keysize < 0) { | |
573 | VNC_DEBUG("cannot TLS get cipher size: %s\n", | |
574 | error_get_pretty(local_err)); | |
575 | error_free(local_err); | |
28a76be8 AL |
576 | sasl_dispose(&vs->sasl.conn); |
577 | vs->sasl.conn = NULL; | |
578 | goto authabort; | |
579 | } | |
3e305e4a | 580 | ssf = keysize * CHAR_BIT; /* tls key size is bytes, sasl wants bits */ |
28a76be8 AL |
581 | |
582 | err = sasl_setprop(vs->sasl.conn, SASL_SSF_EXTERNAL, &ssf); | |
583 | if (err != SASL_OK) { | |
584 | VNC_DEBUG("cannot set SASL external SSF %d (%s)\n", | |
585 | err, sasl_errstring(err, NULL, NULL)); | |
586 | sasl_dispose(&vs->sasl.conn); | |
587 | vs->sasl.conn = NULL; | |
588 | goto authabort; | |
589 | } | |
3e305e4a | 590 | } else { |
28a76be8 | 591 | vs->sasl.wantSSF = 1; |
3e305e4a | 592 | } |
2f9606b3 AL |
593 | |
594 | memset (&secprops, 0, sizeof secprops); | |
3e305e4a DB |
595 | /* Inform SASL that we've got an external SSF layer from TLS. |
596 | * | |
597 | * Disable SSF, if using TLS+x509+SASL only. TLS without x509 | |
598 | * is not sufficiently strong | |
599 | */ | |
600 | if (vs->vd->is_unix || | |
601 | (vs->auth == VNC_AUTH_VENCRYPT && | |
602 | vs->subauth == VNC_AUTH_VENCRYPT_X509SASL)) { | |
28a76be8 AL |
603 | /* If we've got TLS or UNIX domain sock, we don't care about SSF */ |
604 | secprops.min_ssf = 0; | |
605 | secprops.max_ssf = 0; | |
606 | secprops.maxbufsize = 8192; | |
607 | secprops.security_flags = 0; | |
2f9606b3 | 608 | } else { |
28a76be8 AL |
609 | /* Plain TCP, better get an SSF layer */ |
610 | secprops.min_ssf = 56; /* Good enough to require kerberos */ | |
611 | secprops.max_ssf = 100000; /* Arbitrary big number */ | |
612 | secprops.maxbufsize = 8192; | |
613 | /* Forbid any anonymous or trivially crackable auth */ | |
614 | secprops.security_flags = | |
615 | SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT; | |
2f9606b3 AL |
616 | } |
617 | ||
618 | err = sasl_setprop(vs->sasl.conn, SASL_SEC_PROPS, &secprops); | |
619 | if (err != SASL_OK) { | |
28a76be8 AL |
620 | VNC_DEBUG("cannot set SASL security props %d (%s)\n", |
621 | err, sasl_errstring(err, NULL, NULL)); | |
622 | sasl_dispose(&vs->sasl.conn); | |
623 | vs->sasl.conn = NULL; | |
624 | goto authabort; | |
2f9606b3 AL |
625 | } |
626 | ||
627 | err = sasl_listmech(vs->sasl.conn, | |
28a76be8 AL |
628 | NULL, /* Don't need to set user */ |
629 | "", /* Prefix */ | |
630 | ",", /* Separator */ | |
631 | "", /* Suffix */ | |
632 | &mechlist, | |
633 | NULL, | |
634 | NULL); | |
2f9606b3 | 635 | if (err != SASL_OK) { |
28a76be8 AL |
636 | VNC_DEBUG("cannot list SASL mechanisms %d (%s)\n", |
637 | err, sasl_errdetail(vs->sasl.conn)); | |
638 | sasl_dispose(&vs->sasl.conn); | |
639 | vs->sasl.conn = NULL; | |
640 | goto authabort; | |
2f9606b3 AL |
641 | } |
642 | VNC_DEBUG("Available mechanisms for client: '%s'\n", mechlist); | |
643 | ||
302d9d6f | 644 | vs->sasl.mechlist = g_strdup(mechlist); |
2f9606b3 AL |
645 | mechlistlen = strlen(mechlist); |
646 | vnc_write_u32(vs, mechlistlen); | |
647 | vnc_write(vs, mechlist, mechlistlen); | |
648 | vnc_flush(vs); | |
649 | ||
650 | VNC_DEBUG("Wait for client mechname length\n"); | |
651 | vnc_read_when(vs, protocol_client_auth_sasl_mechname_len, 4); | |
652 | ||
653 | return; | |
654 | ||
655 | authabort: | |
656 | vnc_client_error(vs); | |
2f9606b3 AL |
657 | } |
658 | ||
659 |