[mirror_qemu.git] / ui / vnc-auth-sasl.c

/*
 * QEMU VNC display driver: SASL auth protocol
 *
 * Copyright (C) 2009 Red Hat, Inc
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */

#include "qemu/osdep.h"
#include "qapi/error.h"
#include "vnc.h"
#include "trace.h"

/* Max amount of data we send/recv for SASL steps to prevent DOS */
#define SASL_DATA_MAX_LEN (1024 * 1024)


void vnc_sasl_client_cleanup(VncState *vs)
{
    if (vs->sasl.conn) {
        vs->sasl.runSSF = false;
        vs->sasl.wantSSF = false;
        vs->sasl.waitWriteSSF = 0;
        vs->sasl.encodedLength = vs->sasl.encodedOffset = 0;
        vs->sasl.encoded = NULL;
        g_free(vs->sasl.username);
        g_free(vs->sasl.mechlist);
        vs->sasl.username = vs->sasl.mechlist = NULL;
        sasl_dispose(&vs->sasl.conn);
        vs->sasl.conn = NULL;
    }
}


long vnc_client_write_sasl(VncState *vs)
{
    long ret;

    VNC_DEBUG("Write SASL: Pending output %p size %zd offset %zd "
              "Encoded: %p size %d offset %d\n",
              vs->output.buffer, vs->output.capacity, vs->output.offset,
              vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset);

    if (!vs->sasl.encoded) {
        int err;
        err = sasl_encode(vs->sasl.conn,
                          (char *)vs->output.buffer,
                          vs->output.offset,
                          (const char **)&vs->sasl.encoded,
                          &vs->sasl.encodedLength);
        if (err != SASL_OK)
            return vnc_client_io_error(vs, -1, NULL);

        vs->sasl.encodedOffset = 0;
    }

    ret = vnc_client_write_buf(vs,
                               vs->sasl.encoded + vs->sasl.encodedOffset,
                               vs->sasl.encodedLength - vs->sasl.encodedOffset);
    if (!ret)
        return 0;

    vs->sasl.encodedOffset += ret;
    if (vs->sasl.encodedOffset == vs->sasl.encodedLength) {
        vs->output.offset = 0;
        vs->sasl.encoded = NULL;
        vs->sasl.encodedOffset = vs->sasl.encodedLength = 0;
    }

    /* Can't merge this block with one above, because
     * someone might have written more unencrypted
     * data in vs->output while we were processing
     * SASL encoded output
     */
    if (vs->output.offset == 0) {
        if (vs->ioc_tag) {
            g_source_remove(vs->ioc_tag);
        }
        vs->ioc_tag = qio_channel_add_watch(
            vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
    }

    return ret;
}


long vnc_client_read_sasl(VncState *vs)
{
    long ret;
    uint8_t encoded[4096];
    const char *decoded;
    unsigned int decodedLen;
    int err;

    ret = vnc_client_read_buf(vs, encoded, sizeof(encoded));
    if (!ret)
        return 0;

    err = sasl_decode(vs->sasl.conn,
                      (char *)encoded, ret,
                      &decoded, &decodedLen);

    if (err != SASL_OK)
        return vnc_client_io_error(vs, -1, NULL);
    VNC_DEBUG("Read SASL Encoded %p size %ld Decoded %p size %d\n",
              encoded, ret, decoded, decodedLen);
    buffer_reserve(&vs->input, decodedLen);
    buffer_append(&vs->input, decoded, decodedLen);
    return decodedLen;
}


static int vnc_auth_sasl_check_access(VncState *vs)
{
    const void *val;
    int err;
    int allow;

    err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val);
    if (err != SASL_OK) {
        trace_vnc_auth_fail(vs, vs->auth, "Cannot fetch SASL username",
                            sasl_errstring(err, NULL, NULL));
        return -1;
    }
    if (val == NULL) {
        trace_vnc_auth_fail(vs, vs->auth, "No SASL username set", "");
        return -1;
    }

    vs->sasl.username = g_strdup((const char*)val);
    trace_vnc_auth_sasl_username(vs, vs->sasl.username);

    if (vs->vd->sasl.acl == NULL) {
        trace_vnc_auth_sasl_acl(vs, 1);
        return 0;
    }

    allow = qemu_acl_party_is_allowed(vs->vd->sasl.acl, vs->sasl.username);

    trace_vnc_auth_sasl_acl(vs, allow);
    return allow ? 0 : -1;
}

static int vnc_auth_sasl_check_ssf(VncState *vs)
{
    const void *val;
    int err, ssf;

    if (!vs->sasl.wantSSF)
        return 1;

    err = sasl_getprop(vs->sasl.conn, SASL_SSF, &val);
    if (err != SASL_OK)
        return 0;

    ssf = *(const int *)val;

    trace_vnc_auth_sasl_ssf(vs, ssf);

    if (ssf < 56)
        return 0; /* 56 is good for Kerberos */

    /* Only setup for read initially, because we're about to send an RPC
     * reply which must be in plain text. When the next incoming RPC
     * arrives, we'll switch on writes too
     *
     * cf qemudClientReadSASL  in qemud.c
     */
    vs->sasl.runSSF = 1;

    /* We have a SSF that's good enough */
    return 1;
}

/*
 * Step Msg
 *
 * Input from client:
 *
 * u32 clientin-length
 * u8-array clientin-string
 *
 * Output to client:
 *
 * u32 serverout-length
 * u8-array serverout-strin
 * u8 continue
 */

static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len);

static int protocol_client_auth_sasl_step(VncState *vs, uint8_t *data, size_t len)
{
    uint32_t datalen = len;
    const char *serverout;
    unsigned int serveroutlen;
    int err;
    char *clientdata = NULL;

    /* NB, distinction of NULL vs "" is *critical* in SASL */
    if (datalen) {
        clientdata = (char*)data;
        clientdata[datalen-1] = '\0'; /* Wire includes '\0', but make sure */
        datalen--; /* Don't count NULL byte when passing to _start() */
    }

    err = sasl_server_step(vs->sasl.conn,
                           clientdata,
                           datalen,
                           &serverout,
                           &serveroutlen);
    trace_vnc_auth_sasl_step(vs, data, len, serverout, serveroutlen, err);
    if (err != SASL_OK &&
        err != SASL_CONTINUE) {
        trace_vnc_auth_fail(vs, vs->auth, "Cannot step SASL auth",
                            sasl_errdetail(vs->sasl.conn));
        sasl_dispose(&vs->sasl.conn);
        vs->sasl.conn = NULL;
        goto authabort;
    }

    if (serveroutlen > SASL_DATA_MAX_LEN) {
        trace_vnc_auth_fail(vs, vs->auth, "SASL data too long", "");
        sasl_dispose(&vs->sasl.conn);
        vs->sasl.conn = NULL;
        goto authabort;
    }

    if (serveroutlen) {
        vnc_write_u32(vs, serveroutlen + 1);
        vnc_write(vs, serverout, serveroutlen + 1);
    } else {
        vnc_write_u32(vs, 0);
    }

    /* Whether auth is complete */
    vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);

    if (err == SASL_CONTINUE) {
        /* Wait for step length */
        vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
    } else {
        if (!vnc_auth_sasl_check_ssf(vs)) {
            trace_vnc_auth_fail(vs, vs->auth, "SASL SSF too weak", "");
            goto authreject;
        }

        /* Check username whitelist ACL */
        if (vnc_auth_sasl_check_access(vs) < 0) {
            goto authreject;
        }

        trace_vnc_auth_pass(vs, vs->auth);
        vnc_write_u32(vs, 0); /* Accept auth */
        /*
         * Delay writing in SSF encoded mode until pending output
         * buffer is written
         */
        if (vs->sasl.runSSF)
            vs->sasl.waitWriteSSF = vs->output.offset;
        start_client_init(vs);
    }

    return 0;

 authreject:
    vnc_write_u32(vs, 1); /* Reject auth */
    vnc_write_u32(vs, sizeof("Authentication failed"));
    vnc_write(vs, "Authentication failed", sizeof("Authentication failed"));
    vnc_flush(vs);
    vnc_client_error(vs);
    return -1;

 authabort:
    vnc_client_error(vs);
    return -1;
}

static int protocol_client_auth_sasl_step_len(VncState *vs, uint8_t *data, size_t len)
{
    uint32_t steplen = read_u32(data, 0);

    if (steplen > SASL_DATA_MAX_LEN) {
        trace_vnc_auth_fail(vs, vs->auth, "SASL step len too large", "");
        vnc_client_error(vs);
        return -1;
    }

    if (steplen == 0)
        return protocol_client_auth_sasl_step(vs, NULL, 0);
    else
        vnc_read_when(vs, protocol_client_auth_sasl_step, steplen);
    return 0;
}

/*
 * Start Msg
 *
 * Input from client:
 *
 * u32 clientin-length
 * u8-array clientin-string
 *
 * Output to client:
 *
 * u32 serverout-length
 * u8-array serverout-strin
 * u8 continue
 */

#define SASL_DATA_MAX_LEN (1024 * 1024)

static int protocol_client_auth_sasl_start(VncState *vs, uint8_t *data, size_t len)
{
    uint32_t datalen = len;
    const char *serverout;
    unsigned int serveroutlen;
    int err;
    char *clientdata = NULL;

    /* NB, distinction of NULL vs "" is *critical* in SASL */
    if (datalen) {
        clientdata = (char*)data;
        clientdata[datalen-1] = '\0'; /* Should be on wire, but make sure */
        datalen--; /* Don't count NULL byte when passing to _start() */
    }

    err = sasl_server_start(vs->sasl.conn,
                            vs->sasl.mechlist,
                            clientdata,
                            datalen,
                            &serverout,
                            &serveroutlen);
    trace_vnc_auth_sasl_start(vs, data, len, serverout, serveroutlen, err);
    if (err != SASL_OK &&
        err != SASL_CONTINUE) {
        trace_vnc_auth_fail(vs, vs->auth, "Cannot start SASL auth",
                            sasl_errdetail(vs->sasl.conn));
        sasl_dispose(&vs->sasl.conn);
        vs->sasl.conn = NULL;
        goto authabort;
    }
    if (serveroutlen > SASL_DATA_MAX_LEN) {
        trace_vnc_auth_fail(vs, vs->auth, "SASL data too long", "");
        sasl_dispose(&vs->sasl.conn);
        vs->sasl.conn = NULL;
        goto authabort;
    }

    if (serveroutlen) {
        vnc_write_u32(vs, serveroutlen + 1);
        vnc_write(vs, serverout, serveroutlen + 1);
    } else {
        vnc_write_u32(vs, 0);
    }

    /* Whether auth is complete */
    vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);

    if (err == SASL_CONTINUE) {
        /* Wait for step length */
        vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
    } else {
        if (!vnc_auth_sasl_check_ssf(vs)) {
            trace_vnc_auth_fail(vs, vs->auth, "SASL SSF too weak", "");
            goto authreject;
        }

        /* Check username whitelist ACL */
        if (vnc_auth_sasl_check_access(vs) < 0) {
            goto authreject;
        }

        trace_vnc_auth_pass(vs, vs->auth);
        vnc_write_u32(vs, 0); /* Accept auth */
        start_client_init(vs);
    }

    return 0;

 authreject:
    vnc_write_u32(vs, 1); /* Reject auth */
    vnc_write_u32(vs, sizeof("Authentication failed"));
    vnc_write(vs, "Authentication failed", sizeof("Authentication failed"));
    vnc_flush(vs);
    vnc_client_error(vs);
    return -1;

 authabort:
    vnc_client_error(vs);
    return -1;
}

static int protocol_client_auth_sasl_start_len(VncState *vs, uint8_t *data, size_t len)
{
    uint32_t startlen = read_u32(data, 0);

    if (startlen > SASL_DATA_MAX_LEN) {
        trace_vnc_auth_fail(vs, vs->auth, "SASL start len too large", "");
        vnc_client_error(vs);
        return -1;
    }

    if (startlen == 0)
        return protocol_client_auth_sasl_start(vs, NULL, 0);

    vnc_read_when(vs, protocol_client_auth_sasl_start, startlen);
    return 0;
}

static int protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_t len)
{
    char *mechname = g_strndup((const char *) data, len);
    trace_vnc_auth_sasl_mech_choose(vs, mechname);

    if (strncmp(vs->sasl.mechlist, mechname, len) == 0) {
        if (vs->sasl.mechlist[len] != '\0' &&
            vs->sasl.mechlist[len] != ',') {
            goto fail;
        }
    } else {
        char *offset = strstr(vs->sasl.mechlist, mechname);
        if (!offset) {
            goto fail;
        }
        if (offset[-1] != ',' ||
            (offset[len] != '\0'&&
             offset[len] != ',')) {
            goto fail;
        }
    }

    g_free(vs->sasl.mechlist);
    vs->sasl.mechlist = mechname;

    vnc_read_when(vs, protocol_client_auth_sasl_start_len, 4);
    return 0;

 fail:
    trace_vnc_auth_fail(vs, vs->auth, "Unsupported mechname", mechname);
    vnc_client_error(vs);
    g_free(mechname);
    return -1;
}

static int protocol_client_auth_sasl_mechname_len(VncState *vs, uint8_t *data, size_t len)
{
    uint32_t mechlen = read_u32(data, 0);

    if (mechlen > 100) {
        trace_vnc_auth_fail(vs, vs->auth, "SASL mechname too long", "");
        vnc_client_error(vs);
        return -1;
    }
    if (mechlen < 1) {
        trace_vnc_auth_fail(vs, vs->auth, "SASL mechname too short", "");
        vnc_client_error(vs);
        return -1;
    }
    vnc_read_when(vs, protocol_client_auth_sasl_mechname,mechlen);
    return 0;
}

static char *
vnc_socket_ip_addr_string(QIOChannelSocket *ioc,
                          bool local,
                          Error **errp)
{
    SocketAddress *addr;
    char *ret;

    if (local) {
        addr = qio_channel_socket_get_local_address(ioc, errp);
    } else {
        addr = qio_channel_socket_get_remote_address(ioc, errp);
    }
    if (!addr) {
        return NULL;
    }

    if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
        error_setg(errp, "Not an inet socket type");
        return NULL;
    }
    ret = g_strdup_printf("%s;%s", addr->u.inet.host, addr->u.inet.port);
    qapi_free_SocketAddress(addr);
    return ret;
}

void start_auth_sasl(VncState *vs)
{
    const char *mechlist = NULL;
    sasl_security_properties_t secprops;
    int err;
    Error *local_err = NULL;
    char *localAddr, *remoteAddr;
    int mechlistlen;

    /* Get local & remote client addresses in form  IPADDR;PORT */
    localAddr = vnc_socket_ip_addr_string(vs->sioc, true, &local_err);
    if (!localAddr) {
        trace_vnc_auth_fail(vs, vs->auth, "Cannot format local IP",
                            error_get_pretty(local_err));
        goto authabort;
    }

    remoteAddr = vnc_socket_ip_addr_string(vs->sioc, false, &local_err);
    if (!remoteAddr) {
        trace_vnc_auth_fail(vs, vs->auth, "Cannot format remote IP",
                            error_get_pretty(local_err));
        g_free(localAddr);
        goto authabort;
    }

    err = sasl_server_new("vnc",
                          NULL, /* FQDN - just delegates to gethostname */
                          NULL, /* User realm */
                          localAddr,
                          remoteAddr,
                          NULL, /* Callbacks, not needed */
                          SASL_SUCCESS_DATA,
                          &vs->sasl.conn);
    g_free(localAddr);
    g_free(remoteAddr);
    localAddr = remoteAddr = NULL;

    if (err != SASL_OK) {
        trace_vnc_auth_fail(vs, vs->auth,  "SASL context setup failed",
                            sasl_errstring(err, NULL, NULL));
        vs->sasl.conn = NULL;
        goto authabort;
    }

    /* Inform SASL that we've got an external SSF layer from TLS/x509 */
    if (vs->auth == VNC_AUTH_VENCRYPT &&
        vs->subauth == VNC_AUTH_VENCRYPT_X509SASL) {
        Error *local_err = NULL;
        int keysize;
        sasl_ssf_t ssf;

        keysize = qcrypto_tls_session_get_key_size(vs->tls,
                                                   &local_err);
        if (keysize < 0) {
            trace_vnc_auth_fail(vs, vs->auth, "cannot TLS get cipher size",
                                error_get_pretty(local_err));
            error_free(local_err);
            sasl_dispose(&vs->sasl.conn);
            vs->sasl.conn = NULL;
            goto authabort;
        }
        ssf = keysize * CHAR_BIT; /* tls key size is bytes, sasl wants bits */

        err = sasl_setprop(vs->sasl.conn, SASL_SSF_EXTERNAL, &ssf);
        if (err != SASL_OK) {
            trace_vnc_auth_fail(vs, vs->auth, "cannot set SASL external SSF",
                                sasl_errstring(err, NULL, NULL));
            sasl_dispose(&vs->sasl.conn);
            vs->sasl.conn = NULL;
            goto authabort;
        }
    } else {
        vs->sasl.wantSSF = 1;
    }

    memset (&secprops, 0, sizeof secprops);
    /* Inform SASL that we've got an external SSF layer from TLS.
     *
     * Disable SSF, if using TLS+x509+SASL only. TLS without x509
     * is not sufficiently strong
     */
    if (vs->vd->is_unix ||
        (vs->auth == VNC_AUTH_VENCRYPT &&
         vs->subauth == VNC_AUTH_VENCRYPT_X509SASL)) {
        /* If we've got TLS or UNIX domain sock, we don't care about SSF */
        secprops.min_ssf = 0;
        secprops.max_ssf = 0;
        secprops.maxbufsize = 8192;
        secprops.security_flags = 0;
    } else {
        /* Plain TCP, better get an SSF layer */
        secprops.min_ssf = 56; /* Good enough to require kerberos */
        secprops.max_ssf = 100000; /* Arbitrary big number */
        secprops.maxbufsize = 8192;
        /* Forbid any anonymous or trivially crackable auth */
        secprops.security_flags =
            SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT;
    }

    err = sasl_setprop(vs->sasl.conn, SASL_SEC_PROPS, &secprops);
    if (err != SASL_OK) {
        trace_vnc_auth_fail(vs, vs->auth, "cannot set SASL security props",
                            sasl_errstring(err, NULL, NULL));
        sasl_dispose(&vs->sasl.conn);
        vs->sasl.conn = NULL;
        goto authabort;
    }

    err = sasl_listmech(vs->sasl.conn,
                        NULL, /* Don't need to set user */
                        "", /* Prefix */
                        ",", /* Separator */
                        "", /* Suffix */
                        &mechlist,
                        NULL,
                        NULL);
    if (err != SASL_OK) {
        trace_vnc_auth_fail(vs, vs->auth, "cannot list SASL mechanisms",
                            sasl_errdetail(vs->sasl.conn));
        sasl_dispose(&vs->sasl.conn);
        vs->sasl.conn = NULL;
        goto authabort;
    }
    trace_vnc_auth_sasl_mech_list(vs, mechlist);

    vs->sasl.mechlist = g_strdup(mechlist);
    mechlistlen = strlen(mechlist);
    vnc_write_u32(vs, mechlistlen);
    vnc_write(vs, mechlist, mechlistlen);
    vnc_flush(vs);

    vnc_read_when(vs, protocol_client_auth_sasl_mechname_len, 4);

    return;

 authabort:
    error_free(local_err);
    vnc_client_error(vs);
}
Commit	Line	Data
2f9606b3 AL	1	/*
	2	* QEMU VNC display driver: SASL auth protocol
	3	*
	4	* Copyright (C) 2009 Red Hat, Inc
	5	*
	6	* Permission is hereby granted, free of charge, to any person obtaining a copy
	7	* of this software and associated documentation files (the "Software"), to deal
	8	* in the Software without restriction, including without limitation the rights
	9	* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	10	* copies of the Software, and to permit persons to whom the Software is
	11	* furnished to do so, subject to the following conditions:
	12	*
	13	* The above copyright notice and this permission notice shall be included in
	14	* all copies or substantial portions of the Software.
	15	*
	16	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	17	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	18	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
	19	* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	20	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	21	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	22	* THE SOFTWARE.
	23	*/
	24
e16f4c87	25	#include "qemu/osdep.h"
da34e65c	26	#include "qapi/error.h"
2f9606b3	27	#include "vnc.h"
7364dbda	28	#include "trace.h"
2f9606b3 AL	29
	30	/* Max amount of data we send/recv for SASL steps to prevent DOS */
	31	#define SASL_DATA_MAX_LEN (1024 * 1024)
	32
	33
	34	void vnc_sasl_client_cleanup(VncState *vs)
	35	{
	36	if (vs->sasl.conn) {
ee032ca1 SW	37	vs->sasl.runSSF = false;
	38	vs->sasl.wantSSF = false;
	39	vs->sasl.waitWriteSSF = 0;
28a76be8 AL	40	vs->sasl.encodedLength = vs->sasl.encodedOffset = 0;
28a76be8 AL	41	vs->sasl.encoded = NULL;
ae878b17	42	g_free(vs->sasl.username);
302d9d6f	43	g_free(vs->sasl.mechlist);
28a76be8 AL	44	vs->sasl.username = vs->sasl.mechlist = NULL;
	45	sasl_dispose(&vs->sasl.conn);
	46	vs->sasl.conn = NULL;
2f9606b3 AL	47	}
	48	}
	49
	50
	51	long vnc_client_write_sasl(VncState *vs)
	52	{
	53	long ret;
	54
bc47d201 CC	55	VNC_DEBUG("Write SASL: Pending output %p size %zd offset %zd "
bc47d201 CC	56	"Encoded: %p size %d offset %d\n",
28a76be8 AL	57	vs->output.buffer, vs->output.capacity, vs->output.offset,
28a76be8 AL	58	vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset);
2f9606b3 AL	59
2f9606b3 AL	60	if (!vs->sasl.encoded) {
28a76be8 AL	61	int err;
	62	err = sasl_encode(vs->sasl.conn,
	63	(char *)vs->output.buffer,
	64	vs->output.offset,
	65	(const char **)&vs->sasl.encoded,
	66	&vs->sasl.encodedLength);
	67	if (err != SASL_OK)
04d2529d	68	return vnc_client_io_error(vs, -1, NULL);
28a76be8 AL	69
28a76be8 AL	70	vs->sasl.encodedOffset = 0;
2f9606b3 AL	71	}
	72
	73	ret = vnc_client_write_buf(vs,
28a76be8 AL	74	vs->sasl.encoded + vs->sasl.encodedOffset,
28a76be8 AL	75	vs->sasl.encodedLength - vs->sasl.encodedOffset);
2f9606b3	76	if (!ret)
28a76be8	77	return 0;
2f9606b3 AL	78
	79	vs->sasl.encodedOffset += ret;
	80	if (vs->sasl.encodedOffset == vs->sasl.encodedLength) {
28a76be8 AL	81	vs->output.offset = 0;
	82	vs->sasl.encoded = NULL;
	83	vs->sasl.encodedOffset = vs->sasl.encodedLength = 0;
2f9606b3 AL	84	}
	85
	86	/* Can't merge this block with one above, because
	87	* someone might have written more unencrypted
	88	* data in vs->output while we were processing
	89	* SASL encoded output
	90	*/
	91	if (vs->output.offset == 0) {
04d2529d DB	92	if (vs->ioc_tag) {
	93	g_source_remove(vs->ioc_tag);
	94	}
	95	vs->ioc_tag = qio_channel_add_watch(
	96	vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
2f9606b3 AL	97	}
	98
	99	return ret;
	100	}
	101
	102
	103	long vnc_client_read_sasl(VncState *vs)
	104	{
	105	long ret;
	106	uint8_t encoded[4096];
	107	const char *decoded;
	108	unsigned int decodedLen;
	109	int err;
	110
	111	ret = vnc_client_read_buf(vs, encoded, sizeof(encoded));
	112	if (!ret)
28a76be8	113	return 0;
2f9606b3 AL	114
2f9606b3 AL	115	err = sasl_decode(vs->sasl.conn,
28a76be8 AL	116	(char *)encoded, ret,
28a76be8 AL	117	&decoded, &decodedLen);
2f9606b3 AL	118
2f9606b3 AL	119	if (err != SASL_OK)
04d2529d	120	return vnc_client_io_error(vs, -1, NULL);
2f9606b3	121	VNC_DEBUG("Read SASL Encoded %p size %ld Decoded %p size %d\n",
28a76be8	122	encoded, ret, decoded, decodedLen);
2f9606b3 AL	123	buffer_reserve(&vs->input, decodedLen);
	124	buffer_append(&vs->input, decoded, decodedLen);
	125	return decodedLen;
	126	}
	127
	128
	129	static int vnc_auth_sasl_check_access(VncState *vs)
	130	{
	131	const void *val;
	132	int err;
76655d6d	133	int allow;
2f9606b3 AL	134
	135	err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val);
	136	if (err != SASL_OK) {
7364dbda DB	137	trace_vnc_auth_fail(vs, vs->auth, "Cannot fetch SASL username",
7364dbda DB	138	sasl_errstring(err, NULL, NULL));
28a76be8	139	return -1;
2f9606b3 AL	140	}
2f9606b3 AL	141	if (val == NULL) {
7364dbda	142	trace_vnc_auth_fail(vs, vs->auth, "No SASL username set", "");
28a76be8	143	return -1;
2f9606b3	144	}
2f9606b3	145
7267c094	146	vs->sasl.username = g_strdup((const char*)val);
7364dbda	147	trace_vnc_auth_sasl_username(vs, vs->sasl.username);
2f9606b3	148
76655d6d	149	if (vs->vd->sasl.acl == NULL) {
7364dbda	150	trace_vnc_auth_sasl_acl(vs, 1);
28a76be8	151	return 0;
76655d6d AL	152	}
	153
	154	allow = qemu_acl_party_is_allowed(vs->vd->sasl.acl, vs->sasl.username);
	155
7364dbda	156	trace_vnc_auth_sasl_acl(vs, allow);
76655d6d	157	return allow ? 0 : -1;
2f9606b3 AL	158	}
	159
	160	static int vnc_auth_sasl_check_ssf(VncState *vs)
	161	{
	162	const void *val;
	163	int err, ssf;
	164
	165	if (!vs->sasl.wantSSF)
28a76be8	166	return 1;
2f9606b3 AL	167
	168	err = sasl_getprop(vs->sasl.conn, SASL_SSF, &val);
	169	if (err != SASL_OK)
28a76be8	170	return 0;
2f9606b3 AL	171
2f9606b3 AL	172	ssf = (const int )val;
7364dbda DB	173
	174	trace_vnc_auth_sasl_ssf(vs, ssf);
	175
2f9606b3	176	if (ssf < 56)
28a76be8	177	return 0; /* 56 is good for Kerberos */
2f9606b3 AL	178
	179	/* Only setup for read initially, because we're about to send an RPC
	180	* reply which must be in plain text. When the next incoming RPC
	181	* arrives, we'll switch on writes too
	182	*
	183	* cf qemudClientReadSASL in qemud.c
	184	*/
	185	vs->sasl.runSSF = 1;
	186
	187	/* We have a SSF that's good enough */
	188	return 1;
	189	}
	190
	191	/*
	192	* Step Msg
	193	*
	194	* Input from client:
	195	*
	196	* u32 clientin-length
	197	* u8-array clientin-string
	198	*
	199	* Output to client:
	200	*
	201	* u32 serverout-length
	202	* u8-array serverout-strin
	203	* u8 continue
	204	*/
	205
	206	static int protocol_client_auth_sasl_step_len(VncState vs, uint8_t data, size_t len);
	207
	208	static int protocol_client_auth_sasl_step(VncState vs, uint8_t data, size_t len)
	209	{
	210	uint32_t datalen = len;
	211	const char *serverout;
	212	unsigned int serveroutlen;
	213	int err;
	214	char *clientdata = NULL;
	215
	216	/* NB, distinction of NULL vs "" is critical in SASL */
	217	if (datalen) {
28a76be8 AL	218	clientdata = (char*)data;
	219	clientdata[datalen-1] = '\0'; /* Wire includes '\0', but make sure */
	220	datalen--; /* Don't count NULL byte when passing to _start() */
2f9606b3 AL	221	}
2f9606b3 AL	222
2f9606b3	223	err = sasl_server_step(vs->sasl.conn,
28a76be8 AL	224	clientdata,
	225	datalen,
	226	&serverout,
	227	&serveroutlen);
7364dbda	228	trace_vnc_auth_sasl_step(vs, data, len, serverout, serveroutlen, err);
2f9606b3	229	if (err != SASL_OK &&
28a76be8	230	err != SASL_CONTINUE) {
7364dbda DB	231	trace_vnc_auth_fail(vs, vs->auth, "Cannot step SASL auth",
7364dbda DB	232	sasl_errdetail(vs->sasl.conn));
28a76be8 AL	233	sasl_dispose(&vs->sasl.conn);
	234	vs->sasl.conn = NULL;
	235	goto authabort;
2f9606b3 AL	236	}
	237
	238	if (serveroutlen > SASL_DATA_MAX_LEN) {
7364dbda	239	trace_vnc_auth_fail(vs, vs->auth, "SASL data too long", "");
28a76be8 AL	240	sasl_dispose(&vs->sasl.conn);
	241	vs->sasl.conn = NULL;
	242	goto authabort;
2f9606b3 AL	243	}
2f9606b3 AL	244
2f9606b3	245	if (serveroutlen) {
28a76be8 AL	246	vnc_write_u32(vs, serveroutlen + 1);
28a76be8 AL	247	vnc_write(vs, serverout, serveroutlen + 1);
2f9606b3	248	} else {
28a76be8	249	vnc_write_u32(vs, 0);
2f9606b3 AL	250	}
	251
	252	/* Whether auth is complete */
	253	vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);
	254
	255	if (err == SASL_CONTINUE) {
28a76be8 AL	256	/* Wait for step length */
28a76be8 AL	257	vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
2f9606b3	258	} else {
28a76be8	259	if (!vnc_auth_sasl_check_ssf(vs)) {
7364dbda	260	trace_vnc_auth_fail(vs, vs->auth, "SASL SSF too weak", "");
28a76be8 AL	261	goto authreject;
	262	}
	263
	264	/* Check username whitelist ACL */
	265	if (vnc_auth_sasl_check_access(vs) < 0) {
28a76be8 AL	266	goto authreject;
	267	}
	268
7364dbda	269	trace_vnc_auth_pass(vs, vs->auth);
28a76be8 AL	270	vnc_write_u32(vs, 0); /* Accept auth */
	271	/*
	272	* Delay writing in SSF encoded mode until pending output
	273	* buffer is written
	274	*/
	275	if (vs->sasl.runSSF)
	276	vs->sasl.waitWriteSSF = vs->output.offset;
	277	start_client_init(vs);
2f9606b3 AL	278	}
	279
	280	return 0;
	281
	282	authreject:
	283	vnc_write_u32(vs, 1); /* Reject auth */
	284	vnc_write_u32(vs, sizeof("Authentication failed"));
	285	vnc_write(vs, "Authentication failed", sizeof("Authentication failed"));
	286	vnc_flush(vs);
	287	vnc_client_error(vs);
	288	return -1;
	289
	290	authabort:
	291	vnc_client_error(vs);
	292	return -1;
	293	}
	294
	295	static int protocol_client_auth_sasl_step_len(VncState vs, uint8_t data, size_t len)
	296	{
	297	uint32_t steplen = read_u32(data, 0);
7364dbda	298
2f9606b3	299	if (steplen > SASL_DATA_MAX_LEN) {
7364dbda	300	trace_vnc_auth_fail(vs, vs->auth, "SASL step len too large", "");
28a76be8 AL	301	vnc_client_error(vs);
28a76be8 AL	302	return -1;
2f9606b3 AL	303	}
	304
	305	if (steplen == 0)
28a76be8	306	return protocol_client_auth_sasl_step(vs, NULL, 0);
2f9606b3	307	else
28a76be8	308	vnc_read_when(vs, protocol_client_auth_sasl_step, steplen);
2f9606b3 AL	309	return 0;
	310	}
	311
	312	/*
	313	* Start Msg
	314	*
	315	* Input from client:
	316	*
	317	* u32 clientin-length
	318	* u8-array clientin-string
	319	*
	320	* Output to client:
	321	*
	322	* u32 serverout-length
	323	* u8-array serverout-strin
	324	* u8 continue
	325	*/
	326
	327	#define SASL_DATA_MAX_LEN (1024 * 1024)
	328
	329	static int protocol_client_auth_sasl_start(VncState vs, uint8_t data, size_t len)
	330	{
	331	uint32_t datalen = len;
	332	const char *serverout;
	333	unsigned int serveroutlen;
	334	int err;
	335	char *clientdata = NULL;
	336
	337	/* NB, distinction of NULL vs "" is critical in SASL */
	338	if (datalen) {
28a76be8 AL	339	clientdata = (char*)data;
	340	clientdata[datalen-1] = '\0'; /* Should be on wire, but make sure */
	341	datalen--; /* Don't count NULL byte when passing to _start() */
2f9606b3 AL	342	}
2f9606b3 AL	343
2f9606b3	344	err = sasl_server_start(vs->sasl.conn,
28a76be8 AL	345	vs->sasl.mechlist,
	346	clientdata,
	347	datalen,
	348	&serverout,
	349	&serveroutlen);
7364dbda	350	trace_vnc_auth_sasl_start(vs, data, len, serverout, serveroutlen, err);
2f9606b3	351	if (err != SASL_OK &&
28a76be8	352	err != SASL_CONTINUE) {
7364dbda DB	353	trace_vnc_auth_fail(vs, vs->auth, "Cannot start SASL auth",
7364dbda DB	354	sasl_errdetail(vs->sasl.conn));
28a76be8 AL	355	sasl_dispose(&vs->sasl.conn);
	356	vs->sasl.conn = NULL;
	357	goto authabort;
2f9606b3 AL	358	}
2f9606b3 AL	359	if (serveroutlen > SASL_DATA_MAX_LEN) {
7364dbda	360	trace_vnc_auth_fail(vs, vs->auth, "SASL data too long", "");
28a76be8 AL	361	sasl_dispose(&vs->sasl.conn);
	362	vs->sasl.conn = NULL;
	363	goto authabort;
2f9606b3 AL	364	}
2f9606b3 AL	365
2f9606b3	366	if (serveroutlen) {
28a76be8 AL	367	vnc_write_u32(vs, serveroutlen + 1);
28a76be8 AL	368	vnc_write(vs, serverout, serveroutlen + 1);
2f9606b3	369	} else {
28a76be8	370	vnc_write_u32(vs, 0);
2f9606b3 AL	371	}
	372
	373	/* Whether auth is complete */
	374	vnc_write_u8(vs, err == SASL_CONTINUE ? 0 : 1);
	375
	376	if (err == SASL_CONTINUE) {
28a76be8 AL	377	/* Wait for step length */
28a76be8 AL	378	vnc_read_when(vs, protocol_client_auth_sasl_step_len, 4);
2f9606b3	379	} else {
28a76be8	380	if (!vnc_auth_sasl_check_ssf(vs)) {
7364dbda	381	trace_vnc_auth_fail(vs, vs->auth, "SASL SSF too weak", "");
28a76be8 AL	382	goto authreject;
	383	}
	384
	385	/* Check username whitelist ACL */
	386	if (vnc_auth_sasl_check_access(vs) < 0) {
28a76be8 AL	387	goto authreject;
	388	}
	389
7364dbda	390	trace_vnc_auth_pass(vs, vs->auth);
28a76be8 AL	391	vnc_write_u32(vs, 0); /* Accept auth */
28a76be8 AL	392	start_client_init(vs);
2f9606b3 AL	393	}
	394
	395	return 0;
	396
	397	authreject:
	398	vnc_write_u32(vs, 1); /* Reject auth */
	399	vnc_write_u32(vs, sizeof("Authentication failed"));
	400	vnc_write(vs, "Authentication failed", sizeof("Authentication failed"));
	401	vnc_flush(vs);
	402	vnc_client_error(vs);
	403	return -1;
	404
	405	authabort:
	406	vnc_client_error(vs);
	407	return -1;
	408	}
	409
	410	static int protocol_client_auth_sasl_start_len(VncState vs, uint8_t data, size_t len)
	411	{
	412	uint32_t startlen = read_u32(data, 0);
7364dbda	413
2f9606b3	414	if (startlen > SASL_DATA_MAX_LEN) {
7364dbda	415	trace_vnc_auth_fail(vs, vs->auth, "SASL start len too large", "");
28a76be8 AL	416	vnc_client_error(vs);
28a76be8 AL	417	return -1;
2f9606b3 AL	418	}
	419
	420	if (startlen == 0)
28a76be8	421	return protocol_client_auth_sasl_start(vs, NULL, 0);
2f9606b3 AL	422
	423	vnc_read_when(vs, protocol_client_auth_sasl_start, startlen);
	424	return 0;
	425	}
	426
	427	static int protocol_client_auth_sasl_mechname(VncState vs, uint8_t data, size_t len)
	428	{
5847d9e1	429	char mechname = g_strndup((const char ) data, len);
7364dbda	430	trace_vnc_auth_sasl_mech_choose(vs, mechname);
2f9606b3 AL	431
2f9606b3 AL	432	if (strncmp(vs->sasl.mechlist, mechname, len) == 0) {
28a76be8 AL	433	if (vs->sasl.mechlist[len] != '\0' &&
28a76be8 AL	434	vs->sasl.mechlist[len] != ',') {
8ce7d352	435	goto fail;
28a76be8	436	}
2f9606b3	437	} else {
28a76be8	438	char *offset = strstr(vs->sasl.mechlist, mechname);
28a76be8	439	if (!offset) {
8ce7d352	440	goto fail;
28a76be8	441	}
28a76be8 AL	442	if (offset[-1] != ',' \|\|
	443	(offset[len] != '\0'&&
	444	offset[len] != ',')) {
8ce7d352	445	goto fail;
28a76be8	446	}
2f9606b3 AL	447	}
2f9606b3 AL	448
302d9d6f	449	g_free(vs->sasl.mechlist);
2f9606b3 AL	450	vs->sasl.mechlist = mechname;
2f9606b3 AL	451
2f9606b3 AL	452	vnc_read_when(vs, protocol_client_auth_sasl_start_len, 4);
2f9606b3 AL	453	return 0;
8ce7d352 BS	454
8ce7d352 BS	455	fail:
7364dbda	456	trace_vnc_auth_fail(vs, vs->auth, "Unsupported mechname", mechname);
8ce7d352	457	vnc_client_error(vs);
302d9d6f	458	g_free(mechname);
8ce7d352	459	return -1;
2f9606b3 AL	460	}
	461
	462	static int protocol_client_auth_sasl_mechname_len(VncState vs, uint8_t data, size_t len)
	463	{
	464	uint32_t mechlen = read_u32(data, 0);
7364dbda	465
2f9606b3	466	if (mechlen > 100) {
7364dbda	467	trace_vnc_auth_fail(vs, vs->auth, "SASL mechname too long", "");
28a76be8 AL	468	vnc_client_error(vs);
28a76be8 AL	469	return -1;
2f9606b3 AL	470	}
2f9606b3 AL	471	if (mechlen < 1) {
7364dbda	472	trace_vnc_auth_fail(vs, vs->auth, "SASL mechname too short", "");
28a76be8 AL	473	vnc_client_error(vs);
28a76be8 AL	474	return -1;
2f9606b3 AL	475	}
	476	vnc_read_when(vs, protocol_client_auth_sasl_mechname,mechlen);
	477	return 0;
	478	}
	479
04d2529d DB	480	static char *
	481	vnc_socket_ip_addr_string(QIOChannelSocket *ioc,
	482	bool local,
	483	Error **errp)
	484	{
bd269ebc	485	SocketAddress *addr;
04d2529d DB	486	char *ret;
	487
	488	if (local) {
	489	addr = qio_channel_socket_get_local_address(ioc, errp);
	490	} else {
	491	addr = qio_channel_socket_get_remote_address(ioc, errp);
	492	}
	493	if (!addr) {
	494	return NULL;
	495	}
	496
bd269ebc	497	if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
04d2529d DB	498	error_setg(errp, "Not an inet socket type");
	499	return NULL;
	500	}
bd269ebc MA	501	ret = g_strdup_printf("%s;%s", addr->u.inet.host, addr->u.inet.port);
bd269ebc MA	502	qapi_free_SocketAddress(addr);
04d2529d DB	503	return ret;
	504	}
	505
2f9606b3 AL	506	void start_auth_sasl(VncState *vs)
	507	{
	508	const char *mechlist = NULL;
	509	sasl_security_properties_t secprops;
	510	int err;
7364dbda	511	Error *local_err = NULL;
2f9606b3 AL	512	char localAddr, remoteAddr;
	513	int mechlistlen;
	514
2f9606b3	515	/* Get local & remote client addresses in form IPADDR;PORT */
7364dbda	516	localAddr = vnc_socket_ip_addr_string(vs->sioc, true, &local_err);
04d2529d	517	if (!localAddr) {
7364dbda DB	518	trace_vnc_auth_fail(vs, vs->auth, "Cannot format local IP",
7364dbda DB	519	error_get_pretty(local_err));
28a76be8	520	goto authabort;
04d2529d	521	}
2f9606b3	522
7364dbda	523	remoteAddr = vnc_socket_ip_addr_string(vs->sioc, false, &local_err);
04d2529d	524	if (!remoteAddr) {
7364dbda DB	525	trace_vnc_auth_fail(vs, vs->auth, "Cannot format remote IP",
7364dbda DB	526	error_get_pretty(local_err));
ae878b17	527	g_free(localAddr);
28a76be8	528	goto authabort;
2f9606b3 AL	529	}
	530
	531	err = sasl_server_new("vnc",
28a76be8 AL	532	NULL, /* FQDN - just delegates to gethostname */
	533	NULL, /* User realm */
	534	localAddr,
	535	remoteAddr,
	536	NULL, /* Callbacks, not needed */
	537	SASL_SUCCESS_DATA,
	538	&vs->sasl.conn);
ae878b17 SW	539	g_free(localAddr);
ae878b17 SW	540	g_free(remoteAddr);
2f9606b3 AL	541	localAddr = remoteAddr = NULL;
	542
	543	if (err != SASL_OK) {
7364dbda DB	544	trace_vnc_auth_fail(vs, vs->auth, "SASL context setup failed",
7364dbda DB	545	sasl_errstring(err, NULL, NULL));
28a76be8 AL	546	vs->sasl.conn = NULL;
28a76be8 AL	547	goto authabort;
2f9606b3 AL	548	}
2f9606b3 AL	549
2f9606b3	550	/* Inform SASL that we've got an external SSF layer from TLS/x509 */
7e7e2ebc DB	551	if (vs->auth == VNC_AUTH_VENCRYPT &&
7e7e2ebc DB	552	vs->subauth == VNC_AUTH_VENCRYPT_X509SASL) {
3e305e4a DB	553	Error *local_err = NULL;
3e305e4a DB	554	int keysize;
28a76be8 AL	555	sasl_ssf_t ssf;
28a76be8 AL	556
3e305e4a DB	557	keysize = qcrypto_tls_session_get_key_size(vs->tls,
	558	&local_err);
	559	if (keysize < 0) {
7364dbda DB	560	trace_vnc_auth_fail(vs, vs->auth, "cannot TLS get cipher size",
7364dbda DB	561	error_get_pretty(local_err));
3e305e4a	562	error_free(local_err);
28a76be8 AL	563	sasl_dispose(&vs->sasl.conn);
	564	vs->sasl.conn = NULL;
	565	goto authabort;
	566	}
3e305e4a	567	ssf = keysize * CHAR_BIT; /* tls key size is bytes, sasl wants bits */
28a76be8 AL	568
	569	err = sasl_setprop(vs->sasl.conn, SASL_SSF_EXTERNAL, &ssf);
	570	if (err != SASL_OK) {
7364dbda DB	571	trace_vnc_auth_fail(vs, vs->auth, "cannot set SASL external SSF",
7364dbda DB	572	sasl_errstring(err, NULL, NULL));
28a76be8 AL	573	sasl_dispose(&vs->sasl.conn);
	574	vs->sasl.conn = NULL;
	575	goto authabort;
	576	}
3e305e4a	577	} else {
28a76be8	578	vs->sasl.wantSSF = 1;
3e305e4a	579	}
2f9606b3 AL	580
2f9606b3 AL	581	memset (&secprops, 0, sizeof secprops);
3e305e4a DB	582	/* Inform SASL that we've got an external SSF layer from TLS.
	583	*
	584	* Disable SSF, if using TLS+x509+SASL only. TLS without x509
	585	* is not sufficiently strong
	586	*/
	587	if (vs->vd->is_unix \|\|
	588	(vs->auth == VNC_AUTH_VENCRYPT &&
	589	vs->subauth == VNC_AUTH_VENCRYPT_X509SASL)) {
28a76be8 AL	590	/* If we've got TLS or UNIX domain sock, we don't care about SSF */
	591	secprops.min_ssf = 0;
	592	secprops.max_ssf = 0;
	593	secprops.maxbufsize = 8192;
	594	secprops.security_flags = 0;
2f9606b3	595	} else {
28a76be8 AL	596	/* Plain TCP, better get an SSF layer */
	597	secprops.min_ssf = 56; /* Good enough to require kerberos */
	598	secprops.max_ssf = 100000; /* Arbitrary big number */
	599	secprops.maxbufsize = 8192;
	600	/* Forbid any anonymous or trivially crackable auth */
	601	secprops.security_flags =
	602	SASL_SEC_NOANONYMOUS \| SASL_SEC_NOPLAINTEXT;
2f9606b3 AL	603	}
	604
	605	err = sasl_setprop(vs->sasl.conn, SASL_SEC_PROPS, &secprops);
	606	if (err != SASL_OK) {
7364dbda DB	607	trace_vnc_auth_fail(vs, vs->auth, "cannot set SASL security props",
7364dbda DB	608	sasl_errstring(err, NULL, NULL));
28a76be8 AL	609	sasl_dispose(&vs->sasl.conn);
	610	vs->sasl.conn = NULL;
	611	goto authabort;
2f9606b3 AL	612	}
	613
	614	err = sasl_listmech(vs->sasl.conn,
28a76be8 AL	615	NULL, /* Don't need to set user */
	616	"", /* Prefix */
	617	",", /* Separator */
	618	"", /* Suffix */
	619	&mechlist,
	620	NULL,
	621	NULL);
2f9606b3	622	if (err != SASL_OK) {
7364dbda DB	623	trace_vnc_auth_fail(vs, vs->auth, "cannot list SASL mechanisms",
7364dbda DB	624	sasl_errdetail(vs->sasl.conn));
28a76be8 AL	625	sasl_dispose(&vs->sasl.conn);
	626	vs->sasl.conn = NULL;
	627	goto authabort;
2f9606b3	628	}
7364dbda	629	trace_vnc_auth_sasl_mech_list(vs, mechlist);
2f9606b3	630
302d9d6f	631	vs->sasl.mechlist = g_strdup(mechlist);
2f9606b3 AL	632	mechlistlen = strlen(mechlist);
	633	vnc_write_u32(vs, mechlistlen);
	634	vnc_write(vs, mechlist, mechlistlen);
	635	vnc_flush(vs);
	636
2f9606b3 AL	637	vnc_read_when(vs, protocol_client_auth_sasl_mechname_len, 4);
	638
	639	return;
	640
	641	authabort:
7364dbda	642	error_free(local_err);
2f9606b3	643	vnc_client_error(vs);
2f9606b3 AL	644	}
	645
	646