* [Qemu-devel] [6725] Include auth credentials in 'info vnc' ("Daniel P.
@ 2009-03-06 20:27 Anthony Liguori
0 siblings, 0 replies; only message in thread
From: Anthony Liguori @ 2009-03-06 20:27 UTC (permalink / raw)
To: qemu-devel
Revision: 6725
http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=6725
Author: aliguori
Date: 2009-03-06 20:27:32 +0000 (Fri, 06 Mar 2009)
Log Message:
-----------
Include auth credentials in 'info vnc' ("Daniel P. Berrange")
This patch extends the 'info vnc' monitor output to include information
about the VNC client authentication credentials.
For clients authenticated using SASL, this will output the username.
For clients authenticated using x509 certificates, this will output
the x509 distinguished name.
Auth can be stacked, so both username & x509 dname may be shown.
Server:
address: 0.0.0.0:5902
auth: vencrypt+x509+sasl
Client:
address: 10.33.6.67:38621
x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost
username: admin
Client:
address: 10.33.6.63:38620
x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost
username: admin
vnc-tls.c | 17 +++++++++++++++++
vnc-tls.h | 3 +++
vnc.c | 19 +++++++++++++++++--
3 files changed, 37 insertions(+), 2 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Modified Paths:
--------------
trunk/vnc.c
Modified: trunk/vnc.c
===================================================================
--- trunk/vnc.c 2009-03-06 20:27:28 UTC (rev 6724)
+++ trunk/vnc.c 2009-03-06 20:27:32 UTC (rev 6725)
@@ -156,6 +156,21 @@
monitor_printf(mon, "Client:\n");
monitor_printf(mon, "%s", clientAddr);
free(clientAddr);
+
+#ifdef CONFIG_VNC_TLS
+ if (client->tls.session &&
+ client->tls.dname)
+ monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
+ else
+ monitor_printf(mon, " x509 dname: none\n");
+#endif
+#ifdef CONFIG_VNC_SASL
+ if (client->sasl.conn &&
+ client->sasl.username)
+ monitor_printf(mon, " username: %s\n", client->sasl.username);
+ else
+ monitor_printf(mon, " username: none\n");
+#endif
}
void do_info_vnc(Monitor *mon)
@@ -1824,7 +1839,7 @@
/* We only advertise 1 auth scheme at a time, so client
* must pick the one we sent. Verify this */
if (data[0] != vs->vd->auth) { /* Reject auth */
- VNC_DEBUG("Reject auth %d\n", (int)data[0]);
+ VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
vnc_write_u32(vs, 1);
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
@@ -1864,7 +1879,7 @@
#endif /* CONFIG_VNC_SASL */
default: /* Should not be possible, but just in case */
- VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
+ VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
vnc_write_u8(vs, 1);
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-03-06 20:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-06 20:27 [Qemu-devel] [6725] Include auth credentials in 'info vnc' ("Daniel P Anthony Liguori
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).