From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=40871 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1P3wWb-0001DM-MP
	for qemu-devel@nongnu.org; Thu, 07 Oct 2010 15:53:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1P3wWa-0008F2-Ir
	for qemu-devel@nongnu.org; Thu, 07 Oct 2010 15:53:09 -0400
Received: from mail-pv0-f173.google.com ([74.125.83.173]:55930)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1P3wWa-0008Ey-80
	for qemu-devel@nongnu.org; Thu, 07 Oct 2010 15:53:08 -0400
Received: by pvc30 with SMTP id 30so90701pvc.4
	for <qemu-devel@nongnu.org>; Thu, 07 Oct 2010 12:53:07 -0700 (PDT)
Message-ID: <4CAE2521.2070500@codemonkey.ws>
Date: Thu, 07 Oct 2010 14:53:05 -0500
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire
References: <1286450121-17153-1-git-send-email-kraxel@redhat.com>
	<1286450121-17153-3-git-send-email-kraxel@redhat.com>
In-Reply-To: <1286450121-17153-3-git-send-email-kraxel@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org

On 10/07/2010 06:15 AM, Gerd Hoffmann wrote:
> This patch adds support for expiring passwords to vnc.  It adds a new
> lifetime parameter to the vnc_display_password() function, which
> specifies the number of seconds the new password will be valid.  Passing
> zero as lifetime maintains current behavior (password never expires).
>
> Signed-off-by: Gerd Hoffmann<kraxel@redhat.com>
>    

This has been posted before and I've never understood it.  Why can't a 
management tool just expire passwords on it's own?

How does password expiration help with security at all?

Regards,

Anthony Liguori

> ---
>   console.h |    2 +-
>   monitor.c |    3 +--
>   ui/vnc.c  |   15 ++++++++++++++-
>   ui/vnc.h  |    1 +
>   4 files changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/console.h b/console.h
> index aafb031..24670e5 100644
> --- a/console.h
> +++ b/console.h
> @@ -368,7 +368,7 @@ void cocoa_display_init(DisplayState *ds, int full_screen);
>   void vnc_display_init(DisplayState *ds);
>   void vnc_display_close(DisplayState *ds);
>   int vnc_display_open(DisplayState *ds, const char *display);
> -int vnc_display_password(DisplayState *ds, const char *password);
> +int vnc_display_password(DisplayState *ds, const char *password, int lifetime);
>   void do_info_vnc_print(Monitor *mon, const QObject *data);
>   void do_info_vnc(Monitor *mon, QObject **ret_data);
>   char *vnc_display_local_addr(DisplayState *ds);
> diff --git a/monitor.c b/monitor.c
> index fbb678d..d82eb9e 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -966,11 +966,10 @@ static int do_quit(Monitor *mon, const QDict *qdict, QObject **ret_data)
>
>   static int change_vnc_password(const char *password)
>   {
> -    if (vnc_display_password(NULL, password)<  0) {
> +    if (vnc_display_password(NULL, password, 0)<  0) {
>           qerror_report(QERR_SET_PASSWD_FAILED);
>           return -1;
>       }
> -
>       return 0;
>   }
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 1ef0fc5..51aa9ca 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2078,11 +2078,19 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
>       unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
>       int i, j, pwlen;
>       unsigned char key[8];
> +    time_t now;
>
>       if (!vs->vd->password || !vs->vd->password[0]) {
>           VNC_DEBUG("No password configured on server");
>           goto reject;
>       }
> +    if (vs->vd->expires) {
> +        time(&now);
> +        if (vs->vd->expires<  now) {
> +            VNC_DEBUG("Password is expired");
> +            goto reject;
> +        }
> +    }
>
>       memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
>
> @@ -2474,7 +2482,7 @@ void vnc_display_close(DisplayState *ds)
>   #endif
>   }
>
> -int vnc_display_password(DisplayState *ds, const char *password)
> +int vnc_display_password(DisplayState *ds, const char *password, int lifetime)
>   {
>       VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
>
> @@ -2492,6 +2500,11 @@ int vnc_display_password(DisplayState *ds, const char *password)
>           if (vs->auth == VNC_AUTH_NONE) {
>               vs->auth = VNC_AUTH_VNC;
>           }
> +        if (lifetime) {
> +            vs->expires = time(NULL) + lifetime;
> +        } else {
> +            vs->expires = 0;
> +        }
>       } else {
>           vs->auth = VNC_AUTH_NONE;
>       }
> diff --git a/ui/vnc.h b/ui/vnc.h
> index 9619b24..4f895be 100644
> --- a/ui/vnc.h
> +++ b/ui/vnc.h
> @@ -120,6 +120,7 @@ struct VncDisplay
>
>       char *display;
>       char *password;
> +    time_t expires;
>       int auth;
>       bool lossy;
>   #ifdef CONFIG_VNC_TLS
>