[pve-devel] r5593 - vncterm/pve2

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Feb 23 11:30:54 CET 2011 

Author: dietmar
Date: 2011-02-23 11:30:54 +0100 (Wed, 23 Feb 2011)
New Revision: 5593

Modified:
   vncterm/pve2/vncterm.c
Log:
fix pve auth


Modified: vncterm/pve2/vncterm.c
===================================================================
--- vncterm/pve2/vncterm.c	2011-02-23 10:28:42 UTC (rev 5592)
+++ vncterm/pve2/vncterm.c	2011-02-23 10:30:54 UTC (rev 5593)
@@ -26,6 +26,7 @@
 #include <stdlib.h>
 #include <sys/types.h> 
 #include <sys/socket.h>
+#include <arpa/inet.h>
 #include <netdb.h>
 #include <rfb/rfb.h>
 #include <rfb/keysym.h>
@@ -77,8 +78,8 @@
 	return p;
 }
 
-int 
-pve_auth_verify(const char *username, const char *passwd)
+static int 
+pve_auth_verify(const char *clientip, const char *username, const char *passwd)
 {
 	struct sockaddr_in server;
 
@@ -122,15 +123,16 @@
 	p = urlencode(p, auth_path);
 
  	*p++ = '&';
- 	p = urlencode(p, "permissions");
+ 	p = urlencode(p, "privs");
 	*p++ = '=';
  	p = urlencode(p, auth_perm);
 
-	sprintf(buf, "POST /api2/json/ticket HTTP/1.1\n"
+	sprintf(buf, "POST /api2/json/access/ticket HTTP/1.1\n"
 		"Host: localhost:85\n"
 		"Connection: close\n"
+		"PVEClientIP: %s\n"
 		"Content-Type: application/x-www-form-urlencoded\n"
-		"Content-Length: %zd\n\n%s\n", strlen(form), form);
+		"Content-Length: %zd\n\n%s\n", clientip, strlen(form), form);
 	ssize_t len = strlen(buf);
 	ssize_t sb = send(sfd, buf, len, 0);
 	if (sb < 0) {
@@ -321,6 +323,15 @@
 	char buf[4096];
 	int n;
 
+	char clientip[INET6_ADDRSTRLEN];
+	clientip[0] = 0;
+	struct sockaddr_in client;
+	socklen_t addrlen = sizeof(client);
+	if (getpeername(cl->sock, &client, &addrlen) == 0) {
+		inet_ntop(client.sin_family, &client.sin_addr, 
+			  clientip, sizeof(clientip));
+	}
+
 	if ((n = rfbReadExact(cl, buf, 8)) <= 0) {
 		err = n ? "read failed" : "client gone";
 		goto err;
@@ -361,7 +372,7 @@
 
 	rfbLog("VencryptPlain: username: %s pw: %s\n", username, passwd);
 
-	if (pve_auth_verify(username, passwd) == 0) {
+	if (pve_auth_verify(clientip, username, passwd) == 0) {
 		rfbEncodeU32(buf, 0); /* Accept auth completion */
 		rfbWriteExact(cl, buf, 4);
 		cl->state = RFB_INITIALISATION;

More information about the pve-devel mailing list