From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>, Anthony Liguori <aliguori@amazon.com>
Subject: [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NONE
Date: Wed, 21 May 2014 12:54:21 +0200 [thread overview]
Message-ID: <1400669661-18353-1-git-send-email-kraxel@redhat.com> (raw)
Current code silently changes the authentication settings
in case you try to set a password without password authentication
turned on. This is bad. Return an error instead.
If we want allow changing auth settings at runtime this should
be done explicitly using a separate monitor command, not as
side effect of set_passwd.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/vnc.c | 34 ++++++----------------------------
1 file changed, 6 insertions(+), 28 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index 2d7def9..64aa2fa 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2976,26 +2976,6 @@ static void vnc_display_close(DisplayState *ds)
#endif
}
-static int vnc_display_disable_login(DisplayState *ds)
-{
- VncDisplay *vs = vnc_display;
-
- if (!vs) {
- return -1;
- }
-
- if (vs->password) {
- g_free(vs->password);
- }
-
- vs->password = NULL;
- if (vs->auth == VNC_AUTH_NONE) {
- vs->auth = VNC_AUTH_VNC;
- }
-
- return 0;
-}
-
int vnc_display_password(DisplayState *ds, const char *password)
{
VncDisplay *vs = vnc_display;
@@ -3003,20 +2983,18 @@ int vnc_display_password(DisplayState *ds, const char *password)
if (!vs) {
return -EINVAL;
}
-
- if (!password) {
- /* This is not the intention of this interface but err on the side
- of being safe */
- return vnc_display_disable_login(ds);
+ if (vs->auth == VNC_AUTH_NONE) {
+ error_printf_unless_qmp("If you want use passwords please enable "
+ "password auth using '-vnc ${dpy},password'.");
+ return -EINVAL;
}
if (vs->password) {
g_free(vs->password);
vs->password = NULL;
}
- vs->password = g_strdup(password);
- if (vs->auth == VNC_AUTH_NONE) {
- vs->auth = VNC_AUTH_VNC;
+ if (password) {
+ vs->password = g_strdup(password);
}
return 0;
--
1.8.3.1
next reply other threads:[~2014-05-21 10:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-21 10:54 Gerd Hoffmann [this message]
2014-05-22 4:05 ` [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NONE Gonglei (Arei)
2014-05-22 5:47 ` Gerd Hoffmann
-- strict thread matches above, loose matches on Subject: below --
2013-12-11 15:54 Gerd Hoffmann
2013-12-11 16:06 ` Paolo Bonzini
2013-12-11 16:29 ` Gerd Hoffmann
2013-12-11 16:43 ` Paolo Bonzini
2013-12-12 12:44 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1400669661-18353-1-git-send-email-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=aliguori@amazon.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).