Enable VeNCrypt PLAIN authentication

https://bugzilla.proxmox.com/show_bug.cgi?id=84

this enable vnc plain authentication.

So external vnc client withtout x509 can connect without hacking code.

And also we can use novnc console with plain authentifcation (over ssl) or java console with x509 authentification

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

diff --git a/debian/patches/series b/debian/patches/series
index ab59a91402761ae56f50e71594c09eb96525a4ed..d20745b19034b2f60cc364392c3de773d155b288 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ set-max-nics.patch
 pve-auth.patch
 update-cpus-x86_64.conf-to-rhel6.2-version.patch
 rbd-enable-cacheoption.patch
+vencrypt-auth-plain.patch

diff --git a/debian/patches/vencrypt-auth-plain.patch b/debian/patches/vencrypt-auth-plain.patch
new file mode 100644 (file)
index 0000000..9c30224
--- /dev/null
+++ b/debian/patches/vencrypt-auth-plain.patch
@@ -0,0 +1,77 @@
+--- qemu-kvm/ui/vnc-auth-vencrypt.c    2012-01-17 01:31:17.000000000 +0100
++++ qemu-kvm.new/ui/vnc-auth-vencrypt.c        2012-01-17 01:31:48.000000000 +0100
+@@ -143,6 +143,11 @@
+        vnc_read_when(vs, protocol_client_auth_plain_start, 8);
+        break;
+ 
++    case VNC_AUTH_VENCRYPT_PLAIN:
++       VNC_DEBUG("Start auth PLAIN\n");
++       vnc_read_when(vs, protocol_client_auth_plain_start, 8);
++       break;
++
+     case VNC_AUTH_VENCRYPT_TLSVNC:
+     case VNC_AUTH_VENCRYPT_X509VNC:
+        VNC_DEBUG("Start TLS auth VNC\n");
+@@ -226,25 +231,32 @@
+ {
+     int auth = read_u32(data, 0);
+ 
+-    if (auth != vs->subauth) {
++    if (auth != vs->subauth && auth != VNC_AUTH_VENCRYPT_PLAIN) {
+         VNC_DEBUG("Rejecting auth %d\n", auth);
+         vnc_write_u8(vs, 0); /* Reject auth */
+         vnc_flush(vs);
+         vnc_client_error(vs);
+     } else {
+-        VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth);
+-        vnc_write_u8(vs, 1); /* Accept auth */
+-        vnc_flush(vs);
+-
+-        if (vnc_tls_client_setup(vs, NEED_X509_AUTH(vs)) < 0) {
+-            VNC_DEBUG("Failed to setup TLS\n");
+-            return 0;
++        if (auth == VNC_AUTH_VENCRYPT_PLAIN) {
++            vs->subauth = auth; 
++            start_auth_vencrypt_subauth(vs);
+         }
+-
+-        VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
+-        if (vnc_start_vencrypt_handshake(vs) < 0) {
+-            VNC_DEBUG("Failed to start TLS handshake\n");
+-            return 0;
++        else
++        {
++            VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth);
++            vnc_write_u8(vs, 1); /* Accept auth */
++            vnc_flush(vs); 
++
++           if (vnc_tls_client_setup(vs, NEED_X509_AUTH(vs)) < 0) {
++                VNC_DEBUG("Failed to setup TLS\n");
++                return 0;
++            }
++
++            VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
++            if (vnc_start_vencrypt_handshake(vs) < 0) {
++                VNC_DEBUG("Failed to start TLS handshake\n");
++                return 0;
++            }
+         }
+     }
+     return 0;
+@@ -259,10 +271,11 @@
+         vnc_flush(vs);
+         vnc_client_error(vs);
+     } else {
+-        VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
++        VNC_DEBUG("Sending allowed auths %d %d\n", vs->subauth, VNC_AUTH_VENCRYPT_PLAIN);
+         vnc_write_u8(vs, 0); /* Accept version */
+-        vnc_write_u8(vs, 1); /* Number of sub-auths */
++        vnc_write_u8(vs, 2); /* Number of sub-auths */
+         vnc_write_u32(vs, vs->subauth); /* The supported auth */
++       vnc_write_u32(vs, VNC_AUTH_VENCRYPT_PLAIN); /* Alternative supported auth */
+         vnc_flush(vs);
+         vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
+     }
+-- 
+1.7.2.5
+