motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-03 15:53:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

ui: add tracing of VNC authentication process

Browse source 
Trace anything related to authentication in the VNC protocol
handshake

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170921121528.23935-3-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
Daniel P. Berrange 2017-09-21 13:15:28 +01:00 committed by Gerd Hoffmann
parent ad6374c43e
commit 7364dbdabb
4 changed files with 92 additions and 93 deletions
Download patch file Download diff file Expand all files Collapse all files

21
ui/vnc-auth-vencrypt.c
View file

@ -35,27 +35,24 @@ static void start_auth_vencrypt_subauth(VncState *vs)
switch (vs->subauth) {
case VNC_AUTH_VENCRYPT_TLSNONE:
case VNC_AUTH_VENCRYPT_X509NONE:
VNC_DEBUG("Accept TLS auth none\n");
vnc_write_u32(vs, 0); /* Accept auth completion */
start_client_init(vs);
break;
case VNC_AUTH_VENCRYPT_TLSVNC:
case VNC_AUTH_VENCRYPT_X509VNC:
VNC_DEBUG("Start TLS auth VNC\n");
start_auth_vnc(vs);
break;
#ifdef CONFIG_VNC_SASL
case VNC_AUTH_VENCRYPT_TLSSASL:
case VNC_AUTH_VENCRYPT_X509SASL:
VNC_DEBUG("Start TLS auth SASL\n");
start_auth_sasl(vs);
break;
#endif /* CONFIG_VNC_SASL */
default: /* Should not be possible, but just in case */
VNC_DEBUG("Reject subauth %d server bug\n", vs->auth);
trace_vnc_auth_fail(vs, vs->auth, "Unhandled VeNCrypt subauth", "");
vnc_write_u8(vs, 1);
if (vs->minor >= 8) {
static const char err[] = "Unsupported authentication type";
@ -73,8 +70,8 @@ static void vnc_tls_handshake_done(QIOTask *task,
Error *err = NULL;
if (qio_task_propagate_error(task, &err)) {
VNC_DEBUG("Handshake failed %s\n",
error_get_pretty(err));
trace_vnc_auth_fail(vs, vs->auth, "TLS handshake failed",
error_get_pretty(err));
vnc_client_error(vs);
error_free(err);
} else {
@ -89,15 +86,15 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len
{
int auth = read_u32(data, 0);
trace_vnc_auth_vencrypt_subauth(vs, auth);
if (auth != vs->subauth) {
VNC_DEBUG("Rejecting auth %d\n", auth);
trace_vnc_auth_fail(vs, vs->auth, "Unsupported sub-auth version", "");
vnc_write_u8(vs, 0); /* Reject auth */
vnc_flush(vs);
vnc_client_error(vs);
} else {
Error *err = NULL;
QIOChannelTLS *tls;
VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth);
vnc_write_u8(vs, 1); /* Accept auth */
vnc_flush(vs);
@ -112,14 +109,14 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len
vs->vd->tlsaclname,
&err);
if (!tls) {
VNC_DEBUG("Failed to setup TLS %s\n", error_get_pretty(err));
trace_vnc_auth_fail(vs, vs->auth, "TLS setup failed",
error_get_pretty(err));
error_free(err);
vnc_client_error(vs);
return 0;
}
qio_channel_set_name(QIO_CHANNEL(tls), "vnc-server-tls");
VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
object_unref(OBJECT(vs->ioc));
vs->ioc = QIO_CHANNEL(tls);
trace_vnc_client_io_wrap(vs, vs->ioc, "tls");
@ -135,14 +132,14 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len
static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
{
trace_vnc_auth_vencrypt_version(vs, (int)data[0], (int)data[1]);
if (data[0] != 0 ||
data[1] != 2) {
VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
trace_vnc_auth_fail(vs, vs->auth, "Unsupported version", "");
vnc_write_u8(vs, 1); /* Reject version */
vnc_flush(vs);
vnc_client_error(vs);
} else {
VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
vnc_write_u8(vs, 0); /* Accept version */
vnc_write_u8(vs, 1); /* Number of sub-auths */
vnc_write_u32(vs, vs->subauth); /* The supported auth */