[pve-devel] r5411 - pve-qemu-kvm/pve2/debian/patches
svn-commits at proxmox.com
svn-commits at proxmox.com
Fri Jan 21 12:02:08 CET 2011
Author: dietmar
Date: 2011-01-21 12:02:08 +0100 (Fri, 21 Jan 2011)
New Revision: 5411
Modified:
pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
Log:
support VNC_AUTH_VENCRYPT_X509PLAIN
Modified: pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/pve-auth.patch 2011-01-21 09:37:28 UTC (rev 5410)
+++ pve-qemu-kvm/pve2/debian/patches/pve-auth.patch 2011-01-21 11:02:08 UTC (rev 5411)
@@ -1,7 +1,7 @@
-Index: qemu-kvm/ui/vnc.c
+Index: new/ui/vnc.c
===================================================================
---- qemu-kvm.orig/ui/vnc.c 2011-01-19 15:13:48.000000000 +0100
-+++ qemu-kvm/ui/vnc.c 2011-01-21 10:32:40.000000000 +0100
+--- new.orig/ui/vnc.c 2011-01-21 10:40:22.000000000 +0100
++++ new/ui/vnc.c 2011-01-21 11:57:32.000000000 +0100
@@ -31,6 +31,8 @@
#include "qemu-timer.h"
#include "acl.h"
@@ -58,10 +58,10 @@
+ }
+ parg = args;
+ *parg++ = (char *)script;
-+ *parg++ = "auth";
++ *parg++ = (char *)"auth";
+ *parg++ = (char *)authpath;
+ *parg++ = (char *)username;
-+ *parg++ = "VM.Console";
++ *parg++ = (char *)"VM.Console";
+ *parg = NULL;
+ penv = env;
+ *penv++ = (char *)pwenv;
@@ -96,19 +96,48 @@
return vnc_socket_local_addr("%s:%s", vs->lsock);
}
-@@ -2669,7 +2740,7 @@
- vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
+@@ -2592,6 +2663,7 @@
+ tls = 1; /* Require TLS */
+ } else if (strncmp(options, "x509", 4) == 0) {
+ char *start, *end;
++ tls = 1; /* Require TLS */
+ x509 = 1; /* Require x509 certificates */
+ if (strncmp(options, "x509verify", 10) == 0)
+ vs->tls.x509verify = 1; /* ...and verify client certs */
+@@ -2614,10 +2686,12 @@
+ }
+ qemu_free(path);
} else {
+- fprintf(stderr, "No certificate path provided\n");
+- qemu_free(vs->display);
+- vs->display = NULL;
+- return -1;
++ if (pve_tls_set_x509_creds_dir(vs) < 0) {
++ fprintf(stderr, "No certificate path provided\n");
++ qemu_free(vs->display);
++ vs->display = NULL;
++ return -1;
++ }
+ }
+ #endif
+ } else if (strncmp(options, "acl", 3) == 0) {
+@@ -2666,10 +2740,10 @@
+ vs->auth = VNC_AUTH_VENCRYPT;
+ if (x509) {
+ VNC_DEBUG("Initializing VNC server with x509 password auth\n");
+- vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
++ vs->subauth = VNC_AUTH_VENCRYPT_X509PLAIN;
+ } else {
VNC_DEBUG("Initializing VNC server with TLS password auth\n");
- vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
+ vs->subauth = VNC_AUTH_VENCRYPT_TLSPLAIN;
}
} else {
#endif /* CONFIG_VNC_TLS */
-Index: qemu-kvm/ui/vnc-auth-vencrypt.c
+Index: new/ui/vnc-auth-vencrypt.c
===================================================================
---- qemu-kvm.orig/ui/vnc-auth-vencrypt.c 2011-01-17 06:19:06.000000000 +0100
-+++ qemu-kvm/ui/vnc-auth-vencrypt.c 2011-01-19 15:13:48.000000000 +0100
+--- new.orig/ui/vnc-auth-vencrypt.c 2011-01-17 06:19:06.000000000 +0100
++++ new/ui/vnc-auth-vencrypt.c 2011-01-21 11:50:01.000000000 +0100
@@ -26,6 +26,96 @@
#include "vnc.h"
@@ -206,11 +235,12 @@
static void start_auth_vencrypt_subauth(VncState *vs)
{
-@@ -37,6 +127,11 @@
+@@ -37,6 +127,12 @@
start_client_init(vs);
break;
+ case VNC_AUTH_VENCRYPT_TLSPLAIN:
++ case VNC_AUTH_VENCRYPT_X509PLAIN:
+ VNC_DEBUG("Start TLS auth PLAIN\n");
+ vnc_read_when(vs, protocol_client_auth_plain_start, 8);
+ break;
@@ -218,10 +248,10 @@
case VNC_AUTH_VENCRYPT_TLSVNC:
case VNC_AUTH_VENCRYPT_X509VNC:
VNC_DEBUG("Start TLS auth VNC\n");
-Index: qemu-kvm/ui/vnc.h
+Index: new/ui/vnc.h
===================================================================
---- qemu-kvm.orig/ui/vnc.h 2011-01-19 15:13:48.000000000 +0100
-+++ qemu-kvm/ui/vnc.h 2011-01-19 15:13:48.000000000 +0100
+--- new.orig/ui/vnc.h 2011-01-21 10:40:22.000000000 +0100
++++ new/ui/vnc.h 2011-01-21 10:40:22.000000000 +0100
@@ -217,6 +217,8 @@
char challenge[VNC_AUTH_CHALLENGE_SIZE];
@@ -231,3 +261,45 @@
VncStateTLS tls;
#endif
#ifdef CONFIG_VNC_SASL
+Index: new/ui/vnc-tls.c
+===================================================================
+--- new.orig/ui/vnc-tls.c 2011-01-21 11:24:14.000000000 +0100
++++ new/ui/vnc-tls.c 2011-01-21 11:36:52.000000000 +0100
+@@ -419,6 +419,24 @@
+ return 0;
+ }
+
++int pve_tls_set_x509_creds_dir(VncDisplay *vd)
++{
++ if (vnc_set_x509_credential(vd, "/etc/pve", "pve-root-ca.pem", &vd->tls.x509cacert, 0) < 0)
++ goto cleanup;
++ if (vnc_set_x509_credential(vd, "/etc/pve/local", "pve-ssl.pem", &vd->tls.x509cert, 0) < 0)
++ goto cleanup;
++ if (vnc_set_x509_credential(vd, "/etc/pve/local", "pve-ssl.key", &vd->tls.x509key, 0) < 0)
++ goto cleanup;
++
++ return 0;
++
++ cleanup:
++ qemu_free(vd->tls.x509cacert);
++ qemu_free(vd->tls.x509cert);
++ qemu_free(vd->tls.x509key);
++ vd->tls.x509cacert = vd->tls.x509cacrl = vd->tls.x509cert = vd->tls.x509key = NULL;
++ return -1;
++}
+
+ int vnc_tls_set_x509_creds_dir(VncDisplay *vd,
+ const char *certdir)
+Index: new/ui/vnc-tls.h
+===================================================================
+--- new.orig/ui/vnc-tls.h 2011-01-21 11:38:31.000000000 +0100
++++ new/ui/vnc-tls.h 2011-01-21 11:38:38.000000000 +0100
+@@ -68,6 +68,8 @@
+
+ int vnc_tls_validate_certificate(VncState *vs);
+
++int pve_tls_set_x509_creds_dir(VncDisplay *vd);
++
+ int vnc_tls_set_x509_creds_dir(VncDisplay *vd,
+ const char *path);
+
More information about the pve-devel
mailing list