[pve-devel] r5395 - pve-qemu-kvm/pve2/debian/patches

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Jan 19 11:38:17 CET 2011


Author: dietmar
Date: 2011-01-19 11:38:16 +0100 (Wed, 19 Jan 2011)
New Revision: 5395

Modified:
   pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
Log:
cleanups


Modified: pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-01-19 09:06:46 UTC (rev 5394)
+++ pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-01-19 10:38:16 UTC (rev 5395)
@@ -1,16 +1,89 @@
 Index: new/ui/vnc.c
 ===================================================================
 --- new.orig/ui/vnc.c	2011-01-19 08:04:34.000000000 +0100
-+++ new/ui/vnc.c	2011-01-19 08:27:33.000000000 +0100
-@@ -2171,7 +2171,6 @@
-     vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
++++ new/ui/vnc.c	2011-01-19 11:31:55.000000000 +0100
+@@ -31,6 +31,8 @@
+ #include "qemu-timer.h"
+ #include "acl.h"
+ #include "qemu-objects.h"
++#include <signal.h>
++#include <sys/wait.h>
+ 
+ #define VNC_REFRESH_INTERVAL_BASE 30
+ #define VNC_REFRESH_INTERVAL_INC  50
+@@ -46,6 +48,71 @@
+     } \
  }
  
--
- static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
- {
-     /* We only advertise 1 auth scheme at a time, so client
-@@ -2669,7 +2668,7 @@
++static int pve_vmid = 0;
++
++void pve_auth_setup(int vmid) {
++	pve_vmid = vmid;
++}
++
++/* launch expernal script - same code as in net/tap.c (launch_script)
++*/
++int pve_auth_verify(const char *username, const char *passwd)
++{
++    sigset_t oldmask, mask;
++    int pid, status;
++    char *args[4];
++    char **parg;
++    char *env[2];
++    char **penv;
++
++    char vmidstr[32];
++
++    sprintf(vmidstr, "%d", pve_vmid);
++
++    const char *script ="/usr/bin/pve-authhelper";
++
++    sigemptyset(&mask);
++    sigaddset(&mask, SIGCHLD);
++    sigprocmask(SIG_BLOCK, &mask, &oldmask);
++
++    /* try to launch pve authentification helper */
++    pid = fork();
++    if (pid == 0) {
++	    int open_max = sysconf(_SC_OPEN_MAX), i;
++
++	    for (i = 0; i < open_max; i++) {
++		    if (i != STDIN_FILENO &&
++			i != STDOUT_FILENO &&
++			i != STDERR_FILENO) {
++			    close(i);
++		    }
++	    }
++	    parg = args;
++	    *parg++ = (char *)script;
++	    *parg++ = (char *)vmidstr;
++	    *parg++ = (char *)username;
++	    *parg = NULL;
++	    penv = env;
++	    *penv++ = (char *)passwd;
++	    *penv = NULL;
++	    execve(script, args, env);
++	    _exit(1);
++    } else if (pid > 0) {
++	    while (waitpid(pid, &status, 0) != pid) {
++		    /* loop */
++	    }
++	    sigprocmask(SIG_SETMASK, &oldmask, NULL);
++
++	    if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
++		    return 0;
++	    }
++    }
++
++    VNC_DEBUG("could not launch auth script %s\n", script);
++
++    return -1;
++}
++
+ static VncDisplay *vnc_display; /* needed for info vnc */
+ static DisplayChangeListener *dcl;
+ 
+@@ -2669,7 +2735,7 @@
                  vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
              } else {
                  VNC_DEBUG("Initializing VNC server with TLS password auth\n");
@@ -22,17 +95,11 @@
 Index: new/ui/vnc-auth-vencrypt.c
 ===================================================================
 --- new.orig/ui/vnc-auth-vencrypt.c	2011-01-19 08:14:58.000000000 +0100
-+++ new/ui/vnc-auth-vencrypt.c	2011-01-19 10:05:37.000000000 +0100
-@@ -27,6 +27,95 @@
++++ new/ui/vnc-auth-vencrypt.c	2011-01-19 11:35:18.000000000 +0100
+@@ -26,6 +26,88 @@
+ 
  #include "vnc.h"
  
- 
-+static int pve_auth_verify(const char *username, const char *passwd)
-+{
-+
-+	return 0;
-+}
-+
 +static int protocol_client_auth_plain(VncState *vs, uint8_t *data, size_t len)
 +{
 +	const char *err = NULL;
@@ -49,11 +116,11 @@
 +	strncpy(username, (char *)data, vs->username_len);
 +	username[vs->username_len] = 0;
 +	strncpy(passwd, (char *)data + vs->username_len, vs->password_len);
-+	username[vs->password_len] = 0;
++	passwd[vs->password_len] = 0;
 +
 +	VNC_DEBUG("AUTH PLAIN username: %s pw: %s\n", username, passwd);
 +
-+	if (pve_auth_verify(username, passwd)) {
++	if (pve_auth_verify(username, passwd) == 0) {
 +		vnc_write_u32(vs, 0); /* Accept auth completion */
 +		start_client_init(vs);
 +		return 0;
@@ -83,7 +150,7 @@
 +	uint32_t pwlen = read_u32(data, 4);
 +	const char *err = NULL;
 +
-+	VNC_DEBUG("AUTH PLAIN password len %u %u\n", ulen, pwlen);
++	VNC_DEBUG("AUTH PLAIN START %u %u\n", ulen, pwlen);
 +
 +       if (!ulen || ulen >= 255) {
 +           err = "User name too long.";
@@ -93,7 +160,7 @@
 +           err = "Password too long.";
 +	   goto err;
 +       }
-+ 
++
 +       vs->username_len = ulen;
 +       vs->password_len = pwlen;
 +
@@ -115,11 +182,10 @@
 +
 +       return 0;
 +}
-+
+ 
  static void start_auth_vencrypt_subauth(VncState *vs)
  {
-     switch (vs->vd->subauth) {
-@@ -37,6 +126,11 @@
+@@ -37,6 +119,11 @@
         start_client_init(vs);
         break;
  
@@ -134,7 +200,7 @@
 Index: new/ui/vnc.h
 ===================================================================
 --- new.orig/ui/vnc.h	2011-01-19 09:35:54.000000000 +0100
-+++ new/ui/vnc.h	2011-01-19 09:36:41.000000000 +0100
++++ new/ui/vnc.h	2011-01-19 11:33:16.000000000 +0100
 @@ -217,6 +217,8 @@
  
      char challenge[VNC_AUTH_CHALLENGE_SIZE];



More information about the pve-devel mailing list