Index: new/ui/vnc.c
===================================================================
---- new.orig/ui/vnc.c 2011-08-11 10:10:00.000000000 +0200
-+++ new/ui/vnc.c 2011-08-11 10:10:30.000000000 +0200
-@@ -31,6 +31,8 @@
- #include "qemu-timer.h"
- #include "acl.h"
- #include "qemu-objects.h"
-+#include <signal.h>
-+#include <sys/wait.h>
-
- #define VNC_REFRESH_INTERVAL_BASE 30
- #define VNC_REFRESH_INTERVAL_INC 50
-@@ -41,6 +43,125 @@
+--- new.orig/ui/vnc.c 2011-12-07 10:12:06.000000000 +0100
++++ new/ui/vnc.c 2011-12-07 10:18:26.000000000 +0100
+@@ -42,6 +42,125 @@
#include "vnc_keysym.h"
#include "d3des.h"
static VncDisplay *vnc_display; /* needed for info vnc */
static DisplayChangeListener *dcl;
-@@ -1810,7 +1931,7 @@
+@@ -1841,7 +1960,7 @@
static void set_pixel_conversion(VncState *vs)
{
if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
!memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
vs->write_pixels = vnc_write_pixels_copy;
vnc_hextile_set_pixel_conversion(vs, 0);
-@@ -1896,7 +2017,7 @@
+@@ -1927,7 +2046,7 @@
vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
vnc_write_u8(vs, 0);
vnc_write_u16(vs, 1); /* number of rects */
ds_get_height(vs->ds), VNC_ENCODING_WMVi);
pixel_format_message(vs);
vnc_unlock_output(vs);
-@@ -2729,7 +2850,7 @@
+@@ -2760,7 +2879,7 @@
char *vnc_display_local_addr(DisplayState *ds)
{
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
return vnc_socket_local_addr("%s:%s", vs->lsock);
}
-@@ -2778,6 +2899,7 @@
+@@ -2809,6 +2928,7 @@
tls = 1; /* Require TLS */
} else if (strncmp(options, "x509", 4) == 0) {
char *start, *end;
x509 = 1; /* Require x509 certificates */
if (strncmp(options, "x509verify", 10) == 0)
vs->tls.x509verify = 1; /* ...and verify client certs */
-@@ -2800,10 +2922,12 @@
+@@ -2831,10 +2951,12 @@
}
- qemu_free(path);
+ g_free(path);
} else {
- fprintf(stderr, "No certificate path provided\n");
-- qemu_free(vs->display);
+- g_free(vs->display);
- vs->display = NULL;
- return -1;
-+ if (pve_tls_set_x509_creds_dir(vs) < 0) {
++ if (pve_tls_set_x509_creds_dir(vs) < 0) {
+ fprintf(stderr, "No certificate path provided\n");
-+ qemu_free(vs->display);
++ g_free(vs->display);
+ vs->display = NULL;
+ return -1;
+ }
}
#endif
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
-@@ -2856,10 +2980,10 @@
+@@ -2887,10 +3009,10 @@
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 password auth\n");
#endif /* CONFIG_VNC_TLS */
Index: new/ui/vnc-auth-vencrypt.c
===================================================================
---- new.orig/ui/vnc-auth-vencrypt.c 2011-08-11 10:04:51.000000000 +0200
-+++ new/ui/vnc-auth-vencrypt.c 2011-08-11 10:10:30.000000000 +0200
+--- new.orig/ui/vnc-auth-vencrypt.c 2011-12-07 10:05:50.000000000 +0100
++++ new/ui/vnc-auth-vencrypt.c 2011-12-07 10:33:37.000000000 +0100
@@ -25,7 +25,107 @@
*/
+ struct sockaddr_in client;
+ socklen_t addrlen = sizeof(client);
+ if (getpeername(vs->csock, &client, &addrlen) == 0) {
-+ inet_ntop(client.sin_family, &client.sin_addr,
++ inet_ntop(client.sin_family, &client.sin_addr,
+ clientip, sizeof(clientip));
+ }
+
VNC_DEBUG("Start TLS auth VNC\n");
Index: new/ui/vnc.h
===================================================================
---- new.orig/ui/vnc.h 2011-08-11 10:04:51.000000000 +0200
-+++ new/ui/vnc.h 2011-08-11 10:12:42.000000000 +0200
+--- new.orig/ui/vnc.h 2011-12-07 10:05:50.000000000 +0100
++++ new/ui/vnc.h 2011-12-07 10:58:21.000000000 +0100
@@ -260,6 +260,8 @@
char challenge[VNC_AUTH_CHALLENGE_SIZE];
#ifdef CONFIG_VNC_TLS
VncStateTLS tls;
#endif
#ifdef CONFIG_VNC_SASL
+@@ -553,4 +555,6 @@
+ int vnc_zywrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
+ void vnc_zrle_clear(VncState *vs);
+
++int pve_auth_verify(const char *clientip, const char *username, const char *passwd);
++
+ #endif /* __QEMU_VNC_H */
Index: new/ui/vnc-tls.c
===================================================================
---- new.orig/ui/vnc-tls.c 2011-08-11 10:04:51.000000000 +0200
-+++ new/ui/vnc-tls.c 2011-08-11 10:10:30.000000000 +0200
-@@ -291,6 +291,14 @@
- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
+--- new.orig/ui/vnc-tls.c 2011-12-07 10:05:50.000000000 +0100
++++ new/ui/vnc-tls.c 2011-12-07 11:04:31.000000000 +0100
+@@ -302,6 +302,14 @@
+ static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
+ {
+ /* optimize for speed */
+ static const int ciphers[] = {
+ GNUTLS_CIPHER_ARCFOUR_128,
+ 0
+ };
+
- VNC_DEBUG("Do TLS setup\n");
- if (vnc_tls_initialize() < 0) {
- VNC_DEBUG("Failed to init TLS\n");
-@@ -310,6 +318,13 @@
- return -1;
- }
+ static const int cert_types[] = { GNUTLS_CRT_X509, 0 };
+ static const int protocols[] = {
+ GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0
+@@ -313,6 +321,11 @@
+ };
+ int rc;
-+ if ((gnutls_cipher_set_priority(vs->tls.session, ciphers)) < 0) {
-+ gnutls_deinit(vs->tls.session);
-+ vs->tls.session = NULL;
-+ vnc_client_error(vs);
-+ return -1;
-+ }
-+
- if (gnutls_kx_set_priority(vs->tls.session, needX509Creds ? kx_x509 : kx_anon) < 0) {
- gnutls_deinit(vs->tls.session);
- vs->tls.session = NULL;
-@@ -419,6 +434,24 @@
++ rc = gnutls_cipher_set_priority(s, ciphers);
++ if (rc != GNUTLS_E_SUCCESS) {
++ return -1;
++ }
++
+ rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon);
+ if (rc != GNUTLS_E_SUCCESS) {
+ return -1;
+@@ -449,6 +462,24 @@
return 0;
}
+ return 0;
+
+ cleanup:
-+ qemu_free(vd->tls.x509cacert);
-+ qemu_free(vd->tls.x509cert);
-+ qemu_free(vd->tls.x509key);
++ g_free(vd->tls.x509cacert);
++ g_free(vd->tls.x509cert);
++ g_free(vd->tls.x509key);
+ vd->tls.x509cacert = vd->tls.x509cacrl = vd->tls.x509cert = vd->tls.x509key = NULL;
+ return -1;
+}
const char *certdir)
Index: new/ui/vnc-tls.h
===================================================================
---- new.orig/ui/vnc-tls.h 2011-08-11 10:04:51.000000000 +0200
-+++ new/ui/vnc-tls.h 2011-08-11 10:10:30.000000000 +0200
+--- new.orig/ui/vnc-tls.h 2011-12-07 10:05:50.000000000 +0100
++++ new/ui/vnc-tls.h 2011-12-07 10:14:41.000000000 +0100
@@ -68,6 +68,8 @@
int vnc_tls_validate_certificate(VncState *vs);
Index: new/vl.c
===================================================================
---- new.orig/vl.c 2011-08-11 10:09:56.000000000 +0200
-+++ new/vl.c 2011-08-11 10:10:30.000000000 +0200
-@@ -2774,6 +2774,7 @@
+--- new.orig/vl.c 2011-12-07 10:11:50.000000000 +0100
++++ new/vl.c 2011-12-07 10:14:41.000000000 +0100
+@@ -2909,6 +2909,7 @@
break;
case QEMU_OPTION_id:
fairsched_id = atoi(optarg);