Lines Matching +full:- +full:encoded
33 * files that use SASL API need to disable -Wdeprecated-declarations.
36 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
57 if (vs->sasl.conn) { in vnc_sasl_client_cleanup()
58 vs->sasl.runSSF = false; in vnc_sasl_client_cleanup()
59 vs->sasl.wantSSF = false; in vnc_sasl_client_cleanup()
60 vs->sasl.waitWriteSSF = 0; in vnc_sasl_client_cleanup()
61 vs->sasl.encodedLength = vs->sasl.encodedOffset = 0; in vnc_sasl_client_cleanup()
62 vs->sasl.encoded = NULL; in vnc_sasl_client_cleanup()
63 g_free(vs->sasl.username); in vnc_sasl_client_cleanup()
64 g_free(vs->sasl.mechlist); in vnc_sasl_client_cleanup()
65 vs->sasl.username = vs->sasl.mechlist = NULL; in vnc_sasl_client_cleanup()
66 sasl_dispose(&vs->sasl.conn); in vnc_sasl_client_cleanup()
67 vs->sasl.conn = NULL; in vnc_sasl_client_cleanup()
77 "Encoded: %p size %d offset %d\n", in vnc_client_write_sasl()
78 vs->output.buffer, vs->output.capacity, vs->output.offset, in vnc_client_write_sasl()
79 vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset); in vnc_client_write_sasl()
81 if (!vs->sasl.encoded) { in vnc_client_write_sasl()
83 err = sasl_encode(vs->sasl.conn, in vnc_client_write_sasl()
84 (char *)vs->output.buffer, in vnc_client_write_sasl()
85 vs->output.offset, in vnc_client_write_sasl()
86 (const char **)&vs->sasl.encoded, in vnc_client_write_sasl()
87 &vs->sasl.encodedLength); in vnc_client_write_sasl()
89 return vnc_client_io_error(vs, -1, NULL); in vnc_client_write_sasl()
91 vs->sasl.encodedRawLength = vs->output.offset; in vnc_client_write_sasl()
92 vs->sasl.encodedOffset = 0; in vnc_client_write_sasl()
96 vs->sasl.encoded + vs->sasl.encodedOffset, in vnc_client_write_sasl()
97 vs->sasl.encodedLength - vs->sasl.encodedOffset); in vnc_client_write_sasl()
101 vs->sasl.encodedOffset += ret; in vnc_client_write_sasl()
102 if (vs->sasl.encodedOffset == vs->sasl.encodedLength) { in vnc_client_write_sasl()
103 bool throttled = vs->force_update_offset != 0; in vnc_client_write_sasl()
105 if (vs->sasl.encodedRawLength >= vs->force_update_offset) { in vnc_client_write_sasl()
106 vs->force_update_offset = 0; in vnc_client_write_sasl()
108 vs->force_update_offset -= vs->sasl.encodedRawLength; in vnc_client_write_sasl()
110 if (throttled && vs->force_update_offset == 0) { in vnc_client_write_sasl()
111 trace_vnc_client_unthrottle_forced(vs, vs->ioc); in vnc_client_write_sasl()
113 offset = vs->output.offset; in vnc_client_write_sasl()
114 buffer_advance(&vs->output, vs->sasl.encodedRawLength); in vnc_client_write_sasl()
115 if (offset >= vs->throttle_output_offset && in vnc_client_write_sasl()
116 vs->output.offset < vs->throttle_output_offset) { in vnc_client_write_sasl()
117 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, in vnc_client_write_sasl()
118 vs->output.offset); in vnc_client_write_sasl()
120 vs->sasl.encoded = NULL; in vnc_client_write_sasl()
121 vs->sasl.encodedOffset = vs->sasl.encodedLength = 0; in vnc_client_write_sasl()
126 * data in vs->output while we were processing in vnc_client_write_sasl()
127 * SASL encoded output in vnc_client_write_sasl()
129 if (vs->output.offset == 0) { in vnc_client_write_sasl()
130 if (vs->ioc_tag) { in vnc_client_write_sasl()
131 g_source_remove(vs->ioc_tag); in vnc_client_write_sasl()
133 vs->ioc_tag = qio_channel_add_watch( in vnc_client_write_sasl()
134 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, in vnc_client_write_sasl()
145 uint8_t encoded[4096]; in vnc_client_read_sasl() local
150 ret = vnc_client_read_buf(vs, encoded, sizeof(encoded)); in vnc_client_read_sasl()
154 err = sasl_decode(vs->sasl.conn, in vnc_client_read_sasl()
155 (char *)encoded, ret, in vnc_client_read_sasl()
159 return vnc_client_io_error(vs, -1, NULL); in vnc_client_read_sasl()
160 VNC_DEBUG("Read SASL Encoded %p size %ld Decoded %p size %d\n", in vnc_client_read_sasl()
161 encoded, ret, decoded, decodedLen); in vnc_client_read_sasl()
162 buffer_reserve(&vs->input, decodedLen); in vnc_client_read_sasl()
163 buffer_append(&vs->input, decoded, decodedLen); in vnc_client_read_sasl()
175 rv = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val); in vnc_auth_sasl_check_access()
177 trace_vnc_auth_fail(vs, vs->auth, "Cannot fetch SASL username", in vnc_auth_sasl_check_access()
179 return -1; in vnc_auth_sasl_check_access()
182 trace_vnc_auth_fail(vs, vs->auth, "No SASL username set", ""); in vnc_auth_sasl_check_access()
183 return -1; in vnc_auth_sasl_check_access()
186 vs->sasl.username = g_strdup((const char*)val); in vnc_auth_sasl_check_access()
187 trace_vnc_auth_sasl_username(vs, vs->sasl.username); in vnc_auth_sasl_check_access()
189 if (vs->vd->sasl.authzid == NULL) { in vnc_auth_sasl_check_access()
194 allow = qauthz_is_allowed_by_id(vs->vd->sasl.authzid, in vnc_auth_sasl_check_access()
195 vs->sasl.username, &err); in vnc_auth_sasl_check_access()
197 trace_vnc_auth_fail(vs, vs->auth, "Error from authz", in vnc_auth_sasl_check_access()
200 return -1; in vnc_auth_sasl_check_access()
204 return allow ? 0 : -1; in vnc_auth_sasl_check_access()
212 if (!vs->sasl.wantSSF) in vnc_auth_sasl_check_ssf()
215 err = sasl_getprop(vs->sasl.conn, SASL_SSF, &val); in vnc_auth_sasl_check_ssf()
232 vs->sasl.runSSF = 1; in vnc_auth_sasl_check_ssf()
243 * u32 clientin-length
244 * u8-array clientin-string
248 * u32 serverout-length
249 * u8-array serverout-strin
266 if (clientdata[datalen - 1] != '\0') { in protocol_client_auth_sasl_step()
267 trace_vnc_auth_fail(vs, vs->auth, "Malformed SASL client data", in protocol_client_auth_sasl_step()
269 sasl_dispose(&vs->sasl.conn); in protocol_client_auth_sasl_step()
270 vs->sasl.conn = NULL; in protocol_client_auth_sasl_step()
273 datalen--; /* Discard the extra NUL padding byte */ in protocol_client_auth_sasl_step()
276 err = sasl_server_step(vs->sasl.conn, in protocol_client_auth_sasl_step()
284 trace_vnc_auth_fail(vs, vs->auth, "Cannot step SASL auth", in protocol_client_auth_sasl_step()
285 sasl_errdetail(vs->sasl.conn)); in protocol_client_auth_sasl_step()
286 sasl_dispose(&vs->sasl.conn); in protocol_client_auth_sasl_step()
287 vs->sasl.conn = NULL; in protocol_client_auth_sasl_step()
292 trace_vnc_auth_fail(vs, vs->auth, "SASL data too long", ""); in protocol_client_auth_sasl_step()
293 sasl_dispose(&vs->sasl.conn); in protocol_client_auth_sasl_step()
294 vs->sasl.conn = NULL; in protocol_client_auth_sasl_step()
314 trace_vnc_auth_fail(vs, vs->auth, "SASL SSF too weak", ""); in protocol_client_auth_sasl_step()
323 trace_vnc_auth_pass(vs, vs->auth); in protocol_client_auth_sasl_step()
326 * Delay writing in SSF encoded mode until pending output in protocol_client_auth_sasl_step()
329 if (vs->sasl.runSSF) in protocol_client_auth_sasl_step()
330 vs->sasl.waitWriteSSF = vs->output.offset; in protocol_client_auth_sasl_step()
342 return -1; in protocol_client_auth_sasl_step()
346 return -1; in protocol_client_auth_sasl_step()
354 trace_vnc_auth_fail(vs, vs->auth, "SASL step len too large", ""); in protocol_client_auth_sasl_step_len()
356 return -1; in protocol_client_auth_sasl_step_len()
371 * u32 clientin-length
372 * u8-array clientin-string
376 * u32 serverout-length
377 * u8-array serverout-strin
394 if (clientdata[datalen - 1] != '\0') { in protocol_client_auth_sasl_start()
395 trace_vnc_auth_fail(vs, vs->auth, "Malformed SASL client data", in protocol_client_auth_sasl_start()
397 sasl_dispose(&vs->sasl.conn); in protocol_client_auth_sasl_start()
398 vs->sasl.conn = NULL; in protocol_client_auth_sasl_start()
401 datalen--; /* Discard the extra NUL padding byte */ in protocol_client_auth_sasl_start()
404 err = sasl_server_start(vs->sasl.conn, in protocol_client_auth_sasl_start()
405 vs->sasl.mechlist, in protocol_client_auth_sasl_start()
413 trace_vnc_auth_fail(vs, vs->auth, "Cannot start SASL auth", in protocol_client_auth_sasl_start()
414 sasl_errdetail(vs->sasl.conn)); in protocol_client_auth_sasl_start()
415 sasl_dispose(&vs->sasl.conn); in protocol_client_auth_sasl_start()
416 vs->sasl.conn = NULL; in protocol_client_auth_sasl_start()
420 trace_vnc_auth_fail(vs, vs->auth, "SASL data too long", ""); in protocol_client_auth_sasl_start()
421 sasl_dispose(&vs->sasl.conn); in protocol_client_auth_sasl_start()
422 vs->sasl.conn = NULL; in protocol_client_auth_sasl_start()
442 trace_vnc_auth_fail(vs, vs->auth, "SASL SSF too weak", ""); in protocol_client_auth_sasl_start()
451 trace_vnc_auth_pass(vs, vs->auth); in protocol_client_auth_sasl_start()
464 return -1; in protocol_client_auth_sasl_start()
468 return -1; in protocol_client_auth_sasl_start()
476 trace_vnc_auth_fail(vs, vs->auth, "SASL start len too large", ""); in protocol_client_auth_sasl_start_len()
478 return -1; in protocol_client_auth_sasl_start_len()
493 if (strncmp(vs->sasl.mechlist, mechname, len) == 0) { in protocol_client_auth_sasl_mechname()
494 if (vs->sasl.mechlist[len] != '\0' && in protocol_client_auth_sasl_mechname()
495 vs->sasl.mechlist[len] != ',') { in protocol_client_auth_sasl_mechname()
499 char *offset = strstr(vs->sasl.mechlist, mechname); in protocol_client_auth_sasl_mechname()
503 if (offset[-1] != ',' || in protocol_client_auth_sasl_mechname()
510 g_free(vs->sasl.mechlist); in protocol_client_auth_sasl_mechname()
511 vs->sasl.mechlist = mechname; in protocol_client_auth_sasl_mechname()
517 trace_vnc_auth_fail(vs, vs->auth, "Unsupported mechname", mechname); in protocol_client_auth_sasl_mechname()
520 return -1; in protocol_client_auth_sasl_mechname()
528 trace_vnc_auth_fail(vs, vs->auth, "SASL mechname too long", ""); in protocol_client_auth_sasl_mechname_len()
530 return -1; in protocol_client_auth_sasl_mechname_len()
533 trace_vnc_auth_fail(vs, vs->auth, "SASL mechname too short", ""); in protocol_client_auth_sasl_mechname_len()
535 return -1; in protocol_client_auth_sasl_mechname_len()
555 return -1; in vnc_socket_ip_addr_string()
558 if (addr->type != SOCKET_ADDRESS_TYPE_INET) { in vnc_socket_ip_addr_string()
563 *addrstr = g_strdup_printf("%s;%s", addr->u.inet.host, addr->u.inet.port); in vnc_socket_ip_addr_string()
572 return addr && addr->type == SOCKET_ADDRESS_TYPE_UNIX; in vnc_socket_is_unix()
585 if (vnc_socket_ip_addr_string(vs->sioc, true, in start_auth_sasl()
587 trace_vnc_auth_fail(vs, vs->auth, "Cannot format local IP", in start_auth_sasl()
592 if (vnc_socket_ip_addr_string(vs->sioc, false, in start_auth_sasl()
594 trace_vnc_auth_fail(vs, vs->auth, "Cannot format remote IP", in start_auth_sasl()
601 NULL, /* FQDN - just delegates to gethostname */ in start_auth_sasl()
607 &vs->sasl.conn); in start_auth_sasl()
613 trace_vnc_auth_fail(vs, vs->auth, "SASL context setup failed", in start_auth_sasl()
615 vs->sasl.conn = NULL; in start_auth_sasl()
620 if (vs->auth == VNC_AUTH_VENCRYPT && in start_auth_sasl()
621 vs->subauth == VNC_AUTH_VENCRYPT_X509SASL) { in start_auth_sasl()
625 keysize = qcrypto_tls_session_get_key_size(vs->tls, in start_auth_sasl()
628 trace_vnc_auth_fail(vs, vs->auth, "cannot TLS get cipher size", in start_auth_sasl()
630 sasl_dispose(&vs->sasl.conn); in start_auth_sasl()
631 vs->sasl.conn = NULL; in start_auth_sasl()
636 err = sasl_setprop(vs->sasl.conn, SASL_SSF_EXTERNAL, &ssf); in start_auth_sasl()
638 trace_vnc_auth_fail(vs, vs->auth, "cannot set SASL external SSF", in start_auth_sasl()
640 sasl_dispose(&vs->sasl.conn); in start_auth_sasl()
641 vs->sasl.conn = NULL; in start_auth_sasl()
645 vs->sasl.wantSSF = !vnc_socket_is_unix(vs->sioc); in start_auth_sasl()
655 if (vnc_socket_is_unix(vs->sioc) || in start_auth_sasl()
656 (vs->auth == VNC_AUTH_VENCRYPT && in start_auth_sasl()
657 vs->subauth == VNC_AUTH_VENCRYPT_X509SASL)) { in start_auth_sasl()
673 err = sasl_setprop(vs->sasl.conn, SASL_SEC_PROPS, &secprops); in start_auth_sasl()
675 trace_vnc_auth_fail(vs, vs->auth, "cannot set SASL security props", in start_auth_sasl()
677 sasl_dispose(&vs->sasl.conn); in start_auth_sasl()
678 vs->sasl.conn = NULL; in start_auth_sasl()
682 err = sasl_listmech(vs->sasl.conn, in start_auth_sasl()
691 trace_vnc_auth_fail(vs, vs->auth, "cannot list SASL mechanisms", in start_auth_sasl()
692 sasl_errdetail(vs->sasl.conn)); in start_auth_sasl()
693 sasl_dispose(&vs->sasl.conn); in start_auth_sasl()
694 vs->sasl.conn = NULL; in start_auth_sasl()
700 trace_vnc_auth_fail(vs, vs->auth, "no available SASL mechanisms", ""); in start_auth_sasl()
701 sasl_dispose(&vs->sasl.conn); in start_auth_sasl()
702 vs->sasl.conn = NULL; in start_auth_sasl()
706 vs->sasl.mechlist = g_strdup(mechlist); in start_auth_sasl()