From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Lfgdr-0008MO-Ed for qemu-devel@nongnu.org; Fri, 06 Mar 2009 15:27:35 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Lfgdq-0008Lh-Jg for qemu-devel@nongnu.org; Fri, 06 Mar 2009 15:27:34 -0500 Received: from [199.232.76.173] (port=46343 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Lfgdq-0008LV-A8 for qemu-devel@nongnu.org; Fri, 06 Mar 2009 15:27:34 -0500 Received: from savannah.gnu.org ([199.232.41.3]:42071 helo=sv.gnu.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Lfgdp-0000V0-S5 for qemu-devel@nongnu.org; Fri, 06 Mar 2009 15:27:33 -0500 Received: from cvs.savannah.gnu.org ([199.232.41.69]) by sv.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Lfgdp-0000eU-BH for qemu-devel@nongnu.org; Fri, 06 Mar 2009 20:27:33 +0000 Received: from aliguori by cvs.savannah.gnu.org with local (Exim 4.69) (envelope-from ) id 1Lfgdp-0000eQ-4R for qemu-devel@nongnu.org; Fri, 06 Mar 2009 20:27:33 +0000 MIME-Version: 1.0 Errors-To: aliguori Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Anthony Liguori Message-Id: Date: Fri, 06 Mar 2009 20:27:33 +0000 Subject: [Qemu-devel] [6725] Include auth credentials in 'info vnc' ("Daniel P. Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Revision: 6725 http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=6725 Author: aliguori Date: 2009-03-06 20:27:32 +0000 (Fri, 06 Mar 2009) Log Message: ----------- Include auth credentials in 'info vnc' ("Daniel P. Berrange") This patch extends the 'info vnc' monitor output to include information about the VNC client authentication credentials. For clients authenticated using SASL, this will output the username. For clients authenticated using x509 certificates, this will output the x509 distinguished name. Auth can be stacked, so both username & x509 dname may be shown. Server: address: 0.0.0.0:5902 auth: vencrypt+x509+sasl Client: address: 10.33.6.67:38621 x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost username: admin Client: address: 10.33.6.63:38620 x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost username: admin vnc-tls.c | 17 +++++++++++++++++ vnc-tls.h | 3 +++ vnc.c | 19 +++++++++++++++++-- 3 files changed, 37 insertions(+), 2 deletions(-) Signed-off-by: Daniel P. Berrange Signed-off-by: Anthony Liguori Modified Paths: -------------- trunk/vnc.c Modified: trunk/vnc.c =================================================================== --- trunk/vnc.c 2009-03-06 20:27:28 UTC (rev 6724) +++ trunk/vnc.c 2009-03-06 20:27:32 UTC (rev 6725) @@ -156,6 +156,21 @@ monitor_printf(mon, "Client:\n"); monitor_printf(mon, "%s", clientAddr); free(clientAddr); + +#ifdef CONFIG_VNC_TLS + if (client->tls.session && + client->tls.dname) + monitor_printf(mon, " x509 dname: %s\n", client->tls.dname); + else + monitor_printf(mon, " x509 dname: none\n"); +#endif +#ifdef CONFIG_VNC_SASL + if (client->sasl.conn && + client->sasl.username) + monitor_printf(mon, " username: %s\n", client->sasl.username); + else + monitor_printf(mon, " username: none\n"); +#endif } void do_info_vnc(Monitor *mon) @@ -1824,7 +1839,7 @@ /* We only advertise 1 auth scheme at a time, so client * must pick the one we sent. Verify this */ if (data[0] != vs->vd->auth) { /* Reject auth */ - VNC_DEBUG("Reject auth %d\n", (int)data[0]); + VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); vnc_write_u32(vs, 1); if (vs->minor >= 8) { static const char err[] = "Authentication failed"; @@ -1864,7 +1879,7 @@ #endif /* CONFIG_VNC_SASL */ default: /* Should not be possible, but just in case */ - VNC_DEBUG("Reject auth %d\n", vs->vd->auth); + VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth); vnc_write_u8(vs, 1); if (vs->minor >= 8) { static const char err[] = "Authentication failed";