ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++ ui/vnc-auth-sasl.h | 1 + ui/vnc.c | 10 ++-------- 3 files changed, 23 insertions(+), 8 deletions(-)
Apple has deprecated sasl.h functions in OS X 10.11. Therefore,
all files that use SASL API need to disable -Wdeprecated-declarations.
Remove the only use that is outside vnc-auth-sasl.c and add the
relevant #pragma GCC diagnostic there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++
ui/vnc-auth-sasl.h | 1 +
ui/vnc.c | 10 ++--------
3 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
index df7dc08e9f..cf65a0b161 100644
--- a/ui/vnc-auth-sasl.c
+++ b/ui/vnc-auth-sasl.c
@@ -28,10 +28,30 @@
#include "vnc.h"
#include "trace.h"
+/*
+ * Apple has deprecated sasl.h functions in OS X 10.11. Therefore,
+ * files that use SASL API need to disable -Wdeprecated-declarations.
+ */
+#ifdef CONFIG_DARWIN
+#pragma GCC diagnostic warning "-Wdeprecated-declarations"
+#endif
+
/* Max amount of data we send/recv for SASL steps to prevent DOS */
#define SASL_DATA_MAX_LEN (1024 * 1024)
+bool vnc_sasl_server_init(Error **errp)
+{
+ int saslErr = sasl_server_init(NULL, "qemu");
+
+ if (saslErr != SASL_OK) {
+ error_setg(errp, "Failed to initialize SASL auth: %s",
+ sasl_errstring(saslErr, NULL, NULL));
+ return false;
+ }
+ return true;
+}
+
void vnc_sasl_client_cleanup(VncState *vs)
{
if (vs->sasl.conn) {
diff --git a/ui/vnc-auth-sasl.h b/ui/vnc-auth-sasl.h
index 1bfb86c6f5..367b8672cc 100644
--- a/ui/vnc-auth-sasl.h
+++ b/ui/vnc-auth-sasl.h
@@ -63,6 +63,7 @@ struct VncDisplaySASL {
char *authzid;
};
+bool vnc_sasl_server_init(Error **errp);
void vnc_sasl_client_cleanup(VncState *vs);
size_t vnc_client_read_sasl(VncState *vs);
diff --git a/ui/vnc.c b/ui/vnc.c
index b3d4d7b9a5..f0a1550d58 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -4154,14 +4154,8 @@ void vnc_display_open(const char *id, Error **errp)
trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
#ifdef CONFIG_VNC_SASL
- if (sasl) {
- int saslErr = sasl_server_init(NULL, "qemu");
-
- if (saslErr != SASL_OK) {
- error_setg(errp, "Failed to initialize SASL auth: %s",
- sasl_errstring(saslErr, NULL, NULL));
- goto fail;
- }
+ if (sasl && !vnc_sasl_server_init(errp)) {
+ goto fail;
}
#endif
vd->lock_key_sync = lock_key_sync;
--
2.31.1
On 6/4/21 2:09 PM, Paolo Bonzini wrote:
> Apple has deprecated sasl.h functions in OS X 10.11. Therefore,
> all files that use SASL API need to disable -Wdeprecated-declarations.
> Remove the only use that is outside vnc-auth-sasl.c and add the
> relevant #pragma GCC diagnostic there.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++
> ui/vnc-auth-sasl.h | 1 +
> ui/vnc.c | 10 ++--------
> 3 files changed, 23 insertions(+), 8 deletions(-)
>
> diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
> index df7dc08e9f..cf65a0b161 100644
> --- a/ui/vnc-auth-sasl.c
> +++ b/ui/vnc-auth-sasl.c
> @@ -28,10 +28,30 @@
> #include "vnc.h"
> #include "trace.h"
>
> +/*
> + * Apple has deprecated sasl.h functions in OS X 10.11. Therefore,
> + * files that use SASL API need to disable -Wdeprecated-declarations.
> + */
> +#ifdef CONFIG_DARWIN
> +#pragma GCC diagnostic warning "-Wdeprecated-declarations"
> +#endif
> +
> /* Max amount of data we send/recv for SASL steps to prevent DOS */
> #define SASL_DATA_MAX_LEN (1024 * 1024)
>
>
> +bool vnc_sasl_server_init(Error **errp)
> +{
> + int saslErr = sasl_server_init(NULL, "qemu");
What is the plan once these functions are removed for the
distribution? Is there a replacement or should we start warning
the users here and in docs/system/deprecated.rst VNC/SASL will
go away soon?
> + if (saslErr != SASL_OK) {
> + error_setg(errp, "Failed to initialize SASL auth: %s",
> + sasl_errstring(saslErr, NULL, NULL));
> + return false;
> + }
> + return true;
> +}
On Fri, Jun 04, 2021 at 03:07:05PM +0200, Philippe Mathieu-Daudé wrote:
> On 6/4/21 2:09 PM, Paolo Bonzini wrote:
> > Apple has deprecated sasl.h functions in OS X 10.11. Therefore,
> > all files that use SASL API need to disable -Wdeprecated-declarations.
> > Remove the only use that is outside vnc-auth-sasl.c and add the
> > relevant #pragma GCC diagnostic there.
> >
> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > ---
> > ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++
> > ui/vnc-auth-sasl.h | 1 +
> > ui/vnc.c | 10 ++--------
> > 3 files changed, 23 insertions(+), 8 deletions(-)
> >
> > diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
> > index df7dc08e9f..cf65a0b161 100644
> > --- a/ui/vnc-auth-sasl.c
> > +++ b/ui/vnc-auth-sasl.c
> > @@ -28,10 +28,30 @@
> > #include "vnc.h"
> > #include "trace.h"
> >
> > +/*
> > + * Apple has deprecated sasl.h functions in OS X 10.11. Therefore,
> > + * files that use SASL API need to disable -Wdeprecated-declarations.
> > + */
> > +#ifdef CONFIG_DARWIN
> > +#pragma GCC diagnostic warning "-Wdeprecated-declarations"
> > +#endif
> > +
> > /* Max amount of data we send/recv for SASL steps to prevent DOS */
> > #define SASL_DATA_MAX_LEN (1024 * 1024)
> >
> >
> > +bool vnc_sasl_server_init(Error **errp)
> > +{
> > + int saslErr = sasl_server_init(NULL, "qemu");
>
> What is the plan once these functions are removed for the
> distribution? Is there a replacement or should we start warning
> the users here and in docs/system/deprecated.rst VNC/SASL will
> go away soon?
VNC/SASL isn't going anywhere. It is fully supported on Linux and a
critically important security feature.
If macOS removes SASL, that sucks for macOS users, but then in that case I
assume HomeBrew/MacPorts would bring it back to life, because SASL is an
important feature for many apps.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Fri, 4 Jun 2021 at 14:15, Daniel P. Berrangé <berrange@redhat.com> wrote > VNC/SASL isn't going anywhere. It is fully supported on Linux and a > critically important security feature. > > If macOS removes SASL, that sucks for macOS users, but then in that case I > assume HomeBrew/MacPorts would bring it back to life, because SASL is an > important feature for many apps. Also, Apple marked these things deprecated 5 years ago and haven't dropped them yet, so they're clearly not in a particular hurry... (they probably mostly wanted to nudge mac-native apps onto whatever their own-brand API for this is, would be my guess). thanks -- PMM
On Fri, Jun 04, 2021 at 02:09:15PM +0200, Paolo Bonzini wrote: > Apple has deprecated sasl.h functions in OS X 10.11. Therefore, > all files that use SASL API need to disable -Wdeprecated-declarations. > Remove the only use that is outside vnc-auth-sasl.c and add the > relevant #pragma GCC diagnostic there. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > ui/vnc-auth-sasl.c | 20 ++++++++++++++++++++ > ui/vnc-auth-sasl.h | 1 + > ui/vnc.c | 10 ++-------- > 3 files changed, 23 insertions(+), 8 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> This matches what I did in libvirt a while ago to keep it quiet on macOS Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2024 Red Hat, Inc.