aboutsummaryrefslogtreecommitdiff
path: root/ui/vnc.c
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2017-09-21 13:15:28 +0100
committerGerd Hoffmann <kraxel@redhat.com>2017-09-29 10:36:34 +0200
commit7364dbdabb7824d5bde1e341bb6d928282f01c83 (patch)
tree23a28044deb3f559d31ea1f087f69807dfad71ca /ui/vnc.c
parentad6374c43e572e6e53020a97e72e9ea525b08334 (diff)
ui: add tracing of VNC authentication process
Trace anything related to authentication in the VNC protocol handshake Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170921121528.23935-3-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'ui/vnc.c')
-rw-r--r--ui/vnc.c36
1 files changed, 18 insertions, 18 deletions
diff --git a/ui/vnc.c b/ui/vnc.c
index ed6d659722..af810f0547 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2406,11 +2406,11 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
Error *err = NULL;
if (!vs->vd->password) {
- VNC_DEBUG("No password configured on server");
+ trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
goto reject;
}
if (vs->vd->expires < now) {
- VNC_DEBUG("Password is expired");
+ trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
goto reject;
}
@@ -2427,8 +2427,8 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
key, G_N_ELEMENTS(key),
&err);
if (!cipher) {
- VNC_DEBUG("Cannot initialize cipher %s",
- error_get_pretty(err));
+ trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
+ error_get_pretty(err));
error_free(err);
goto reject;
}
@@ -2438,18 +2438,18 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
response,
VNC_AUTH_CHALLENGE_SIZE,
&err) < 0) {
- VNC_DEBUG("Cannot encrypt challenge %s",
- error_get_pretty(err));
+ trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
+ error_get_pretty(err));
error_free(err);
goto reject;
}
/* Compare expected vs actual challenge response */
if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
- VNC_DEBUG("Client challenge response did not match\n");
+ trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
goto reject;
} else {
- VNC_DEBUG("Accepting VNC challenge response\n");
+ trace_vnc_auth_pass(vs, vs->auth);
vnc_write_u32(vs, 0); /* Accept auth */
vnc_flush(vs);
@@ -2488,7 +2488,7 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
/* We only advertise 1 auth scheme at a time, so client
* must pick the one we sent. Verify this */
if (data[0] != vs->auth) { /* Reject auth */
- VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
+ trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
vnc_write_u32(vs, 1);
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
@@ -2497,36 +2497,33 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
}
vnc_client_error(vs);
} else { /* Accept requested auth */
- VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
+ trace_vnc_auth_start(vs, vs->auth);
switch (vs->auth) {
case VNC_AUTH_NONE:
- VNC_DEBUG("Accept auth none\n");
if (vs->minor >= 8) {
vnc_write_u32(vs, 0); /* Accept auth completion */
vnc_flush(vs);
}
+ trace_vnc_auth_pass(vs, vs->auth);
start_client_init(vs);
break;
case VNC_AUTH_VNC:
- VNC_DEBUG("Start VNC auth\n");
start_auth_vnc(vs);
break;
case VNC_AUTH_VENCRYPT:
- VNC_DEBUG("Accept VeNCrypt auth\n");
start_auth_vencrypt(vs);
break;
#ifdef CONFIG_VNC_SASL
case VNC_AUTH_SASL:
- VNC_DEBUG("Accept SASL auth\n");
start_auth_sasl(vs);
break;
#endif /* CONFIG_VNC_SASL */
default: /* Should not be possible, but just in case */
- VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
+ trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
vnc_write_u8(vs, 1);
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
@@ -2571,10 +2568,11 @@ static int protocol_version(VncState *vs, uint8_t *version, size_t len)
vs->minor = 3;
if (vs->minor == 3) {
+ trace_vnc_auth_start(vs, vs->auth);
if (vs->auth == VNC_AUTH_NONE) {
- VNC_DEBUG("Tell client auth none\n");
vnc_write_u32(vs, vs->auth);
vnc_flush(vs);
+ trace_vnc_auth_pass(vs, vs->auth);
start_client_init(vs);
} else if (vs->auth == VNC_AUTH_VNC) {
VNC_DEBUG("Tell client VNC auth\n");
@@ -2582,13 +2580,13 @@ static int protocol_version(VncState *vs, uint8_t *version, size_t len)
vnc_flush(vs);
start_auth_vnc(vs);
} else {
- VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
+ trace_vnc_auth_fail(vs, vs->auth,
+ "Unsupported auth method for v3.3", "");
vnc_write_u32(vs, VNC_AUTH_INVALID);
vnc_flush(vs);
vnc_client_error(vs);
}
} else {
- VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
vnc_write_u8(vs, 1); /* num auth */
vnc_write_u8(vs, vs->auth);
vnc_read_when(vs, protocol_client_auth, 1);
@@ -3942,12 +3940,14 @@ void vnc_display_open(const char *id, Error **errp)
sasl, false, errp) < 0) {
goto fail;
}
+ trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
vd->tlscreds, password,
sasl, true, errp) < 0) {
goto fail;
}
+ trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
#ifdef CONFIG_VNC_SASL
if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {