X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=debian%2Fpatches%2Fpve-auth.patch;h=9facc1ad811ef8e303821d1e32036c87ed72d268;hb=259e9b41bf9ac008252f3b46bb597e662d3fc966;hp=bf39a51adcddff155fac16bdde0e9ff8550ce6a4;hpb=afde45c9f671a3e7aecf841001985be1e25f6934;p=pve-qemu-kvm.git diff --git a/debian/patches/pve-auth.patch b/debian/patches/pve-auth.patch index bf39a51..9facc1a 100644 --- a/debian/patches/pve-auth.patch +++ b/debian/patches/pve-auth.patch @@ -1,10 +1,63 @@ +Index: new/qemu-options.hx +=================================================================== +--- new.orig/qemu-options.hx 2014-11-20 06:45:06.000000000 +0100 ++++ new/qemu-options.hx 2014-11-20 06:50:44.000000000 +0100 +@@ -411,6 +411,9 @@ + @table @option + ETEXI + ++DEF("id", HAS_ARG, QEMU_OPTION_id, ++ "-id n set the VMID\n", QEMU_ARCH_ALL) ++ + DEF("fda", HAS_ARG, QEMU_OPTION_fda, + "-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL) + DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL) +Index: new/vl.c +=================================================================== +--- new.orig/vl.c 2014-11-20 06:45:06.000000000 +0100 ++++ new/vl.c 2014-11-20 06:50:44.000000000 +0100 +@@ -2730,6 +2730,7 @@ + int main(int argc, char **argv, char **envp) + { + int i; ++ long int vm_id_long = 0; + int snapshot, linux_boot; + const char *initrd_filename; + const char *kernel_filename, *kernel_cmdline; +@@ -3477,6 +3478,14 @@ + exit(1); + } + break; ++ case QEMU_OPTION_id: ++ vm_id_long = strtol(optarg, (char **) &optarg, 10); ++ if (*optarg != 0 || vm_id_long < 100 || vm_id_long > INT_MAX) { ++ fprintf(stderr, "Invalid ID\n"); ++ exit(1); ++ } ++ pve_auth_setup(vm_id_long); ++ break; + case QEMU_OPTION_vnc: + { + #ifdef CONFIG_VNC +Index: new/include/ui/console.h +=================================================================== +--- new.orig/include/ui/console.h 2014-11-20 06:45:06.000000000 +0100 ++++ new/include/ui/console.h 2014-11-20 06:50:55.000000000 +0100 +@@ -328,6 +328,7 @@ + void cocoa_display_init(DisplayState *ds, int full_screen); + + /* vnc.c */ ++void pve_auth_setup(int vmid); + void vnc_display_init(const char *id); + void vnc_display_open(const char *id, Error **errp); + void vnc_display_add_client(const char *id, int csock, bool skipauth); Index: new/ui/vnc.c =================================================================== ---- new.orig/ui/vnc.c 2014-05-05 06:55:26.000000000 +0200 -+++ new/ui/vnc.c 2014-05-05 07:24:10.000000000 +0200 -@@ -44,6 +44,125 @@ +--- new.orig/ui/vnc.c 2014-11-20 06:50:51.000000000 +0100 ++++ new/ui/vnc.c 2014-11-20 06:50:55.000000000 +0100 +@@ -48,6 +48,125 @@ #include "vnc_keysym.h" - #include "d3des.h" + #include "crypto/cipher.h" +static int pve_vmid = 0; + @@ -125,32 +178,11 @@ Index: new/ui/vnc.c + return -1; +} + - static VncDisplay *vnc_display; /* needed for info vnc */ + static QTAILQ_HEAD(, VncDisplay) vnc_displays = + QTAILQ_HEAD_INITIALIZER(vnc_displays); - static int vnc_cursor_define(VncState *vs); -@@ -3125,6 +3244,7 @@ - tls = 1; /* Require TLS */ - } else if (strncmp(options, "x509", 4) == 0) { - char *start, *end; -+ tls = 1; /* Require TLS */ - x509 = 1; /* Require x509 certificates */ - if (strncmp(options, "x509verify", 10) == 0) - vs->tls.x509verify = 1; /* ...and verify client certs */ -@@ -3145,8 +3265,10 @@ - } - g_free(path); - } else { -- error_setg(errp, "No certificate path provided"); -- goto fail; -+ if (pve_tls_set_x509_creds_dir(vs) < 0) { -+ error_setg(errp, "No certificate path provided"); -+ goto fail; -+ } +@@ -3393,10 +3512,10 @@ } - #endif - #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) -@@ -3219,10 +3341,10 @@ - vs->auth = VNC_AUTH_VENCRYPT; if (x509) { VNC_DEBUG("Initializing VNC server with x509 password auth\n"); - vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; @@ -161,11 +193,27 @@ Index: new/ui/vnc.c + vs->subauth = VNC_AUTH_VENCRYPT_TLSPLAIN; } } else { - #endif /* CONFIG_VNC_TLS */ + VNC_DEBUG("Initializing VNC server with password auth\n"); +@@ -3557,7 +3676,14 @@ + vs->tls.x509verify = true; + } + } +- if (path) { ++ if (path && strcmp(path, "on") == 0) { ++ x509 = true; ++ tls = true; ++ if (pve_tls_set_x509_creds_dir(vs) < 0) { ++ error_setg(errp, "No certificate path provided"); ++ goto fail; ++ } ++ } else if (path) { + x509 = true; + if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { + error_setg(errp, "Failed to find x509 certificates/keys in %s", Index: new/ui/vnc-auth-vencrypt.c =================================================================== ---- new.orig/ui/vnc-auth-vencrypt.c 2014-05-05 06:55:26.000000000 +0200 -+++ new/ui/vnc-auth-vencrypt.c 2014-05-05 07:24:10.000000000 +0200 +--- new.orig/ui/vnc-auth-vencrypt.c 2014-11-20 06:45:06.000000000 +0100 ++++ new/ui/vnc-auth-vencrypt.c 2014-11-20 06:50:55.000000000 +0100 @@ -26,6 +26,107 @@ #include "vnc.h" @@ -289,18 +337,18 @@ Index: new/ui/vnc-auth-vencrypt.c VNC_DEBUG("Start TLS auth VNC\n"); Index: new/ui/vnc.h =================================================================== ---- new.orig/ui/vnc.h 2014-05-05 06:55:26.000000000 +0200 -+++ new/ui/vnc.h 2014-05-05 07:24:10.000000000 +0200 -@@ -279,6 +279,8 @@ - char challenge[VNC_AUTH_CHALLENGE_SIZE]; - #ifdef CONFIG_VNC_TLS +--- new.orig/ui/vnc.h 2014-11-20 06:45:06.000000000 +0100 ++++ new/ui/vnc.h 2014-11-20 06:50:55.000000000 +0100 +@@ -288,6 +288,8 @@ + int auth; int subauth; /* Used by VeNCrypt */ + char challenge[VNC_AUTH_CHALLENGE_SIZE]; + int username_len; + int password_len; + #ifdef CONFIG_VNC_TLS VncStateTLS tls; #endif - #ifdef CONFIG_VNC_SASL -@@ -594,4 +596,6 @@ +@@ -603,4 +605,6 @@ int vnc_zywrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h); void vnc_zrle_clear(VncState *vs); @@ -309,8 +357,8 @@ Index: new/ui/vnc.h #endif /* __QEMU_VNC_H */ Index: new/ui/vnc-tls.c =================================================================== ---- new.orig/ui/vnc-tls.c 2014-05-05 06:55:26.000000000 +0200 -+++ new/ui/vnc-tls.c 2014-05-05 07:24:10.000000000 +0200 +--- new.orig/ui/vnc-tls.c 2014-11-20 06:45:06.000000000 +0100 ++++ new/ui/vnc-tls.c 2014-11-20 06:50:55.000000000 +0100 @@ -302,6 +302,14 @@ static int vnc_set_gnutls_priority(gnutls_session_t s, int x509) @@ -338,7 +386,7 @@ Index: new/ui/vnc-tls.c rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon); if (rc != GNUTLS_E_SUCCESS) { return -1; -@@ -466,6 +479,24 @@ +@@ -448,6 +460,24 @@ return 0; } @@ -365,9 +413,9 @@ Index: new/ui/vnc-tls.c const char *certdir) Index: new/ui/vnc-tls.h =================================================================== ---- new.orig/ui/vnc-tls.h 2014-05-05 06:55:26.000000000 +0200 -+++ new/ui/vnc-tls.h 2014-05-05 07:24:10.000000000 +0200 -@@ -68,6 +68,8 @@ +--- new.orig/ui/vnc-tls.h 2014-11-20 06:45:06.000000000 +0100 ++++ new/ui/vnc-tls.h 2014-11-20 06:50:55.000000000 +0100 +@@ -61,6 +61,8 @@ int vnc_tls_validate_certificate(VncState *vs); @@ -376,27 +424,3 @@ Index: new/ui/vnc-tls.h int vnc_tls_set_x509_creds_dir(VncDisplay *vd, const char *path); -Index: new/vl.c -=================================================================== ---- new.orig/vl.c 2014-05-05 07:13:45.000000000 +0200 -+++ new/vl.c 2014-05-05 07:24:10.000000000 +0200 -@@ -3690,6 +3690,7 @@ - fprintf(stderr, "Invalid ID\n"); - exit(1); - } -+ pve_auth_setup(fairsched_id); - break; - case QEMU_OPTION_cpuunits: - cpuunits = atoi(optarg); -Index: new/include/ui/console.h -=================================================================== ---- new.orig/include/ui/console.h 2014-05-05 06:55:26.000000000 +0200 -+++ new/include/ui/console.h 2014-05-05 07:24:10.000000000 +0200 -@@ -319,6 +319,7 @@ - void cocoa_display_init(DisplayState *ds, int full_screen); - - /* vnc.c */ -+void pve_auth_setup(int vmid); - void vnc_display_init(DisplayState *ds); - void vnc_display_open(DisplayState *ds, const char *display, Error **errp); - void vnc_display_add_client(DisplayState *ds, int csock, bool skipauth);