[pve-devel] r5394 - in pve-qemu-kvm/pve2/debian: . patches

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Jan 19 10:06:46 CET 2011


Author: dietmar
Date: 2011-01-19 10:06:46 +0100 (Wed, 19 Jan 2011)
New Revision: 5394

Added:
   pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
Modified:
   pve-qemu-kvm/pve2/debian/control
   pve-qemu-kvm/pve2/debian/patches/series
   pve-qemu-kvm/pve2/debian/rules
Log:
try to use pve auth framework - first try


Modified: pve-qemu-kvm/pve2/debian/control
===================================================================
--- pve-qemu-kvm/pve2/debian/control	2011-01-19 06:41:53 UTC (rev 5393)
+++ pve-qemu-kvm/pve2/debian/control	2011-01-19 09:06:46 UTC (rev 5394)
@@ -2,7 +2,7 @@
 Section: admin
 Priority: extra
 Maintainer: Proxmox Support Team <support at proxmox.com>
-Build-Depends: debhelper (>= 5), autotools-dev, libpci-dev, quilt, texinfo, texi2html
+Build-Depends: debhelper (>= 5), autotools-dev, libpci-dev, quilt, texinfo, texi2html, libgnutls-dev
 Standards-Version: 3.7.2
 
 Package: pve-qemu-kvm

Added: pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	                        (rev 0)
+++ pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-01-19 09:06:46 UTC (rev 5394)
@@ -0,0 +1,146 @@
+Index: new/ui/vnc.c
+===================================================================
+--- new.orig/ui/vnc.c	2011-01-19 08:04:34.000000000 +0100
++++ new/ui/vnc.c	2011-01-19 08:27:33.000000000 +0100
+@@ -2171,7 +2171,6 @@
+     vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
+ }
+ 
+-
+ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
+ {
+     /* We only advertise 1 auth scheme at a time, so client
+@@ -2669,7 +2668,7 @@
+                 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
+             } else {
+                 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
+-                vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
++                vs->subauth = VNC_AUTH_VENCRYPT_TLSPLAIN;
+             }
+         } else {
+ #endif /* CONFIG_VNC_TLS */
+Index: new/ui/vnc-auth-vencrypt.c
+===================================================================
+--- new.orig/ui/vnc-auth-vencrypt.c	2011-01-19 08:14:58.000000000 +0100
++++ new/ui/vnc-auth-vencrypt.c	2011-01-19 10:05:37.000000000 +0100
+@@ -27,6 +27,95 @@
+ #include "vnc.h"
+ 
+ 
++static int pve_auth_verify(const char *username, const char *passwd)
++{
++
++	return 0;
++}
++
++static int protocol_client_auth_plain(VncState *vs, uint8_t *data, size_t len)
++{
++	const char *err = NULL;
++	char username[256];
++	char passwd[512];
++
++	if ((len != (vs->username_len + vs->password_len)) ||
++	    (vs->username_len >= (sizeof(username)-1)) ||
++	    (vs->password_len >= (sizeof(passwd)-1))	) {
++		err = "Got unexpected data length";
++		goto err;
++	}
++
++	strncpy(username, (char *)data, vs->username_len);
++	username[vs->username_len] = 0;
++	strncpy(passwd, (char *)data + vs->username_len, vs->password_len);
++	username[vs->password_len] = 0;
++
++	VNC_DEBUG("AUTH PLAIN username: %s pw: %s\n", username, passwd);
++
++	if (pve_auth_verify(username, passwd)) {
++		vnc_write_u32(vs, 0); /* Accept auth completion */
++		start_client_init(vs);
++		return 0;
++	}
++
++	err =  "Authentication failed";
++err:
++       if (err) {
++	       VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err);
++	       vnc_write_u32(vs, 1); /* Reject auth */
++	       if (vs->minor >= 8) {
++		       int elen = strlen(err);
++		       vnc_write_u32(vs, elen);
++		       vnc_write(vs, err, elen);
++	       }
++       }
++       vnc_flush(vs);
++       vnc_client_error(vs);
++
++       return 0;
++
++}
++
++static int protocol_client_auth_plain_start(VncState *vs, uint8_t *data, size_t len)
++{
++	uint32_t ulen = read_u32(data, 0);
++	uint32_t pwlen = read_u32(data, 4);
++	const char *err = NULL;
++
++	VNC_DEBUG("AUTH PLAIN password len %u %u\n", ulen, pwlen);
++
++       if (!ulen || ulen >= 255) {
++           err = "User name too long.";
++	   goto err;
++       }
++       if (!pwlen || pwlen >= 511) {
++           err = "Password too long.";
++	   goto err;
++       }
++ 
++       vs->username_len = ulen;
++       vs->password_len = pwlen;
++
++       vnc_read_when(vs, protocol_client_auth_plain, ulen + pwlen);
++
++       return 0;
++err:
++       if (err) {
++	       VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err);
++	       vnc_write_u32(vs, 1); /* Reject auth */
++	       if (vs->minor >= 8) {
++		       int elen = strlen(err);
++		       vnc_write_u32(vs, elen);
++		       vnc_write(vs, err, elen);
++	       }
++       }
++       vnc_flush(vs);
++       vnc_client_error(vs);
++
++       return 0;
++}
++
+ static void start_auth_vencrypt_subauth(VncState *vs)
+ {
+     switch (vs->vd->subauth) {
+@@ -37,6 +126,11 @@
+        start_client_init(vs);
+        break;
+ 
++    case VNC_AUTH_VENCRYPT_TLSPLAIN:
++       VNC_DEBUG("Start TLS auth PLAIN\n");
++       vnc_read_when(vs, protocol_client_auth_plain_start, 8);
++       break;
++
+     case VNC_AUTH_VENCRYPT_TLSVNC:
+     case VNC_AUTH_VENCRYPT_X509VNC:
+        VNC_DEBUG("Start TLS auth VNC\n");
+Index: new/ui/vnc.h
+===================================================================
+--- new.orig/ui/vnc.h	2011-01-19 09:35:54.000000000 +0100
++++ new/ui/vnc.h	2011-01-19 09:36:41.000000000 +0100
+@@ -217,6 +217,8 @@
+ 
+     char challenge[VNC_AUTH_CHALLENGE_SIZE];
+ #ifdef CONFIG_VNC_TLS
++    int username_len;
++    int password_len;
+     VncStateTLS tls;
+ #endif
+ #ifdef CONFIG_VNC_SASL

Modified: pve-qemu-kvm/pve2/debian/patches/series
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/series	2011-01-19 06:41:53 UTC (rev 5393)
+++ pve-qemu-kvm/pve2/debian/patches/series	2011-01-19 09:06:46 UTC (rev 5394)
@@ -6,3 +6,4 @@
 enable-ksm.diff
 set-max-nics.patch
 use-local-linux-kvm-h.diff
+pve-auth.patch

Modified: pve-qemu-kvm/pve2/debian/rules
===================================================================
--- pve-qemu-kvm/pve2/debian/rules	2011-01-19 06:41:53 UTC (rev 5393)
+++ pve-qemu-kvm/pve2/debian/rules	2011-01-19 09:06:46 UTC (rev 5394)
@@ -33,7 +33,7 @@
 config.status: configure
 	dh_testdir
 	# Add here commands to configure the package.
-	./configure --prefix=/usr --datadir=/usr/share/kvm --docdir=/usr/share/doc/pve-qemu-kvm --sysconfdir=/etc --disable-xen --disable-blobs
+	./configure --prefix=/usr --datadir=/usr/share/kvm --docdir=/usr/share/doc/pve-qemu-kvm --sysconfdir=/etc --disable-xen --disable-blobs --enable-vnc-tls
 
 	cd kvm/test && ./configure --prefix=/usr
 




More information about the pve-devel mailing list