[pve-devel] r5409 - vncterm/pve2/vncpatches

svn-commits at proxmox.com svn-commits at proxmox.com
Fri Jan 21 10:27:11 CET 2011


Author: dietmar
Date: 2011-01-21 10:27:11 +0100 (Fri, 21 Jan 2011)
New Revision: 5409

Modified:
   vncterm/pve2/vncpatches/patch2.diff
Log:


Modified: vncterm/pve2/vncpatches/patch2.diff
===================================================================
--- vncterm/pve2/vncpatches/patch2.diff	2011-01-21 09:17:00 UTC (rev 5408)
+++ vncterm/pve2/vncpatches/patch2.diff	2011-01-21 09:27:11 UTC (rev 5409)
@@ -1,7 +1,79 @@
 Index: vnc/libvncserver/auth.c
 ===================================================================
 --- vnc.orig/libvncserver/auth.c	2006-12-15 02:43:52.000000000 +0100
-+++ vnc/libvncserver/auth.c	2011-01-20 13:35:13.000000000 +0100
++++ vnc/libvncserver/auth.c	2011-01-21 10:19:08.000000000 +0100
+@@ -8,7 +8,7 @@
+ /*
+  *  Copyright (C) 2005 Rohit Kumar, Johannes E. Schindelin
+  *  OSXvnc Copyright (C) 2001 Dan McGuirk <mcguirk at incompleteness.net>.
+- *  Original Xvnc code Copyright (C) 1999 AT&T Laboratories Cambridge.  
++ *  Original Xvnc code Copyright (C) 1999 AT&T Laboratories Cambridge.
+  *  All Rights Reserved.
+  *
+  *  This is free software; you can redistribute it and/or modify
+@@ -40,8 +40,8 @@
+ static rfbSecurityHandler* securityHandlers = NULL;
+ 
+ /*
+- * This method registers a list of new security types.  
+- * It avoids same security type getting registered multiple times. 
++ * This method registers a list of new security types.
++ * It avoids same security type getting registered multiple times.
+  * The order is not preserved if multiple security types are
+  * registered at one-go.
+  */
+@@ -71,9 +71,9 @@
+ }
+ 
+ /*
+- * This method unregisters a list of security types. 
++ * This method unregisters a list of security types.
+  * These security types won't be available for any new
+- * client connection. 
++ * client connection.
+  */
+ void
+ rfbUnregisterSecurityHandler(rfbSecurityHandler* handler)
+@@ -109,8 +109,8 @@
+ static void
+ rfbVncAuthSendChallenge(rfbClientPtr cl)
+ {
+-	
+-    /* 4 byte header is alreay sent. Which is rfbSecTypeVncAuth 
++
++    /* 4 byte header is alreay sent. Which is rfbSecTypeVncAuth
+        (same as rfbVncAuth). Just send the challenge. */
+     rfbRandomBytes(cl->authChallenge);
+     if (rfbWriteExact(cl, (char *)cl->authChallenge, CHALLENGESIZE) < 0) {
+@@ -118,7 +118,7 @@
+         rfbCloseClient(cl);
+         return;
+     }
+-    
++
+     /* Dispatch client input to rfbVncAuthProcessResponse. */
+     cl->state = RFB_AUTHENTICATION;
+ }
+@@ -147,8 +147,8 @@
+ 
+ 
+ /*
+- * Advertise the supported security types (protocol 3.7). Here before sending 
+- * the list of security types to the client one more security type is added 
++ * Advertise the supported security types (protocol 3.7). Here before sending
++ * the list of security types to the client one more security type is added
+  * to the list if primaryType is not set to rfbSecTypeInvalid. This security
+  * type is the standard vnc security type which does the vnc authentication
+  * or it will be security type for no authentication.
+@@ -166,7 +166,7 @@
+     rfbVncAuthNone,
+     NULL
+ };
+-                        
++
+ 
+ static void
+ rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
 @@ -270,8 +270,9 @@
      int32_t securityType = rfbSecTypeInvalid;
  
@@ -14,26 +86,37 @@
      } else if (cl->screen->authPasswdData) {
   	    securityType = rfbSecTypeVncAuth;
      }
+@@ -302,7 +303,7 @@
+     int n;
+     uint8_t chosenType;
+     rfbSecurityHandler* handler;
+-    
++
+     /* Read the security type. */
+     n = rfbReadExact(cl, (char *)&chosenType, 1);
+     if (n <= 0) {
 Index: vnc/newterm/Makefile.am
 ===================================================================
 --- vnc.orig/newterm/Makefile.am	2011-01-20 13:31:26.000000000 +0100
-+++ vnc/newterm/Makefile.am	2011-01-20 13:45:06.000000000 +0100
-@@ -1,7 +1,7 @@
++++ vnc/newterm/Makefile.am	2011-01-21 10:20:21.000000000 +0100
+@@ -1,9 +1,9 @@
 -AM_CFLAGS=-I $(top_srcdir)
 +AM_CFLAGS=-I $(top_srcdir) -DDEBUG
  
 -LDADD=../libvncserver/libvncserver.la @WSOCKLIB@ -lutil
--INCLUDES=-I.
 +LDADD= ../libvncserver/libvncserver.la @WSOCKLIB@ -lgnutls -lutil
-+INCLUDES=-I. 
+ INCLUDES=-I.
  
- noinst_PROGRAMS=vncterm 
+-noinst_PROGRAMS=vncterm 
++noinst_PROGRAMS=vncterm
  vncterm_SOURCES=vncterm.c vncterm.h
+ 
+ 
 Index: vnc/newterm/vncterm.c
 ===================================================================
 --- vnc.orig/newterm/vncterm.c	2011-01-20 13:41:18.000000000 +0100
-+++ vnc/newterm/vncterm.c	2011-01-21 08:29:20.000000000 +0100
-@@ -37,6 +37,170 @@
++++ vnc/newterm/vncterm.c	2011-01-21 10:24:41.000000000 +0100
+@@ -37,6 +37,173 @@
  #include "vncterm.h"
  #include "glyphs.h"
  
@@ -41,14 +124,15 @@
 +#include <gnutls/x509.h>
 +
 +char *auth_path = "/";
++char *auth_perm = "VM.Console";
 +
 +/* launch expernal script to verify credential */
-+int 
++int
 +pve_auth_verify(const char *username, const char *passwd)
 +{
 +	sigset_t oldmask, mask;
 +	int pid, status;
-+	char *args[4];
++	char *args[20];
 +	char **parg;
 +	char *env[2];
 +	char **penv;
@@ -57,7 +141,7 @@
 +
 +	sprintf(pwenv, "PVE_PW_TICKET=%s", passwd);
 +
-+	const char *script ="/usr/bin/pve-authhelper";
++	const char *script ="/usr/sbin/pveum";
 +
 +	sigemptyset(&mask);
 +	sigaddset(&mask, SIGCHLD);
@@ -77,8 +161,10 @@
 +		}
 +		parg = args;
 +		*parg++ = (char *)script;
++		*parg++ = "auth";
 +		*parg++ = (char *)auth_path;
 +		*parg++ = (char *)username;
++		*parg++ = (char *)auth_perm;
 +		*parg = NULL;
 +		penv = env;
 +		*penv++ = (char *)pwenv;
@@ -204,7 +290,7 @@
  /* define this for debugging */
  //#define DEBUG
  
-@@ -45,10 +209,275 @@
+@@ -45,10 +212,275 @@
  #define rfbSecTypeVencrypt  19
  #define rfbVencryptTlsPlain 259
  
@@ -284,7 +370,7 @@
 +		rfbWriteExact(cl, buf, 4);
 +		if (cl->protocolMinorVersion >= 8) {
 +			int elen = strlen(err);
-+			rfbEncodeU32(buf, elen); 
++			rfbEncodeU32(buf, elen);
 +			rfbWriteExact(cl, buf, 4);
 +			rfbWriteExact(cl, err, elen);
 +		}
@@ -383,7 +469,7 @@
 +			rfbLog("gnutls_init failed\n");
 +			rfbCloseClient(cl);
 +			return;
-+			
++
 +		}
 +
 +		if ((ret = gnutls_set_default_priority(sd->session)) < 0) {
@@ -394,17 +480,17 @@
 +		}
 +
 +		/* optimize for speed */
-+		static const int cipher_priority_performance[] = { 
-+			GNUTLS_CIPHER_ARCFOUR_128, 
-+			GNUTLS_CIPHER_AES_128_CBC, 
-+			GNUTLS_CIPHER_3DES_CBC, 0 
++		static const int cipher_priority_performance[] = {
++			GNUTLS_CIPHER_ARCFOUR_128,
++			GNUTLS_CIPHER_AES_128_CBC,
++			GNUTLS_CIPHER_3DES_CBC, 0
 +		};
 +
 +		if ((ret = gnutls_cipher_set_priority(sd->session, cipher_priority_performance)) < 0) {
 +			rfbLog("gnutls_cipher_set_priority failed: %s\n", gnutls_strerror(ret));
 +			sd->session = NULL;
 +			rfbCloseClient(cl);
-+			return;			
++			return;
 +		}
 +
 +		static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
@@ -412,16 +498,16 @@
 +			rfbLog("gnutls_kx_set_priority failed: %s\n", gnutls_strerror(ret));
 +			sd->session = NULL;
 +			rfbCloseClient(cl);
-+			return;			
++			return;
 +		}
 +
 +		static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
 +		if ((ret = gnutls_certificate_type_set_priority(sd->session, cert_type_priority)) < 0) {
-+			rfbLog("gnutls_certificate_type_set_priority failed: %s\n", 
++			rfbLog("gnutls_certificate_type_set_priority failed: %s\n",
 +			       gnutls_strerror(ret));
 +			sd->session = NULL;
 +			rfbCloseClient(cl);
-+			return;			
++			return;
 +		}
 +
 +		static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
@@ -430,7 +516,7 @@
 +			       gnutls_strerror(ret));
 +			sd->session = NULL;
 +			rfbCloseClient(cl);
-+			return;			
++			return;
 +		}
 +
 +		gnutls_anon_server_credentials anon_cred;
@@ -438,7 +524,7 @@
 +		if (!(anon_cred = tls_initialize_anon_cred())) {
 +			sd->session = NULL;
 +			rfbCloseClient(cl);
-+			return;			
++			return;
 +		}
 +
 +		if ((ret = gnutls_credentials_set(sd->session, GNUTLS_CRD_ANON, anon_cred)) < 0) {
@@ -446,7 +532,7 @@
 +			gnutls_anon_free_server_credentials(anon_cred);
 +			sd->session = NULL;
 +			rfbCloseClient(cl);
-+			return;			
++			return;
 +		}
 +
 +		gnutls_transport_set_ptr(sd->session, (gnutls_transport_ptr_t)cl);
@@ -480,7 +566,7 @@
  }
  
  static rfbSecurityHandler VncSecurityHandlerVencrypt = {
-@@ -1759,6 +2188,21 @@
+@@ -1759,6 +2191,21 @@
    time_t elapsed, cur_time;
    struct winsize dimensions;
  
@@ -502,7 +588,7 @@
    for (i = 1; i < argc; i++) {
      if (!strcmp (argv[i], "-c")) {
        command = argv[i+1];
-@@ -1784,6 +2228,8 @@
+@@ -1784,6 +2231,8 @@
  
  #ifdef DEBUG
    rfbLogEnable (1);
@@ -514,7 +600,34 @@
 Index: vnc/libvncserver/sockets.c
 ===================================================================
 --- vnc.orig/libvncserver/sockets.c	2011-01-20 16:42:41.000000000 +0100
-+++ vnc/libvncserver/sockets.c	2011-01-21 06:32:42.000000000 +0100
++++ vnc/libvncserver/sockets.c	2011-01-21 10:20:03.000000000 +0100
+@@ -21,7 +21,7 @@
+ /*
+  *  Copyright (C) 2005 Rohit Kumar, Johannes E. Schindelin
+  *  OSXvnc Copyright (C) 2001 Dan McGuirk <mcguirk at incompleteness.net>.
+- *  Original Xvnc code Copyright (C) 1999 AT&T Laboratories Cambridge.  
++ *  Original Xvnc code Copyright (C) 1999 AT&T Laboratories Cambridge.
+  *  All Rights Reserved.
+  *
+  *  This is free software; you can redistribute it and/or modify
+@@ -63,7 +63,7 @@
+ #endif
+ 
+ #if defined(__linux__) && defined(NEED_TIMEVAL)
+-struct timeval 
++struct timeval
+ {
+    long int tv_sec,tv_usec;
+ }
+@@ -229,7 +229,7 @@
+     int result = 0;
+ 
+     if (!rfbScreen->inetdInitDone && rfbScreen->inetdSock != -1) {
+-	rfbNewClientConnection(rfbScreen,rfbScreen->inetdSock); 
++	rfbNewClientConnection(rfbScreen,rfbScreen->inetdSock);
+ 	rfbScreen->inetdInitDone = TRUE;
+     }
+ 
 @@ -454,8 +454,12 @@
      fd_set fds;
      struct timeval tv;
@@ -524,7 +637,7 @@
 -        n = read(sock, buf, len);
 +	    if (cl->sock_read_fn)
 +		    n = cl->sock_read_fn(cl, buf, len);
-+	    else 
++	    else
 +		    n = read(sock, buf, len);
  
          if (n > 0) {




More information about the pve-devel mailing list