[pve-devel] [PATCH] Enable VeNCrypt PLAIN authentication
Alexandre Derumier
aderumier at odiso.com
Wed Aug 8 10:17:34 CEST 2012
https://bugzilla.proxmox.com/show_bug.cgi?id=84
this enable vnc plain authentication.
So external vnc client withtout x509 can connect without hacking code.
And also we can use novnc console with plain authentifcation (over ssl) or java console with x509 authentification
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
debian/patches/series | 1 +
debian/patches/vencrypt-auth-plain.patch | 77 ++++++++++++++++++++++++++++++
2 files changed, 78 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/vencrypt-auth-plain.patch
diff --git a/debian/patches/series b/debian/patches/series
index ab59a91..d20745b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ set-max-nics.patch
pve-auth.patch
update-cpus-x86_64.conf-to-rhel6.2-version.patch
rbd-enable-cacheoption.patch
+vencrypt-auth-plain.patch
diff --git a/debian/patches/vencrypt-auth-plain.patch b/debian/patches/vencrypt-auth-plain.patch
new file mode 100644
index 0000000..9c30224
--- /dev/null
+++ b/debian/patches/vencrypt-auth-plain.patch
@@ -0,0 +1,77 @@
+--- qemu-kvm/ui/vnc-auth-vencrypt.c 2012-01-17 01:31:17.000000000 +0100
++++ qemu-kvm.new/ui/vnc-auth-vencrypt.c 2012-01-17 01:31:48.000000000 +0100
+@@ -143,6 +143,11 @@
+ vnc_read_when(vs, protocol_client_auth_plain_start, 8);
+ break;
+
++ case VNC_AUTH_VENCRYPT_PLAIN:
++ VNC_DEBUG("Start auth PLAIN\n");
++ vnc_read_when(vs, protocol_client_auth_plain_start, 8);
++ break;
++
+ case VNC_AUTH_VENCRYPT_TLSVNC:
+ case VNC_AUTH_VENCRYPT_X509VNC:
+ VNC_DEBUG("Start TLS auth VNC\n");
+@@ -226,25 +231,32 @@
+ {
+ int auth = read_u32(data, 0);
+
+- if (auth != vs->subauth) {
++ if (auth != vs->subauth && auth != VNC_AUTH_VENCRYPT_PLAIN) {
+ VNC_DEBUG("Rejecting auth %d\n", auth);
+ vnc_write_u8(vs, 0); /* Reject auth */
+ vnc_flush(vs);
+ vnc_client_error(vs);
+ } else {
+- VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth);
+- vnc_write_u8(vs, 1); /* Accept auth */
+- vnc_flush(vs);
+-
+- if (vnc_tls_client_setup(vs, NEED_X509_AUTH(vs)) < 0) {
+- VNC_DEBUG("Failed to setup TLS\n");
+- return 0;
++ if (auth == VNC_AUTH_VENCRYPT_PLAIN) {
++ vs->subauth = auth;
++ start_auth_vencrypt_subauth(vs);
+ }
+-
+- VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
+- if (vnc_start_vencrypt_handshake(vs) < 0) {
+- VNC_DEBUG("Failed to start TLS handshake\n");
+- return 0;
++ else
++ {
++ VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth);
++ vnc_write_u8(vs, 1); /* Accept auth */
++ vnc_flush(vs);
++
++ if (vnc_tls_client_setup(vs, NEED_X509_AUTH(vs)) < 0) {
++ VNC_DEBUG("Failed to setup TLS\n");
++ return 0;
++ }
++
++ VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
++ if (vnc_start_vencrypt_handshake(vs) < 0) {
++ VNC_DEBUG("Failed to start TLS handshake\n");
++ return 0;
++ }
+ }
+ }
+ return 0;
+@@ -259,10 +271,11 @@
+ vnc_flush(vs);
+ vnc_client_error(vs);
+ } else {
+- VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
++ VNC_DEBUG("Sending allowed auths %d %d\n", vs->subauth, VNC_AUTH_VENCRYPT_PLAIN);
+ vnc_write_u8(vs, 0); /* Accept version */
+- vnc_write_u8(vs, 1); /* Number of sub-auths */
++ vnc_write_u8(vs, 2); /* Number of sub-auths */
+ vnc_write_u32(vs, vs->subauth); /* The supported auth */
++ vnc_write_u32(vs, VNC_AUTH_VENCRYPT_PLAIN); /* Alternative supported auth */
+ vnc_flush(vs);
+ vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
+ }
+--
+1.7.2.5
+
--
1.7.2.5
More information about the pve-devel
mailing list