vnc-auth-sasl.c - OpenGrok cross reference for /openbmc/qemu/ui/vnc-auth-sasl.c

Deleted Added

sdiffudifftextold (5e8d6a12..)new (b76806d4..)

vnc-auth-sasl.c (5e8d6a12d643a38b82a0a713a77d1192117dbdca)	vnc-auth-sasl.c (b76806d4ec5c55d36bf5508f1405d132a4b862de)
1/* 2 * QEMU VNC display driver: SASL auth protocol 3 * 4 * Copyright (C) 2009 Red Hat, Inc 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights --- 10 unchanged lines hidden (view full) --- 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25#include "qemu/osdep.h" 26#include "qapi/error.h"	1/* 2 * QEMU VNC display driver: SASL auth protocol 3 * 4 * Copyright (C) 2009 Red Hat, Inc 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights --- 10 unchanged lines hidden (view full) --- 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25#include "qemu/osdep.h" 26#include "qapi/error.h"
	27#include "authz/base.h"
27#include "vnc.h" 28#include "trace.h" 29 30/* Max amount of data we send/recv for SASL steps to prevent DOS / 31#define SASL_DATA_MAX_LEN (1024 1024) 32 33 34void vnc_sasl_client_cleanup(VncState vs) --- 106 unchanged lines hidden* (view full) --- 141 buffer_append(&vs->input, decoded, decodedLen); 142 return decodedLen; 143} 144 145 146static int vnc_auth_sasl_check_access(VncState vs) 147{ 148 const void val;	28#include "vnc.h" 29#include "trace.h" 30 31/* Max amount of data we send/recv for SASL steps to prevent DOS / 32#define SASL_DATA_MAX_LEN (1024 1024) 33 34 35void vnc_sasl_client_cleanup(VncState vs) --- 106 unchanged lines hidden* (view full) --- 142 buffer_append(&vs->input, decoded, decodedLen); 143 return decodedLen; 144} 145 146 147static int vnc_auth_sasl_check_access(VncState vs) 148{ 149 const void val;
149 int err; 150 int allow;	150 int rv; 151 Error *err = NULL; 152 bool allow;
151	153
152 err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val); 153 if (err != SASL_OK) {	154 rv = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val); 155 if (rv != SASL_OK) {
154 trace_vnc_auth_fail(vs, vs->auth, "Cannot fetch SASL username",	156 trace_vnc_auth_fail(vs, vs->auth, "Cannot fetch SASL username",
155 sasl_errstring(err, NULL, NULL));	157 sasl_errstring(rv, NULL, NULL));
156 return -1; 157 } 158 if (val == NULL) { 159 trace_vnc_auth_fail(vs, vs->auth, "No SASL username set", ""); 160 return -1; 161 } 162 163 vs->sasl.username = g_strdup((const char*)val); 164 trace_vnc_auth_sasl_username(vs, vs->sasl.username); 165	158 return -1; 159 } 160 if (val == NULL) { 161 trace_vnc_auth_fail(vs, vs->auth, "No SASL username set", ""); 162 return -1; 163 } 164 165 vs->sasl.username = g_strdup((const char*)val); 166 trace_vnc_auth_sasl_username(vs, vs->sasl.username); 167
166 if (vs->vd->sasl.acl == NULL) {	168 if (vs->vd->sasl.authzid == NULL) {
167 trace_vnc_auth_sasl_acl(vs, 1); 168 return 0; 169 } 170	169 trace_vnc_auth_sasl_acl(vs, 1); 170 return 0; 171 } 172
171 allow = qemu_acl_party_is_allowed(vs->vd->sasl.acl, vs->sasl.username);	173 allow = qauthz_is_allowed_by_id(vs->vd->sasl.authzid, 174 vs->sasl.username, &err); 175 if (err) { 176 trace_vnc_auth_fail(vs, vs->auth, "Error from authz", 177 error_get_pretty(err)); 178 error_free(err); 179 return -1; 180 }
172 173 trace_vnc_auth_sasl_acl(vs, allow); 174 return allow ? 0 : -1; 175} 176 177static int vnc_auth_sasl_check_ssf(VncState vs) 178{ 179 const void val; --- 482 unchanged lines hidden ---	181 182 trace_vnc_auth_sasl_acl(vs, allow); 183 return allow ? 0 : -1; 184} 185 186static int vnc_auth_sasl_check_ssf(VncState vs) 187{ 188 const void val; --- 482 unchanged lines hidden ---