qemu/ui/vnc.c

187     switch (vd->auth) {
245     info->auth = g_strdup(vnc_auth_name(vd));
423         info->auth = g_strdup(vnc_auth_name(vd));
436 static void qmp_query_auth(int auth, int subauth,
443                                                   int auth,
466     qmp_query_auth(auth, subauth, &info->auth,
473 static void qmp_query_auth(int auth, int subauth,
478     switch (auth) {
555         qmp_query_auth(vd->auth, vd->subauth, &info->auth,
567                 vd->listener->sioc[i], false, vd->auth, vd->subauth,
2786     vnc_write_u32(vs, 1); /* Reject auth */
2819         trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2823         trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2841         trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2852         trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2860         trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2863         trace_vnc_auth_pass(vs, vs->auth);
2864         vnc_write_u32(vs, 0); /* Accept auth */
2884         trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2901     /* We only advertise 1 auth scheme at a time, so client
2903     if (data[0] != vs->auth) { /* Reject auth */
2904        trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2906     } else { /* Accept requested auth */
2907        trace_vnc_auth_start(vs, vs->auth);
2908        switch (vs->auth) {
2911                vnc_write_u32(vs, 0); /* Accept auth completion */
2914            trace_vnc_auth_pass(vs, vs->auth);
2933            trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2972         trace_vnc_auth_start(vs, vs->auth);
2973         if (vs->auth == VNC_AUTH_NONE) {
2974             vnc_write_u32(vs, vs->auth);
2976             trace_vnc_auth_pass(vs, vs->auth);
2978        } else if (vs->auth == VNC_AUTH_VNC) {
2979             VNC_DEBUG("Tell client VNC auth\n");
2980             vnc_write_u32(vs, vs->auth);
2984             trace_vnc_auth_fail(vs, vs->auth,
2985                                 "Unsupported auth method for v3.3", "");
2991         vnc_write_u8(vs, 1); /* num auth */
2992         vnc_write_u8(vs, vs->auth);
3327         vs->auth = VNC_AUTH_NONE;
3331             vs->auth = vd->ws_auth;
3334             vs->auth = vd->auth;
3338     VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3339               sioc, websocket, vs->auth, vs->subauth);
3502     vd->auth = VNC_AUTH_INVALID;
3535     if (vd->auth == VNC_AUTH_NONE) {
3537                                 "password auth using '-vnc ${dpy},password'.\n");
3660 vnc_display_setup_auth(int *auth,
3697      * These need to be mapped into the VNC auth schemes
3700      * sub-auth types.
3709      * VNC auth schemes in the same way as combos 1->3.
3712      * VNC auth mechs for plain VNC vs websockets VNC, the end
3717             VNC_DEBUG("Initializing VNC server with password auth\n");
3718             *auth = VNC_AUTH_VNC;
3720             VNC_DEBUG("Initializing VNC server with SASL auth\n");
3721             *auth = VNC_AUTH_SASL;
3723             VNC_DEBUG("Initializing VNC server with no auth\n");
3724             *auth = VNC_AUTH_NONE;
3739         *auth = VNC_AUTH_VENCRYPT;
3742                 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3745                 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3751                 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3754                 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3759                 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3762                 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
4132         error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4170         error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4215     if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4220     trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);