Re: [PATCH][Take 3] VNC authentification

Re: [PATCH][Take 3] VNC authentification

[Masami Watanabe]

Hi all,

My understanding of main_loop of vl.c was insufficient. 
I have improved the point to have set the handler doubly.
The protocol of protocol 3.3 and (UltraVNC's ?)3.4 did not actually
need the response of the authentification type from the client.
Therefore, protocol_authtype operated without being called.

I will post the take 4 patch after this.

The patch has limited  RFB protocol to 3.3 and 3.4.
I also think that it should support 3.8 without being support 3.3 in
the future.

However, Leaving like non authetification is not good.
You will think the patch to be provisional action till then.

Another.
ill the RFB protocol still keep evolving in the future?


Best regards,
Watanabe


On Tue, 03 Oct 2006 13:49:37 -0500, Anthony Liguori wrote:
> Daniel P. Berrange wrote:
> > On Tue, Oct 03, 2006 at 12:56:31PM -0500, Anthony Liguori wrote:
> >   
> >> Masami Watanabe wrote:
> >>     
> >>> +static int vnc_auth(VncState *vs)
> >>> +{
> >>> +    extern char vncpasswd[64];
> >>> +    extern unsigned char challenge[AUTHCHALLENGESIZE];
> >>> +
> >>> +    if (*vncpasswd == '\0') {
> >>> +	/* AuthType is None */
> >>> +	vnc_write_u32(vs, 1);
> >>> +	vnc_flush(vs);
> >>> +	vnc_read_when(vs, protocol_client_init, 1);
> >>> +    } else {
> >>> +	/* AuthType is VncAuth */
> >>> +	vnc_write_u32(vs, 2);
> >>> +	vnc_flush(vs);
> >>> +
> >>> +	/* Read AuthType */
> >>> +	vnc_read_when(vs, protocol_authtype, 1);
> >>>  
> >>>       
> >> As I mentioned before, you cannot have to vnc_read_when()'s execution 
> >> path without returning the the mainloop.
> >>
> >> protocol_authtype() cannot possibly be invoked.  If the code is working 
> >> now, it's pure luck.
> >>     
> >
> > Yeah, the impl of protocol_authtype() in there is a no-op too - it should
> > be rejecting auth types which aren't supported, even if it was being invoked.
> > With the code as it is, protocol_authtype never runs & the server starts
> > doing VNCAuth regardless of what the client says it wants to do, which is
> > clearly not correct.
> >   
> 
> Another thing to keep in mind, is that the reason I did 3.3 instead of 
> 3.8 is that I knew there was only one auth type we would be supporting.  
> If we do support multiple auth types, we really ought to move to using 
> the 3.8 protocol since that provides a negotiation mechanism.
> 
> Regards,
> 
> Anthony Liguori
> 
> > Dan.
> >   
> 

Re: [PATCH][Take 3] VNC authentification

[Daniel P. Berrange]

On Thu, Oct 05, 2006 at 08:24:48AM +0900, Masami Watanabe wrote:
> Hi all,
> 
> My understanding of main_loop of vl.c was insufficient. 
> I have improved the point to have set the handler doubly.
> The protocol of protocol 3.3 and (UltraVNC's ?)3.4 did not actually
> need the response of the authentification type from the client.
> Therefore, protocol_authtype operated without being called.
> 
> I will post the take 4 patch after this.
> 
> The patch has limited  RFB protocol to 3.3 and 3.4.
> I also think that it should support 3.8 without being support 3.3 in
> the future.
> 
> However, Leaving like non authetification is not good.
> You will think the patch to be provisional action till then.

If you get the basic auth working correctly with RFB protocol 3.3,
IMHO, that will be sufficient for an initial commit to xen-unstable
because it is such a step forward over the current 'no auth'
situation. We can consider extending it to cover protocol 3.8
at a later date when we decide which other auth meachanisms
are particularly important.

> Another.
> ill the RFB protocol still keep evolving in the future?

Its been on 3.8 for a while & clients will negotiate a mutually
supported protocol version with the server, so no need to worry
about future protocol versions at this time.

Regards,
Dan
--
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Re: [PATCH][Take 3] VNC authentification

[Anthony Liguori]

Masami Watanabe wrote:
> Hi all,
>
> My understanding of main_loop of vl.c was insufficient. 
> I have improved the point to have set the handler doubly.
> The protocol of protocol 3.3 and (UltraVNC's ?)3.4 did not actually
> need the response of the authentification type from the client.
> Therefore, protocol_authtype operated without being called.
>   

Yeah, I noticed that myself. That why your code was working. Your
authtype (which would have been right for 3.7+) was not being invoked
which happened to make it work for 3.3 :-)

> I will post the take 4 patch after this.
>
> The patch has limited  RFB protocol to 3.3 and 3.4.
> I also think that it should support 3.8 without being support 3.3 in
> the future.
>   

There is no official RFB 3.4.

The only documented protocols are 3.3, 3.7, and 3.8. Leaving no
authentication is definitely important. I can live with not having 3.8
support right away but I think it's key to allow for no authentication.

Regards,

Anthony Liguori

> However, Leaving like non authetification is not good.
> You will think the patch to be provisional action till then.
>
> Another.
> ill the RFB protocol still keep evolving in the future?
>
>
> Best regards,
> Watanabe
>
>
> On Tue, 03 Oct 2006 13:49:37 -0500, Anthony Liguori wrote:
>   
>> Daniel P. Berrange wrote:
>>     
>>> On Tue, Oct 03, 2006 at 12:56:31PM -0500, Anthony Liguori wrote:
>>>   
>>>       
>>>> Masami Watanabe wrote:
>>>>     
>>>>         
>>>>> +static int vnc_auth(VncState *vs)
>>>>> +{
>>>>> +    extern char vncpasswd[64];
>>>>> +    extern unsigned char challenge[AUTHCHALLENGESIZE];
>>>>> +
>>>>> +    if (*vncpasswd == '\0') {
>>>>> +	/* AuthType is None */
>>>>> +	vnc_write_u32(vs, 1);
>>>>> +	vnc_flush(vs);
>>>>> +	vnc_read_when(vs, protocol_client_init, 1);
>>>>> +    } else {
>>>>> +	/* AuthType is VncAuth */
>>>>> +	vnc_write_u32(vs, 2);
>>>>> +	vnc_flush(vs);
>>>>> +
>>>>> +	/* Read AuthType */
>>>>> +	vnc_read_when(vs, protocol_authtype, 1);
>>>>>  
>>>>>       
>>>>>           
>>>> As I mentioned before, you cannot have to vnc_read_when()'s execution 
>>>> path without returning the the mainloop.
>>>>
>>>> protocol_authtype() cannot possibly be invoked.  If the code is working 
>>>> now, it's pure luck.
>>>>     
>>>>         
>>> Yeah, the impl of protocol_authtype() in there is a no-op too - it should
>>> be rejecting auth types which aren't supported, even if it was being invoked.
>>> With the code as it is, protocol_authtype never runs & the server starts
>>> doing VNCAuth regardless of what the client says it wants to do, which is
>>> clearly not correct.
>>>   
>>>       
>> Another thing to keep in mind, is that the reason I did 3.3 instead of 
>> 3.8 is that I knew there was only one auth type we would be supporting.  
>> If we do support multiple auth types, we really ought to move to using 
>> the 3.8 protocol since that provides a negotiation mechanism.
>>
>> Regards,
>>
>> Anthony Liguori
>>
>>     
>>> Dan.
>>>   
>>>       
>
>   

[PATCH][Take 4] VNC authentification

[Masami Watanabe]

Hi all,

This is take 4 on VNC authentification.

The specification is as mentioned at
http://lists.xensource.com/archives/html/xen-devel/2006-09/msg00666.html
(However, password came to describe plain text)

The difference is follows.
- protocol_authtype() without the necessity was deleted.
- The check on the protocol version was added.
- And, some small modification.

Thanks all.


Signed-off-by: Masami Watanabe <masami.watanabe@jp.fujitsu.com>

Best regards,
Watanabe


-----
diff -r f426f6e646eb tools/examples/xend-config.sxp
--- a/tools/examples/xend-config.sxp	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/examples/xend-config.sxp	Thu Oct 05 08:30:52 2006 +0900
@@ -130,3 +130,7 @@
 
 # The tool used for initiating virtual TPM migration
 #(external-migration-tool '')
+
+# The default password for VNC console on HVM domain.
+# Empty string is no authentication.
+(vncpasswd '')
diff -r f426f6e646eb tools/examples/xmexample.hvm
--- a/tools/examples/xmexample.hvm	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/examples/xmexample.hvm	Thu Oct 05 08:30:52 2006 +0900
@@ -145,6 +145,11 @@ vnc=1
 #vncconsole=0
 
 #----------------------------------------------------------------------------
+# set password for domain's VNC console
+# default is depents on vncpasswd in xend-config.sxp
+vncpasswd=''
+
+#----------------------------------------------------------------------------
 # no graphics, use serial port
 #nographic=0
 
diff -r f426f6e646eb tools/examples/xmexample.vti
--- a/tools/examples/xmexample.vti	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/examples/xmexample.vti	Thu Oct 05 08:30:52 2006 +0900
@@ -95,6 +95,11 @@ vnc=0
 #vncconsole=0
 
 #----------------------------------------------------------------------------
+# set password for domain's VNC console
+# default is depents on vncpasswd in xend-config.sxp
+vncpasswd=''
+
+#----------------------------------------------------------------------------
 # no graphics, use serial port
 #nographic=0
 
diff -r f426f6e646eb tools/ioemu/Makefile.target
--- a/tools/ioemu/Makefile.target	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/ioemu/Makefile.target	Thu Oct 05 08:30:52 2006 +0900
@@ -398,6 +398,7 @@ VL_OBJS+=sdl.o
 VL_OBJS+=sdl.o
 endif
 VL_OBJS+=vnc.o
+VL_OBJS+=d3des.o
 ifdef CONFIG_COCOA
 VL_OBJS+=cocoa.o
 COCOA_LIBS=-F/System/Library/Frameworks -framework Cocoa -framework IOKit
@@ -456,6 +457,9 @@ sdl.o: sdl.c keymaps.c sdl_keysym.h
 	$(CC) $(CFLAGS) $(DEFINES) $(SDL_CFLAGS) -c -o $@ $<
 
 vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h
+	$(CC) $(CFLAGS) $(DEFINES) -c -o $@ $<
+
+d3des.o: d3des.c d3des.h
 	$(CC) $(CFLAGS) $(DEFINES) -c -o $@ $<
 
 sdlaudio.o: sdlaudio.c
diff -r f426f6e646eb tools/ioemu/vl.c
--- a/tools/ioemu/vl.c	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/ioemu/vl.c	Thu Oct 05 08:30:52 2006 +0900
@@ -169,6 +169,9 @@ time_t timeoffset = 0;
 
 char domain_name[1024] = { 'H','V', 'M', 'X', 'E', 'N', '-'};
 extern int domid;
+
+char vncpasswd[64];
+unsigned char challenge[AUTHCHALLENGESIZE];
 
 /***********************************************************/
 /* x86 ISA bus support */
@@ -5901,6 +5904,7 @@ int main(int argc, char **argv)
     vncunused = 0;
     kernel_filename = NULL;
     kernel_cmdline = "";
+    *vncpasswd = '\0';
 #ifndef CONFIG_DM
 #ifdef TARGET_PPC
     cdrom_index = 1;
@@ -6544,6 +6548,10 @@ int main(int argc, char **argv)
 
     init_ioports();
 
+    /* read vncpasswd from xenstore */
+    if (0 > xenstore_read_vncpasswd(domid))
+        exit(1);
+
     /* terminal init */
     if (nographic) {
         dumb_display_init(ds);
diff -r f426f6e646eb tools/ioemu/vl.h
--- a/tools/ioemu/vl.h	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/ioemu/vl.h	Thu Oct 05 08:30:52 2006 +0900
@@ -1209,6 +1209,7 @@ void xenstore_process_event(void *opaque
 void xenstore_process_event(void *opaque);
 void xenstore_check_new_media_present(int timeout);
 void xenstore_write_vncport(int vnc_display);
+int xenstore_read_vncpasswd(int domid);
 
 /* xen_platform.c */
 void pci_xen_platform_init(PCIBus *bus);
@@ -1220,4 +1221,7 @@ extern char domain_name[];
 
 void destroy_hvm_domain(void);
 
+/* VNC Authentication */
+#define AUTHCHALLENGESIZE 16
+
 #endif /* VL_H */
diff -r f426f6e646eb tools/ioemu/vnc.c
--- a/tools/ioemu/vnc.c	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/ioemu/vnc.c	Thu Oct 05 08:30:52 2006 +0900
@@ -44,6 +44,7 @@
 
 #include "vnc_keysym.h"
 #include "keymaps.c"
+#include "d3des.h"
 
 #define XK_MISCELLANY
 #define XK_LATIN1
@@ -137,6 +138,9 @@ static void vnc_update_client(void *opaq
 static void vnc_update_client(void *opaque);
 static void vnc_client_read(void *opaque);
 static void framebuffer_set_updated(VncState *vs, int x, int y, int w, int h);
+static int make_challenge(char *random, int size);
+static void set_seed(unsigned int *seedp);
+static void get_random(int len, unsigned char *buf);
 
 #if 0
 static inline void vnc_set_bit(uint32_t *d, int k)
@@ -1208,23 +1212,92 @@ static int protocol_client_init(VncState
     return 0;
 }
 
+static int protocol_response(VncState *vs, char *client_response, size_t len)
+{
+    extern char vncpasswd[64];
+    extern unsigned char challenge[AUTHCHALLENGESIZE];
+    unsigned char cryptchallenge[AUTHCHALLENGESIZE];
+    unsigned char key[8];
+    int passwdlen, i, j;
+
+    memcpy(cryptchallenge, challenge, AUTHCHALLENGESIZE);
+
+    /* Calculate the sent challenge */
+    passwdlen = strlen(vncpasswd);
+    for (i=0; i<8; i++)
+	key[i] = i<passwdlen ? vncpasswd[i] : 0;
+    deskey(key, EN0);
+    for (j = 0; j < AUTHCHALLENGESIZE; j += 8)
+	des(cryptchallenge+j, cryptchallenge+j);
+
+    /* Check the actual response */
+    if (memcmp(cryptchallenge, client_response, AUTHCHALLENGESIZE) != 0) {
+	/* password error */
+	vnc_write_u32(vs, 1);
+	vnc_write_u32(vs, 22);
+	vnc_write(vs, "Authentication failure", 22);
+	vnc_flush(vs);
+	fprintf(stderr, "VNC Password error.\n");
+	vnc_client_error(vs);
+	return 0;
+    }
+
+    vnc_write_u32(vs, 0);
+    vnc_flush(vs);
+
+    vnc_read_when(vs, protocol_client_init, 1);
+
+    return 0;
+}
+
 static int protocol_version(VncState *vs, char *version, size_t len)
 {
+    extern char vncpasswd[64];
+    extern unsigned char challenge[AUTHCHALLENGESIZE];
     char local[13];
-    int maj, min;
+    int  support, maj, min;
 
     memcpy(local, version, 12);
     local[12] = 0;
 
+    /* protocol version check */
     if (sscanf(local, "RFB %03d.%03d\n", &maj, &min) != 2) {
+	fprintf(stderr, "Protocol version error.\n");
 	vnc_client_error(vs);
 	return 0;
     }
 
-    vnc_write_u32(vs, 1); /* None */
-    vnc_flush(vs);
-
-    vnc_read_when(vs, protocol_client_init, 1);
+
+    support = 0;
+    if (maj = 3) {
+	if (min == 3 || min ==4) {
+	    support = 1;
+	}
+    }
+
+    if (! support) {
+	fprintf(stderr, "Client uses unsupported protocol version %d.%d.\n",
+		maj, min);
+	vnc_client_error(vs);
+	return 0;
+    }
+
+    if (*vncpasswd == '\0') {
+	/* AuthType is None */
+	vnc_write_u32(vs, 1);
+	vnc_flush(vs);
+	vnc_read_when(vs, protocol_client_init, 1);
+    } else {
+	/* AuthType is VncAuth */
+	vnc_write_u32(vs, 2);
+
+	/* Challenge-Responce authentication */
+	/* Send Challenge */
+	make_challenge(challenge, AUTHCHALLENGESIZE);
+	vnc_write(vs, challenge, AUTHCHALLENGESIZE);
+	vnc_flush(vs);
+	vnc_read_when(vs, protocol_response, AUTHCHALLENGESIZE);
+    }
 
     return 0;
 }
@@ -1344,3 +1417,32 @@ int vnc_start_viewer(int port)
 	return pid;
     }
 }
+
+unsigned int seed;
+
+static int make_challenge(char *random, int size)
+{
+ 
+    set_seed(&seed);
+    get_random(size, random);
+
+    return 0;
+}
+
+static void set_seed(unsigned int *seedp)
+{
+    *seedp += (unsigned int)(time(NULL)+getpid()+getpid()*987654+rand());
+    srand(*seedp);
+
+    return;
+}
+
+static void get_random(int len, unsigned char *buf)
+{
+    int i;
+
+    for (i=0; i<len; i++)
+	buf[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
+
+    return;
+}
diff -r f426f6e646eb tools/ioemu/xenstore.c
--- a/tools/ioemu/xenstore.c	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/ioemu/xenstore.c	Thu Oct 05 08:30:52 2006 +0900
@@ -213,3 +213,54 @@ void xenstore_write_vncport(int display)
     free(portstr);
     free(buf);
 }
+
+int xenstore_read_vncpasswd(int domid)
+{
+    extern char vncpasswd[64];
+    char *buf = NULL, *path, *uuid = NULL, *passwd = NULL;
+    unsigned int i, len, rc = 0;
+
+    if (xsh == NULL) {
+	return -1;
+    }
+
+    path = xs_get_domain_path(xsh, domid);
+    if (path == NULL) {
+	fprintf(logfile, "xs_get_domain_path() error. domid %d.\n", domid);
+	return -1;
+    }
+
+    pasprintf(&buf, "%s/vm", path);
+    uuid = xs_read(xsh, XBT_NULL, buf, &len);
+    if (uuid == NULL) {
+	fprintf(logfile, "xs_read(): uuid get error. %s.\n", buf);
+	free(path);
+	return -1;
+    }
+
+    pasprintf(&buf, "%s/vncpasswd", uuid);
+    passwd = xs_read(xsh, XBT_NULL, buf, &len);
+    if (passwd == NULL) {
+	fprintf(logfile, "xs_read(): vncpasswd get error. %s.\n", buf);
+	free(uuid);
+	free(path);
+	return rc;
+    }
+
+    for (i=0; i<len && i<63; i++) {
+	vncpasswd[i] = passwd[i];
+	passwd[i] = '\0';
+    }
+    vncpasswd[len] = '\0';
+    pasprintf(&buf, "%s/vncpasswd", uuid);
+    if (xs_write(xsh, XBT_NULL, buf, passwd, len) == 0) {
+	fprintf(logfile, "xs_write() vncpasswd failed.\n");
+	rc = -1;
+    }
+
+    free(passwd);
+    free(uuid);
+    free(path);
+
+    return rc;
+}
diff -r f426f6e646eb tools/python/xen/xend/XendRoot.py
--- a/tools/python/xen/xend/XendRoot.py	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/python/xen/xend/XendRoot.py	Thu Oct 05 08:30:52 2006 +0900
@@ -95,6 +95,8 @@ class XendRoot:
     dom0_min_mem_default = '0'
 
     dom0_vcpus_default = '0'
+
+    vncpasswd_default = None
 
     components = {}
 
@@ -272,6 +274,10 @@ class XendRoot:
     def get_console_limit(self):
         return self.get_config_int('console-limit', 1024)
 
+    def get_vncpasswd_default(self):
+        return self.get_config_value('vncpasswd',
+                                     self.vncpasswd_default)
+
 def instance():
     """Get an instance of XendRoot.
     Use this instead of the constructor.
diff -r f426f6e646eb tools/python/xen/xend/image.py
--- a/tools/python/xen/xend/image.py	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/python/xen/xend/image.py	Thu Oct 05 08:30:52 2006 +0900
@@ -349,8 +349,16 @@ class HVMImageHandler(ImageHandler):
         sdl = sxp.child_value(config, 'sdl')
         ret = []
         nographic = sxp.child_value(config, 'nographic')
+
+        # get password from VM config(if password omitted, None)
+        vncpasswd_vmconfig = sxp.child_value(config, 'vncpasswd')
+        vncpasswd = vncpasswd_vmconfig
+
         if nographic:
             ret.append('-nographic')
+            # remove password
+            if vncpasswd_vmconfig:
+                config.remove(['vncpasswd', vncpasswd_vmconfig])
             return ret
         if vnc:
             vncdisplay = sxp.child_value(config, 'vncdisplay',
@@ -359,6 +367,20 @@ class HVMImageHandler(ImageHandler):
             vncunused = sxp.child_value(config, 'vncunused')
             if vncunused:
                 ret += ['-vncunused']
+            # get password from xend-config(if password omitted, None)
+            vncpasswd_default = xen.xend.XendRoot.instance().get_vncpasswd_default()
+            # password check
+            if vncpasswd is None:
+                if vncpasswd_default is None:
+                    raise VmError('vncpasswd is not setuped in VMconfig and xend-config.')
+                else:
+                    vncpasswd = vncpasswd_default
+            if vncpasswd!='':
+                self.vm.storeVm("vncpasswd", vncpasswd)
+
+        # remove password
+        config.remove(['vncpasswd', vncpasswd_vmconfig])
+
         return ret
 
     def createDeviceModel(self):
diff -r f426f6e646eb tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py	Mon Oct 02 18:04:56 2006 +0100
+++ b/tools/python/xen/xm/create.py	Thu Oct 05 08:30:52 2006 +0900
@@ -103,6 +103,10 @@ gopts.opt('console_autoconnect', short='
 gopts.opt('console_autoconnect', short='c',
           fn=set_true, default=0,
           use="Connect to the console after the domain is created.")
+
+gopts.var('vncpasswd', val='NAME',
+          fn=set_value, default=None,
+          use="Password for VNC console on HVM domain.")
 
 gopts.var('vncviewer', val='no|yes',
           fn=set_bool, default=None,
@@ -638,6 +642,7 @@ def configure_hvm(config_image, vals):
     for a in args:
         if (vals.__dict__[a]):
             config_image.append([a, vals.__dict__[a]])
+    config_image.append(['vncpasswd', vals.vncpasswd])
 
 def run_bootloader(vals, config_image):
     if not os.access(vals.bootloader, os.X_OK):
diff -r f426f6e646eb tools/ioemu/d3des.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/ioemu/d3des.c	Thu Oct 05 08:30:52 2006 +0900
@@ -0,0 +1,434 @@
+/*
+ * This is D3DES (V5.09) by Richard Outerbridge with the double and
+ * triple-length support removed for use in VNC.  Also the bytebit[] array
+ * has been reversed so that the most significant bit in each byte of the
+ * key is ignored, not the least significant.
+ *
+ * These changes are:
+ *  Copyright (C) 1999 AT&T Laboratories Cambridge.  All Rights Reserved.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* D3DES (V5.09) -
+ *
+ * A portable, public domain, version of the Data Encryption Standard.
+ *
+ * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
+ * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
+ * code;  Jim Gillogly & Phil Karn for the DES key schedule code; Dennis
+ * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
+ * for humouring me on.
+ *
+ * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
+ * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
+ */
+
+#include "d3des.h"
+
+static void scrunch(unsigned char *, unsigned long *);
+static void unscrun(unsigned long *, unsigned char *);
+static void desfunc(unsigned long *, unsigned long *);
+static void cookey(unsigned long *);
+
+static unsigned long KnL[32] = { 0L };
+
+static unsigned short bytebit[8]	= {
+	01, 02, 04, 010, 020, 040, 0100, 0200 };
+
+static unsigned long bigbyte[24] = {
+	0x800000L,	0x400000L,	0x200000L,	0x100000L,
+	0x80000L,	0x40000L,	0x20000L,	0x10000L,
+	0x8000L,	0x4000L,	0x2000L,	0x1000L,
+	0x800L, 	0x400L, 	0x200L, 	0x100L,
+	0x80L,		0x40L,		0x20L,		0x10L,
+	0x8L,		0x4L,		0x2L,		0x1L	};
+
+/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */
+
+static unsigned char pc1[56] = {
+	56, 48, 40, 32, 24, 16,  8,	 0, 57, 49, 41, 33, 25, 17,
+	 9,  1, 58, 50, 42, 34, 26,	18, 10,  2, 59, 51, 43, 35,
+	62, 54, 46, 38, 30, 22, 14,	 6, 61, 53, 45, 37, 29, 21,
+	13,  5, 60, 52, 44, 36, 28,	20, 12,  4, 27, 19, 11,  3 };
+
+static unsigned char totrot[16] = {
+	1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 };
+
+static unsigned char pc2[48] = {
+	13, 16, 10, 23,  0,  4,  2, 27, 14,  5, 20,  9,
+	22, 18, 11,  3, 25,  7, 15,  6, 26, 19, 12,  1,
+	40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
+	43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 };
+
+void deskey(key, edf)	/* Thanks to James Gillogly & Phil Karn! */
+unsigned char *key;
+int edf;
+{
+	register int i, j, l, m, n;
+	unsigned char pc1m[56], pcr[56];
+	unsigned long kn[32];
+
+	for ( j = 0; j < 56; j++ ) {
+		l = pc1[j];
+		m = l & 07;
+		pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0;
+		}
+	for( i = 0; i < 16; i++ ) {
+		if( edf == DE1 ) m = (15 - i) << 1;
+		else m = i << 1;
+		n = m + 1;
+		kn[m] = kn[n] = 0L;
+		for( j = 0; j < 28; j++ ) {
+			l = j + totrot[i];
+			if( l < 28 ) pcr[j] = pc1m[l];
+			else pcr[j] = pc1m[l - 28];
+			}
+		for( j = 28; j < 56; j++ ) {
+		    l = j + totrot[i];
+		    if( l < 56 ) pcr[j] = pc1m[l];
+		    else pcr[j] = pc1m[l - 28];
+		    }
+		for( j = 0; j < 24; j++ ) {
+			if( pcr[pc2[j]] ) kn[m] |= bigbyte[j];
+			if( pcr[pc2[j+24]] ) kn[n] |= bigbyte[j];
+			}
+		}
+	cookey(kn);
+	return;
+	}
+
+static void cookey(raw1)
+register unsigned long *raw1;
+{
+	register unsigned long *cook, *raw0;
+	unsigned long dough[32];
+	register int i;
+
+	cook = dough;
+	for( i = 0; i < 16; i++, raw1++ ) {
+		raw0 = raw1++;
+		*cook	 = (*raw0 & 0x00fc0000L) << 6;
+		*cook	|= (*raw0 & 0x00000fc0L) << 10;
+		*cook	|= (*raw1 & 0x00fc0000L) >> 10;
+		*cook++ |= (*raw1 & 0x00000fc0L) >> 6;
+		*cook	 = (*raw0 & 0x0003f000L) << 12;
+		*cook	|= (*raw0 & 0x0000003fL) << 16;
+		*cook	|= (*raw1 & 0x0003f000L) >> 4;
+		*cook++ |= (*raw1 & 0x0000003fL);
+		}
+	usekey(dough);
+	return;
+	}
+
+void cpkey(into)
+register unsigned long *into;
+{
+	register unsigned long *from, *endp;
+
+	from = KnL, endp = &KnL[32];
+	while( from < endp ) *into++ = *from++;
+	return;
+	}
+
+void usekey(from)
+register unsigned long *from;
+{
+	register unsigned long *to, *endp;
+
+	to = KnL, endp = &KnL[32];
+	while( to < endp ) *to++ = *from++;
+	return;
+	}
+
+void des(inblock, outblock)
+unsigned char *inblock, *outblock;
+{
+	unsigned long work[2];
+
+	scrunch(inblock, work);
+	desfunc(work, KnL);
+	unscrun(work, outblock);
+	return;
+	}
+
+static void scrunch(outof, into)
+register unsigned char *outof;
+register unsigned long *into;
+{
+	*into	 = (*outof++ & 0xffL) << 24;
+	*into	|= (*outof++ & 0xffL) << 16;
+	*into	|= (*outof++ & 0xffL) << 8;
+	*into++ |= (*outof++ & 0xffL);
+	*into	 = (*outof++ & 0xffL) << 24;
+	*into	|= (*outof++ & 0xffL) << 16;
+	*into	|= (*outof++ & 0xffL) << 8;
+	*into	|= (*outof   & 0xffL);
+	return;
+	}
+
+static void unscrun(outof, into)
+register unsigned long *outof;
+register unsigned char *into;
+{
+	*into++ = (unsigned char)((*outof >> 24) & 0xffL);
+	*into++ = (unsigned char)((*outof >> 16) & 0xffL);
+	*into++ = (unsigned char)((*outof >>  8) & 0xffL);
+	*into++ = (unsigned char)(*outof++	 & 0xffL);
+	*into++ = (unsigned char)((*outof >> 24) & 0xffL);
+	*into++ = (unsigned char)((*outof >> 16) & 0xffL);
+	*into++ = (unsigned char)((*outof >>  8) & 0xffL);
+	*into	=  (unsigned char)(*outof	 & 0xffL);
+	return;
+	}
+
+static unsigned long SP1[64] = {
+	0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L,
+	0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L,
+	0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L,
+	0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L,
+	0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L,
+	0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L,
+	0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L,
+	0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
+	0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L,
+	0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L,
+	0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L,
+	0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L,
+	0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L,
+	0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L,
+	0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L,
+	0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L };
+
+static unsigned long SP2[64] = {
+	0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L,
+	0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L,
+	0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L,
+	0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L,
+	0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L,
+	0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L,
+	0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L,
+	0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
+	0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L,
+	0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L,
+	0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L,
+	0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L,
+	0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L,
+	0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L,
+	0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L,
+	0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L };
+
+static unsigned long SP3[64] = {
+	0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L,
+	0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L,
+	0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L,
+	0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L,
+	0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L,
+	0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L,
+	0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L,
+	0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
+	0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L,
+	0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L,
+	0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L,
+	0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L,
+	0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L,
+	0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L,
+	0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L,
+	0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L };
+
+static unsigned long SP4[64] = {
+	0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
+	0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L,
+	0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L,
+	0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L,
+	0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L,
+	0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L,
+	0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L,
+	0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
+	0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L,
+	0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L,
+	0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L,
+	0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
+	0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L,
+	0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L,
+	0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L,
+	0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L };
+
+static unsigned long SP5[64] = {
+	0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L,
+	0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L,
+	0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L,
+	0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L,
+	0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L,
+	0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L,
+	0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L,
+	0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
+	0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L,
+	0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L,
+	0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L,
+	0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L,
+	0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L,
+	0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L,
+	0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L,
+	0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L };
+
+static unsigned long SP6[64] = {
+	0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L,
+	0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L,
+	0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L,
+	0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L,
+	0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L,
+	0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L,
+	0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L,
+	0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
+	0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L,
+	0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L,
+	0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L,
+	0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L,
+	0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L,
+	0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L,
+	0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L,
+	0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L };
+
+static unsigned long SP7[64] = {
+	0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L,
+	0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L,
+	0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L,
+	0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L,
+	0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L,
+	0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L,
+	0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L,
+	0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
+	0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L,
+	0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L,
+	0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L,
+	0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L,
+	0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L,
+	0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L,
+	0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L,
+	0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L };
+
+static unsigned long SP8[64] = {
+	0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L,
+	0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L,
+	0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L,
+	0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L,
+	0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L,
+	0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L,
+	0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L,
+	0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
+	0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L,
+	0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L,
+	0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L,
+	0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L,
+	0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L,
+	0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L,
+	0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L,
+	0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L };
+
+static void desfunc(block, keys)
+register unsigned long *block, *keys;
+{
+	register unsigned long fval, work, right, leftt;
+	register int round;
+
+	leftt = block[0];
+	right = block[1];
+	work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL;
+	right ^= work;
+	leftt ^= (work << 4);
+	work = ((leftt >> 16) ^ right) & 0x0000ffffL;
+	right ^= work;
+	leftt ^= (work << 16);
+	work = ((right >> 2) ^ leftt) & 0x33333333L;
+	leftt ^= work;
+	right ^= (work << 2);
+	work = ((right >> 8) ^ leftt) & 0x00ff00ffL;
+	leftt ^= work;
+	right ^= (work << 8);
+	right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL;
+	work = (leftt ^ right) & 0xaaaaaaaaL;
+	leftt ^= work;
+	right ^= work;
+	leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL;
+
+	for( round = 0; round < 8; round++ ) {
+		work  = (right << 28) | (right >> 4);
+		work ^= *keys++;
+		fval  = SP7[ work		 & 0x3fL];
+		fval |= SP5[(work >>  8) & 0x3fL];
+		fval |= SP3[(work >> 16) & 0x3fL];
+		fval |= SP1[(work >> 24) & 0x3fL];
+		work  = right ^ *keys++;
+		fval |= SP8[ work		 & 0x3fL];
+		fval |= SP6[(work >>  8) & 0x3fL];
+		fval |= SP4[(work >> 16) & 0x3fL];
+		fval |= SP2[(work >> 24) & 0x3fL];
+		leftt ^= fval;
+		work  = (leftt << 28) | (leftt >> 4);
+		work ^= *keys++;
+		fval  = SP7[ work		 & 0x3fL];
+		fval |= SP5[(work >>  8) & 0x3fL];
+		fval |= SP3[(work >> 16) & 0x3fL];
+		fval |= SP1[(work >> 24) & 0x3fL];
+		work  = leftt ^ *keys++;
+		fval |= SP8[ work		 & 0x3fL];
+		fval |= SP6[(work >>  8) & 0x3fL];
+		fval |= SP4[(work >> 16) & 0x3fL];
+		fval |= SP2[(work >> 24) & 0x3fL];
+		right ^= fval;
+		}
+
+	right = (right << 31) | (right >> 1);
+	work = (leftt ^ right) & 0xaaaaaaaaL;
+	leftt ^= work;
+	right ^= work;
+	leftt = (leftt << 31) | (leftt >> 1);
+	work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
+	right ^= work;
+	leftt ^= (work << 8);
+	work = ((leftt >> 2) ^ right) & 0x33333333L;
+	right ^= work;
+	leftt ^= (work << 2);
+	work = ((right >> 16) ^ leftt) & 0x0000ffffL;
+	leftt ^= work;
+	right ^= (work << 16);
+	work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL;
+	leftt ^= work;
+	right ^= (work << 4);
+	*block++ = right;
+	*block = leftt;
+	return;
+	}
+
+/* Validation sets:
+ *
+ * Single-length key, single-length plaintext -
+ * Key	  : 0123 4567 89ab cdef
+ * Plain  : 0123 4567 89ab cde7
+ * Cipher : c957 4425 6a5e d31d
+ *
+ * Double-length key, single-length plaintext -
+ * Key	  : 0123 4567 89ab cdef fedc ba98 7654 3210
+ * Plain  : 0123 4567 89ab cde7
+ * Cipher : 7f1d 0a77 826b 8aff
+ *
+ * Double-length key, double-length plaintext -
+ * Key	  : 0123 4567 89ab cdef fedc ba98 7654 3210
+ * Plain  : 0123 4567 89ab cdef 0123 4567 89ab cdff
+ * Cipher : 27a0 8440 406a df60 278f 47cf 42d6 15d7
+ *
+ * Triple-length key, single-length plaintext -
+ * Key	  : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567
+ * Plain  : 0123 4567 89ab cde7
+ * Cipher : de0b 7c06 ae5e 0ed5
+ *
+ * Triple-length key, double-length plaintext -
+ * Key	  : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567
+ * Plain  : 0123 4567 89ab cdef 0123 4567 89ab cdff
+ * Cipher : ad0d 1b30 ac17 cf07 0ed1 1c63 81e4 4de5
+ *
+ * d3des V5.0a rwo 9208.07 18:44 Graven Imagery
+ **********************************************************************/
diff -r f426f6e646eb tools/ioemu/d3des.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/ioemu/d3des.h	Thu Oct 05 08:30:52 2006 +0900
@@ -0,0 +1,51 @@
+/*
+ * This is D3DES (V5.09) by Richard Outerbridge with the double and
+ * triple-length support removed for use in VNC.
+ *
+ * These changes are:
+ *  Copyright (C) 1999 AT&T Laboratories Cambridge.  All Rights Reserved.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* d3des.h -
+ *
+ *	Headers and defines for d3des.c
+ *	Graven Imagery, 1992.
+ *
+ * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge
+ *	(GEnie : OUTER; CIS : [71755,204])
+ */
+
+#define EN0	0	/* MODE == encrypt */
+#define DE1	1	/* MODE == decrypt */
+
+extern void deskey(unsigned char *, int);
+/*		      hexkey[8]     MODE
+ * Sets the internal key register according to the hexadecimal
+ * key contained in the 8 bytes of hexkey, according to the DES,
+ * for encryption or decryption according to MODE.
+ */
+
+extern void usekey(unsigned long *);
+/*		    cookedkey[32]
+ * Loads the internal key register with the data in cookedkey.
+ */
+
+extern void cpkey(unsigned long *);
+/*		   cookedkey[32]
+ * Copies the contents of the internal key register into the storage
+ * located at &cookedkey[0].
+ */
+
+extern void des(unsigned char *, unsigned char *);
+/*		    from[8]	      to[8]
+ * Encrypts/Decrypts (according to the key currently loaded in the
+ * internal key register) one block of eight bytes at address 'from'
+ * into the block at address 'to'.  They can be the same.
+ */
+
+/* d3des.h V5.09 rwo 9208.04 15:06 Graven Imagery
+ ********************************************************************/

Re: [PATCH][Take 4] VNC authentification

[Daniel P. Berrange]

On Thu, Oct 05, 2006 at 10:28:15AM +0900, Masami Watanabe wrote:
> Hi all,
> 
> This is take 4 on VNC authentification.
> 
> The specification is as mentioned at
> http://lists.xensource.com/archives/html/xen-devel/2006-09/msg00666.html
> (However, password came to describe plain text)
> 
> The difference is follows.
> - protocol_authtype() without the necessity was deleted.
> - The check on the protocol version was added.
> - And, some small modification.

The patch loooks good to me - unless Anthony spots any further issues in
the VNC auth code, I'd say this is worth commiting to xen-unstable.hg
whe 3.0.4 development opens up.

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Re: [PATCH][Take 4] VNC authentification

[Anthony Liguori]

Daniel P. Berrange wrote:
> On Thu, Oct 05, 2006 at 10:28:15AM +0900, Masami Watanabe wrote:
>   
>> Hi all,
>>
>> This is take 4 on VNC authentification.
>>
>> The specification is as mentioned at
>> http://lists.xensource.com/archives/html/xen-devel/2006-09/msg00666.html
>> (However, password came to describe plain text)
>>
>> The difference is follows.
>> - protocol_authtype() without the necessity was deleted.
>> - The check on the protocol version was added.
>> - And, some small modification.
>>     
>
> The patch loooks good to me - unless Anthony spots any further issues in
> the VNC auth code, I'd say this is worth commiting to xen-unstable.hg
> whe 3.0.4 development opens up.
>   

Looks good to me too.  Thanks Masami!

Regards,

Anthony Liguori

> Regards,
> Dan.
>   

Re: [PATCH][Take 4] VNC authentification

[Daniel P. Berrange]

Hi Kier / Ewan,

Can we get Masami's VNC password patch into xen-unstable.

Regards,
Dan

On Tue, Oct 10, 2006 at 09:04:09AM -0500, Anthony Liguori wrote:
> Daniel P. Berrange wrote:
> >On Thu, Oct 05, 2006 at 10:28:15AM +0900, Masami Watanabe wrote:
> >  
> >>Hi all,
> >>
> >>This is take 4 on VNC authentification.
> >>
> >>The specification is as mentioned at
> >>http://lists.xensource.com/archives/html/xen-devel/2006-09/msg00666.html
> >>(However, password came to describe plain text)
> >>
> >>The difference is follows.
> >>- protocol_authtype() without the necessity was deleted.
> >>- The check on the protocol version was added.
> >>- And, some small modification.
> >>    
> >
> >The patch loooks good to me - unless Anthony spots any further issues in
> >the VNC auth code, I'd say this is worth commiting to xen-unstable.hg
> >whe 3.0.4 development opens up.
> >  
> 
> Looks good to me too.  Thanks Masami!

-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Re: Re: [PATCH][Take 4] VNC authentification

[Keir Fraser]

The patch has been in for nearly a week, c/s 11840:02506a744315. Did you
check before asking?

 -- Keir

On 25/10/06 7:00 pm, "Daniel P. Berrange" <berrange@redhat.com> wrote:

> Hi Kier / Ewan,
> 
> Can we get Masami's VNC password patch into xen-unstable.
> 
> Regards,
> Dan
> 
> On Tue, Oct 10, 2006 at 09:04:09AM -0500, Anthony Liguori wrote:
>> Daniel P. Berrange wrote:
>>> On Thu, Oct 05, 2006 at 10:28:15AM +0900, Masami Watanabe wrote:
>>>  
>>>> Hi all,
>>>> 
>>>> This is take 4 on VNC authentification.
>>>> 
>>>> The specification is as mentioned at
>>>> http://lists.xensource.com/archives/html/xen-devel/2006-09/msg00666.html
>>>> (However, password came to describe plain text)
>>>> 
>>>> The difference is follows.
>>>> - protocol_authtype() without the necessity was deleted.
>>>> - The check on the protocol version was added.
>>>> - And, some small modification.
>>>>    
>>> 
>>> The patch loooks good to me - unless Anthony spots any further issues in
>>> the VNC auth code, I'd say this is worth commiting to xen-unstable.hg
>>> whe 3.0.4 development opens up.
>>>  
>> 
>> Looks good to me too.  Thanks Masami!

Re: Re: [PATCH][Take 4] VNC authentification

[Daniel P. Berrange]

On Wed, Oct 25, 2006 at 09:43:11PM +0100, Keir Fraser wrote:
> The patch has been in for nearly a week, c/s 11840:02506a744315. Did you
> check before asking?

Hmm, sorry - something went amiss with my script for syncing up with 
xen-devel & it wasn't seeing the updates.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|