From: Anthony Liguori <aliguori@us.ibm.com>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] vnc: Don't demote authentication scheme when changing password/disabling login
Date: Fri, 17 Feb 2012 12:14:41 -0600 [thread overview]
Message-ID: <4F3E9911.3010304@us.ibm.com> (raw)
In-Reply-To: <1329223049-26896-1-git-send-email-berrange@redhat.com>
On 02/14/2012 06:37 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"<berrange@redhat.com>
>
> Currently when disabling login in VNC, the password is cleared out and the
> authentication protocol is forced to AUTH_VNC. If you're using a stronger
> authentication protocol, this has the effect of downgrading your security
> protocol.
>
> Fix this by only changing the authentication protocol if the current
> authentication protocol is AUTH_NONE. That ensures we're never downgrading.
>
> Signed-off-by: Daniel P. Berrange<berrange@redhat.com>
> Signed-off-by: Anthony Liguori<aliguori@us.ibm.com>
Applied. Thanks.
Regards,
Anthony Liguori
> --
> NB. This patch is derived from one posted by Anthony last year, which got
> accidentally lost after Luiz took over the QMP series work
>
> https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg00392.html
>
> v1 -> v2
> - Make sure to not demote when changing password (Daniel)
> v2 -> v3
> - Rebase to latest GIT master wrt QMP changes
> ---
> ui/vnc.c | 8 ++++++--
> 1 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 16b79ec..c449fcd 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2679,7 +2679,9 @@ int vnc_display_disable_login(DisplayState *ds)
> }
>
> vs->password = NULL;
> - vs->auth = VNC_AUTH_VNC;
> + if (vs->auth == VNC_AUTH_NONE) {
> + vs->auth = VNC_AUTH_VNC;
> + }
>
> return 0;
> }
> @@ -2703,7 +2705,9 @@ int vnc_display_password(DisplayState *ds, const char *password)
> vs->password = NULL;
> }
> vs->password = g_strdup(password);
> - vs->auth = VNC_AUTH_VNC;
> + if (vs->auth == VNC_AUTH_NONE) {
> + vs->auth = VNC_AUTH_VNC;
> + }
>
> return 0;
> }
prev parent reply other threads:[~2012-02-17 18:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-14 12:37 [Qemu-devel] [PATCH] vnc: Don't demote authentication scheme when changing password/disabling login Daniel P. Berrange
2012-02-17 18:14 ` Anthony Liguori [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F3E9911.3010304@us.ibm.com \
--to=aliguori@us.ibm.com \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.