From fa647af321f59fea9366be75b6126f3364270b2c Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 5 Jan 2011 15:29:41 -0200
Subject: [PATCH 36/48] vnc: support password expire

RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1294241382-17988-38-git-send-email-kraxel@redhat.com>
Patchwork-id: 15772
O-Subject: [RHEL-6 kvm PATCH 37/38] vnc: support password expire
Bugzilla: 642131 634153 615947 632458 631832 647865
RH-Acked-by: Uri Lublin <uril@redhat.com>
RH-Acked-by: Alon Levy <alevy@redhat.com>
RH-Acked-by: Hans de Goede <hdegoede@redhat.com>

This patch adds support for expiring passwords to vnc.  It adds a new
vnc_display_pw_expire() function which specifies the time when the
password will expire.

upstream: 3c9405a0f7d76602415b3cbe8d52d7714b6ce5af

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 console.h     |    1 +
 qemu-common.h |    3 +++
 vnc.c         |   14 ++++++++++++++
 vnc.h         |    1 +
 4 files changed, 19 insertions(+), 0 deletions(-)

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
---
 console.h     |    1 +
 qemu-common.h |    3 +++
 vnc.c         |   14 ++++++++++++++
 vnc.h         |    1 +
 4 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/console.h b/console.h
index dd89389..3e1f82b 100644
--- a/console.h
+++ b/console.h
@@ -372,6 +372,7 @@ void vnc_display_init(DisplayState *ds);
 void vnc_display_close(DisplayState *ds);
 int vnc_display_open(DisplayState *ds, const char *display);
 int vnc_display_password(DisplayState *ds, const char *password);
+int vnc_display_pw_expire(DisplayState *ds, time_t expires);
 void do_info_vnc_print(Monitor *mon, const QObject *data);
 void do_info_vnc(Monitor *mon, QObject **ret_data);
 char *vnc_display_local_addr(DisplayState *ds);
diff --git a/qemu-common.h b/qemu-common.h
index e00710d..389222e 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -50,6 +50,9 @@ typedef struct DeviceState DeviceState;
 #if !defined(ENOTSUP)
 #define ENOTSUP 4096
 #endif
+#ifndef TIME_MAX
+#define TIME_MAX LONG_MAX
+#endif
 
 #ifndef CONFIG_IOVEC
 #define CONFIG_IOVEC
diff --git a/vnc.c b/vnc.c
index 1a92d39..eae12ce 100644
--- a/vnc.c
+++ b/vnc.c
@@ -2126,11 +2126,16 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
     unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
     int i, j, pwlen;
     unsigned char key[8];
+    time_t now = time(NULL);
 
     if (!vs->vd->password || !vs->vd->password[0]) {
         VNC_DEBUG("No password configured on server");
         goto reject;
     }
+    if (vs->vd->expires < now) {
+        VNC_DEBUG("Password is expired");
+        goto reject;
+    }
 
     memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
 
@@ -2468,6 +2473,7 @@ void vnc_display_init(DisplayState *ds)
     vs->lsock = -1;
 
     vs->ds = ds;
+    vs->expires = TIME_MAX;
 
     if (keyboard_layout)
         vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
@@ -2532,6 +2538,14 @@ int vnc_display_password(DisplayState *ds, const char *password)
     return 0;
 }
 
+int vnc_display_pw_expire(DisplayState *ds, time_t expires)
+{
+    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
+
+    vs->expires = expires;
+    return 0;
+}
+
 char *vnc_display_local_addr(DisplayState *ds)
 {
     VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
diff --git a/vnc.h b/vnc.h
index 77f13c9..a752cef 100644
--- a/vnc.h
+++ b/vnc.h
@@ -104,6 +104,7 @@ struct VncDisplay
 
     char *display;
     char *password;
+    time_t expires;
     int auth;
 #ifdef CONFIG_VNC_TLS
     int subauth; /* Used by VeNCrypt */
-- 
1.7.4.rc1.16.gd2f15e