From: Paolo Bonzini <pbonzini@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org, Anthony Liguori <aliguori@amazon.com>
Subject: Re: [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NONE
Date: Wed, 11 Dec 2013 17:06:54 +0100 [thread overview]
Message-ID: <52A88D9E.2070306@redhat.com> (raw)
In-Reply-To: <1386777271-12667-1-git-send-email-kraxel@redhat.com>
Il 11/12/2013 16:54, Gerd Hoffmann ha scritto:
> Current code silently changes the authentication settings
> in case you try to set a password without password authentication
> turned on. This is bad. Return an error instead.
>
> If we want allow changing auth settings at runtime this should
> be done explicitly using a separate monitor command, not as
> side effect of set_passwd.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Isn't this backwards-incompatible?
Paolo
> ---
> ui/vnc.c | 34 ++++++----------------------------
> 1 file changed, 6 insertions(+), 28 deletions(-)
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 5601cc3..79efb80 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2971,26 +2971,6 @@ static void vnc_display_close(DisplayState *ds)
> #endif
> }
>
> -static int vnc_display_disable_login(DisplayState *ds)
> -{
> - VncDisplay *vs = vnc_display;
> -
> - if (!vs) {
> - return -1;
> - }
> -
> - if (vs->password) {
> - g_free(vs->password);
> - }
> -
> - vs->password = NULL;
> - if (vs->auth == VNC_AUTH_NONE) {
> - vs->auth = VNC_AUTH_VNC;
> - }
> -
> - return 0;
> -}
> -
> int vnc_display_password(DisplayState *ds, const char *password)
> {
> VncDisplay *vs = vnc_display;
> @@ -2998,20 +2978,18 @@ int vnc_display_password(DisplayState *ds, const char *password)
> if (!vs) {
> return -EINVAL;
> }
> -
> - if (!password) {
> - /* This is not the intention of this interface but err on the side
> - of being safe */
> - return vnc_display_disable_login(ds);
> + if (vs->auth == VNC_AUTH_NONE) {
> + error_printf_unless_qmp("If you want use passwords please enable "
> + "password auth using '-vnc ${dpy},password'.");
> + return -EINVAL;
> }
>
> if (vs->password) {
> g_free(vs->password);
> vs->password = NULL;
> }
> - vs->password = g_strdup(password);
> - if (vs->auth == VNC_AUTH_NONE) {
> - vs->auth = VNC_AUTH_VNC;
> + if (password) {
> + vs->password = g_strdup(password);
> }
>
> return 0;
>
next prev parent reply other threads:[~2013-12-11 16:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-11 15:54 [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NONE Gerd Hoffmann
2013-12-11 16:06 ` Paolo Bonzini [this message]
2013-12-11 16:29 ` Gerd Hoffmann
2013-12-11 16:43 ` Paolo Bonzini
2013-12-12 12:44 ` Gerd Hoffmann
-- strict thread matches above, loose matches on Subject: below --
2014-05-21 10:54 Gerd Hoffmann
2014-05-22 4:05 ` Gonglei (Arei)
2014-05-22 5:47 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52A88D9E.2070306@redhat.com \
--to=pbonzini@redhat.com \
--cc=aliguori@amazon.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.