if (skipauth) {
vs->auth = VNC_AUTH_NONE;
-#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
-#endif
} else {
vs->auth = vd->auth;
-#ifdef CONFIG_VNC_TLS
vs->subauth = vd->subauth;
-#endif
}
vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
}
#endif /* CONFIG_VNC_WS */
vs->auth = VNC_AUTH_INVALID;
-#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
+#ifdef CONFIG_VNC_TLS
vs->tls.x509verify = 0;
#endif
}
char *h;
bool has_ipv4 = false;
bool has_ipv6 = false;
-#ifdef CONFIG_VNC_WS
const char *websocket;
-#endif
-#ifdef CONFIG_VNC_TLS
bool tls = false, x509 = false;
+#ifdef CONFIG_VNC_TLS
const char *path;
#endif
-#ifdef CONFIG_VNC_SASL
bool sasl = false;
+#ifdef CONFIG_VNC_SASL
int saslErr;
#endif
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
reverse = qemu_opt_get_bool(opts, "reverse", false);
lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
-#ifdef CONFIG_VNC_SASL
sasl = qemu_opt_get_bool(opts, "sasl", false);
-#endif
-#ifdef CONFIG_VNC_TLS
+#ifndef CONFIG_VNC_SASL
+ if (sasl) {
+ error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
+ goto fail;
+ }
+#endif /* CONFIG_VNC_SASL */
tls = qemu_opt_get_bool(opts, "tls", false);
+#ifdef CONFIG_VNC_TLS
path = qemu_opt_get(opts, "x509");
if (!path) {
path = qemu_opt_get(opts, "x509verify");
goto fail;
}
}
-#endif
+#else /* ! CONFIG_VNC_TLS */
+ if (tls) {
+ error_setg(errp, "VNC TLS auth requires gnutls support");
+ goto fail;
+ }
+#endif /* ! CONFIG_VNC_TLS */
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
acl = qemu_opt_get_bool(opts, "acl", false);
#endif
}
vs->connections_limit = qemu_opt_get_number(opts, "connections", 32);
- #ifdef CONFIG_VNC_WS
websocket = qemu_opt_get(opts, "websocket");
if (websocket) {
+#ifdef CONFIG_VNC_WS
vs->ws_enabled = true;
qemu_opt_set(wsopts, "port", websocket, &error_abort);
-
+#else /* ! CONFIG_VNC_WS */
+ error_setg(errp, "Websockets protocol requires gnutls support");
+ goto fail;
+#endif /* ! CONFIG_VNC_WS */
}
-#endif /* CONFIG_VNC_WS */
#ifdef CONFIG_VNC_JPEG
vs->lossy = qemu_opt_get_bool(opts, "lossy", false);
* NB2. the x509 schemes have option to validate a client cert dname
*/
if (password) {
-#ifdef CONFIG_VNC_TLS
if (tls) {
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
}
} else {
-#endif /* CONFIG_VNC_TLS */
VNC_DEBUG("Initializing VNC server with password auth\n");
vs->auth = VNC_AUTH_VNC;
-#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
}
-#endif /* CONFIG_VNC_TLS */
-#ifdef CONFIG_VNC_SASL
} else if (sasl) {
-#ifdef CONFIG_VNC_TLS
if (tls) {
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
}
} else {
-#endif /* CONFIG_VNC_TLS */
VNC_DEBUG("Initializing VNC server with SASL auth\n");
vs->auth = VNC_AUTH_SASL;
-#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
}
-#endif /* CONFIG_VNC_TLS */
-#endif /* CONFIG_VNC_SASL */
} else {
-#ifdef CONFIG_VNC_TLS
if (tls) {
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
}
} else {
-#endif
VNC_DEBUG("Initializing VNC server with no auth\n");
vs->auth = VNC_AUTH_NONE;
-#ifdef CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
}
-#endif
}
#ifdef CONFIG_VNC_SASL