[pve-devel] r5411 - pve-qemu-kvm/pve2/debian/patches

svn-commits at proxmox.com svn-commits at proxmox.com
Fri Jan 21 12:02:08 CET 2011


Author: dietmar
Date: 2011-01-21 12:02:08 +0100 (Fri, 21 Jan 2011)
New Revision: 5411

Modified:
   pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
Log:
support VNC_AUTH_VENCRYPT_X509PLAIN


Modified: pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-01-21 09:37:28 UTC (rev 5410)
+++ pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-01-21 11:02:08 UTC (rev 5411)
@@ -1,7 +1,7 @@
-Index: qemu-kvm/ui/vnc.c
+Index: new/ui/vnc.c
 ===================================================================
---- qemu-kvm.orig/ui/vnc.c	2011-01-19 15:13:48.000000000 +0100
-+++ qemu-kvm/ui/vnc.c	2011-01-21 10:32:40.000000000 +0100
+--- new.orig/ui/vnc.c	2011-01-21 10:40:22.000000000 +0100
++++ new/ui/vnc.c	2011-01-21 11:57:32.000000000 +0100
 @@ -31,6 +31,8 @@
  #include "qemu-timer.h"
  #include "acl.h"
@@ -58,10 +58,10 @@
 +	    }
 +	    parg = args;
 +	    *parg++ = (char *)script;
-+	    *parg++ = "auth";
++	    *parg++ = (char *)"auth";
 +	    *parg++ = (char *)authpath;
 +	    *parg++ = (char *)username;
-+	    *parg++ = "VM.Console";
++	    *parg++ = (char *)"VM.Console";
 +	    *parg = NULL;
 +	    penv = env;
 +	    *penv++ = (char *)pwenv;
@@ -96,19 +96,48 @@
      return vnc_socket_local_addr("%s:%s", vs->lsock);
  }
  
-@@ -2669,7 +2740,7 @@
-                 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
+@@ -2592,6 +2663,7 @@
+             tls = 1; /* Require TLS */
+         } else if (strncmp(options, "x509", 4) == 0) {
+             char *start, *end;
++            tls = 1; /* Require TLS */
+             x509 = 1; /* Require x509 certificates */
+             if (strncmp(options, "x509verify", 10) == 0)
+                 vs->tls.x509verify = 1; /* ...and verify client certs */
+@@ -2614,10 +2686,12 @@
+                 }
+                 qemu_free(path);
              } else {
+-                fprintf(stderr, "No certificate path provided\n");
+-                qemu_free(vs->display);
+-                vs->display = NULL;
+-                return -1;
++                if (pve_tls_set_x509_creds_dir(vs) < 0) {
++			fprintf(stderr, "No certificate path provided\n");
++			qemu_free(vs->display);
++			vs->display = NULL;
++			return -1;
++		}
+             }
+ #endif
+         } else if (strncmp(options, "acl", 3) == 0) {
+@@ -2666,10 +2740,10 @@
+             vs->auth = VNC_AUTH_VENCRYPT;
+             if (x509) {
+                 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
+-                vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
++                vs->subauth = VNC_AUTH_VENCRYPT_X509PLAIN;
+             } else {
                  VNC_DEBUG("Initializing VNC server with TLS password auth\n");
 -                vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
 +                vs->subauth = VNC_AUTH_VENCRYPT_TLSPLAIN;
              }
          } else {
  #endif /* CONFIG_VNC_TLS */
-Index: qemu-kvm/ui/vnc-auth-vencrypt.c
+Index: new/ui/vnc-auth-vencrypt.c
 ===================================================================
---- qemu-kvm.orig/ui/vnc-auth-vencrypt.c	2011-01-17 06:19:06.000000000 +0100
-+++ qemu-kvm/ui/vnc-auth-vencrypt.c	2011-01-19 15:13:48.000000000 +0100
+--- new.orig/ui/vnc-auth-vencrypt.c	2011-01-17 06:19:06.000000000 +0100
++++ new/ui/vnc-auth-vencrypt.c	2011-01-21 11:50:01.000000000 +0100
 @@ -26,6 +26,96 @@
  
  #include "vnc.h"
@@ -206,11 +235,12 @@
  
  static void start_auth_vencrypt_subauth(VncState *vs)
  {
-@@ -37,6 +127,11 @@
+@@ -37,6 +127,12 @@
         start_client_init(vs);
         break;
  
 +    case VNC_AUTH_VENCRYPT_TLSPLAIN:
++    case VNC_AUTH_VENCRYPT_X509PLAIN:
 +       VNC_DEBUG("Start TLS auth PLAIN\n");
 +       vnc_read_when(vs, protocol_client_auth_plain_start, 8);
 +       break;
@@ -218,10 +248,10 @@
      case VNC_AUTH_VENCRYPT_TLSVNC:
      case VNC_AUTH_VENCRYPT_X509VNC:
         VNC_DEBUG("Start TLS auth VNC\n");
-Index: qemu-kvm/ui/vnc.h
+Index: new/ui/vnc.h
 ===================================================================
---- qemu-kvm.orig/ui/vnc.h	2011-01-19 15:13:48.000000000 +0100
-+++ qemu-kvm/ui/vnc.h	2011-01-19 15:13:48.000000000 +0100
+--- new.orig/ui/vnc.h	2011-01-21 10:40:22.000000000 +0100
++++ new/ui/vnc.h	2011-01-21 10:40:22.000000000 +0100
 @@ -217,6 +217,8 @@
  
      char challenge[VNC_AUTH_CHALLENGE_SIZE];
@@ -231,3 +261,45 @@
      VncStateTLS tls;
  #endif
  #ifdef CONFIG_VNC_SASL
+Index: new/ui/vnc-tls.c
+===================================================================
+--- new.orig/ui/vnc-tls.c	2011-01-21 11:24:14.000000000 +0100
++++ new/ui/vnc-tls.c	2011-01-21 11:36:52.000000000 +0100
+@@ -419,6 +419,24 @@
+     return 0;
+ }
+ 
++int pve_tls_set_x509_creds_dir(VncDisplay *vd)
++{
++    if (vnc_set_x509_credential(vd, "/etc/pve", "pve-root-ca.pem", &vd->tls.x509cacert, 0) < 0)
++        goto cleanup;
++    if (vnc_set_x509_credential(vd, "/etc/pve/local", "pve-ssl.pem", &vd->tls.x509cert, 0) < 0)
++        goto cleanup;
++    if (vnc_set_x509_credential(vd, "/etc/pve/local", "pve-ssl.key", &vd->tls.x509key, 0) < 0)
++        goto cleanup;
++
++    return 0;
++
++ cleanup:
++    qemu_free(vd->tls.x509cacert);
++    qemu_free(vd->tls.x509cert);
++    qemu_free(vd->tls.x509key);
++    vd->tls.x509cacert = vd->tls.x509cacrl = vd->tls.x509cert = vd->tls.x509key = NULL;
++    return -1;
++}
+ 
+ int vnc_tls_set_x509_creds_dir(VncDisplay *vd,
+                                const char *certdir)
+Index: new/ui/vnc-tls.h
+===================================================================
+--- new.orig/ui/vnc-tls.h	2011-01-21 11:38:31.000000000 +0100
++++ new/ui/vnc-tls.h	2011-01-21 11:38:38.000000000 +0100
+@@ -68,6 +68,8 @@
+ 
+ int vnc_tls_validate_certificate(VncState *vs);
+ 
++int pve_tls_set_x509_creds_dir(VncDisplay *vd);
++
+ int vnc_tls_set_x509_creds_dir(VncDisplay *vd,
+ 			       const char *path);
+ 



More information about the pve-devel mailing list