From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: ioemu: empty vnc passwd
Date: Wed, 23 Jan 2008 16:54:16 +0000
Message-ID: <20080123165416.GC17258@redhat.com>
References: <20080123161130.GD5188@implementation.uk.xensource.com>
	<200801231719.34142.Christoph.Egger@amd.com>
	<20080123162811.GE24352@redhat.com>
	<20080123164233.GM4252@implementation.uk.xensource.com>
	<20080123165039.GN4252@implementation.uk.xensource.com>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <20080123165039.GN4252@implementation.uk.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Samuel Thibault <samuel.thibault@eu.citrix.com>, Christoph Egger <Christoph.Egger@amd.com>, xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

On Wed, Jan 23, 2008 at 04:50:39PM +0000, Samuel Thibault wrote:
> Samuel Thibault, le Wed 23 Jan 2008 16:42:33 +0000, a =E9crit :
> > Daniel P. Berrange, le Wed 23 Jan 2008 16:28:11 +0000, a =E9crit :
> > > VNC password authentication is turned on / off via the ',passwd' fl=
ag on
> > > the -vnc command line to QEMU. If password auth is on, and a zero l=
ength=20
> > > string is found as a password, then all logins are completely disab=
led -=20
> > > the VNC password auth code will fail all logins. If passwd auth is =
off on=20
> > > the  command line, then any password stored in xenstore is irreleva=
nt, no
> > > matter what length it is.
> >=20
> > Ok, so the real fix seems to be to take that flag into account (which=
 is
> > not the case currently).
>=20
> Which actually boils down to applying the two patches I have proposed:
> on a xenstore read failure, an empty password is stored (which is fine
> when there is no passwd in the configuration), and hence if ',passwd'
> was given on the -vnc command line (i.e. some passwd was given in the
> configuration but it somehow didn't make through to xenstore), all
> logins will be completely disabled, so we're on the safe side.

Yes, that sounds like correct behaviour - if password goes missing from
xenstore then clients are rejected

Dan.
--=20
|=3D- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 24=
96 -=3D|
|=3D-           Perl modules: http://search.cpan.org/~danberr/           =
   -=3D|
|=3D-               Projects: http://freshmeat.net/~danielpb/            =
   -=3D|
|=3D-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 950=
5  -=3D|=20