4490b0e1e4
Discovered we needed to augment a previous security patch with two additional patches to complete a clean fix. OBS-URL: https://build.opensuse.org/request/show/517094 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=353
133 lines
4.0 KiB
Diff
133 lines
4.0 KiB
Diff
From 1e4392f3e2e1641b7ed570da630a9e86cb23710d Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
|
Date: Wed, 29 Aug 2012 20:06:01 +0200
|
|
Subject: [PATCH] vnc: password-file= and incoming-connections=
|
|
|
|
TBD (from SUSE Studio team)
|
|
---
|
|
ui/vnc.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
1 file changed, 55 insertions(+)
|
|
|
|
diff --git a/ui/vnc.c b/ui/vnc.c
|
|
index 349cfc9d86..486d2759e4 100644
|
|
--- a/ui/vnc.c
|
|
+++ b/ui/vnc.c
|
|
@@ -59,6 +59,8 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
|
|
static QTAILQ_HEAD(, VncDisplay) vnc_displays =
|
|
QTAILQ_HEAD_INITIALIZER(vnc_displays);
|
|
|
|
+static int allowed_connections = 0;
|
|
+
|
|
static int vnc_cursor_define(VncState *vs);
|
|
static void vnc_release_modifiers(VncState *vs);
|
|
|
|
@@ -1130,6 +1132,7 @@ static void vnc_disconnect_start(VncState *vs)
|
|
void vnc_disconnect_finish(VncState *vs)
|
|
{
|
|
int i;
|
|
+ static int num_disconnects = 0;
|
|
|
|
vnc_jobs_join(vs); /* Wait encoding jobs */
|
|
|
|
@@ -1178,6 +1181,13 @@ void vnc_disconnect_finish(VncState *vs)
|
|
object_unref(OBJECT(vs->sioc));
|
|
vs->sioc = NULL;
|
|
g_free(vs);
|
|
+
|
|
+ num_disconnects++;
|
|
+ if (allowed_connections > 0 && allowed_connections <= num_disconnects) {
|
|
+ VNC_DEBUG("Maximum number of disconnects (%d) reached:"
|
|
+ " Session terminating\n", allowed_connections);
|
|
+ exit(0);
|
|
+ }
|
|
}
|
|
|
|
ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
|
|
@@ -3171,6 +3181,39 @@ static void vnc_display_print_local_addr(VncDisplay *vd)
|
|
qapi_free_SocketAddress(addr);
|
|
}
|
|
|
|
+static void read_file_password(const char *id, const char *filename)
|
|
+{
|
|
+ FILE *pfile = NULL;
|
|
+ char *passwd = NULL;
|
|
+ int start = 0, length = 0, rc = 0;
|
|
+
|
|
+ if (strlen(filename) == 0) {
|
|
+ printf("No file supplied\n");
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ pfile = fopen(filename, "r");
|
|
+ if (pfile == NULL) {
|
|
+ printf("Could not read from %s\n", filename);
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ start = ftell(pfile);
|
|
+ fseek(pfile, 0L, SEEK_END);
|
|
+ length = ftell(pfile);
|
|
+ fseek(pfile, 0L, start);
|
|
+
|
|
+ passwd = g_malloc(length + 1);
|
|
+ rc = fread(passwd, 1, length, pfile);
|
|
+ fclose(pfile);
|
|
+
|
|
+ if (rc == length && rc > 0) {
|
|
+ vnc_display_password(id, passwd);
|
|
+ }
|
|
+
|
|
+ g_free(passwd);
|
|
+}
|
|
+
|
|
static QemuOptsList qemu_vnc_opts = {
|
|
.name = "vnc",
|
|
.head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
|
|
@@ -3201,6 +3244,9 @@ static QemuOptsList qemu_vnc_opts = {
|
|
},{
|
|
.name = "connections",
|
|
.type = QEMU_OPT_NUMBER,
|
|
+ },{
|
|
+ .name = "allowed-connections",
|
|
+ .type = QEMU_OPT_NUMBER,
|
|
},{
|
|
.name = "to",
|
|
.type = QEMU_OPT_NUMBER,
|
|
@@ -3213,6 +3259,9 @@ static QemuOptsList qemu_vnc_opts = {
|
|
},{
|
|
.name = "password",
|
|
.type = QEMU_OPT_BOOL,
|
|
+ },{
|
|
+ .name = "password-file",
|
|
+ .type = QEMU_OPT_STRING,
|
|
},{
|
|
.name = "reverse",
|
|
.type = QEMU_OPT_BOOL,
|
|
@@ -3766,6 +3815,7 @@ void vnc_display_open(const char *id, Error **errp)
|
|
const char *share, *device_id;
|
|
QemuConsole *con;
|
|
bool password = false;
|
|
+ const char *password_file;
|
|
bool reverse = false;
|
|
const char *credid;
|
|
bool sasl = false;
|
|
@@ -3809,6 +3859,10 @@ void vnc_display_open(const char *id, Error **errp)
|
|
goto fail;
|
|
}
|
|
}
|
|
+ password_file = qemu_opt_get(opts, "password-file");
|
|
+ if (password_file) {
|
|
+ read_file_password(id, password_file);
|
|
+ }
|
|
|
|
lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
|
|
key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 1);
|
|
@@ -3897,6 +3951,7 @@ void vnc_display_open(const char *id, Error **errp)
|
|
vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
|
|
}
|
|
vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
|
|
+ allowed_connections = qemu_opt_get_number(opts, "allowed-connections", 0);
|
|
|
|
#ifdef CONFIG_VNC_JPEG
|
|
vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
|