ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++ ui/vnc-auth-sasl.h | 1 + ui/vnc.c | 10 ++-------- 3 files changed, 23 insertions(+), 8 deletions(-)
Apple has deprecated sasl.h functions in OS X 10.11. Therefore,
all files that use SASL API need to disable -Wdeprecated-declarations.
Remove the only use that is outside vnc-auth-sasl.c and add the
relevant #pragma GCC diagnostic there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++
ui/vnc-auth-sasl.h | 1 +
ui/vnc.c | 10 ++--------
3 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
index df7dc08e9f..cf65a0b161 100644
--- a/ui/vnc-auth-sasl.c
+++ b/ui/vnc-auth-sasl.c
@@ -28,10 +28,30 @@
#include "vnc.h"
#include "trace.h"
+/*
+ * Apple has deprecated sasl.h functions in OS X 10.11. Therefore,
+ * files that use SASL API need to disable -Wdeprecated-declarations.
+ */
+#ifdef CONFIG_DARWIN
+#pragma GCC diagnostic warning "-Wdeprecated-declarations"
+#endif
+
/* Max amount of data we send/recv for SASL steps to prevent DOS */
#define SASL_DATA_MAX_LEN (1024 * 1024)
+bool vnc_sasl_server_init(Error **errp)
+{
+ int saslErr = sasl_server_init(NULL, "qemu");
+
+ if (saslErr != SASL_OK) {
+ error_setg(errp, "Failed to initialize SASL auth: %s",
+ sasl_errstring(saslErr, NULL, NULL));
+ return false;
+ }
+ return true;
+}
+
void vnc_sasl_client_cleanup(VncState *vs)
{
if (vs->sasl.conn) {
diff --git a/ui/vnc-auth-sasl.h b/ui/vnc-auth-sasl.h
index 1bfb86c6f5..367b8672cc 100644
--- a/ui/vnc-auth-sasl.h
+++ b/ui/vnc-auth-sasl.h
@@ -63,6 +63,7 @@ struct VncDisplaySASL {
char *authzid;
};
+bool vnc_sasl_server_init(Error **errp);
void vnc_sasl_client_cleanup(VncState *vs);
size_t vnc_client_read_sasl(VncState *vs);
diff --git a/ui/vnc.c b/ui/vnc.c
index b3d4d7b9a5..f0a1550d58 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -4154,14 +4154,8 @@ void vnc_display_open(const char *id, Error **errp)
trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
#ifdef CONFIG_VNC_SASL
- if (sasl) {
- int saslErr = sasl_server_init(NULL, "qemu");
-
- if (saslErr != SASL_OK) {
- error_setg(errp, "Failed to initialize SASL auth: %s",
- sasl_errstring(saslErr, NULL, NULL));
- goto fail;
- }
+ if (sasl && !vnc_sasl_server_init(errp)) {
+ goto fail;
}
#endif
vd->lock_key_sync = lock_key_sync;
--
2.31.1
On 6/4/21 2:09 PM, Paolo Bonzini wrote: > Apple has deprecated sasl.h functions in OS X 10.11. Therefore, > all files that use SASL API need to disable -Wdeprecated-declarations. > Remove the only use that is outside vnc-auth-sasl.c and add the > relevant #pragma GCC diagnostic there. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++ > ui/vnc-auth-sasl.h | 1 + > ui/vnc.c | 10 ++-------- > 3 files changed, 23 insertions(+), 8 deletions(-) > > diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c > index df7dc08e9f..cf65a0b161 100644 > --- a/ui/vnc-auth-sasl.c > +++ b/ui/vnc-auth-sasl.c > @@ -28,10 +28,30 @@ > #include "vnc.h" > #include "trace.h" > > +/* > + * Apple has deprecated sasl.h functions in OS X 10.11. Therefore, > + * files that use SASL API need to disable -Wdeprecated-declarations. > + */ > +#ifdef CONFIG_DARWIN > +#pragma GCC diagnostic warning "-Wdeprecated-declarations" > +#endif > + > /* Max amount of data we send/recv for SASL steps to prevent DOS */ > #define SASL_DATA_MAX_LEN (1024 * 1024) > > > +bool vnc_sasl_server_init(Error **errp) > +{ > + int saslErr = sasl_server_init(NULL, "qemu"); What is the plan once these functions are removed for the distribution? Is there a replacement or should we start warning the users here and in docs/system/deprecated.rst VNC/SASL will go away soon? > + if (saslErr != SASL_OK) { > + error_setg(errp, "Failed to initialize SASL auth: %s", > + sasl_errstring(saslErr, NULL, NULL)); > + return false; > + } > + return true; > +}
On Fri, Jun 04, 2021 at 03:07:05PM +0200, Philippe Mathieu-Daudé wrote: > On 6/4/21 2:09 PM, Paolo Bonzini wrote: > > Apple has deprecated sasl.h functions in OS X 10.11. Therefore, > > all files that use SASL API need to disable -Wdeprecated-declarations. > > Remove the only use that is outside vnc-auth-sasl.c and add the > > relevant #pragma GCC diagnostic there. > > > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > > --- > > ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++ > > ui/vnc-auth-sasl.h | 1 + > > ui/vnc.c | 10 ++-------- > > 3 files changed, 23 insertions(+), 8 deletions(-) > > > > diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c > > index df7dc08e9f..cf65a0b161 100644 > > --- a/ui/vnc-auth-sasl.c > > +++ b/ui/vnc-auth-sasl.c > > @@ -28,10 +28,30 @@ > > #include "vnc.h" > > #include "trace.h" > > > > +/* > > + * Apple has deprecated sasl.h functions in OS X 10.11. Therefore, > > + * files that use SASL API need to disable -Wdeprecated-declarations. > > + */ > > +#ifdef CONFIG_DARWIN > > +#pragma GCC diagnostic warning "-Wdeprecated-declarations" > > +#endif > > + > > /* Max amount of data we send/recv for SASL steps to prevent DOS */ > > #define SASL_DATA_MAX_LEN (1024 * 1024) > > > > > > +bool vnc_sasl_server_init(Error **errp) > > +{ > > + int saslErr = sasl_server_init(NULL, "qemu"); > > What is the plan once these functions are removed for the > distribution? Is there a replacement or should we start warning > the users here and in docs/system/deprecated.rst VNC/SASL will > go away soon? VNC/SASL isn't going anywhere. It is fully supported on Linux and a critically important security feature. If macOS removes SASL, that sucks for macOS users, but then in that case I assume HomeBrew/MacPorts would bring it back to life, because SASL is an important feature for many apps. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Fri, 4 Jun 2021 at 14:15, Daniel P. Berrangé <berrange@redhat.com> wrote > VNC/SASL isn't going anywhere. It is fully supported on Linux and a > critically important security feature. > > If macOS removes SASL, that sucks for macOS users, but then in that case I > assume HomeBrew/MacPorts would bring it back to life, because SASL is an > important feature for many apps. Also, Apple marked these things deprecated 5 years ago and haven't dropped them yet, so they're clearly not in a particular hurry... (they probably mostly wanted to nudge mac-native apps onto whatever their own-brand API for this is, would be my guess). thanks -- PMM
On Fri, Jun 04, 2021 at 02:09:15PM +0200, Paolo Bonzini wrote: > Apple has deprecated sasl.h functions in OS X 10.11. Therefore, > all files that use SASL API need to disable -Wdeprecated-declarations. > Remove the only use that is outside vnc-auth-sasl.c and add the > relevant #pragma GCC diagnostic there. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++ > ui/vnc-auth-sasl.h | 1 + > ui/vnc.c | 10 ++-------- > 3 files changed, 23 insertions(+), 8 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> This matches what I did in libvirt a while ago to keep it quiet on macOS Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2024 Red Hat, Inc.