[pve-devel] r5444 - pve-qemu-kvm/pve2/debian/patches

svn-commits at proxmox.com svn-commits at proxmox.com
Thu Jan 27 11:09:22 CET 2011


Author: dietmar
Date: 2011-01-27 11:09:21 +0100 (Thu, 27 Jan 2011)
New Revision: 5444

Modified:
   pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
Log:
connect to pvedaemon for auth (lauch external script does not work reliable)


Modified: pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-01-26 12:05:39 UTC (rev 5443)
+++ pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-01-27 10:09:21 UTC (rev 5444)
@@ -1,7 +1,7 @@
 Index: new/ui/vnc.c
 ===================================================================
 --- new.orig/ui/vnc.c	2011-01-21 10:40:22.000000000 +0100
-+++ new/ui/vnc.c	2011-01-21 11:57:32.000000000 +0100
++++ new/ui/vnc.c	2011-01-27 10:56:24.000000000 +0100
 @@ -31,6 +31,8 @@
  #include "qemu-timer.h"
  #include "acl.h"
@@ -11,7 +11,7 @@
  
  #define VNC_REFRESH_INTERVAL_BASE 30
  #define VNC_REFRESH_INTERVAL_INC  50
-@@ -46,6 +48,75 @@
+@@ -46,6 +48,124 @@
      } \
  }
  
@@ -21,73 +21,122 @@
 +	pve_vmid = vmid;
 +}
 +
-+/* launch expernal script - same code as in net/tap.c (launch_script)
-+*/
-+int pve_auth_verify(const char *username, const char *passwd)
++static char *
++urlencode(char *buf, const char *value)
 +{
-+    sigset_t oldmask, mask;
-+    int pid, status;
-+    char *args[20];
-+    char **parg;
-+    char *env[2];
-+    char **penv;
++	static const char *hexchar = "0123456789abcdef";
++	char *p = buf;
++	int i;
++	int l = strlen(value);
++	for (i = 0; i < l; i++) {
++		char c = value[i];
++		if (('a' <= c && c <= 'z') ||
++		    ('A' <= c && c <= 'Z') ||
++		    ('0' <= c && c <= '9')) {
++			*p++ = c;
++		} else if (c == 32) {
++			*p++ = '+';
++		} else {
++			*p++ = '%';
++			*p++ = hexchar[c >> 4];
++			*p++ = hexchar[c & 15];
++		}
++	}
++	*p = 0;
 +
-+    char authpath[256];
-+    char pwenv[1024];
++	return p;
++}
 +
-+    sprintf(authpath, "/vms/%d", pve_vmid);
-+    sprintf(pwenv, "PVE_PW_TICKET=%s", passwd);
++int 
++pve_auth_verify(const char *username, const char *passwd)
++{
++	struct sockaddr_in server;
 +
-+    const char *script = "/usr/sbin/pveum";
++	int sfd = socket(AF_INET, SOCK_STREAM, 0);
++	if (sfd == -1) {
++		perror("pve_auth_verify: socket failed");
++		return -1;
++	}
 +
-+    sigemptyset(&mask);
-+    sigaddset(&mask, SIGCHLD);
-+    sigprocmask(SIG_BLOCK, &mask, &oldmask);
++	struct hostent *he;
++	if ((he = gethostbyname("localhost")) == NULL) {
++		perror("pve_auth_verify: error resolving hostname");
++		goto err;
++	}
 +
-+    /* try to launch pve authentification helper */
-+    pid = fork();
-+    if (pid == 0) {
-+	    int open_max = sysconf(_SC_OPEN_MAX), i;
++	memcpy(&server.sin_addr, he->h_addr_list[0], he->h_length);
++	server.sin_family = AF_INET;
++	server.sin_port = htons(85);
 +
-+	    for (i = 0; i < open_max; i++) {
-+		    if (i != STDIN_FILENO &&
-+			i != STDOUT_FILENO &&
-+			i != STDERR_FILENO) {
-+			    close(i);
-+		    }
-+	    }
-+	    parg = args;
-+	    *parg++ = (char *)script;
-+	    *parg++ = (char *)"auth";
-+	    *parg++ = (char *)authpath;
-+	    *parg++ = (char *)username;
-+	    *parg++ = (char *)"VM.Console";
-+	    *parg = NULL;
-+	    penv = env;
-+	    *penv++ = (char *)pwenv;
-+	    *penv = NULL;
-+	    execve(script, args, env);
-+	    _exit(1);
-+    } else if (pid > 0) {
-+	    while (waitpid(pid, &status, 0) != pid) {
-+		    /* loop */
-+	    }
-+	    sigprocmask(SIG_SETMASK, &oldmask, NULL);
++	if (connect(sfd, (struct sockaddr *)&server, sizeof(server))) {
++		perror("pve_auth_verify: error connecting to server");
++		goto err;
++	}
 +
-+	    if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
-+		    return 0;
-+	    }
-+    }
++	char buf[8192];
++	char form[8192];
 +
-+    VNC_DEBUG("could not launch auth script %s\n", script);
++	char *p = form;
++	p = urlencode(p, "username");
++	*p++ = '=';
++	p = urlencode(p, username);
 +
-+    return -1;
++	*p++ = '&';
++	p = urlencode(p, "password");
++	*p++ = '=';
++	p = urlencode(p, passwd);
++
++ 	*p++ = '&';
++	p = urlencode(p, "path");
++	*p++ = '=';
++	char authpath[256];
++	sprintf(authpath, "/vms/%d", pve_vmid);
++	p = urlencode(p, authpath);
++
++ 	*p++ = '&';
++ 	p = urlencode(p, "permissions");
++	*p++ = '=';
++ 	p = urlencode(p, "VM.Console");
++
++	sprintf(buf, "POST /api2/json/ticket HTTP/1.1\n"
++		"Host: localhost:85\n"
++		"Connection: close\n"
++		"Content-Type: application/x-www-form-urlencoded\n"
++		"Content-Length: %zd\n\n%s\n", strlen(form), form);
++	ssize_t len = strlen(buf);
++	ssize_t sb = send(sfd, buf, len, 0);
++	if (sb < 0) {
++		perror("pve_auth_verify: send failed");
++		goto err;
++	}
++	if (sb != len) {
++		fprintf(stderr, "pve_auth_verify: partial send error");
++		goto err;
++	}
++
++	len = recv(sfd, buf, sizeof(buf) - 1, 0);
++	if (len < 0) {
++		perror("pve_auth_verify: recv failed");
++		goto err;
++	}
++
++	buf[len] = 0;
++
++	//printf("DATA:%s\n", buf);
++
++	shutdown(sfd, SHUT_RDWR);
++
++	return strncmp(buf, "HTTP/1.1 200 OK", 15);
++
++err:
++	shutdown(sfd, SHUT_RDWR);
++	return -1;
 +}
 +
  static VncDisplay *vnc_display; /* needed for info vnc */
  static DisplayChangeListener *dcl;
  
-@@ -2545,7 +2616,7 @@
+@@ -2545,7 +2665,7 @@
  char *vnc_display_local_addr(DisplayState *ds)
  {
      VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
@@ -96,7 +145,7 @@
      return vnc_socket_local_addr("%s:%s", vs->lsock);
  }
  
-@@ -2592,6 +2663,7 @@
+@@ -2592,6 +2712,7 @@
              tls = 1; /* Require TLS */
          } else if (strncmp(options, "x509", 4) == 0) {
              char *start, *end;
@@ -104,7 +153,7 @@
              x509 = 1; /* Require x509 certificates */
              if (strncmp(options, "x509verify", 10) == 0)
                  vs->tls.x509verify = 1; /* ...and verify client certs */
-@@ -2614,10 +2686,12 @@
+@@ -2614,10 +2735,12 @@
                  }
                  qemu_free(path);
              } else {
@@ -121,7 +170,7 @@
              }
  #endif
          } else if (strncmp(options, "acl", 3) == 0) {
-@@ -2666,10 +2740,10 @@
+@@ -2666,10 +2789,10 @@
              vs->auth = VNC_AUTH_VENCRYPT;
              if (x509) {
                  VNC_DEBUG("Initializing VNC server with x509 password auth\n");



More information about the pve-devel mailing list