[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 2/3] vnc: support password expire
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PATCH 2/3] vnc: support password expire |
Date: |
Thu, 7 Oct 2010 13:15:20 +0200 |
This patch adds support for expiring passwords to vnc. It adds a new
lifetime parameter to the vnc_display_password() function, which
specifies the number of seconds the new password will be valid. Passing
zero as lifetime maintains current behavior (password never expires).
Signed-off-by: Gerd Hoffmann <address@hidden>
---
console.h | 2 +-
monitor.c | 3 +--
ui/vnc.c | 15 ++++++++++++++-
ui/vnc.h | 1 +
4 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/console.h b/console.h
index aafb031..24670e5 100644
--- a/console.h
+++ b/console.h
@@ -368,7 +368,7 @@ void cocoa_display_init(DisplayState *ds, int full_screen);
void vnc_display_init(DisplayState *ds);
void vnc_display_close(DisplayState *ds);
int vnc_display_open(DisplayState *ds, const char *display);
-int vnc_display_password(DisplayState *ds, const char *password);
+int vnc_display_password(DisplayState *ds, const char *password, int lifetime);
void do_info_vnc_print(Monitor *mon, const QObject *data);
void do_info_vnc(Monitor *mon, QObject **ret_data);
char *vnc_display_local_addr(DisplayState *ds);
diff --git a/monitor.c b/monitor.c
index fbb678d..d82eb9e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -966,11 +966,10 @@ static int do_quit(Monitor *mon, const QDict *qdict,
QObject **ret_data)
static int change_vnc_password(const char *password)
{
- if (vnc_display_password(NULL, password) < 0) {
+ if (vnc_display_password(NULL, password, 0) < 0) {
qerror_report(QERR_SET_PASSWD_FAILED);
return -1;
}
-
return 0;
}
diff --git a/ui/vnc.c b/ui/vnc.c
index 1ef0fc5..51aa9ca 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2078,11 +2078,19 @@ static int protocol_client_auth_vnc(VncState *vs,
uint8_t *data, size_t len)
unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
int i, j, pwlen;
unsigned char key[8];
+ time_t now;
if (!vs->vd->password || !vs->vd->password[0]) {
VNC_DEBUG("No password configured on server");
goto reject;
}
+ if (vs->vd->expires) {
+ time(&now);
+ if (vs->vd->expires < now) {
+ VNC_DEBUG("Password is expired");
+ goto reject;
+ }
+ }
memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
@@ -2474,7 +2482,7 @@ void vnc_display_close(DisplayState *ds)
#endif
}
-int vnc_display_password(DisplayState *ds, const char *password)
+int vnc_display_password(DisplayState *ds, const char *password, int lifetime)
{
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
@@ -2492,6 +2500,11 @@ int vnc_display_password(DisplayState *ds, const char
*password)
if (vs->auth == VNC_AUTH_NONE) {
vs->auth = VNC_AUTH_VNC;
}
+ if (lifetime) {
+ vs->expires = time(NULL) + lifetime;
+ } else {
+ vs->expires = 0;
+ }
} else {
vs->auth = VNC_AUTH_NONE;
}
diff --git a/ui/vnc.h b/ui/vnc.h
index 9619b24..4f895be 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -120,6 +120,7 @@ struct VncDisplay
char *display;
char *password;
+ time_t expires;
int auth;
bool lossy;
#ifdef CONFIG_VNC_TLS
--
1.7.1