[PATCH] VNC password auth for paravirt framebuffer

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] VNC password auth for paravirt framebuffer
@ 2006-12-05 15:38 Daniel P. Berrange
  0 siblings, 0 replies; only message in thread
From: Daniel P. Berrange @ 2006-12-05 15:38 UTC (permalink / raw)
  To: xen-devel

[-- Attachment #1: Type: text/plain, Size: 2061 bytes --]

Attached to this mail is an update of my original patches to add VNC pasword
authentication support for the paravirt framebuffer server. These bring the
PVFB VNC server to (near?) feature parity with the HVM VNC server. The rules
for configuring the password are equivalent of those used for HVM, but the
actual guest config option is a little different as a result of the recent
refactoring of the PVFB config file syntax.

 - If the 'vfb' option in the guest config has a 'vncpasswd' parameter
   specified
      - If the passwd is not zero length, use that
      - Else run with no authentication (important as it enables override
        of next rule) 
 - Else-if the xend-config.sxp has a password specified use that
 - Else run with no authentication

Example configuration:

 - To set an explicit guest password:

    vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0,vncpasswd=123456"]
 
 - To disable authentication, overriding any XenD configured
   defalt password

    vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0,vncpasswd="]

 - To run with default XenD configured password (if any)

    vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0"]

The changes basically affect 3 areas:

 - tools/xenfb/vncfb.c  - read the password from XenStore & configure
    LibVNCServer's authentication routines.
 - tools/python/xen/xm/create.py - add vncpasswd parameter as a valid option
 - tools/python/xen/xend/server/vfbif.py - read password from config file
   and write it into xenstore to access by xen-vncfb server

A functionally equivalent version of this patch is already in use in Fedora
Core 5, 6 and RHEL-5  betas, so has seen some real world testing already.

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

[-- Attachment #2: xen-3.0.4-vncpassword-pvfb-4.patch --]
[-- Type: text/plain, Size: 6320 bytes --]

diff -r fd28a1b139de .hgignore
--- a/.hgignore	Mon Dec 04 09:29:26 2006 +0000
+++ b/.hgignore	Mon Dec 04 17:08:38 2006 -0500
@@ -228,3 +228,4 @@
 ^unmodified_drivers/linux-2.6/.*\.cmd$
 ^unmodified_drivers/linux-2.6/.*\.ko$
 ^unmodified_drivers/linux-2.6/.*\.mod\.c$
+^LibVNCServer.*
diff -r fd28a1b139de tools/python/xen/xend/server/vfbif.py
--- a/tools/python/xen/xend/server/vfbif.py	Mon Dec 04 09:29:26 2006 +0000
+++ b/tools/python/xen/xend/server/vfbif.py	Mon Dec 04 20:04:43 2006 -0500
@@ -1,4 +1,5 @@ from xen.xend.server.DevController impor
 from xen.xend.server.DevController import DevController
+from xen.xend.XendLogging import log
 
 from xen.xend.XendError import VmError
 import xen.xend
@@ -41,6 +42,17 @@ class VfbifController(DevController):
                      "--title", self.vm.getName() ]
         t = config.get("type", None)
         if t == "vnc":
+            passwd = None
+            if config.has_key("vncpasswd"):
+                passwd = config["vncpasswd"]
+            else:
+                passwd = xen.xend.XendRoot.instance().get_vncpasswd_default()
+            if not(passwd is None or passwd == ""):
+                self.vm.storeVm("vncpasswd", passwd)
+                log.debug("Stored a VNC password for vfb access")
+            else:
+                log.debug("No VNC passwd configured for vfb access")
+
             # Try to start the vnc backend
             args = [xen.util.auxbin.pathTo("xen-vncfb")]
             if config.has_key("vncunused"):
diff -r fd28a1b139de tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py	Mon Dec 04 09:29:26 2006 +0000
+++ b/tools/python/xen/xm/create.py	Mon Dec 04 19:41:54 2006 -0500
@@ -284,7 +284,7 @@ gopts.var('usbport', val='PATH',
           use="""Add a physical USB port to a domain, as specified by the path
           to that port.  This option may be repeated to add more than one port.""")
 
-gopts.var('vfb', val="type={vnc,sdl},vncunused=1,vncdisplay=N,vnclisten=ADDR,display=DISPLAY,xauthority=XAUTHORITY",
+gopts.var('vfb', val="type={vnc,sdl},vncunused=1,vncdisplay=N,vnclisten=ADDR,display=DISPLAY,xauthority=XAUTHORITY,vncpasswd=PASSWORD",
           fn=append_value, default=[],
           use="""Make the domain a framebuffer backend.
           The backend type should be either sdl or vnc.
@@ -584,7 +584,7 @@ def configure_vfbs(config_devs, vals):
             d['type'] = 'sdl'
         for (k,v) in d.iteritems():
             if not k in [ 'vnclisten', 'vncunused', 'vncdisplay', 'display',
-                          'xauthority', 'type' ]:
+                          'xauthority', 'type', 'vncpasswd' ]:
                 err("configuration option %s unknown to vfbs" % k)
             config.append([k,v])
         if not d.has_key("display") and os.environ.has_key("DISPLAY"):
diff -r fd28a1b139de tools/xenfb/vncfb.c
--- a/tools/xenfb/vncfb.c	Mon Dec 04 09:29:26 2006 +0000
+++ b/tools/xenfb/vncfb.c	Mon Dec 04 20:11:34 2006 -0500
@@ -205,15 +205,10 @@ static void on_ptr_event(int buttonMask,
 	last_y = y;
 }
 
-static void xenstore_write_vncport(int port, int domid)
-{
-	char *buf = NULL, *path;
+static void xenstore_write_vncport(struct xs_handle *xsh, int port, int domid)
+{
+	char *buf, *path;
 	char portstr[10];
-	struct xs_handle *xsh = NULL;
-
-	xsh = xs_daemon_open();
-	if (xsh == NULL)
-		return;
 
 	path = xs_get_domain_path(xsh, domid);
 	if (path == NULL) {
@@ -240,6 +235,56 @@ static void xenstore_write_vncport(int p
 	free(buf);
 }
 
+
+static int xenstore_read_vncpasswd(struct xs_handle *xsh, int domid, char *pwbuf, int pwbuflen)
+{
+	char buf[256], *path, *uuid = NULL, *passwd = NULL;
+	unsigned int len, rc = 0;
+
+	if (xsh == NULL) {
+		return -1;
+	}
+
+	path = xs_get_domain_path(xsh, domid);
+	if (path == NULL) {
+		fprintf(stderr, "xs_get_domain_path() error\n");
+		return -1;
+	}
+
+	snprintf(buf, 256, "%s/vm", path);
+	uuid = xs_read(xsh, XBT_NULL, buf, &len);
+	if (uuid == NULL) {
+		fprintf(stderr, "xs_read(): uuid get error\n");
+		free(path);
+		return -1;
+	}
+
+	snprintf(buf, 256, "%s/vncpasswd", uuid);
+	passwd = xs_read(xsh, XBT_NULL, buf, &len);
+	if (passwd == NULL) {
+		free(uuid);
+		free(path);
+		return rc;
+	}
+
+	strncpy(pwbuf, passwd, pwbuflen-1);
+	pwbuf[pwbuflen-1] = '\0';
+
+	fprintf(stderr, "Got a VNC password read from XenStore\n");
+
+	passwd[0] = '\0';
+	snprintf(buf, 256, "%s/vncpasswd", uuid);
+	if (xs_write(xsh, XBT_NULL, buf, passwd, len) == 0) {
+		fprintf(stderr, "xs_write() vncpasswd failed\n");
+		rc = -1;
+	}
+
+	free(passwd);
+	free(uuid);
+	free(path);
+
+	return rc;
+}
 
 static void vnc_update(struct xenfb *xenfb, int x, int y, int w, int h)
 {
@@ -274,6 +319,10 @@ int main(int argc, char **argv)
 	char portstr[10];
 	char *endp;
 	int r;
+	struct xs_handle *xsh;
+	char vncpasswd[1024];
+
+	vncpasswd[0] = '\0';
 
 	while ((opt = getopt_long(argc, argv, "d:p:t:u", options,
 				  NULL)) != -1) {
@@ -346,6 +395,19 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
+	xsh = xs_daemon_open();
+	if (xsh == NULL) {
+	        fprintf(stderr, "cannot open connection to xenstore\n");
+		exit(1);
+	}
+
+
+	if (xenstore_read_vncpasswd(xsh, domid, vncpasswd, sizeof(vncpasswd)/sizeof(char)) < 0) {
+		fprintf(stderr, "cannot read VNC password from xenstore\n");
+		exit(1);
+	}
+	  
+
 	server = rfbGetScreen(&fake_argc, fake_argv, 
 			      xenfb->width, xenfb->height,
 			      8, 3, xenfb->depth / 8);
@@ -360,6 +422,21 @@ int main(int argc, char **argv)
         if (unused)
 		server->autoPort = true;
 
+	if (vncpasswd[0]) {
+		char **passwds = malloc(sizeof(char**)*2);
+		if (!passwds) {
+			fprintf(stderr, "cannot allocate memory (%s)\n", strerror(errno));
+			exit(1);
+		}
+		fprintf(stderr, "Registered password\n");
+		passwds[0] = vncpasswd;
+		passwds[1] = NULL;
+
+		server->authPasswdData = passwds;
+		server->passwordCheck = rfbCheckPasswordByList;
+	} else {
+		fprintf(stderr, "Running with no password\n");
+	}
 	server->serverFormat.redShift = 16;
 	server->serverFormat.greenShift = 8;
 	server->serverFormat.blueShift = 0;
@@ -372,7 +449,7 @@ int main(int argc, char **argv)
 
 	rfbRunEventLoop(server, -1, true);
 
-        xenstore_write_vncport(server->port, domid);
+        xenstore_write_vncport(xsh, server->port, domid);
 
 	for (;;) {
 		FD_ZERO(&readfds);

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2006-12-05 15:38 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-12-05 15:38 [PATCH] VNC password auth for paravirt framebuffer Daniel P. Berrange

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.