From mboxrd@z Thu Jan 1 00:00:00 1970 From: Samuel Thibault Subject: Re: ioemu: empty vnc passwd Date: Wed, 23 Jan 2008 16:50:39 +0000 Message-ID: <20080123165039.GN4252@implementation.uk.xensource.com> References: <20080123161130.GD5188@implementation.uk.xensource.com> <200801231719.34142.Christoph.Egger@amd.com> <20080123162811.GE24352@redhat.com> <20080123164233.GM4252@implementation.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Return-path: Content-Disposition: inline In-Reply-To: <20080123164233.GM4252@implementation.uk.xensource.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: "Daniel P. Berrange" , Christoph Egger , xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Samuel Thibault, le Wed 23 Jan 2008 16:42:33 +0000, a écrit : > Daniel P. Berrange, le Wed 23 Jan 2008 16:28:11 +0000, a écrit : > > VNC password authentication is turned on / off via the ',passwd' flag on > > the -vnc command line to QEMU. If password auth is on, and a zero length > > string is found as a password, then all logins are completely disabled - > > the VNC password auth code will fail all logins. If passwd auth is off on > > the command line, then any password stored in xenstore is irrelevant, no > > matter what length it is. > > Ok, so the real fix seems to be to take that flag into account (which is > not the case currently). Which actually boils down to applying the two patches I have proposed: on a xenstore read failure, an empty password is stored (which is fine when there is no passwd in the configuration), and hence if ',passwd' was given on the -vnc command line (i.e. some passwd was given in the configuration but it somehow didn't make through to xenstore), all logins will be completely disabled, so we're on the safe side. Samuel