b76806d4ec
The 'qemu_acl' type was a previous non-QOM based attempt to provide an authorization facility in QEMU. Because it is non-QOM based it cannot be created via the command line and requires special monitor commands to manipulate it. The new QAuthZ subclasses provide a superset of the functionality in qemu_acl, so the latter can now be deleted. The HMP 'acl_*' monitor commands are converted to use the new QAuthZSimple data type instead in order to provide temporary backwards compatibility. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
75 lines
2.3 KiB
C
75 lines
2.3 KiB
C
/*
|
|
* QEMU VNC display driver: SASL auth protocol
|
|
*
|
|
* Copyright (C) 2009 Red Hat, Inc
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
|
|
#ifndef QEMU_VNC_AUTH_SASL_H
|
|
#define QEMU_VNC_AUTH_SASL_H
|
|
|
|
#include <sasl/sasl.h>
|
|
|
|
typedef struct VncStateSASL VncStateSASL;
|
|
typedef struct VncDisplaySASL VncDisplaySASL;
|
|
|
|
#include "qemu/main-loop.h"
|
|
#include "authz/base.h"
|
|
|
|
struct VncStateSASL {
|
|
sasl_conn_t *conn;
|
|
/* If we want to negotiate an SSF layer with client */
|
|
bool wantSSF;
|
|
/* If we are now running the SSF layer */
|
|
bool runSSF;
|
|
/*
|
|
* If this is non-zero, then wait for that many bytes
|
|
* to be written plain, before switching to SSF encoding
|
|
* This allows the VNC auth result to finish being
|
|
* written in plain.
|
|
*/
|
|
unsigned int waitWriteSSF;
|
|
|
|
/*
|
|
* Buffering encoded data to allow more clear data
|
|
* to be stuffed onto the output buffer
|
|
*/
|
|
const uint8_t *encoded;
|
|
unsigned int encodedLength;
|
|
unsigned int encodedRawLength;
|
|
unsigned int encodedOffset;
|
|
char *username;
|
|
char *mechlist;
|
|
};
|
|
|
|
struct VncDisplaySASL {
|
|
QAuthZ *authz;
|
|
char *authzid;
|
|
};
|
|
|
|
void vnc_sasl_client_cleanup(VncState *vs);
|
|
|
|
size_t vnc_client_read_sasl(VncState *vs);
|
|
size_t vnc_client_write_sasl(VncState *vs);
|
|
|
|
void start_auth_sasl(VncState *vs);
|
|
|
|
#endif /* QEMU_VNC_AUTH_SASL_H */
|