From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LVXwv-0001lF-QS for qemu-devel@nongnu.org; Fri, 06 Feb 2009 16:09:22 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LVXws-0001hx-TK for qemu-devel@nongnu.org; Fri, 06 Feb 2009 16:09:19 -0500 Received: from [199.232.76.173] (port=51592 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LVXwr-0001hB-Sn for qemu-devel@nongnu.org; Fri, 06 Feb 2009 16:09:17 -0500 Received: from mx2.redhat.com ([66.187.237.31]:54579) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LVXwq-0007o2-Nk for qemu-devel@nongnu.org; Fri, 06 Feb 2009 16:09:17 -0500 Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n16L9ENF001174 for ; Fri, 6 Feb 2009 16:09:14 -0500 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n16L9Eo2029497 for ; Fri, 6 Feb 2009 16:09:15 -0500 Received: from blackpad.localdomain (vpn-10-11.bos.redhat.com [10.16.10.11]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n16L9E0k014601 for ; Fri, 6 Feb 2009 16:09:14 -0500 From: Eduardo Habkost Date: Fri, 6 Feb 2009 19:08:57 -0200 Message-Id: <1233954540-4754-7-git-send-email-ehabkost@redhat.com> In-Reply-To: <1233954540-4754-1-git-send-email-ehabkost@redhat.com> References: <1233954540-4754-1-git-send-email-ehabkost@redhat.com> Subject: [Qemu-devel] [PATCH 6/9] vnc: make DES-challenge authentication (aka "VNC auth") optional Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org I will change it to use libgcrypt, and making it optional will allow vnc.c to be compiled if libgcrypt is not available. Signed-off-by: Eduardo Habkost --- Makefile | 15 +++++++++++++-- configure | 9 +++++++++ vnc.c | 43 ++++++++++++++++++++++++++++++++++--------- 3 files changed, 56 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 4f7a55a..98f67b1 100644 --- a/Makefile +++ b/Makefile @@ -143,7 +143,12 @@ endif ifdef CONFIG_CURSES OBJS+=curses.o endif -OBJS+=vnc.o d3des.o + +OBJS+=vnc.o + +ifdef CONFIG_VNC_DES +OBJS+=d3des.o +endif ifdef CONFIG_COCOA OBJS+=cocoa.o @@ -165,7 +170,13 @@ sdl.o: sdl.c keymaps.c sdl_keysym.h sdl.o audio/sdlaudio.o: CFLAGS += $(SDL_CFLAGS) -vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h d3des.c d3des.h +VNC_FILES = vnc.c keymaps.c sdl_keysym.h vnchextile.h + +ifdef CONFIG_VNC_DES +VNC_FILES += d3des.c d3des.h +endif + +vnc.o: $(VNC_FILES) vnc.o: CFLAGS += $(CONFIG_VNC_TLS_CFLAGS) diff --git a/configure b/configure index 604055c..d2aa783 100755 --- a/configure +++ b/configure @@ -165,6 +165,7 @@ fmod_inc="" oss_lib="" vnc_tls="yes" qcow_aes="yes" +vnc_des="yes" bsd="no" linux="no" solaris="no" @@ -390,6 +391,8 @@ for opt do ;; --disable-qcow-aes) qcow_aes="no" ;; + --disable-vnc-des) vnc_des="no" + ;; --disable-slirp) slirp="no" ;; --disable-vde) vde="no" @@ -548,6 +551,7 @@ echo " --enable-mixemu enable mixer emulation" echo " --disable-brlapi disable BrlAPI" echo " --disable-vnc-tls disable TLS encryption for VNC server" echo " --disable-qcow-aes disable AES encrypton support on qcow" +echo " --disable-vnc-des disable VNC DES-challenge authentication" echo " --disable-curses disable curses output" echo " --disable-bluez disable bluez stack connectivity" echo " --disable-kvm disable KVM acceleration support" @@ -1134,6 +1138,7 @@ if test "$vnc_tls" = "yes" ; then echo " TLS CFLAGS $vnc_tls_cflags" echo " TLS LIBS $vnc_tls_libs" fi +echo "VNC DES auth $vnc_des" echo "qcow encryption $qcow_aes" if test -n "$sparc_cpu"; then echo "Target Sparc Arch $sparc_cpu" @@ -1376,6 +1381,10 @@ if test "$vnc_tls" = "yes" ; then echo "CONFIG_VNC_TLS_LIBS=$vnc_tls_libs" >> $config_mak echo "#define CONFIG_VNC_TLS 1" >> $config_h fi +if [ "$vnc_des" = "yes" ];then + echo "CONFIG_VNC_DES=yes" >> $config_mak + echo "#define CONFIG_VNC_DES 1" >> $config_h +fi if [ "$qcow_aes" = "yes" ];then echo "#define CONFIG_QCOW_AES 1" >> $config_h fi diff --git a/vnc.c b/vnc.c index 5c2368c..da8edf9 100644 --- a/vnc.c +++ b/vnc.c @@ -36,13 +36,16 @@ #include "vnc.h" #include "vnc_keysym.h" #include "keymaps.c" -#include "d3des.h" #ifdef CONFIG_VNC_TLS #include #include #endif /* CONFIG_VNC_TLS */ +#ifdef CONFIG_VNC_DES +#include "d3des.h" +#endif + // #define _VNC_DEBUG 1 #ifdef _VNC_DEBUG @@ -1610,6 +1613,7 @@ static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) return 0; } +#ifdef CONFIG_VNC_DES static void make_challenge(VncState *vs) { int i; @@ -1680,6 +1684,7 @@ static int start_auth_vnc(VncState *vs) vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); return 0; } +#endif #ifdef CONFIG_VNC_TLS @@ -1871,10 +1876,12 @@ static int start_auth_vencrypt_subauth(VncState *vs) vnc_read_when(vs, protocol_client_init, 1); break; +#ifdef CONFIG_VNC_DES case VNC_AUTH_VENCRYPT_TLSVNC: case VNC_AUTH_VENCRYPT_X509VNC: VNC_DEBUG("Start TLS auth VNC\n"); return start_auth_vnc(vs); +#endif default: /* Should not be possible, but just in case */ VNC_DEBUG("Reject auth %d\n", vs->auth); @@ -2116,9 +2123,11 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) vnc_read_when(vs, protocol_client_init, 1); break; +#ifdef CONFIG_VNC_DES case VNC_AUTH_VNC: VNC_DEBUG("Start VNC auth\n"); return start_auth_vnc(vs); +#endif #ifdef CONFIG_VNC_TLS case VNC_AUTH_VENCRYPT: @@ -2177,12 +2186,18 @@ static int protocol_version(VncState *vs, uint8_t *version, size_t len) vnc_write_u32(vs, vs->auth); vnc_flush(vs); vnc_read_when(vs, protocol_client_init, 1); - } else if (vs->auth == VNC_AUTH_VNC) { + } + else +#ifdef CONFIG_VNC_DES + if (vs->auth == VNC_AUTH_VNC) { VNC_DEBUG("Tell client VNC auth\n"); vnc_write_u32(vs, vs->auth); vnc_flush(vs); start_auth_vnc(vs); - } else { + } + else +#endif + { VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); vnc_write_u32(vs, VNC_AUTH_INVALID); vnc_flush(vs); @@ -2385,7 +2400,9 @@ int vnc_display_open(DisplayState *ds, const char *display) { VncState *vs = ds ? (VncState *)ds->opaque : vnc_state; const char *options; +#ifdef CONFIG_VNC_DES int password = 0; +#endif int reverse = 0; int to_port = 0; #ifdef CONFIG_VNC_TLS @@ -2402,9 +2419,13 @@ int vnc_display_open(DisplayState *ds, const char *display) options = display; while ((options = strchr(options, ','))) { options++; +#ifdef CONFIG_VNC_DES if (strncmp(options, "password", 8) == 0) { password = 1; /* Require password auth */ - } else if (strncmp(options, "reverse", 7) == 0) { + } + else +#endif + if (strncmp(options, "reverse", 7) == 0) { reverse = 1; } else if (strncmp(options, "to=", 3) == 0) { to_port = atoi(options+3) + 5900; @@ -2447,6 +2468,7 @@ int vnc_display_open(DisplayState *ds, const char *display) } } +#ifdef CONFIG_VNC_DES if (password) { #ifdef CONFIG_VNC_TLS if (tls) { @@ -2459,14 +2481,17 @@ int vnc_display_open(DisplayState *ds, const char *display) vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; } } else { -#endif +#endif /* CONFIG_VNC_TLS */ VNC_DEBUG("Initializing VNC server with password auth\n"); vs->auth = VNC_AUTH_VNC; #ifdef CONFIG_VNC_TLS vs->subauth = VNC_AUTH_INVALID; } -#endif - } else { +#endif /* CONFIG_VNC_TLS */ + } + else +#endif /* CONFIG_VNC_DES */ + { #ifdef CONFIG_VNC_TLS if (tls) { vs->auth = VNC_AUTH_VENCRYPT; @@ -2478,13 +2503,13 @@ int vnc_display_open(DisplayState *ds, const char *display) vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; } } else { -#endif +#endif /* CONFIG_VNC_TLS */ VNC_DEBUG("Initializing VNC server with no auth\n"); vs->auth = VNC_AUTH_NONE; #ifdef CONFIG_VNC_TLS vs->subauth = VNC_AUTH_INVALID; } -#endif +#endif /* CONFIG_VNC_TLS */ } if (reverse) { -- 1.6.0.2.GIT