[Qemu-devel] [PATCH 2/3] vnc: support password expire

Thu, 07 Oct 2010 04:15:49 -0700 

This patch adds support for expiring passwords to vnc.  It adds a new
lifetime parameter to the vnc_display_password() function, which
specifies the number of seconds the new password will be valid.  Passing
zero as lifetime maintains current behavior (password never expires).

Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
 console.h |    2 +-
 monitor.c |    3 +--
 ui/vnc.c  |   15 ++++++++++++++-
 ui/vnc.h  |    1 +
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/console.h b/console.h
index aafb031..24670e5 100644
--- a/console.h
+++ b/console.h
@@ -368,7 +368,7 @@ void cocoa_display_init(DisplayState *ds, int full_screen);
 void vnc_display_init(DisplayState *ds);
 void vnc_display_close(DisplayState *ds);
 int vnc_display_open(DisplayState *ds, const char *display);
-int vnc_display_password(DisplayState *ds, const char *password);
+int vnc_display_password(DisplayState *ds, const char *password, int lifetime);
 void do_info_vnc_print(Monitor *mon, const QObject *data);
 void do_info_vnc(Monitor *mon, QObject **ret_data);
 char *vnc_display_local_addr(DisplayState *ds);
diff --git a/monitor.c b/monitor.c
index fbb678d..d82eb9e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -966,11 +966,10 @@ static int do_quit(Monitor *mon, const QDict *qdict, 
QObject **ret_data)
 
 static int change_vnc_password(const char *password)
 {
-    if (vnc_display_password(NULL, password) < 0) {
+    if (vnc_display_password(NULL, password, 0) < 0) {
         qerror_report(QERR_SET_PASSWD_FAILED);
         return -1;
     }
-
     return 0;
 }
 
diff --git a/ui/vnc.c b/ui/vnc.c
index 1ef0fc5..51aa9ca 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2078,11 +2078,19 @@ static int protocol_client_auth_vnc(VncState *vs, 
uint8_t *data, size_t len)
     unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
     int i, j, pwlen;
     unsigned char key[8];
+    time_t now;
 
     if (!vs->vd->password || !vs->vd->password[0]) {
         VNC_DEBUG("No password configured on server");
         goto reject;
     }
+    if (vs->vd->expires) {
+        time(&now);
+        if (vs->vd->expires < now) {
+            VNC_DEBUG("Password is expired");
+            goto reject;
+        }
+    }
 
     memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
 
@@ -2474,7 +2482,7 @@ void vnc_display_close(DisplayState *ds)
 #endif
 }
 
-int vnc_display_password(DisplayState *ds, const char *password)
+int vnc_display_password(DisplayState *ds, const char *password, int lifetime)
 {
     VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
 
@@ -2492,6 +2500,11 @@ int vnc_display_password(DisplayState *ds, const char 
*password)
         if (vs->auth == VNC_AUTH_NONE) {
             vs->auth = VNC_AUTH_VNC;
         }
+        if (lifetime) {
+            vs->expires = time(NULL) + lifetime;
+        } else {
+            vs->expires = 0;
+        }
     } else {
         vs->auth = VNC_AUTH_NONE;
     }
diff --git a/ui/vnc.h b/ui/vnc.h
index 9619b24..4f895be 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -120,6 +120,7 @@ struct VncDisplay
 
     char *display;
     char *password;
+    time_t expires;
     int auth;
     bool lossy;
 #ifdef CONFIG_VNC_TLS
-- 
1.7.1

Reply via email to