[pve-devel] r5444 - pve-qemu-kvm/pve2/debian/patches
svn-commits at proxmox.com
svn-commits at proxmox.com
Thu Jan 27 11:09:22 CET 2011
Author: dietmar
Date: 2011-01-27 11:09:21 +0100 (Thu, 27 Jan 2011)
New Revision: 5444
Modified:
pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
Log:
connect to pvedaemon for auth (lauch external script does not work reliable)
Modified: pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/pve-auth.patch 2011-01-26 12:05:39 UTC (rev 5443)
+++ pve-qemu-kvm/pve2/debian/patches/pve-auth.patch 2011-01-27 10:09:21 UTC (rev 5444)
@@ -1,7 +1,7 @@
Index: new/ui/vnc.c
===================================================================
--- new.orig/ui/vnc.c 2011-01-21 10:40:22.000000000 +0100
-+++ new/ui/vnc.c 2011-01-21 11:57:32.000000000 +0100
++++ new/ui/vnc.c 2011-01-27 10:56:24.000000000 +0100
@@ -31,6 +31,8 @@
#include "qemu-timer.h"
#include "acl.h"
@@ -11,7 +11,7 @@
#define VNC_REFRESH_INTERVAL_BASE 30
#define VNC_REFRESH_INTERVAL_INC 50
-@@ -46,6 +48,75 @@
+@@ -46,6 +48,124 @@
} \
}
@@ -21,73 +21,122 @@
+ pve_vmid = vmid;
+}
+
-+/* launch expernal script - same code as in net/tap.c (launch_script)
-+*/
-+int pve_auth_verify(const char *username, const char *passwd)
++static char *
++urlencode(char *buf, const char *value)
+{
-+ sigset_t oldmask, mask;
-+ int pid, status;
-+ char *args[20];
-+ char **parg;
-+ char *env[2];
-+ char **penv;
++ static const char *hexchar = "0123456789abcdef";
++ char *p = buf;
++ int i;
++ int l = strlen(value);
++ for (i = 0; i < l; i++) {
++ char c = value[i];
++ if (('a' <= c && c <= 'z') ||
++ ('A' <= c && c <= 'Z') ||
++ ('0' <= c && c <= '9')) {
++ *p++ = c;
++ } else if (c == 32) {
++ *p++ = '+';
++ } else {
++ *p++ = '%';
++ *p++ = hexchar[c >> 4];
++ *p++ = hexchar[c & 15];
++ }
++ }
++ *p = 0;
+
-+ char authpath[256];
-+ char pwenv[1024];
++ return p;
++}
+
-+ sprintf(authpath, "/vms/%d", pve_vmid);
-+ sprintf(pwenv, "PVE_PW_TICKET=%s", passwd);
++int
++pve_auth_verify(const char *username, const char *passwd)
++{
++ struct sockaddr_in server;
+
-+ const char *script = "/usr/sbin/pveum";
++ int sfd = socket(AF_INET, SOCK_STREAM, 0);
++ if (sfd == -1) {
++ perror("pve_auth_verify: socket failed");
++ return -1;
++ }
+
-+ sigemptyset(&mask);
-+ sigaddset(&mask, SIGCHLD);
-+ sigprocmask(SIG_BLOCK, &mask, &oldmask);
++ struct hostent *he;
++ if ((he = gethostbyname("localhost")) == NULL) {
++ perror("pve_auth_verify: error resolving hostname");
++ goto err;
++ }
+
-+ /* try to launch pve authentification helper */
-+ pid = fork();
-+ if (pid == 0) {
-+ int open_max = sysconf(_SC_OPEN_MAX), i;
++ memcpy(&server.sin_addr, he->h_addr_list[0], he->h_length);
++ server.sin_family = AF_INET;
++ server.sin_port = htons(85);
+
-+ for (i = 0; i < open_max; i++) {
-+ if (i != STDIN_FILENO &&
-+ i != STDOUT_FILENO &&
-+ i != STDERR_FILENO) {
-+ close(i);
-+ }
-+ }
-+ parg = args;
-+ *parg++ = (char *)script;
-+ *parg++ = (char *)"auth";
-+ *parg++ = (char *)authpath;
-+ *parg++ = (char *)username;
-+ *parg++ = (char *)"VM.Console";
-+ *parg = NULL;
-+ penv = env;
-+ *penv++ = (char *)pwenv;
-+ *penv = NULL;
-+ execve(script, args, env);
-+ _exit(1);
-+ } else if (pid > 0) {
-+ while (waitpid(pid, &status, 0) != pid) {
-+ /* loop */
-+ }
-+ sigprocmask(SIG_SETMASK, &oldmask, NULL);
++ if (connect(sfd, (struct sockaddr *)&server, sizeof(server))) {
++ perror("pve_auth_verify: error connecting to server");
++ goto err;
++ }
+
-+ if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
-+ return 0;
-+ }
-+ }
++ char buf[8192];
++ char form[8192];
+
-+ VNC_DEBUG("could not launch auth script %s\n", script);
++ char *p = form;
++ p = urlencode(p, "username");
++ *p++ = '=';
++ p = urlencode(p, username);
+
-+ return -1;
++ *p++ = '&';
++ p = urlencode(p, "password");
++ *p++ = '=';
++ p = urlencode(p, passwd);
++
++ *p++ = '&';
++ p = urlencode(p, "path");
++ *p++ = '=';
++ char authpath[256];
++ sprintf(authpath, "/vms/%d", pve_vmid);
++ p = urlencode(p, authpath);
++
++ *p++ = '&';
++ p = urlencode(p, "permissions");
++ *p++ = '=';
++ p = urlencode(p, "VM.Console");
++
++ sprintf(buf, "POST /api2/json/ticket HTTP/1.1\n"
++ "Host: localhost:85\n"
++ "Connection: close\n"
++ "Content-Type: application/x-www-form-urlencoded\n"
++ "Content-Length: %zd\n\n%s\n", strlen(form), form);
++ ssize_t len = strlen(buf);
++ ssize_t sb = send(sfd, buf, len, 0);
++ if (sb < 0) {
++ perror("pve_auth_verify: send failed");
++ goto err;
++ }
++ if (sb != len) {
++ fprintf(stderr, "pve_auth_verify: partial send error");
++ goto err;
++ }
++
++ len = recv(sfd, buf, sizeof(buf) - 1, 0);
++ if (len < 0) {
++ perror("pve_auth_verify: recv failed");
++ goto err;
++ }
++
++ buf[len] = 0;
++
++ //printf("DATA:%s\n", buf);
++
++ shutdown(sfd, SHUT_RDWR);
++
++ return strncmp(buf, "HTTP/1.1 200 OK", 15);
++
++err:
++ shutdown(sfd, SHUT_RDWR);
++ return -1;
+}
+
static VncDisplay *vnc_display; /* needed for info vnc */
static DisplayChangeListener *dcl;
-@@ -2545,7 +2616,7 @@
+@@ -2545,7 +2665,7 @@
char *vnc_display_local_addr(DisplayState *ds)
{
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
@@ -96,7 +145,7 @@
return vnc_socket_local_addr("%s:%s", vs->lsock);
}
-@@ -2592,6 +2663,7 @@
+@@ -2592,6 +2712,7 @@
tls = 1; /* Require TLS */
} else if (strncmp(options, "x509", 4) == 0) {
char *start, *end;
@@ -104,7 +153,7 @@
x509 = 1; /* Require x509 certificates */
if (strncmp(options, "x509verify", 10) == 0)
vs->tls.x509verify = 1; /* ...and verify client certs */
-@@ -2614,10 +2686,12 @@
+@@ -2614,10 +2735,12 @@
}
qemu_free(path);
} else {
@@ -121,7 +170,7 @@
}
#endif
} else if (strncmp(options, "acl", 3) == 0) {
-@@ -2666,10 +2740,10 @@
+@@ -2666,10 +2789,10 @@
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 password auth\n");
More information about the pve-devel
mailing list