From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IGH1t-0004t9-IE for qemu-devel@nongnu.org; Wed, 01 Aug 2007 12:26:33 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IGH1r-0004qO-PK for qemu-devel@nongnu.org; Wed, 01 Aug 2007 12:26:33 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IGH1r-0004q8-L2 for qemu-devel@nongnu.org; Wed, 01 Aug 2007 12:26:31 -0400 Received: from mx1.redhat.com ([66.187.233.31]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1IGH1r-00071F-HF for qemu-devel@nongnu.org; Wed, 01 Aug 2007 12:26:31 -0400 Date: Wed, 1 Aug 2007 17:26:28 +0100 From: "Daniel P. Berrange" Subject: Re: [Qemu-devel] PATCH 3/8: VNC password authentication Message-ID: <20070801162628.GD31282@redhat.com> References: <20070731192316.GI18730@redhat.com> <20070731192641.GL18730@redhat.com> <46AFE609.1080601@codemonkey.ws> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <46AFE609.1080601@codemonkey.ws> Reply-To: "Daniel P. Berrange" , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: qemu-devel@nongnu.org On Tue, Jul 31, 2007 at 08:46:49PM -0500, Anthony Liguori wrote: > Daniel P. Berrange wrote: > >This patch introduces support for VNC protocols upto 3.8 and with > >it, support for password based authentication. VNC's password based > >authentication is not entirely secure, but it is a standard and the > >RFB spec requires that all clients support it. The password can be > >provided by using the monitor 'change vnc :1' and it will prompt for > >a password to be entered. Passwords have upto 8 letters of context. > >Pressing 'enter' without entering any characters disables password > >auth in the server. NB, we need a custom copy of d3des here because > >VNC uses a 'special' modification of the algorithm. This d3des code > >is public domain & in all other VNC servers & clients. > > > > I think it may be better to have a command to explicitly set the vnc > password. Issuing "change vnc :1" just to change the password is a > little awkward IMHO. Ok I'll add a separate command for that - any preference for naming. I thought about 'change vncpassword', but the 'change' command requires 2 args and we'd only have 1 here. Or if we think there may be other devices/drivers which will have passwords in the future we could have 'change password vnc' as the command. > >- > >- vnc_write_u32(vs, 1); /* None */ > >- vnc_flush(vs); > >- > >- vnc_read_when(vs, protocol_client_init, 1); > >+ VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, > >vs->minor); > >+ if (vs->major != 3 || > >+ (vs->minor != 3 && > >+ vs->minor != 7 && > >+ vs->minor != 8)) { > >+ VNC_DEBUG("Unsupported client version\n"); > >+ vnc_write_u32(vs, VNC_AUTH_INVALID); > >+ vnc_flush(vs); > >+ vnc_client_error(vs); > >+ return 0; > >+ } > > > > A very popular VNC client uses 3.5 as the protocol version. I believe > the specification requires that 3.5 be treated at 3.3 because of that. Good point. I'll add support for that. Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|