Re: [Qemu-devel] PATCH 3/8: VNC password authentication

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Anthony Liguori <anthony@codemonkey.ws>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] PATCH 3/8: VNC password authentication
Date: Thu, 02 Aug 2007 09:35:54 -0500	[thread overview]
Message-ID: <46B1EBCA.8030208@codemonkey.ws> (raw)
In-Reply-To: <20070801162628.GD31282@redhat.com>

Daniel P. Berrange wrote:
> On Tue, Jul 31, 2007 at 08:46:49PM -0500, Anthony Liguori wrote:
>   
>> Daniel P. Berrange wrote:
>>     
>>> This patch introduces support for VNC protocols upto 3.8 and with
>>> it, support for password based authentication. VNC's password based
>>> authentication is not entirely secure, but it is a standard and the
>>> RFB spec requires that all clients support it. The password can be
>>> provided by using the monitor 'change vnc :1' and it will prompt for
>>> a password to be entered. Passwords have upto 8 letters of context.
>>> Pressing 'enter' without entering any characters disables password
>>> auth in the server. NB, we need a custom copy of d3des here because
>>> VNC uses a 'special' modification of the algorithm. This d3des code
>>> is public domain & in all other VNC servers & clients.
>>>  
>>>       
>> I think it may be better to have a command to explicitly set the vnc 
>> password.  Issuing "change vnc :1" just to change the password is a 
>> little awkward IMHO.
>>     
>
> Ok I'll add a separate command for that - any preference for naming.
> I thought about 'change vncpassword', but the 'change' command requires
> 2 args and we'd only have 1 here.  Or if we think there may be other
> devices/drivers which will have passwords in the future we could have
> 'change password vnc' as the command. 
>   

I don't really have that strong of preference.

Regards,

Anthony Liguori

>>> -
>>> -    vnc_write_u32(vs, 1); /* None */
>>> -    vnc_flush(vs);
>>> -
>>> -    vnc_read_when(vs, protocol_client_init, 1);
>>> +    VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, 
>>> vs->minor);
>>> +    if (vs->major != 3 ||
>>> +	(vs->minor != 3 &&
>>> +	 vs->minor != 7 &&
>>> +	 vs->minor != 8)) {
>>> +	VNC_DEBUG("Unsupported client version\n");
>>> +	vnc_write_u32(vs, VNC_AUTH_INVALID);
>>> +	vnc_flush(vs);
>>> +	vnc_client_error(vs);
>>> +	return 0;
>>> +    }
>>>  
>>>       
>> A very popular VNC client uses 3.5 as the protocol version.  I believe 
>> the specification requires that 3.5 be treated at 3.3 because of that.
>>     
>
> Good point. I'll add support for that.
>
> Regards,
> Dan.
>

next prev parent reply	other threads:[~2007-08-02 14:36 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-31 19:23 [Qemu-devel] PATCH 0/8: Authentication support for the VNC server Daniel P. Berrange
2007-07-31 19:25 ` [Qemu-devel] PATCH 1/8: Refactor VNC server setup API Daniel P. Berrange
2007-07-31 19:25 ` [Qemu-devel] PATCH 2/8: Extend monitor 'change' command for VNC Daniel P. Berrange
2007-08-01  1:43   ` Anthony Liguori
2007-07-31 19:26 ` [Qemu-devel] PATCH 3/8: VNC password authentication Daniel P. Berrange
2007-08-01  1:46   ` Anthony Liguori
2007-08-01 16:26     ` Daniel P. Berrange
2007-08-02 14:35       ` Anthony Liguori [this message]
2007-07-31 19:27 ` [Qemu-devel] PATCH 4/8: VeNCrypt basic TLS support Daniel P. Berrange
2007-08-01  1:50   ` Anthony Liguori
2007-08-01 16:28     ` Daniel P. Berrange
2007-07-31 19:28 ` [Qemu-devel] PATCH 5/8: x509 certificate for server Daniel P. Berrange
2007-07-31 19:28 ` [Qemu-devel] PATCH 6/8: x509 client certificate verification Daniel P. Berrange
2007-07-31 19:29 ` [Qemu-devel] PATCH 7/8: command line args for x509 cert paths Daniel P. Berrange
2007-08-01  1:54   ` Anthony Liguori
2007-08-01 16:31     ` Daniel P. Berrange
2007-07-31 19:30 ` [Qemu-devel] PATCH 8/8: document all VNC authentication options Daniel P. Berrange
2007-08-01  1:55 ` [Qemu-devel] PATCH 0/8: Authentication support for the VNC server Anthony Liguori
  -- strict thread matches above, loose matches on Subject: below --
2007-08-13 19:25 Daniel P. Berrange
2007-08-13 19:44 ` [Qemu-devel] PATCH 3/8: VNC password authentication Daniel P. Berrange

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=46B1EBCA.8030208@codemonkey.ws \
    --to=anthony@codemonkey.ws \
    --cc=berrange@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).