Google Git
Sign in
qemu-android / qemu-android / 1263b7d6131cdaed2c460cf03757aaaf5696ec47^! / . / vnc.c
commit1263b7d6131cdaed2c460cf03757aaaf5696ec47[log] [tgz]
authoraliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>Fri Mar 06 20:27:32 2009 +0000
committeraliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>Fri Mar 06 20:27:32 2009 +0000
tree8130b464479514002534d730cd59f8bcbeec5035
parent2f9606b3736c3be4dbd606c46525c7b770ced119 [diff] [blame]
Include auth credentials in 'info vnc' ("Daniel P. Berrange")

This patch extends the 'info vnc' monitor output to include information
about the VNC client authentication credentials.

For clients authenticated using SASL, this will output the username.

For clients authenticated using x509 certificates, this will output
the x509 distinguished name.

Auth can be stacked, so both username & x509 dname may be shown.

    Server:
         address: 0.0.0.0:5902
            auth: vencrypt+x509+sasl
    Client:
         address: 10.33.6.67:38621
      x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost
        username: admin
    Client:
         address: 10.33.6.63:38620
      x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost
        username: admin



 vnc-tls.c |   17 +++++++++++++++++
 vnc-tls.h |    3 +++
 vnc.c     |   19 +++++++++++++++++--
 3 files changed, 37 insertions(+), 2 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6725 c046a42c-6fe2-441c-8c8c-71466251a162

diff --git a/vnc.c b/vnc.c
index 0742387..b8d16d0 100644
--- a/vnc.c
+++ b/vnc.c

@@ -156,6 +156,21 @@
     monitor_printf(mon, "Client:\n");
     monitor_printf(mon, "%s", clientAddr);
     free(clientAddr);
+
+#ifdef CONFIG_VNC_TLS
+    if (client->tls.session &&
+	client->tls.dname)
+	monitor_printf(mon, "  x509 dname: %s\n", client->tls.dname);
+    else
+	monitor_printf(mon, "  x509 dname: none\n");
+#endif
+#ifdef CONFIG_VNC_SASL
+    if (client->sasl.conn &&
+	client->sasl.username)
+	monitor_printf(mon, "    username: %s\n", client->sasl.username);
+    else
+	monitor_printf(mon, "    username: none\n");
+#endif
 }
 
 void do_info_vnc(Monitor *mon)
@@ -1824,7 +1839,7 @@
     /* We only advertise 1 auth scheme at a time, so client
      * must pick the one we sent. Verify this */
     if (data[0] != vs->vd->auth) { /* Reject auth */
-       VNC_DEBUG("Reject auth %d\n", (int)data[0]);
+       VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
        vnc_write_u32(vs, 1);
        if (vs->minor >= 8) {
            static const char err[] = "Authentication failed";
@@ -1864,7 +1879,7 @@
 #endif /* CONFIG_VNC_SASL */
 
        default: /* Should not be possible, but just in case */
-           VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
+           VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
            vnc_write_u8(vs, 1);
            if (vs->minor >= 8) {
                static const char err[] = "Authentication failed";