[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 6/9] vnc: make DES-challenge authentication (aka "VN
|
From: |
Eduardo Habkost |
|
Subject: |
[Qemu-devel] [PATCH 6/9] vnc: make DES-challenge authentication (aka "VNC auth") optional |
|
Date: |
Fri, 6 Feb 2009 19:08:57 -0200 |
I will change it to use libgcrypt, and making it optional will
allow vnc.c to be compiled if libgcrypt is not available.
Signed-off-by: Eduardo Habkost <address@hidden>
---
Makefile | 15 +++++++++++++--
configure | 9 +++++++++
vnc.c | 43 ++++++++++++++++++++++++++++++++++---------
3 files changed, 56 insertions(+), 11 deletions(-)
diff --git a/Makefile b/Makefile
index 4f7a55a..98f67b1 100644
--- a/Makefile
+++ b/Makefile
@@ -143,7 +143,12 @@ endif
ifdef CONFIG_CURSES
OBJS+=curses.o
endif
-OBJS+=vnc.o d3des.o
+
+OBJS+=vnc.o
+
+ifdef CONFIG_VNC_DES
+OBJS+=d3des.o
+endif
ifdef CONFIG_COCOA
OBJS+=cocoa.o
@@ -165,7 +170,13 @@ sdl.o: sdl.c keymaps.c sdl_keysym.h
sdl.o audio/sdlaudio.o: CFLAGS += $(SDL_CFLAGS)
-vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h d3des.c d3des.h
+VNC_FILES = vnc.c keymaps.c sdl_keysym.h vnchextile.h
+
+ifdef CONFIG_VNC_DES
+VNC_FILES += d3des.c d3des.h
+endif
+
+vnc.o: $(VNC_FILES)
vnc.o: CFLAGS += $(CONFIG_VNC_TLS_CFLAGS)
diff --git a/configure b/configure
index 604055c..d2aa783 100755
--- a/configure
+++ b/configure
@@ -165,6 +165,7 @@ fmod_inc=""
oss_lib=""
vnc_tls="yes"
qcow_aes="yes"
+vnc_des="yes"
bsd="no"
linux="no"
solaris="no"
@@ -390,6 +391,8 @@ for opt do
;;
--disable-qcow-aes) qcow_aes="no"
;;
+ --disable-vnc-des) vnc_des="no"
+ ;;
--disable-slirp) slirp="no"
;;
--disable-vde) vde="no"
@@ -548,6 +551,7 @@ echo " --enable-mixemu enable mixer emulation"
echo " --disable-brlapi disable BrlAPI"
echo " --disable-vnc-tls disable TLS encryption for VNC server"
echo " --disable-qcow-aes disable AES encrypton support on qcow"
+echo " --disable-vnc-des disable VNC DES-challenge authentication"
echo " --disable-curses disable curses output"
echo " --disable-bluez disable bluez stack connectivity"
echo " --disable-kvm disable KVM acceleration support"
@@ -1134,6 +1138,7 @@ if test "$vnc_tls" = "yes" ; then
echo " TLS CFLAGS $vnc_tls_cflags"
echo " TLS LIBS $vnc_tls_libs"
fi
+echo "VNC DES auth $vnc_des"
echo "qcow encryption $qcow_aes"
if test -n "$sparc_cpu"; then
echo "Target Sparc Arch $sparc_cpu"
@@ -1376,6 +1381,10 @@ if test "$vnc_tls" = "yes" ; then
echo "CONFIG_VNC_TLS_LIBS=$vnc_tls_libs" >> $config_mak
echo "#define CONFIG_VNC_TLS 1" >> $config_h
fi
+if [ "$vnc_des" = "yes" ];then
+ echo "CONFIG_VNC_DES=yes" >> $config_mak
+ echo "#define CONFIG_VNC_DES 1" >> $config_h
+fi
if [ "$qcow_aes" = "yes" ];then
echo "#define CONFIG_QCOW_AES 1" >> $config_h
fi
diff --git a/vnc.c b/vnc.c
index 5c2368c..da8edf9 100644
--- a/vnc.c
+++ b/vnc.c
@@ -36,13 +36,16 @@
#include "vnc.h"
#include "vnc_keysym.h"
#include "keymaps.c"
-#include "d3des.h"
#ifdef CONFIG_VNC_TLS
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#endif /* CONFIG_VNC_TLS */
+#ifdef CONFIG_VNC_DES
+#include "d3des.h"
+#endif
+
// #define _VNC_DEBUG 1
#ifdef _VNC_DEBUG
@@ -1610,6 +1613,7 @@ static int protocol_client_init(VncState *vs, uint8_t
*data, size_t len)
return 0;
}
+#ifdef CONFIG_VNC_DES
static void make_challenge(VncState *vs)
{
int i;
@@ -1680,6 +1684,7 @@ static int start_auth_vnc(VncState *vs)
vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
return 0;
}
+#endif
#ifdef CONFIG_VNC_TLS
@@ -1871,10 +1876,12 @@ static int start_auth_vencrypt_subauth(VncState *vs)
vnc_read_when(vs, protocol_client_init, 1);
break;
+#ifdef CONFIG_VNC_DES
case VNC_AUTH_VENCRYPT_TLSVNC:
case VNC_AUTH_VENCRYPT_X509VNC:
VNC_DEBUG("Start TLS auth VNC\n");
return start_auth_vnc(vs);
+#endif
default: /* Should not be possible, but just in case */
VNC_DEBUG("Reject auth %d\n", vs->auth);
@@ -2116,9 +2123,11 @@ static int protocol_client_auth(VncState *vs, uint8_t
*data, size_t len)
vnc_read_when(vs, protocol_client_init, 1);
break;
+#ifdef CONFIG_VNC_DES
case VNC_AUTH_VNC:
VNC_DEBUG("Start VNC auth\n");
return start_auth_vnc(vs);
+#endif
#ifdef CONFIG_VNC_TLS
case VNC_AUTH_VENCRYPT:
@@ -2177,12 +2186,18 @@ static int protocol_version(VncState *vs, uint8_t
*version, size_t len)
vnc_write_u32(vs, vs->auth);
vnc_flush(vs);
vnc_read_when(vs, protocol_client_init, 1);
- } else if (vs->auth == VNC_AUTH_VNC) {
+ }
+ else
+#ifdef CONFIG_VNC_DES
+ if (vs->auth == VNC_AUTH_VNC) {
VNC_DEBUG("Tell client VNC auth\n");
vnc_write_u32(vs, vs->auth);
vnc_flush(vs);
start_auth_vnc(vs);
- } else {
+ }
+ else
+#endif
+ {
VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
vnc_write_u32(vs, VNC_AUTH_INVALID);
vnc_flush(vs);
@@ -2385,7 +2400,9 @@ int vnc_display_open(DisplayState *ds, const char
*display)
{
VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
const char *options;
+#ifdef CONFIG_VNC_DES
int password = 0;
+#endif
int reverse = 0;
int to_port = 0;
#ifdef CONFIG_VNC_TLS
@@ -2402,9 +2419,13 @@ int vnc_display_open(DisplayState *ds, const char
*display)
options = display;
while ((options = strchr(options, ','))) {
options++;
+#ifdef CONFIG_VNC_DES
if (strncmp(options, "password", 8) == 0) {
password = 1; /* Require password auth */
- } else if (strncmp(options, "reverse", 7) == 0) {
+ }
+ else
+#endif
+ if (strncmp(options, "reverse", 7) == 0) {
reverse = 1;
} else if (strncmp(options, "to=", 3) == 0) {
to_port = atoi(options+3) + 5900;
@@ -2447,6 +2468,7 @@ int vnc_display_open(DisplayState *ds, const char
*display)
}
}
+#ifdef CONFIG_VNC_DES
if (password) {
#ifdef CONFIG_VNC_TLS
if (tls) {
@@ -2459,14 +2481,17 @@ int vnc_display_open(DisplayState *ds, const char
*display)
vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
}
} else {
-#endif
+#endif /* CONFIG_VNC_TLS */
VNC_DEBUG("Initializing VNC server with password auth\n");
vs->auth = VNC_AUTH_VNC;
#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
}
-#endif
- } else {
+#endif /* CONFIG_VNC_TLS */
+ }
+ else
+#endif /* CONFIG_VNC_DES */
+ {
#ifdef CONFIG_VNC_TLS
if (tls) {
vs->auth = VNC_AUTH_VENCRYPT;
@@ -2478,13 +2503,13 @@ int vnc_display_open(DisplayState *ds, const char
*display)
vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
}
} else {
-#endif
+#endif /* CONFIG_VNC_TLS */
VNC_DEBUG("Initializing VNC server with no auth\n");
vs->auth = VNC_AUTH_NONE;
#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
}
-#endif
+#endif /* CONFIG_VNC_TLS */
}
if (reverse) {
--
1.6.0.2.GIT
- [Qemu-devel] [PATCH 0/9] encryption code changes, Eduardo Habkost, 2009/02/06
- [Qemu-devel] [PATCH 6/9] vnc: make DES-challenge authentication (aka "VNC auth") optional,
Eduardo Habkost <=
- [Qemu-devel] [PATCH 2/9] drive_init: Don't try to read passwords before monitor setup, Eduardo Habkost, 2009/02/06
- [Qemu-devel] [PATCH 7/9] configure: add check for libgcrypt, Eduardo Habkost, 2009/02/06
- [Qemu-devel] [PATCH 4/9] qcow: define QCOW_CRYPT_MAX, Eduardo Habkost, 2009/02/06
- [Qemu-devel] [PATCH 3/9] monitor_readline: poll pending bottom halves before readline_start(), Eduardo Habkost, 2009/02/06
- [Qemu-devel] [PATCH 5/9] qcow: make encryption support optional, Eduardo Habkost, 2009/02/06
- [Qemu-devel] [PATCH 1/9] vnc: abort on unknown options, Eduardo Habkost, 2009/02/06
- [Qemu-devel] [PATCH 8/9] qcow: use libgcrypt AES implementation, Eduardo Habkost, 2009/02/06
- [Qemu-devel] [PATCH 9/9] vnc: use libgcrypt for DES-challenge authentication, Eduardo Habkost, 2009/02/06
- [Qemu-devel] Re: [PATCH 0/9] encryption code changes, Jan Kiszka, 2009/02/06
- Re: [Qemu-devel] [PATCH 0/9] encryption code changes, Anthony Liguori, 2009/02/06