From 4e76d23415b59c3d978b0298b87a4edfb0f728a6 Mon Sep 17 00:00:00 2001 From: Alexandre Derumier Date: Wed, 8 Aug 2012 10:17:34 +0200 Subject: [PATCH] Enable VeNCrypt PLAIN authentication https://bugzilla.proxmox.com/show_bug.cgi?id=84 this enable vnc plain authentication. So external vnc client withtout x509 can connect without hacking code. And also we can use novnc console with plain authentifcation (over ssl) or java console with x509 authentification Signed-off-by: Alexandre Derumier --- debian/patches/series | 1 + debian/patches/vencrypt-auth-plain.patch | 77 ++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 debian/patches/vencrypt-auth-plain.patch diff --git a/debian/patches/series b/debian/patches/series index ab59a91..d20745b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,4 @@ set-max-nics.patch pve-auth.patch update-cpus-x86_64.conf-to-rhel6.2-version.patch rbd-enable-cacheoption.patch +vencrypt-auth-plain.patch diff --git a/debian/patches/vencrypt-auth-plain.patch b/debian/patches/vencrypt-auth-plain.patch new file mode 100644 index 0000000..9c30224 --- /dev/null +++ b/debian/patches/vencrypt-auth-plain.patch @@ -0,0 +1,77 @@ +--- qemu-kvm/ui/vnc-auth-vencrypt.c 2012-01-17 01:31:17.000000000 +0100 ++++ qemu-kvm.new/ui/vnc-auth-vencrypt.c 2012-01-17 01:31:48.000000000 +0100 +@@ -143,6 +143,11 @@ + vnc_read_when(vs, protocol_client_auth_plain_start, 8); + break; + ++ case VNC_AUTH_VENCRYPT_PLAIN: ++ VNC_DEBUG("Start auth PLAIN\n"); ++ vnc_read_when(vs, protocol_client_auth_plain_start, 8); ++ break; ++ + case VNC_AUTH_VENCRYPT_TLSVNC: + case VNC_AUTH_VENCRYPT_X509VNC: + VNC_DEBUG("Start TLS auth VNC\n"); +@@ -226,25 +231,32 @@ + { + int auth = read_u32(data, 0); + +- if (auth != vs->subauth) { ++ if (auth != vs->subauth && auth != VNC_AUTH_VENCRYPT_PLAIN) { + VNC_DEBUG("Rejecting auth %d\n", auth); + vnc_write_u8(vs, 0); /* Reject auth */ + vnc_flush(vs); + vnc_client_error(vs); + } else { +- VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth); +- vnc_write_u8(vs, 1); /* Accept auth */ +- vnc_flush(vs); +- +- if (vnc_tls_client_setup(vs, NEED_X509_AUTH(vs)) < 0) { +- VNC_DEBUG("Failed to setup TLS\n"); +- return 0; ++ if (auth == VNC_AUTH_VENCRYPT_PLAIN) { ++ vs->subauth = auth; ++ start_auth_vencrypt_subauth(vs); + } +- +- VNC_DEBUG("Start TLS VeNCrypt handshake process\n"); +- if (vnc_start_vencrypt_handshake(vs) < 0) { +- VNC_DEBUG("Failed to start TLS handshake\n"); +- return 0; ++ else ++ { ++ VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth); ++ vnc_write_u8(vs, 1); /* Accept auth */ ++ vnc_flush(vs); ++ ++ if (vnc_tls_client_setup(vs, NEED_X509_AUTH(vs)) < 0) { ++ VNC_DEBUG("Failed to setup TLS\n"); ++ return 0; ++ } ++ ++ VNC_DEBUG("Start TLS VeNCrypt handshake process\n"); ++ if (vnc_start_vencrypt_handshake(vs) < 0) { ++ VNC_DEBUG("Failed to start TLS handshake\n"); ++ return 0; ++ } + } + } + return 0; +@@ -259,10 +271,11 @@ + vnc_flush(vs); + vnc_client_error(vs); + } else { +- VNC_DEBUG("Sending allowed auth %d\n", vs->subauth); ++ VNC_DEBUG("Sending allowed auths %d %d\n", vs->subauth, VNC_AUTH_VENCRYPT_PLAIN); + vnc_write_u8(vs, 0); /* Accept version */ +- vnc_write_u8(vs, 1); /* Number of sub-auths */ ++ vnc_write_u8(vs, 2); /* Number of sub-auths */ + vnc_write_u32(vs, vs->subauth); /* The supported auth */ ++ vnc_write_u32(vs, VNC_AUTH_VENCRYPT_PLAIN); /* Alternative supported auth */ + vnc_flush(vs); + vnc_read_when(vs, protocol_client_vencrypt_auth, 4); + } +-- +1.7.2.5 + -- 2.39.5