From fa647af321f59fea9366be75b6126f3364270b2c Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Wed, 5 Jan 2011 15:29:41 -0200 Subject: [PATCH 36/48] vnc: support password expire RH-Author: Gerd Hoffmann Message-id: <1294241382-17988-38-git-send-email-kraxel@redhat.com> Patchwork-id: 15772 O-Subject: [RHEL-6 kvm PATCH 37/38] vnc: support password expire Bugzilla: 642131 634153 615947 632458 631832 647865 RH-Acked-by: Uri Lublin RH-Acked-by: Alon Levy RH-Acked-by: Hans de Goede This patch adds support for expiring passwords to vnc. It adds a new vnc_display_pw_expire() function which specifies the time when the password will expire. upstream: 3c9405a0f7d76602415b3cbe8d52d7714b6ce5af Signed-off-by: Gerd Hoffmann --- console.h | 1 + qemu-common.h | 3 +++ vnc.c | 14 ++++++++++++++ vnc.h | 1 + 4 files changed, 19 insertions(+), 0 deletions(-) Signed-off-by: Luiz Capitulino --- console.h | 1 + qemu-common.h | 3 +++ vnc.c | 14 ++++++++++++++ vnc.h | 1 + 4 files changed, 19 insertions(+), 0 deletions(-) diff --git a/console.h b/console.h index dd89389..3e1f82b 100644 --- a/console.h +++ b/console.h @@ -372,6 +372,7 @@ void vnc_display_init(DisplayState *ds); void vnc_display_close(DisplayState *ds); int vnc_display_open(DisplayState *ds, const char *display); int vnc_display_password(DisplayState *ds, const char *password); +int vnc_display_pw_expire(DisplayState *ds, time_t expires); void do_info_vnc_print(Monitor *mon, const QObject *data); void do_info_vnc(Monitor *mon, QObject **ret_data); char *vnc_display_local_addr(DisplayState *ds); diff --git a/qemu-common.h b/qemu-common.h index e00710d..389222e 100644 --- a/qemu-common.h +++ b/qemu-common.h @@ -50,6 +50,9 @@ typedef struct DeviceState DeviceState; #if !defined(ENOTSUP) #define ENOTSUP 4096 #endif +#ifndef TIME_MAX +#define TIME_MAX LONG_MAX +#endif #ifndef CONFIG_IOVEC #define CONFIG_IOVEC diff --git a/vnc.c b/vnc.c index 1a92d39..eae12ce 100644 --- a/vnc.c +++ b/vnc.c @@ -2126,11 +2126,16 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; int i, j, pwlen; unsigned char key[8]; + time_t now = time(NULL); if (!vs->vd->password || !vs->vd->password[0]) { VNC_DEBUG("No password configured on server"); goto reject; } + if (vs->vd->expires < now) { + VNC_DEBUG("Password is expired"); + goto reject; + } memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); @@ -2468,6 +2473,7 @@ void vnc_display_init(DisplayState *ds) vs->lsock = -1; vs->ds = ds; + vs->expires = TIME_MAX; if (keyboard_layout) vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); @@ -2532,6 +2538,14 @@ int vnc_display_password(DisplayState *ds, const char *password) return 0; } +int vnc_display_pw_expire(DisplayState *ds, time_t expires) +{ + VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; + + vs->expires = expires; + return 0; +} + char *vnc_display_local_addr(DisplayState *ds) { VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; diff --git a/vnc.h b/vnc.h index 77f13c9..a752cef 100644 --- a/vnc.h +++ b/vnc.h @@ -104,6 +104,7 @@ struct VncDisplay char *display; char *password; + time_t expires; int auth; #ifdef CONFIG_VNC_TLS int subauth; /* Used by VeNCrypt */ -- 1.7.4.rc1.16.gd2f15e