[pve-devel] r5594 - pve-qemu-kvm/pve2/debian/patches

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Feb 23 11:53:17 CET 2011 

Author: dietmar
Date: 2011-02-23 11:53:17 +0100 (Wed, 23 Feb 2011)
New Revision: 5594

Modified:
   pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
Log:
fix auth


Modified: pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-02-23 10:30:54 UTC (rev 5593)
+++ pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-02-23 10:53:17 UTC (rev 5594)
@@ -1,7 +1,7 @@
 Index: new/ui/vnc.c
 ===================================================================
---- new.orig/ui/vnc.c	2011-01-28 06:26:40.000000000 +0100
-+++ new/ui/vnc.c	2011-01-28 06:27:22.000000000 +0100
+--- new.orig/ui/vnc.c	2011-02-16 10:57:41.000000000 +0100
++++ new/ui/vnc.c	2011-02-23 11:47:56.000000000 +0100
 @@ -31,6 +31,8 @@
  #include "qemu-timer.h"
  #include "acl.h"
@@ -11,7 +11,7 @@
  
  #define VNC_REFRESH_INTERVAL_BASE 30
  #define VNC_REFRESH_INTERVAL_INC  50
-@@ -46,6 +48,124 @@
+@@ -46,6 +48,125 @@
      } \
  }
  
@@ -48,7 +48,7 @@
 +}
 +
 +int
-+pve_auth_verify(const char *username, const char *passwd)
++pve_auth_verify(const char *clientip, const char *username, const char *passwd)
 +{
 +	struct sockaddr_in server;
 +
@@ -94,15 +94,16 @@
 +	p = urlencode(p, authpath);
 +
 + 	*p++ = '&';
-+ 	p = urlencode(p, "permissions");
++ 	p = urlencode(p, "privs");
 +	*p++ = '=';
 + 	p = urlencode(p, "VM.Console");
 +
-+	sprintf(buf, "POST /api2/json/ticket HTTP/1.1\n"
++	sprintf(buf, "POST /api2/json/access/ticket HTTP/1.1\n"
 +		"Host: localhost:85\n"
 +		"Connection: close\n"
++		"PVEClientIP: %s\n"
 +		"Content-Type: application/x-www-form-urlencoded\n"
-+		"Content-Length: %zd\n\n%s\n", strlen(form), form);
++		"Content-Length: %zd\n\n%s\n", clientip, strlen(form), form);
 +	ssize_t len = strlen(buf);
 +	ssize_t sb = send(sfd, buf, len, 0);
 +	if (sb < 0) {
@@ -136,7 +137,7 @@
  static VncDisplay *vnc_display; /* needed for info vnc */
  static DisplayChangeListener *dcl;
  
-@@ -1825,7 +1945,7 @@
+@@ -1825,7 +1946,7 @@
  static void set_pixel_conversion(VncState *vs)
  {
      if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
@@ -145,7 +146,7 @@
          !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
          vs->write_pixels = vnc_write_pixels_copy;
          vnc_hextile_set_pixel_conversion(vs, 0);
-@@ -1911,7 +2031,7 @@
+@@ -1911,7 +2032,7 @@
          vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
          vnc_write_u8(vs, 0);
          vnc_write_u16(vs, 1); /* number of rects */
@@ -154,7 +155,7 @@
                                 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
          pixel_format_message(vs);
          vnc_unlock_output(vs);
-@@ -2541,7 +2661,7 @@
+@@ -2541,7 +2662,7 @@
  char *vnc_display_local_addr(DisplayState *ds)
  {
      VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
@@ -163,7 +164,7 @@
      return vnc_socket_local_addr("%s:%s", vs->lsock);
  }
  
-@@ -2588,6 +2708,7 @@
+@@ -2588,6 +2709,7 @@
              tls = 1; /* Require TLS */
          } else if (strncmp(options, "x509", 4) == 0) {
              char *start, *end;
@@ -171,7 +172,7 @@
              x509 = 1; /* Require x509 certificates */
              if (strncmp(options, "x509verify", 10) == 0)
                  vs->tls.x509verify = 1; /* ...and verify client certs */
-@@ -2610,10 +2731,12 @@
+@@ -2610,10 +2732,12 @@
                  }
                  qemu_free(path);
              } else {
@@ -188,7 +189,7 @@
              }
  #endif
          } else if (strncmp(options, "acl", 3) == 0) {
-@@ -2662,10 +2785,10 @@
+@@ -2662,10 +2786,10 @@
              vs->auth = VNC_AUTH_VENCRYPT;
              if (x509) {
                  VNC_DEBUG("Initializing VNC server with x509 password auth\n");
@@ -203,11 +204,13 @@
  #endif /* CONFIG_VNC_TLS */
 Index: new/ui/vnc-auth-vencrypt.c
 ===================================================================
---- new.orig/ui/vnc-auth-vencrypt.c	2011-01-28 06:26:16.000000000 +0100
-+++ new/ui/vnc-auth-vencrypt.c	2011-01-28 06:26:48.000000000 +0100
-@@ -26,6 +26,96 @@
+--- new.orig/ui/vnc-auth-vencrypt.c	2011-02-16 10:54:31.000000000 +0100
++++ new/ui/vnc-auth-vencrypt.c	2011-02-23 11:45:52.000000000 +0100
+@@ -25,7 +25,107 @@
+  */
  
  #include "vnc.h"
++#include "qemu_socket.h"
  
 +static int protocol_client_auth_plain(VncState *vs, uint8_t *data, size_t len)
 +{
@@ -215,6 +218,15 @@
 +	char username[256];
 +	char passwd[512];
 +
++	char clientip[256];
++	clientip[0] = 0;
++	struct sockaddr_in client;
++	socklen_t addrlen = sizeof(client);
++	if (getpeername(vs->csock, &client, &addrlen) == 0) {
++		inet_ntop(client.sin_family, &client.sin_addr, 
++			  clientip, sizeof(clientip));
++	}
++
 +	if ((len != (vs->username_len + vs->password_len)) ||
 +	    (vs->username_len >= (sizeof(username)-1)) ||
 +	    (vs->password_len >= (sizeof(passwd)-1))	) {
@@ -229,7 +241,7 @@
 +
 +	VNC_DEBUG("AUTH PLAIN username: %s pw: %s\n", username, passwd);
 +
-+	if (pve_auth_verify(username, passwd) == 0) {
++	if (pve_auth_verify(clientip, username, passwd) == 0) {
 +		vnc_write_u32(vs, 0); /* Accept auth completion */
 +		start_client_init(vs);
 +		return 0;
@@ -302,7 +314,7 @@
  
  static void start_auth_vencrypt_subauth(VncState *vs)
  {
-@@ -37,6 +127,12 @@
+@@ -37,6 +137,12 @@
         start_client_init(vs);
         break;
  
@@ -317,8 +329,8 @@
         VNC_DEBUG("Start TLS auth VNC\n");
 Index: new/ui/vnc.h
 ===================================================================
---- new.orig/ui/vnc.h	2011-01-28 06:26:17.000000000 +0100
-+++ new/ui/vnc.h	2011-01-28 06:26:48.000000000 +0100
+--- new.orig/ui/vnc.h	2011-02-16 10:54:31.000000000 +0100
++++ new/ui/vnc.h	2011-02-16 10:57:41.000000000 +0100
 @@ -216,6 +216,8 @@
  
      char challenge[VNC_AUTH_CHALLENGE_SIZE];
@@ -330,8 +342,8 @@
  #ifdef CONFIG_VNC_SASL
 Index: new/ui/vnc-tls.c
 ===================================================================
---- new.orig/ui/vnc-tls.c	2011-01-28 06:26:16.000000000 +0100
-+++ new/ui/vnc-tls.c	2011-01-28 06:26:48.000000000 +0100
+--- new.orig/ui/vnc-tls.c	2011-02-16 10:54:31.000000000 +0100
++++ new/ui/vnc-tls.c	2011-02-16 10:57:41.000000000 +0100
 @@ -291,6 +291,14 @@
      static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
      static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
@@ -388,8 +400,8 @@
                                 const char *certdir)
 Index: new/ui/vnc-tls.h
 ===================================================================
---- new.orig/ui/vnc-tls.h	2011-01-28 06:26:16.000000000 +0100
-+++ new/ui/vnc-tls.h	2011-01-28 06:26:48.000000000 +0100
+--- new.orig/ui/vnc-tls.h	2011-02-16 10:54:31.000000000 +0100
++++ new/ui/vnc-tls.h	2011-02-16 10:57:41.000000000 +0100
 @@ -68,6 +68,8 @@
  
  int vnc_tls_validate_certificate(VncState *vs);
@@ -401,8 +413,8 @@
  
 Index: new/vl.c
 ===================================================================
---- new.orig/vl.c	2011-02-16 10:41:59.000000000 +0100
-+++ new/vl.c	2011-02-16 10:42:32.000000000 +0100
+--- new.orig/vl.c	2011-02-16 10:54:38.000000000 +0100
++++ new/vl.c	2011-02-16 10:57:41.000000000 +0100
 @@ -2538,6 +2538,7 @@
                  break;
              case QEMU_OPTION_id:

More information about the pve-devel mailing list