ia64/xen-unstable

changeset 13071:040093fa1f9e

VNC pasword authentication support for the paravirt framebuffer server.

The rules for configuring the password are equivalent of those used
for HVM, but the actual guest config option is a little different as a
result of the recent refactoring of the PVFB config file syntax.

- If the 'vfb' option in the guest config has a 'vncpasswd' parameter
specified
- If the passwd is not zero length, use that
- Else run with no authentication (important as it enables
override of next rule)
- Else-if the xend-config.sxp has a password specified use that
- Else run with no authentication

Example configuration:

- To set an explicit guest password:
vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0,vncpasswd=123456"]

- To disable authentication, overriding any XenD configured
default password
vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0,vncpasswd="]

- To run with default XenD configured password (if any)
vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0"]

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
author kfraser@localhost.localdomain
date Fri Dec 15 17:33:31 2006 +0000 (2006-12-15)
parents 96b047d22ad5
children 9fd958cc5122
files .hgignore tools/python/xen/xend/server/vfbif.py tools/python/xen/xm/create.py tools/xenfb/vncfb.c
line diff
     1.1 --- a/.hgignore	Fri Dec 15 17:30:51 2006 +0000
     1.2 +++ b/.hgignore	Fri Dec 15 17:33:31 2006 +0000
     1.3 @@ -229,3 +229,4 @@
     1.4  ^unmodified_drivers/linux-2.6/.*\.cmd$
     1.5  ^unmodified_drivers/linux-2.6/.*\.ko$
     1.6  ^unmodified_drivers/linux-2.6/.*\.mod\.c$
     1.7 +^LibVNCServer.*
     2.1 --- a/tools/python/xen/xend/server/vfbif.py	Fri Dec 15 17:30:51 2006 +0000
     2.2 +++ b/tools/python/xen/xend/server/vfbif.py	Fri Dec 15 17:33:31 2006 +0000
     2.3 @@ -1,4 +1,5 @@
     2.4  from xen.xend.server.DevController import DevController
     2.5 +from xen.xend.XendLogging import log
     2.6  
     2.7  from xen.xend.XendError import VmError
     2.8  import xen.xend
     2.9 @@ -41,6 +42,17 @@ class VfbifController(DevController):
    2.10                       "--title", self.vm.getName() ]
    2.11          t = config.get("type", None)
    2.12          if t == "vnc":
    2.13 +            passwd = None
    2.14 +            if config.has_key("vncpasswd"):
    2.15 +                passwd = config["vncpasswd"]
    2.16 +            else:
    2.17 +                passwd = xen.xend.XendRoot.instance().get_vncpasswd_default()
    2.18 +            if not(passwd is None or passwd == ""):
    2.19 +                self.vm.storeVm("vncpasswd", passwd)
    2.20 +                log.debug("Stored a VNC password for vfb access")
    2.21 +            else:
    2.22 +                log.debug("No VNC passwd configured for vfb access")
    2.23 +
    2.24              # Try to start the vnc backend
    2.25              args = [xen.util.auxbin.pathTo("xen-vncfb")]
    2.26              if config.has_key("vncunused"):
     3.1 --- a/tools/python/xen/xm/create.py	Fri Dec 15 17:30:51 2006 +0000
     3.2 +++ b/tools/python/xen/xm/create.py	Fri Dec 15 17:33:31 2006 +0000
     3.3 @@ -284,7 +284,7 @@ gopts.var('usbport', val='PATH',
     3.4            use="""Add a physical USB port to a domain, as specified by the path
     3.5            to that port.  This option may be repeated to add more than one port.""")
     3.6  
     3.7 -gopts.var('vfb', val="type={vnc,sdl},vncunused=1,vncdisplay=N,vnclisten=ADDR,display=DISPLAY,xauthority=XAUTHORITY",
     3.8 +gopts.var('vfb', val="type={vnc,sdl},vncunused=1,vncdisplay=N,vnclisten=ADDR,display=DISPLAY,xauthority=XAUTHORITY,vncpasswd=PASSWORD",
     3.9            fn=append_value, default=[],
    3.10            use="""Make the domain a framebuffer backend.
    3.11            The backend type should be either sdl or vnc.
    3.12 @@ -584,7 +584,7 @@ def configure_vfbs(config_devs, vals):
    3.13              d['type'] = 'sdl'
    3.14          for (k,v) in d.iteritems():
    3.15              if not k in [ 'vnclisten', 'vncunused', 'vncdisplay', 'display',
    3.16 -                          'xauthority', 'type' ]:
    3.17 +                          'xauthority', 'type', 'vncpasswd' ]:
    3.18                  err("configuration option %s unknown to vfbs" % k)
    3.19              config.append([k,v])
    3.20          if not d.has_key("display") and os.environ.has_key("DISPLAY"):
     4.1 --- a/tools/xenfb/vncfb.c	Fri Dec 15 17:30:51 2006 +0000
     4.2 +++ b/tools/xenfb/vncfb.c	Fri Dec 15 17:33:31 2006 +0000
     4.3 @@ -212,15 +212,10 @@ static void on_ptr_event(int buttonMask,
     4.4  	last_y = y;
     4.5  }
     4.6  
     4.7 -static void xenstore_write_vncport(int port, int domid)
     4.8 +static void xenstore_write_vncport(struct xs_handle *xsh, int port, int domid)
     4.9  {
    4.10 -	char *buf = NULL, *path;
    4.11 +	char *buf, *path;
    4.12  	char portstr[10];
    4.13 -	struct xs_handle *xsh = NULL;
    4.14 -
    4.15 -	xsh = xs_daemon_open();
    4.16 -	if (xsh == NULL)
    4.17 -		return;
    4.18  
    4.19  	path = xs_get_domain_path(xsh, domid);
    4.20  	if (path == NULL) {
    4.21 @@ -248,6 +243,56 @@ static void xenstore_write_vncport(int p
    4.22  }
    4.23  
    4.24  
    4.25 +static int xenstore_read_vncpasswd(struct xs_handle *xsh, int domid, char *pwbuf, int pwbuflen)
    4.26 +{
    4.27 +	char buf[256], *path, *uuid = NULL, *passwd = NULL;
    4.28 +	unsigned int len, rc = 0;
    4.29 +
    4.30 +	if (xsh == NULL) {
    4.31 +		return -1;
    4.32 +	}
    4.33 +
    4.34 +	path = xs_get_domain_path(xsh, domid);
    4.35 +	if (path == NULL) {
    4.36 +		fprintf(stderr, "xs_get_domain_path() error\n");
    4.37 +		return -1;
    4.38 +	}
    4.39 +
    4.40 +	snprintf(buf, 256, "%s/vm", path);
    4.41 +	uuid = xs_read(xsh, XBT_NULL, buf, &len);
    4.42 +	if (uuid == NULL) {
    4.43 +		fprintf(stderr, "xs_read(): uuid get error\n");
    4.44 +		free(path);
    4.45 +		return -1;
    4.46 +	}
    4.47 +
    4.48 +	snprintf(buf, 256, "%s/vncpasswd", uuid);
    4.49 +	passwd = xs_read(xsh, XBT_NULL, buf, &len);
    4.50 +	if (passwd == NULL) {
    4.51 +		free(uuid);
    4.52 +		free(path);
    4.53 +		return rc;
    4.54 +	}
    4.55 +
    4.56 +	strncpy(pwbuf, passwd, pwbuflen-1);
    4.57 +	pwbuf[pwbuflen-1] = '\0';
    4.58 +
    4.59 +	fprintf(stderr, "Got a VNC password read from XenStore\n");
    4.60 +
    4.61 +	passwd[0] = '\0';
    4.62 +	snprintf(buf, 256, "%s/vncpasswd", uuid);
    4.63 +	if (xs_write(xsh, XBT_NULL, buf, passwd, len) == 0) {
    4.64 +		fprintf(stderr, "xs_write() vncpasswd failed\n");
    4.65 +		rc = -1;
    4.66 +	}
    4.67 +
    4.68 +	free(passwd);
    4.69 +	free(uuid);
    4.70 +	free(path);
    4.71 +
    4.72 +	return rc;
    4.73 +}
    4.74 +
    4.75  static void vnc_update(struct xenfb *xenfb, int x, int y, int w, int h)
    4.76  {
    4.77  	rfbScreenInfoPtr server = xenfb->user_data;
    4.78 @@ -281,6 +326,10 @@ int main(int argc, char **argv)
    4.79  	char portstr[10];
    4.80  	char *endp;
    4.81  	int r;
    4.82 +	struct xs_handle *xsh;
    4.83 +	char vncpasswd[1024];
    4.84 +
    4.85 +	vncpasswd[0] = '\0';
    4.86  
    4.87  	while ((opt = getopt_long(argc, argv, "d:p:t:u", options,
    4.88  				  NULL)) != -1) {
    4.89 @@ -353,6 +402,19 @@ int main(int argc, char **argv)
    4.90  		exit(1);
    4.91  	}
    4.92  
    4.93 +	xsh = xs_daemon_open();
    4.94 +	if (xsh == NULL) {
    4.95 +	        fprintf(stderr, "cannot open connection to xenstore\n");
    4.96 +		exit(1);
    4.97 +	}
    4.98 +
    4.99 +
   4.100 +	if (xenstore_read_vncpasswd(xsh, domid, vncpasswd, sizeof(vncpasswd)/sizeof(char)) < 0) {
   4.101 +		fprintf(stderr, "cannot read VNC password from xenstore\n");
   4.102 +		exit(1);
   4.103 +	}
   4.104 +	  
   4.105 +
   4.106  	server = rfbGetScreen(&fake_argc, fake_argv, 
   4.107  			      xenfb->width, xenfb->height,
   4.108  			      8, 3, xenfb->depth / 8);
   4.109 @@ -367,6 +429,21 @@ int main(int argc, char **argv)
   4.110          if (unused)
   4.111  		server->autoPort = true;
   4.112  
   4.113 +	if (vncpasswd[0]) {
   4.114 +		char **passwds = malloc(sizeof(char**)*2);
   4.115 +		if (!passwds) {
   4.116 +			fprintf(stderr, "cannot allocate memory (%s)\n", strerror(errno));
   4.117 +			exit(1);
   4.118 +		}
   4.119 +		fprintf(stderr, "Registered password\n");
   4.120 +		passwds[0] = vncpasswd;
   4.121 +		passwds[1] = NULL;
   4.122 +
   4.123 +		server->authPasswdData = passwds;
   4.124 +		server->passwordCheck = rfbCheckPasswordByList;
   4.125 +	} else {
   4.126 +		fprintf(stderr, "Running with no password\n");
   4.127 +	}
   4.128  	server->serverFormat.redShift = 16;
   4.129  	server->serverFormat.greenShift = 8;
   4.130  	server->serverFormat.blueShift = 0;
   4.131 @@ -379,7 +456,7 @@ int main(int argc, char **argv)
   4.132  
   4.133  	rfbRunEventLoop(server, -1, true);
   4.134  
   4.135 -        xenstore_write_vncport(server->port, domid);
   4.136 +        xenstore_write_vncport(xsh, server->port, domid);
   4.137  
   4.138  	for (;;) {
   4.139  		FD_ZERO(&readfds);