qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Eduardo Habkost <ehabkost@redhat.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 6/9] vnc: make DES-challenge authentication (aka "VNC auth") optional
Date: Fri,  6 Feb 2009 19:08:57 -0200	[thread overview]
Message-ID: <1233954540-4754-7-git-send-email-ehabkost@redhat.com> (raw)
In-Reply-To: <1233954540-4754-1-git-send-email-ehabkost@redhat.com>

I will change it to use libgcrypt, and making it optional will
allow vnc.c to be compiled if libgcrypt is not available.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 Makefile  |   15 +++++++++++++--
 configure |    9 +++++++++
 vnc.c     |   43 ++++++++++++++++++++++++++++++++++---------
 3 files changed, 56 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index 4f7a55a..98f67b1 100644
--- a/Makefile
+++ b/Makefile
@@ -143,7 +143,12 @@ endif
 ifdef CONFIG_CURSES
 OBJS+=curses.o
 endif
-OBJS+=vnc.o d3des.o
+
+OBJS+=vnc.o
+
+ifdef CONFIG_VNC_DES
+OBJS+=d3des.o
+endif
 
 ifdef CONFIG_COCOA
 OBJS+=cocoa.o
@@ -165,7 +170,13 @@ sdl.o: sdl.c keymaps.c sdl_keysym.h
 
 sdl.o audio/sdlaudio.o: CFLAGS += $(SDL_CFLAGS)
 
-vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h d3des.c d3des.h
+VNC_FILES = vnc.c keymaps.c sdl_keysym.h vnchextile.h
+
+ifdef CONFIG_VNC_DES
+VNC_FILES += d3des.c d3des.h
+endif
+
+vnc.o: $(VNC_FILES)
 
 vnc.o: CFLAGS += $(CONFIG_VNC_TLS_CFLAGS)
 
diff --git a/configure b/configure
index 604055c..d2aa783 100755
--- a/configure
+++ b/configure
@@ -165,6 +165,7 @@ fmod_inc=""
 oss_lib=""
 vnc_tls="yes"
 qcow_aes="yes"
+vnc_des="yes"
 bsd="no"
 linux="no"
 solaris="no"
@@ -390,6 +391,8 @@ for opt do
   ;;
   --disable-qcow-aes) qcow_aes="no"
   ;;
+  --disable-vnc-des) vnc_des="no"
+  ;;
   --disable-slirp) slirp="no"
   ;;
   --disable-vde) vde="no"
@@ -548,6 +551,7 @@ echo "  --enable-mixemu          enable mixer emulation"
 echo "  --disable-brlapi         disable BrlAPI"
 echo "  --disable-vnc-tls        disable TLS encryption for VNC server"
 echo "  --disable-qcow-aes       disable AES encrypton support on qcow"
+echo "  --disable-vnc-des        disable VNC DES-challenge authentication"
 echo "  --disable-curses         disable curses output"
 echo "  --disable-bluez          disable bluez stack connectivity"
 echo "  --disable-kvm            disable KVM acceleration support"
@@ -1134,6 +1138,7 @@ if test "$vnc_tls" = "yes" ; then
     echo "    TLS CFLAGS    $vnc_tls_cflags"
     echo "    TLS LIBS      $vnc_tls_libs"
 fi
+echo "VNC DES auth      $vnc_des"
 echo "qcow encryption   $qcow_aes"
 if test -n "$sparc_cpu"; then
     echo "Target Sparc Arch $sparc_cpu"
@@ -1376,6 +1381,10 @@ if test "$vnc_tls" = "yes" ; then
   echo "CONFIG_VNC_TLS_LIBS=$vnc_tls_libs" >> $config_mak
   echo "#define CONFIG_VNC_TLS 1" >> $config_h
 fi
+if [ "$vnc_des" = "yes" ];then
+  echo "CONFIG_VNC_DES=yes" >> $config_mak
+  echo "#define CONFIG_VNC_DES 1" >> $config_h
+fi
 if [ "$qcow_aes" = "yes" ];then
   echo "#define CONFIG_QCOW_AES 1" >> $config_h
 fi
diff --git a/vnc.c b/vnc.c
index 5c2368c..da8edf9 100644
--- a/vnc.c
+++ b/vnc.c
@@ -36,13 +36,16 @@
 #include "vnc.h"
 #include "vnc_keysym.h"
 #include "keymaps.c"
-#include "d3des.h"
 
 #ifdef CONFIG_VNC_TLS
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
 #endif /* CONFIG_VNC_TLS */
 
+#ifdef CONFIG_VNC_DES
+#include "d3des.h"
+#endif
+
 // #define _VNC_DEBUG 1
 
 #ifdef _VNC_DEBUG
@@ -1610,6 +1613,7 @@ static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
     return 0;
 }
 
+#ifdef CONFIG_VNC_DES
 static void make_challenge(VncState *vs)
 {
     int i;
@@ -1680,6 +1684,7 @@ static int start_auth_vnc(VncState *vs)
     vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
     return 0;
 }
+#endif
 
 
 #ifdef CONFIG_VNC_TLS
@@ -1871,10 +1876,12 @@ static int start_auth_vencrypt_subauth(VncState *vs)
        vnc_read_when(vs, protocol_client_init, 1);
        break;
 
+#ifdef CONFIG_VNC_DES
     case VNC_AUTH_VENCRYPT_TLSVNC:
     case VNC_AUTH_VENCRYPT_X509VNC:
        VNC_DEBUG("Start TLS auth VNC\n");
        return start_auth_vnc(vs);
+#endif
 
     default: /* Should not be possible, but just in case */
        VNC_DEBUG("Reject auth %d\n", vs->auth);
@@ -2116,9 +2123,11 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
            vnc_read_when(vs, protocol_client_init, 1);
            break;
 
+#ifdef CONFIG_VNC_DES
        case VNC_AUTH_VNC:
            VNC_DEBUG("Start VNC auth\n");
            return start_auth_vnc(vs);
+#endif
 
 #ifdef CONFIG_VNC_TLS
        case VNC_AUTH_VENCRYPT:
@@ -2177,12 +2186,18 @@ static int protocol_version(VncState *vs, uint8_t *version, size_t len)
             vnc_write_u32(vs, vs->auth);
             vnc_flush(vs);
             vnc_read_when(vs, protocol_client_init, 1);
-       } else if (vs->auth == VNC_AUTH_VNC) {
+       }
+       else
+#ifdef CONFIG_VNC_DES
+       if (vs->auth == VNC_AUTH_VNC) {
             VNC_DEBUG("Tell client VNC auth\n");
             vnc_write_u32(vs, vs->auth);
             vnc_flush(vs);
             start_auth_vnc(vs);
-       } else {
+       }
+       else
+#endif
+       {
             VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
             vnc_write_u32(vs, VNC_AUTH_INVALID);
             vnc_flush(vs);
@@ -2385,7 +2400,9 @@ int vnc_display_open(DisplayState *ds, const char *display)
 {
     VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
     const char *options;
+#ifdef CONFIG_VNC_DES
     int password = 0;
+#endif
     int reverse = 0;
     int to_port = 0;
 #ifdef CONFIG_VNC_TLS
@@ -2402,9 +2419,13 @@ int vnc_display_open(DisplayState *ds, const char *display)
     options = display;
     while ((options = strchr(options, ','))) {
 	options++;
+#ifdef CONFIG_VNC_DES
 	if (strncmp(options, "password", 8) == 0) {
 	    password = 1; /* Require password auth */
-	} else if (strncmp(options, "reverse", 7) == 0) {
+	}
+	else
+#endif
+	if (strncmp(options, "reverse", 7) == 0) {
 	    reverse = 1;
 	} else if (strncmp(options, "to=", 3) == 0) {
             to_port = atoi(options+3) + 5900;
@@ -2447,6 +2468,7 @@ int vnc_display_open(DisplayState *ds, const char *display)
 	}
     }
 
+#ifdef CONFIG_VNC_DES
     if (password) {
 #ifdef CONFIG_VNC_TLS
 	if (tls) {
@@ -2459,14 +2481,17 @@ int vnc_display_open(DisplayState *ds, const char *display)
 		vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
 	    }
 	} else {
-#endif
+#endif /* CONFIG_VNC_TLS */
 	    VNC_DEBUG("Initializing VNC server with password auth\n");
 	    vs->auth = VNC_AUTH_VNC;
 #ifdef CONFIG_VNC_TLS
 	    vs->subauth = VNC_AUTH_INVALID;
 	}
-#endif
-    } else {
+#endif /* CONFIG_VNC_TLS */
+    }
+    else
+#endif /* CONFIG_VNC_DES */
+    {
 #ifdef CONFIG_VNC_TLS
 	if (tls) {
 	    vs->auth = VNC_AUTH_VENCRYPT;
@@ -2478,13 +2503,13 @@ int vnc_display_open(DisplayState *ds, const char *display)
 		vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
 	    }
 	} else {
-#endif
+#endif /* CONFIG_VNC_TLS */
 	    VNC_DEBUG("Initializing VNC server with no auth\n");
 	    vs->auth = VNC_AUTH_NONE;
 #ifdef CONFIG_VNC_TLS
 	    vs->subauth = VNC_AUTH_INVALID;
 	}
-#endif
+#endif /* CONFIG_VNC_TLS */
     }
 
     if (reverse) {
-- 
1.6.0.2.GIT

  parent reply	other threads:[~2009-02-06 21:09 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-02-06 21:08 [Qemu-devel] [PATCH 0/9] encryption code changes Eduardo Habkost
2009-02-06 21:08 ` [Qemu-devel] [PATCH 1/9] vnc: abort on unknown options Eduardo Habkost
2009-02-06 21:08 ` [Qemu-devel] [PATCH 2/9] drive_init: Don't try to read passwords before monitor setup Eduardo Habkost
2009-02-06 21:08 ` [Qemu-devel] [PATCH 3/9] monitor_readline: poll pending bottom halves before readline_start() Eduardo Habkost
2009-02-06 21:08 ` [Qemu-devel] [PATCH 4/9] qcow: define QCOW_CRYPT_MAX Eduardo Habkost
2009-02-06 21:08 ` [Qemu-devel] [PATCH 5/9] qcow: make encryption support optional Eduardo Habkost
2009-02-06 21:08 ` Eduardo Habkost [this message]
2009-02-06 21:08 ` [Qemu-devel] [PATCH 7/9] configure: add check for libgcrypt Eduardo Habkost
2009-02-06 21:08 ` [Qemu-devel] [PATCH 8/9] qcow: use libgcrypt AES implementation Eduardo Habkost
2009-02-06 21:09 ` [Qemu-devel] [PATCH 9/9] vnc: use libgcrypt for DES-challenge authentication Eduardo Habkost
2009-02-06 21:57 ` [Qemu-devel] Re: [PATCH 0/9] encryption code changes Jan Kiszka
2009-02-06 23:43 ` [Qemu-devel] " Anthony Liguori
2009-02-07 11:06   ` Daniel P. Berrange
2009-02-09 20:57   ` Eduardo Habkost
2009-02-07 11:00 ` Daniel P. Berrange
2009-02-14 22:23 ` Anthony Liguori
2009-02-18 23:57   ` Eduardo Habkost

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1233954540-4754-7-git-send-email-ehabkost@redhat.com \
    --to=ehabkost@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).