Commit 7aafa84c authored by William Pitcock's avatar William Pitcock

main/xen: more robust websockets vencrypt-bypass hack

parent 1372cc18
......@@ -192,7 +192,7 @@ b3e3a57d189a4f86c9766eaf3b5207f4 xsa48-4.2.patch
a4097e06a7e000ed00f4607db014d277 qemu-xen-websocket.patch
35bdea1d4e3ae2565edc7e40906efdd5 qemu-xen-tls-websockets.patch
9cf9b155dfa6cd473554aa0f25181c1c qemu-coroutine-gthread.patch
c64a3b7bd77cdb01398d8ab8017fa269 qemu-xen-websocket-plain-hack.patch
f8ea5786b0a6157b9cb3e67e323b592c qemu-xen-websocket-plain-hack.patch
a90c36642f0701a8aaa4ebe4dde430f5 xenstored.initd
b017ccdd5e1c27bbf1513e3569d4ff07 xenstored.confd
ed262f15fb880badb53575539468646c xenconsoled.initd
......@@ -216,7 +216,7 @@ fcb5b9ff0bc4b4d39fed9b88891491b91628aa449914cfea321abe5da24c1da2 fix-pod2man-ch
e9f6c482fc449e0b540657a8988ad31f2e680b8933e50e6486687a52f6a9ed04 qemu-xen-websocket.patch
435dd428d83acdfde58888532a1cece1e9075b2a2460fe3f6cd33c7d400f2715 qemu-xen-tls-websockets.patch
7477c5acfc756f6498858e4a3eb250b3db84ee491a9d4ae38dddbc27275a370c qemu-coroutine-gthread.patch
9498c65a2c7aa454560605a7acf4702e9e3c48224421850c604be0723941c77f qemu-xen-websocket-plain-hack.patch
6c4c184462d47e7fd00e8d8f6bf12b33f6cf486f00415c1934ecf6c2b62f69c1 qemu-xen-websocket-plain-hack.patch
868c77d689ae54b7041da169bfaa01868503337d4105a071eb771f4ec5a0543d xenstored.initd
ea9171e71ab3d33061979bcf3bb737156192aa4b0be4d1234438ced75b6fdef3 xenstored.confd
93bea2eb90ea1b4628854c8141dd351bbd1fbc5959b12795447ea933ad025f01 xenconsoled.initd
......@@ -240,7 +240,7 @@ bda9105793f2327e1317991762120d0668af0e964076b18c9fdbfd509984b2e88d85df95702c46b2
45f1da45f3ff937d0a626e37c130d76f5b97f49a57ddeb11ef2a8e850c04c32c819a3dfcef501eb3784db5fe7b39c88230063e56aa6e5197fd9c7b7d424fff77 qemu-xen-websocket.patch
11eaccc346440ff285552f204d491e3b31bda1665c3219ecae3061b5d55db9dec885af0c031fa19c67e87bbe238002b1911bbd5bfea2f2ba0d61e6b3d0c952c9 qemu-xen-tls-websockets.patch
8b8df4f57ab725f54cfe44fb6b8d271ee22e94873f168e452293dd53955854b171b8311209133e5d825f9ce985219818803182b3451708a3452bc699b7b1dda1 qemu-coroutine-gthread.patch
0b1fc70267efd2303945dc64c8c224c52f5161c1f5bfc2b1db6392ec6945ecccb2ae93bacd3f0146d9b9cb0e568b80c8f1edf63cdd0b9e8a8ac57227ad198e3f qemu-xen-websocket-plain-hack.patch
692e29205fa3d0a6e4d1be69a242d55c44a1fee26c594e6e46d8809339f93dcdc31c0735723a46f63ae0a727741bdc8a899bb1ce9103a2cd701b236f63a17fa2 qemu-xen-websocket-plain-hack.patch
880584e0866b1efcf3b7a934f07072ec84c13c782e3e7a15848d38ba8af50259d46db037dca1e037b15274989f2c22acd1134954dd60c59f4ee693b417d03e0d xenstored.initd
100cf4112f401f45c1e4e885a5074698c484b40521262f6268fad286498e95f4c51e746f0e94eb43a590bb8e813a397bb53801ccacebec9541020799d8d70514 xenstored.confd
12f981b2459c65d66e67ec0b32d0d19b95a029bc54c2a79138cfe488d3524a22e51860f755abfe25ddcdaf1b27f2ded59b6e350b9d5f8791193d00e2d3673137 xenconsoled.initd
......
--- xen-4.3.0.orig/tools/qemu-xen/ui/vnc.c
+++ xen-4.3.0/tools/qemu-xen/ui/vnc.c
@@ -3121,7 +3121,7 @@
--- xen-4.3.0/tools/qemu-xen/ui/vnc-ws.c
+++ xen-4.3.0.mod/tools/qemu-xen/ui/vnc-ws.c
@@ -90,11 +90,6 @@
vncws_tls_handshake(vs);
}
-#define NEED_X509_AUTH(vs) \
- ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
- (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
- (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN || \
- (vs)->subauth == VNC_AUTH_VENCRYPT_X509SASL)
#endif
void vncws_handshake_read(void *opaque)
@@ -105,7 +100,7 @@
if (!vs->vd->want_tls)
return vncws_handshake_read_impl(vs);
- if (vnc_tls_client_setup(vs, NEED_X509_AUTH(vs)) < 0) {
+ if (vnc_tls_client_setup(vs, true) < 0) {
VNC_DEBUG("Failed to setup TLS\n");
return 0;
}
--- xen-4.3.0/tools/qemu-xen/ui/vnc.c
+++ xen-4.3.0.mod/tools/qemu-xen/ui/vnc.c
@@ -3121,7 +3121,11 @@
*/
if (password) {
#ifdef CONFIG_VNC_TLS
- if (tls) {
+ if (0) {
+#ifdef CONFIG_VNC_WS
+ if (tls && !vs->websocket) {
+#else
if (tls) {
+#endif
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 password auth\n");
@@ -3141,7 +3145,11 @@
#ifdef CONFIG_VNC_SASL
} else if (sasl) {
#ifdef CONFIG_VNC_TLS
+#ifdef CONFIG_VNC_WS
+ if (tls && !vs->websocket) {
+#else
if (tls) {
+#endif
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
@@ -3161,7 +3169,11 @@
#endif /* CONFIG_VNC_SASL */
} else {
#ifdef CONFIG_VNC_TLS
+#ifdef CONFIG_VNC_WS
+ if (tls && !vs->websocket) {
+#else
if (tls) {
+#endif
vs->auth = VNC_AUTH_VENCRYPT;
if (x509) {
VNC_DEBUG("Initializing VNC server with x509 no auth\n");
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment