mirror of
https://github.com/qemu/qemu.git
synced 2024-11-25 20:03:37 +08:00
0f66998ff6
FIPS 140-2 requires disabling certain ciphers, including DES, which is used by VNC to obscure passwords when they are sent over the network. The solution for FIPS users is to disable the use of VNC password auth when the host system is operating in FIPS compliance mode and the user has specified '-enable-fips' on the QEMU command line. This patch causes QEMU to emit a message to stderr when the host system is running in FIPS mode and a VNC password was specified on the commend line. If the system is not running in FIPS mode, or is running in FIPS mode but VNC password authentication was not requested, QEMU operates normally. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
285 lines
6.4 KiB
C
285 lines
6.4 KiB
C
/*
|
|
* QEMU low level functions
|
|
*
|
|
* Copyright (c) 2003 Fabrice Bellard
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <stdarg.h>
|
|
#include <stdbool.h>
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#include <unistd.h>
|
|
#include <fcntl.h>
|
|
|
|
/* Needed early for CONFIG_BSD etc. */
|
|
#include "config-host.h"
|
|
|
|
#if defined(CONFIG_MADVISE) || defined(CONFIG_POSIX_MADVISE)
|
|
#include <sys/mman.h>
|
|
#endif
|
|
|
|
#ifdef CONFIG_SOLARIS
|
|
#include <sys/types.h>
|
|
#include <sys/statvfs.h>
|
|
/* See MySQL bug #7156 (http://bugs.mysql.com/bug.php?id=7156) for
|
|
discussion about Solaris header problems */
|
|
extern int madvise(caddr_t, size_t, int);
|
|
#endif
|
|
|
|
#include "qemu-common.h"
|
|
#include "trace.h"
|
|
#include "qemu_socket.h"
|
|
|
|
static bool fips_enabled = false;
|
|
|
|
static const char *qemu_version = QEMU_VERSION;
|
|
|
|
int socket_set_cork(int fd, int v)
|
|
{
|
|
#if defined(SOL_TCP) && defined(TCP_CORK)
|
|
return setsockopt(fd, SOL_TCP, TCP_CORK, &v, sizeof(v));
|
|
#else
|
|
return 0;
|
|
#endif
|
|
}
|
|
|
|
int qemu_madvise(void *addr, size_t len, int advice)
|
|
{
|
|
if (advice == QEMU_MADV_INVALID) {
|
|
errno = EINVAL;
|
|
return -1;
|
|
}
|
|
#if defined(CONFIG_MADVISE)
|
|
return madvise(addr, len, advice);
|
|
#elif defined(CONFIG_POSIX_MADVISE)
|
|
return posix_madvise(addr, len, advice);
|
|
#else
|
|
errno = EINVAL;
|
|
return -1;
|
|
#endif
|
|
}
|
|
|
|
|
|
/*
|
|
* Opens a file with FD_CLOEXEC set
|
|
*/
|
|
int qemu_open(const char *name, int flags, ...)
|
|
{
|
|
int ret;
|
|
int mode = 0;
|
|
|
|
if (flags & O_CREAT) {
|
|
va_list ap;
|
|
|
|
va_start(ap, flags);
|
|
mode = va_arg(ap, int);
|
|
va_end(ap);
|
|
}
|
|
|
|
#ifdef O_CLOEXEC
|
|
ret = open(name, flags | O_CLOEXEC, mode);
|
|
#else
|
|
ret = open(name, flags, mode);
|
|
if (ret >= 0) {
|
|
qemu_set_cloexec(ret);
|
|
}
|
|
#endif
|
|
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* A variant of write(2) which handles partial write.
|
|
*
|
|
* Return the number of bytes transferred.
|
|
* Set errno if fewer than `count' bytes are written.
|
|
*
|
|
* This function don't work with non-blocking fd's.
|
|
* Any of the possibilities with non-bloking fd's is bad:
|
|
* - return a short write (then name is wrong)
|
|
* - busy wait adding (errno == EAGAIN) to the loop
|
|
*/
|
|
ssize_t qemu_write_full(int fd, const void *buf, size_t count)
|
|
{
|
|
ssize_t ret = 0;
|
|
ssize_t total = 0;
|
|
|
|
while (count) {
|
|
ret = write(fd, buf, count);
|
|
if (ret < 0) {
|
|
if (errno == EINTR)
|
|
continue;
|
|
break;
|
|
}
|
|
|
|
count -= ret;
|
|
buf += ret;
|
|
total += ret;
|
|
}
|
|
|
|
return total;
|
|
}
|
|
|
|
/*
|
|
* Opens a socket with FD_CLOEXEC set
|
|
*/
|
|
int qemu_socket(int domain, int type, int protocol)
|
|
{
|
|
int ret;
|
|
|
|
#ifdef SOCK_CLOEXEC
|
|
ret = socket(domain, type | SOCK_CLOEXEC, protocol);
|
|
if (ret != -1 || errno != EINVAL) {
|
|
return ret;
|
|
}
|
|
#endif
|
|
ret = socket(domain, type, protocol);
|
|
if (ret >= 0) {
|
|
qemu_set_cloexec(ret);
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Accept a connection and set FD_CLOEXEC
|
|
*/
|
|
int qemu_accept(int s, struct sockaddr *addr, socklen_t *addrlen)
|
|
{
|
|
int ret;
|
|
|
|
#ifdef CONFIG_ACCEPT4
|
|
ret = accept4(s, addr, addrlen, SOCK_CLOEXEC);
|
|
if (ret != -1 || errno != ENOSYS) {
|
|
return ret;
|
|
}
|
|
#endif
|
|
ret = accept(s, addr, addrlen);
|
|
if (ret >= 0) {
|
|
qemu_set_cloexec(ret);
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* A variant of send(2) which handles partial write.
|
|
*
|
|
* Return the number of bytes transferred, which is only
|
|
* smaller than `count' if there is an error.
|
|
*
|
|
* This function won't work with non-blocking fd's.
|
|
* Any of the possibilities with non-bloking fd's is bad:
|
|
* - return a short write (then name is wrong)
|
|
* - busy wait adding (errno == EAGAIN) to the loop
|
|
*/
|
|
ssize_t qemu_send_full(int fd, const void *buf, size_t count, int flags)
|
|
{
|
|
ssize_t ret = 0;
|
|
ssize_t total = 0;
|
|
|
|
while (count) {
|
|
ret = send(fd, buf, count, flags);
|
|
if (ret < 0) {
|
|
if (errno == EINTR) {
|
|
continue;
|
|
}
|
|
break;
|
|
}
|
|
|
|
count -= ret;
|
|
buf += ret;
|
|
total += ret;
|
|
}
|
|
|
|
return total;
|
|
}
|
|
|
|
/*
|
|
* A variant of recv(2) which handles partial write.
|
|
*
|
|
* Return the number of bytes transferred, which is only
|
|
* smaller than `count' if there is an error.
|
|
*
|
|
* This function won't work with non-blocking fd's.
|
|
* Any of the possibilities with non-bloking fd's is bad:
|
|
* - return a short write (then name is wrong)
|
|
* - busy wait adding (errno == EAGAIN) to the loop
|
|
*/
|
|
ssize_t qemu_recv_full(int fd, void *buf, size_t count, int flags)
|
|
{
|
|
ssize_t ret = 0;
|
|
ssize_t total = 0;
|
|
|
|
while (count) {
|
|
ret = qemu_recv(fd, buf, count, flags);
|
|
if (ret <= 0) {
|
|
if (ret < 0 && errno == EINTR) {
|
|
continue;
|
|
}
|
|
break;
|
|
}
|
|
|
|
count -= ret;
|
|
buf += ret;
|
|
total += ret;
|
|
}
|
|
|
|
return total;
|
|
}
|
|
|
|
void qemu_set_version(const char *version)
|
|
{
|
|
qemu_version = version;
|
|
}
|
|
|
|
const char *qemu_get_version(void)
|
|
{
|
|
return qemu_version;
|
|
}
|
|
|
|
void fips_set_state(bool requested)
|
|
{
|
|
#ifdef __linux__
|
|
if (requested) {
|
|
FILE *fds = fopen("/proc/sys/crypto/fips_enabled", "r");
|
|
if (fds != NULL) {
|
|
fips_enabled = (fgetc(fds) == '1');
|
|
fclose(fds);
|
|
}
|
|
}
|
|
#else
|
|
fips_enabled = false;
|
|
#endif /* __linux__ */
|
|
|
|
#ifdef _FIPS_DEBUG
|
|
fprintf(stderr, "FIPS mode %s (requested %s)\n",
|
|
(fips_enabled ? "enabled" : "disabled"),
|
|
(requested ? "enabled" : "disabled"));
|
|
#endif
|
|
}
|
|
|
|
bool fips_get_state(void)
|
|
{
|
|
return fips_enabled;
|
|
}
|