[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] PATCH: 0/9: Support SASL authentication in VNC server (vers
From: |
Daniel P. Berrange |
Subject: |
[Qemu-devel] PATCH: 0/9: Support SASL authentication in VNC server (version 3) |
Date: |
Thu, 26 Feb 2009 11:39:33 +0000 |
User-agent: |
Mutt/1.4.1i |
Previously I provided patches for QEMU's VNC server to support SSL/TLS
and x509 certificates. This provides good encryption capabilities for
the VNC session. It doesn't really address the authentication problem
though.
I have been working to create a new authentication type in the RFB
protocol to address this need in a generic, extendable way, by mapping
the SASL API into the RFB protocol. Since SASL is a generic plugin
based API, this will allow use of a huge range of auth mechanims over
VNC, without us having to add any more auth code. For example, PAM,
Digest-MD5, GSSAPI/Kerberos, One-time key/password, LDAP password
lookup, SQL db password lookup, and more.
I have got a VNC auth type assigned by the RFB spec maintainers:
http://realvnc.com/pipermail/vnc-list/2008-December/059463.html
With the full current spec for the SASL extension currently documented
here:
http://realvnc.com/pipermail/vnc-list/2008-December/059462.html
This is the 3rd version of the patches I previously posted:
v1: http://lists.gnu.org/archive/html/qemu-devel/2009-02/msg00255.html
v2: http://lists.gnu.org/archive/html/qemu-devel/2009-02/msg00826.html
Changes since last time
- Split the keymap refactoring out into separate patch
- Switch to use sys-queue.h TAILQ for ACL management
- Added monitor command to remove an ACL entry
- Misc minor bug fixes
- Adjust to cope with multiple client connections
The combined diffstat for all 9 patches about to follow, is
Makefile | 27 +
Makefile.target | 5
b/acl.c | 274 ++++++++++++
b/acl.h | 77 +++
b/keymaps.h | 60 ++
b/qemu.sasl | 34 +
b/vnc-auth-sasl.c | 636 ++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 74 +++
b/vnc-auth-vencrypt.c | 175 +++++++
b/vnc-auth-vencrypt.h | 33 +
b/vnc-tls.c | 450 ++++++++++++++++++++
b/vnc-tls.h | 76 +++
configure | 34 +
curses.c | 3
curses_keys.h | 9
keymaps.c | 45 --
monitor.c | 95 ++++
qemu-doc.texi | 109 ++++
sdl.c | 3
sdl_keysym.h | 7
vl.c | 12
vnc.c | 1108 ++++++++++++++++++--------------------------------
vnc.h | 229 +++++++++-
vnc_keysym.h | 7
25 files changed, 2830 insertions(+), 770 deletions(-)
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
- [Qemu-devel] PATCH: 0/9: Support SASL authentication in VNC server (version 3),
Daniel P. Berrange <=
- Re: [Qemu-devel] PATCH: 1/9: Fix bug in TLS authenticataion, Daniel P. Berrange, 2009/02/26
- Re: [Qemu-devel] PATCH: 2/9: Enhance 'info vnc' monitor output, Daniel P. Berrange, 2009/02/26
- Re: [Qemu-devel] PATCH: 3/9: Refactor keymap code to avoid duplication, Daniel P. Berrange, 2009/02/26
- Re: [Qemu-devel] PATCH: 4/9: Move VNC structs into header file, Daniel P. Berrange, 2009/02/26
- Re: [Qemu-devel] PATCH: 5/9: Move TLS auth into separate file, Daniel P. Berrange, 2009/02/26
- Re: [Qemu-devel] PATCH: 6/9: Add SASL authentication support, Daniel P. Berrange, 2009/02/26