ia64/xen-unstable
changeset 13071:040093fa1f9e
VNC pasword authentication support for the paravirt framebuffer server.
The rules for configuring the password are equivalent of those used
for HVM, but the actual guest config option is a little different as a
result of the recent refactoring of the PVFB config file syntax.
- If the 'vfb' option in the guest config has a 'vncpasswd' parameter
specified
- If the passwd is not zero length, use that
- Else run with no authentication (important as it enables
override of next rule)
- Else-if the xend-config.sxp has a password specified use that
- Else run with no authentication
Example configuration:
- To set an explicit guest password:
vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0,vncpasswd=123456"]
- To disable authentication, overriding any XenD configured
default password
vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0,vncpasswd="]
- To run with default XenD configured password (if any)
vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0"]
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The rules for configuring the password are equivalent of those used
for HVM, but the actual guest config option is a little different as a
result of the recent refactoring of the PVFB config file syntax.
- If the 'vfb' option in the guest config has a 'vncpasswd' parameter
specified
- If the passwd is not zero length, use that
- Else run with no authentication (important as it enables
override of next rule)
- Else-if the xend-config.sxp has a password specified use that
- Else run with no authentication
Example configuration:
- To set an explicit guest password:
vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0,vncpasswd=123456"]
- To disable authentication, overriding any XenD configured
default password
vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0,vncpasswd="]
- To run with default XenD configured password (if any)
vfb = [ "type=vnc,vncunused=1,vnclisten=0.0.0.0"]
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
| author | kfraser@localhost.localdomain |
|---|---|
| date | Fri Dec 15 17:33:31 2006 +0000 (2006-12-15) |
| parents | 96b047d22ad5 |
| children | 9fd958cc5122 |
| files | .hgignore tools/python/xen/xend/server/vfbif.py tools/python/xen/xm/create.py tools/xenfb/vncfb.c |
line diff
1.1 --- a/.hgignore Fri Dec 15 17:30:51 2006 +0000 1.2 +++ b/.hgignore Fri Dec 15 17:33:31 2006 +0000 1.3 @@ -229,3 +229,4 @@ 1.4 ^unmodified_drivers/linux-2.6/.*\.cmd$ 1.5 ^unmodified_drivers/linux-2.6/.*\.ko$ 1.6 ^unmodified_drivers/linux-2.6/.*\.mod\.c$ 1.7 +^LibVNCServer.*
2.1 --- a/tools/python/xen/xend/server/vfbif.py Fri Dec 15 17:30:51 2006 +0000 2.2 +++ b/tools/python/xen/xend/server/vfbif.py Fri Dec 15 17:33:31 2006 +0000 2.3 @@ -1,4 +1,5 @@ 2.4 from xen.xend.server.DevController import DevController 2.5 +from xen.xend.XendLogging import log 2.6 2.7 from xen.xend.XendError import VmError 2.8 import xen.xend 2.9 @@ -41,6 +42,17 @@ class VfbifController(DevController): 2.10 "--title", self.vm.getName() ] 2.11 t = config.get("type", None) 2.12 if t == "vnc": 2.13 + passwd = None 2.14 + if config.has_key("vncpasswd"): 2.15 + passwd = config["vncpasswd"] 2.16 + else: 2.17 + passwd = xen.xend.XendRoot.instance().get_vncpasswd_default() 2.18 + if not(passwd is None or passwd == ""): 2.19 + self.vm.storeVm("vncpasswd", passwd) 2.20 + log.debug("Stored a VNC password for vfb access") 2.21 + else: 2.22 + log.debug("No VNC passwd configured for vfb access") 2.23 + 2.24 # Try to start the vnc backend 2.25 args = [xen.util.auxbin.pathTo("xen-vncfb")] 2.26 if config.has_key("vncunused"):
3.1 --- a/tools/python/xen/xm/create.py Fri Dec 15 17:30:51 2006 +0000 3.2 +++ b/tools/python/xen/xm/create.py Fri Dec 15 17:33:31 2006 +0000 3.3 @@ -284,7 +284,7 @@ gopts.var('usbport', val='PATH', 3.4 use="""Add a physical USB port to a domain, as specified by the path 3.5 to that port. This option may be repeated to add more than one port.""") 3.6 3.7 -gopts.var('vfb', val="type={vnc,sdl},vncunused=1,vncdisplay=N,vnclisten=ADDR,display=DISPLAY,xauthority=XAUTHORITY", 3.8 +gopts.var('vfb', val="type={vnc,sdl},vncunused=1,vncdisplay=N,vnclisten=ADDR,display=DISPLAY,xauthority=XAUTHORITY,vncpasswd=PASSWORD", 3.9 fn=append_value, default=[], 3.10 use="""Make the domain a framebuffer backend. 3.11 The backend type should be either sdl or vnc. 3.12 @@ -584,7 +584,7 @@ def configure_vfbs(config_devs, vals): 3.13 d['type'] = 'sdl' 3.14 for (k,v) in d.iteritems(): 3.15 if not k in [ 'vnclisten', 'vncunused', 'vncdisplay', 'display', 3.16 - 'xauthority', 'type' ]: 3.17 + 'xauthority', 'type', 'vncpasswd' ]: 3.18 err("configuration option %s unknown to vfbs" % k) 3.19 config.append([k,v]) 3.20 if not d.has_key("display") and os.environ.has_key("DISPLAY"):
4.1 --- a/tools/xenfb/vncfb.c Fri Dec 15 17:30:51 2006 +0000 4.2 +++ b/tools/xenfb/vncfb.c Fri Dec 15 17:33:31 2006 +0000 4.3 @@ -212,15 +212,10 @@ static void on_ptr_event(int buttonMask, 4.4 last_y = y; 4.5 } 4.6 4.7 -static void xenstore_write_vncport(int port, int domid) 4.8 +static void xenstore_write_vncport(struct xs_handle *xsh, int port, int domid) 4.9 { 4.10 - char *buf = NULL, *path; 4.11 + char *buf, *path; 4.12 char portstr[10]; 4.13 - struct xs_handle *xsh = NULL; 4.14 - 4.15 - xsh = xs_daemon_open(); 4.16 - if (xsh == NULL) 4.17 - return; 4.18 4.19 path = xs_get_domain_path(xsh, domid); 4.20 if (path == NULL) { 4.21 @@ -248,6 +243,56 @@ static void xenstore_write_vncport(int p 4.22 } 4.23 4.24 4.25 +static int xenstore_read_vncpasswd(struct xs_handle *xsh, int domid, char *pwbuf, int pwbuflen) 4.26 +{ 4.27 + char buf[256], *path, *uuid = NULL, *passwd = NULL; 4.28 + unsigned int len, rc = 0; 4.29 + 4.30 + if (xsh == NULL) { 4.31 + return -1; 4.32 + } 4.33 + 4.34 + path = xs_get_domain_path(xsh, domid); 4.35 + if (path == NULL) { 4.36 + fprintf(stderr, "xs_get_domain_path() error\n"); 4.37 + return -1; 4.38 + } 4.39 + 4.40 + snprintf(buf, 256, "%s/vm", path); 4.41 + uuid = xs_read(xsh, XBT_NULL, buf, &len); 4.42 + if (uuid == NULL) { 4.43 + fprintf(stderr, "xs_read(): uuid get error\n"); 4.44 + free(path); 4.45 + return -1; 4.46 + } 4.47 + 4.48 + snprintf(buf, 256, "%s/vncpasswd", uuid); 4.49 + passwd = xs_read(xsh, XBT_NULL, buf, &len); 4.50 + if (passwd == NULL) { 4.51 + free(uuid); 4.52 + free(path); 4.53 + return rc; 4.54 + } 4.55 + 4.56 + strncpy(pwbuf, passwd, pwbuflen-1); 4.57 + pwbuf[pwbuflen-1] = '\0'; 4.58 + 4.59 + fprintf(stderr, "Got a VNC password read from XenStore\n"); 4.60 + 4.61 + passwd[0] = '\0'; 4.62 + snprintf(buf, 256, "%s/vncpasswd", uuid); 4.63 + if (xs_write(xsh, XBT_NULL, buf, passwd, len) == 0) { 4.64 + fprintf(stderr, "xs_write() vncpasswd failed\n"); 4.65 + rc = -1; 4.66 + } 4.67 + 4.68 + free(passwd); 4.69 + free(uuid); 4.70 + free(path); 4.71 + 4.72 + return rc; 4.73 +} 4.74 + 4.75 static void vnc_update(struct xenfb *xenfb, int x, int y, int w, int h) 4.76 { 4.77 rfbScreenInfoPtr server = xenfb->user_data; 4.78 @@ -281,6 +326,10 @@ int main(int argc, char **argv) 4.79 char portstr[10]; 4.80 char *endp; 4.81 int r; 4.82 + struct xs_handle *xsh; 4.83 + char vncpasswd[1024]; 4.84 + 4.85 + vncpasswd[0] = '\0'; 4.86 4.87 while ((opt = getopt_long(argc, argv, "d:p:t:u", options, 4.88 NULL)) != -1) { 4.89 @@ -353,6 +402,19 @@ int main(int argc, char **argv) 4.90 exit(1); 4.91 } 4.92 4.93 + xsh = xs_daemon_open(); 4.94 + if (xsh == NULL) { 4.95 + fprintf(stderr, "cannot open connection to xenstore\n"); 4.96 + exit(1); 4.97 + } 4.98 + 4.99 + 4.100 + if (xenstore_read_vncpasswd(xsh, domid, vncpasswd, sizeof(vncpasswd)/sizeof(char)) < 0) { 4.101 + fprintf(stderr, "cannot read VNC password from xenstore\n"); 4.102 + exit(1); 4.103 + } 4.104 + 4.105 + 4.106 server = rfbGetScreen(&fake_argc, fake_argv, 4.107 xenfb->width, xenfb->height, 4.108 8, 3, xenfb->depth / 8); 4.109 @@ -367,6 +429,21 @@ int main(int argc, char **argv) 4.110 if (unused) 4.111 server->autoPort = true; 4.112 4.113 + if (vncpasswd[0]) { 4.114 + char **passwds = malloc(sizeof(char**)*2); 4.115 + if (!passwds) { 4.116 + fprintf(stderr, "cannot allocate memory (%s)\n", strerror(errno)); 4.117 + exit(1); 4.118 + } 4.119 + fprintf(stderr, "Registered password\n"); 4.120 + passwds[0] = vncpasswd; 4.121 + passwds[1] = NULL; 4.122 + 4.123 + server->authPasswdData = passwds; 4.124 + server->passwordCheck = rfbCheckPasswordByList; 4.125 + } else { 4.126 + fprintf(stderr, "Running with no password\n"); 4.127 + } 4.128 server->serverFormat.redShift = 16; 4.129 server->serverFormat.greenShift = 8; 4.130 server->serverFormat.blueShift = 0; 4.131 @@ -379,7 +456,7 @@ int main(int argc, char **argv) 4.132 4.133 rfbRunEventLoop(server, -1, true); 4.134 4.135 - xenstore_write_vncport(server->port, domid); 4.136 + xenstore_write_vncport(xsh, server->port, domid); 4.137 4.138 for (;;) { 4.139 FD_ZERO(&readfds);