HEADERS=translations.h event_loop.h glyphs.h spiceterm.h keysyms.h
SOURCES=screen.c event_loop.c input.c spiceterm.c auth-pve.c
-PKGS := glib-2.0 spice-protocol spice-server libsasl2
+PKGS := glib-2.0 spice-protocol spice-server
CFLAGS += `pkg-config --cflags $(PKGS)`
LIBS += `pkg-config --libs $(PKGS)`
Maintainer: Proxmox Support Team <support@proxmox.com>
Build-Depends: debhelper (>= 8.0.0),
libglib2.0-dev,
- libsasl2-dev,
libspice-protocol-dev,
- pve-libspice-server-dev,
+ libspice-server-dev,
Standards-Version: 3.9.3
Package: spiceterm
Architecture: any
-Depends: pve-libspice-server1,
+Depends: libspice-server1,
pve-qemu-kvm,
${misc:Depends},
${shlibs:Depends},
#include <spice/macros.h>
#include <spice/qxl_dev.h>
#include <spice/vd_agent.h>
-#include <sasl/sasl.h>
#include "glyphs.h"
push_command(spice_screen, &update->ext);
}
-static int
-sasl_checkpass_cb(sasl_conn_t *conn,
- void *context,
- const char *user,
- const char *pass,
- unsigned passlen,
- struct propctx *propctx)
-{
- const void *remoteport = NULL;
- char *clientip = NULL;
- if (sasl_getprop(conn, SASL_IPREMOTEPORT, &remoteport) == SASL_OK) {
- clientip = strtok(g_strdup(remoteport), ";");
- } else {
- clientip = g_strdup("unknown");
- }
-
- int res = pve_auth_verify(clientip, user, pass);
-
- g_free(clientip);
-
- return (res == 0) ? SASL_OK : SASL_NOAUTHZ;
-}
-
-static int
-sasl_getopt_cb(void *context, const char *plugin_name,
- const char *option,
- const char **result, unsigned *len)
-{
- if (strcmp(option, "mech_list") == 0) {
- *result = "plain";
- len = NULL;
- return SASL_OK;
- }
-
- return SASL_FAIL;
-}
-
-typedef int sasl_cb_fn(void);
-static sasl_callback_t sasl_callbacks[] = {
- { SASL_CB_GETOPT, (sasl_cb_fn *)sasl_getopt_cb, NULL },
- { SASL_CB_SERVER_USERDB_CHECKPASS, (sasl_cb_fn *)sasl_checkpass_cb, NULL },
- { SASL_CB_LIST_END, NULL, NULL },
-};
-
SpiceScreen *
spice_screen_new(SpiceCoreInterface *core, uint32_t width, uint32_t height,
SpiceTermOptions *opts)
if (opts->noauth) {
spice_server_set_noauth(server);
} else {
- if (opts->sasl) {
- spice_server_set_sasl(server, 1);
- spice_server_set_sasl_appname(server, NULL); // enforce pve auth
- spice_server_set_sasl_callbacks(server, sasl_callbacks);
- } else {
- char *ticket = getenv("SPICE_TICKET");
- if (ticket) {
- spice_server_set_ticket(server, ticket, 300, 0, 0);
- }
+ char *ticket = getenv("SPICE_TICKET");
+ if (ticket) {
+ spice_server_set_ticket(server, ticket, 300, 0, 0);
}
}
fprintf(stderr, " --permission <perm> Required permissions (PVE AUTH)\n");
fprintf(stderr, " --port <port> Bind to port <port>\n");
fprintf(stderr, " --addr <addr> Bind to address <addr>\n");
- fprintf(stderr, " --sasl Enable SASL based authentication\n");
fprintf(stderr, " --noauth Disable authentication\n");
fprintf(stderr, " --keymap Spefify keymap (uses kvm keymap files)\n");
}
.port = 5900,
.addr = NULL,
.noauth = FALSE,
- .sasl = FALSE,
};
static struct option long_options[] = {
{ "addr", required_argument, 0, 'a' },
{ "keymap", required_argument, 0, 'k' },
{ "noauth", no_argument, 0, 'n' },
- { "sasl", no_argument, 0, 's' },
{ NULL, 0, 0, 0 },
};
- while ((c = getopt_long(argc, argv, "nkst:a:p:P:", long_options, NULL)) != -1) {
-
+ while ((c = getopt_long(argc, argv, "nkt:a:p:P:", long_options, NULL)) != -1) {
switch (c) {
case 'n':
opts.noauth = TRUE;
break;
- case 's':
- opts.sasl = TRUE;
- break;
case 'k':
opts.keymap = optarg;
break;
char *addr;
char *keymap;
gboolean noauth;
- gboolean sasl;
} SpiceTermOptions;
typedef struct SpiceScreen SpiceScreen;
--permission <perm> Required permissions (PVE AUTH)
--port <port> Bind to port <port>
--addr <addr> Bind to address <addr>
- --sasl Enable SASL based authentication
--noauth Disable authentication
--keymap Spefify keymap (uses kvm keymap files)
=item screen resize (vdagent)
-=item SASL support
-
=item use TLS to encrypt all traffic
=item use Proxmox VE authentication
=head1 Authentication
-You can disable authentication using the C<--noauth> option.
-
-Please use C<--sasl> if you want to connect with username and password
-(password if verified using the Proxmox VE auth framework).
+You can disable authentication using the C<--noauth> option.
Ticket authentication is default, and you should pass the ticket using
the C<SPICE_TICKET> environment variable.