[pve-devel] r5394 - in pve-qemu-kvm/pve2/debian: . patches
svn-commits at proxmox.com
svn-commits at proxmox.com
Wed Jan 19 10:06:46 CET 2011
Author: dietmar
Date: 2011-01-19 10:06:46 +0100 (Wed, 19 Jan 2011)
New Revision: 5394
Added:
pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
Modified:
pve-qemu-kvm/pve2/debian/control
pve-qemu-kvm/pve2/debian/patches/series
pve-qemu-kvm/pve2/debian/rules
Log:
try to use pve auth framework - first try
Modified: pve-qemu-kvm/pve2/debian/control
===================================================================
--- pve-qemu-kvm/pve2/debian/control 2011-01-19 06:41:53 UTC (rev 5393)
+++ pve-qemu-kvm/pve2/debian/control 2011-01-19 09:06:46 UTC (rev 5394)
@@ -2,7 +2,7 @@
Section: admin
Priority: extra
Maintainer: Proxmox Support Team <support at proxmox.com>
-Build-Depends: debhelper (>= 5), autotools-dev, libpci-dev, quilt, texinfo, texi2html
+Build-Depends: debhelper (>= 5), autotools-dev, libpci-dev, quilt, texinfo, texi2html, libgnutls-dev
Standards-Version: 3.7.2
Package: pve-qemu-kvm
Added: pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/pve-auth.patch (rev 0)
+++ pve-qemu-kvm/pve2/debian/patches/pve-auth.patch 2011-01-19 09:06:46 UTC (rev 5394)
@@ -0,0 +1,146 @@
+Index: new/ui/vnc.c
+===================================================================
+--- new.orig/ui/vnc.c 2011-01-19 08:04:34.000000000 +0100
++++ new/ui/vnc.c 2011-01-19 08:27:33.000000000 +0100
+@@ -2171,7 +2171,6 @@
+ vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
+ }
+
+-
+ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
+ {
+ /* We only advertise 1 auth scheme at a time, so client
+@@ -2669,7 +2668,7 @@
+ vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
+ } else {
+ VNC_DEBUG("Initializing VNC server with TLS password auth\n");
+- vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
++ vs->subauth = VNC_AUTH_VENCRYPT_TLSPLAIN;
+ }
+ } else {
+ #endif /* CONFIG_VNC_TLS */
+Index: new/ui/vnc-auth-vencrypt.c
+===================================================================
+--- new.orig/ui/vnc-auth-vencrypt.c 2011-01-19 08:14:58.000000000 +0100
++++ new/ui/vnc-auth-vencrypt.c 2011-01-19 10:05:37.000000000 +0100
+@@ -27,6 +27,95 @@
+ #include "vnc.h"
+
+
++static int pve_auth_verify(const char *username, const char *passwd)
++{
++
++ return 0;
++}
++
++static int protocol_client_auth_plain(VncState *vs, uint8_t *data, size_t len)
++{
++ const char *err = NULL;
++ char username[256];
++ char passwd[512];
++
++ if ((len != (vs->username_len + vs->password_len)) ||
++ (vs->username_len >= (sizeof(username)-1)) ||
++ (vs->password_len >= (sizeof(passwd)-1)) ) {
++ err = "Got unexpected data length";
++ goto err;
++ }
++
++ strncpy(username, (char *)data, vs->username_len);
++ username[vs->username_len] = 0;
++ strncpy(passwd, (char *)data + vs->username_len, vs->password_len);
++ username[vs->password_len] = 0;
++
++ VNC_DEBUG("AUTH PLAIN username: %s pw: %s\n", username, passwd);
++
++ if (pve_auth_verify(username, passwd)) {
++ vnc_write_u32(vs, 0); /* Accept auth completion */
++ start_client_init(vs);
++ return 0;
++ }
++
++ err = "Authentication failed";
++err:
++ if (err) {
++ VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err);
++ vnc_write_u32(vs, 1); /* Reject auth */
++ if (vs->minor >= 8) {
++ int elen = strlen(err);
++ vnc_write_u32(vs, elen);
++ vnc_write(vs, err, elen);
++ }
++ }
++ vnc_flush(vs);
++ vnc_client_error(vs);
++
++ return 0;
++
++}
++
++static int protocol_client_auth_plain_start(VncState *vs, uint8_t *data, size_t len)
++{
++ uint32_t ulen = read_u32(data, 0);
++ uint32_t pwlen = read_u32(data, 4);
++ const char *err = NULL;
++
++ VNC_DEBUG("AUTH PLAIN password len %u %u\n", ulen, pwlen);
++
++ if (!ulen || ulen >= 255) {
++ err = "User name too long.";
++ goto err;
++ }
++ if (!pwlen || pwlen >= 511) {
++ err = "Password too long.";
++ goto err;
++ }
++
++ vs->username_len = ulen;
++ vs->password_len = pwlen;
++
++ vnc_read_when(vs, protocol_client_auth_plain, ulen + pwlen);
++
++ return 0;
++err:
++ if (err) {
++ VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err);
++ vnc_write_u32(vs, 1); /* Reject auth */
++ if (vs->minor >= 8) {
++ int elen = strlen(err);
++ vnc_write_u32(vs, elen);
++ vnc_write(vs, err, elen);
++ }
++ }
++ vnc_flush(vs);
++ vnc_client_error(vs);
++
++ return 0;
++}
++
+ static void start_auth_vencrypt_subauth(VncState *vs)
+ {
+ switch (vs->vd->subauth) {
+@@ -37,6 +126,11 @@
+ start_client_init(vs);
+ break;
+
++ case VNC_AUTH_VENCRYPT_TLSPLAIN:
++ VNC_DEBUG("Start TLS auth PLAIN\n");
++ vnc_read_when(vs, protocol_client_auth_plain_start, 8);
++ break;
++
+ case VNC_AUTH_VENCRYPT_TLSVNC:
+ case VNC_AUTH_VENCRYPT_X509VNC:
+ VNC_DEBUG("Start TLS auth VNC\n");
+Index: new/ui/vnc.h
+===================================================================
+--- new.orig/ui/vnc.h 2011-01-19 09:35:54.000000000 +0100
++++ new/ui/vnc.h 2011-01-19 09:36:41.000000000 +0100
+@@ -217,6 +217,8 @@
+
+ char challenge[VNC_AUTH_CHALLENGE_SIZE];
+ #ifdef CONFIG_VNC_TLS
++ int username_len;
++ int password_len;
+ VncStateTLS tls;
+ #endif
+ #ifdef CONFIG_VNC_SASL
Modified: pve-qemu-kvm/pve2/debian/patches/series
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/series 2011-01-19 06:41:53 UTC (rev 5393)
+++ pve-qemu-kvm/pve2/debian/patches/series 2011-01-19 09:06:46 UTC (rev 5394)
@@ -6,3 +6,4 @@
enable-ksm.diff
set-max-nics.patch
use-local-linux-kvm-h.diff
+pve-auth.patch
Modified: pve-qemu-kvm/pve2/debian/rules
===================================================================
--- pve-qemu-kvm/pve2/debian/rules 2011-01-19 06:41:53 UTC (rev 5393)
+++ pve-qemu-kvm/pve2/debian/rules 2011-01-19 09:06:46 UTC (rev 5394)
@@ -33,7 +33,7 @@
config.status: configure
dh_testdir
# Add here commands to configure the package.
- ./configure --prefix=/usr --datadir=/usr/share/kvm --docdir=/usr/share/doc/pve-qemu-kvm --sysconfdir=/etc --disable-xen --disable-blobs
+ ./configure --prefix=/usr --datadir=/usr/share/kvm --docdir=/usr/share/doc/pve-qemu-kvm --sysconfdir=/etc --disable-xen --disable-blobs --enable-vnc-tls
cd kvm/test && ./configure --prefix=/usr
More information about the pve-devel
mailing list