From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=55687 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PozC8-0000wZ-8g for qemu-devel@nongnu.org; Mon, 14 Feb 2011 09:14:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PozC0-0002CA-Dt for qemu-devel@nongnu.org; Mon, 14 Feb 2011 09:14:21 -0500 Received: from e32.co.us.ibm.com ([32.97.110.150]:42472) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PozC0-0002A1-69 for qemu-devel@nongnu.org; Mon, 14 Feb 2011 09:14:20 -0500 Received: from d03relay01.boulder.ibm.com (d03relay01.boulder.ibm.com [9.17.195.226]) by e32.co.us.ibm.com (8.14.4/8.13.1) with ESMTP id p1EE3uwY011474 for ; Mon, 14 Feb 2011 07:03:56 -0700 Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169]) by d03relay01.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p1EEEGBb082000 for ; Mon, 14 Feb 2011 07:14:16 -0700 Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1]) by d03av03.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p1EEEF9E011137 for ; Mon, 14 Feb 2011 07:14:15 -0700 Message-ID: <4D5938AF.904@linux.vnet.ibm.com> Date: Mon, 14 Feb 2011 08:14:07 -0600 From: Anthony Liguori MIME-Version: 1.0 References: <1296506599-7126-1-git-send-email-aliguori@us.ibm.com> <4D590A93.8080407@redhat.com> <4D591B9C.8060705@linux.vnet.ibm.com> <20110214122410.GG2729@redhat.com> In-Reply-To: <20110214122410.GG2729@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] Re: [PATCH] vnc: Fix password expiration through 'change vnc ""' List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: Neil Wilson , Gerd Hoffmann , qemu-devel@nongnu.org On 02/14/2011 06:24 AM, Daniel P. Berrange wrote: > On Mon, Feb 14, 2011 at 06:10:04AM -0600, Anthony Liguori wrote: > >> On 02/14/2011 04:57 AM, Gerd Hoffmann wrote: >> >>> On 01/31/11 21:43, Anthony Liguori wrote: >>> >>>> commit 52c18be9e99dabe295321153fda7fce9f76647ac introduced a >>>> regression in the >>>> change vnc password command that changed the behavior of setting the VNC >>>> password to an empty string from disabling login to disabling >>>> authentication. >>>> >>>> This commit refactors the code to eliminate this overloaded semantics in >>>> vnc_display_password and instead introduces the >>>> vnc_display_disable_login. The >>>> monitor implementation then determines the behavior of an empty >>>> or missing >>>> string. >>>> >>> Hmm, now about simply never ever changing vs->auth? >>> >> If auth is none and you do a vnc change password "" then if we don't >> set vs->auth to vnc, it won't have the desired effect. I really >> dislike the semantics of this command but that was a past mistake. >> > Actually blindly setting 'vs->auth' to 'vnc' is also a security flaw. > But this is the semantics of the command. I agree it's stupid but a security flaw is a regression and this is not a regression. This is why the set-password command no longer does any of this nonsense. > If using the VeNCrypt security method, then 'vs->auth' will be VENCRYPT > and the 'vs->subauth' will possibly indicate the 'VNC' sub-auth scheme. > So we really do want the change password command to leave 'vs->auth' > alone completely - just change the password string, with no side effects > on auth methods. If an app intends to use the change password command > it will have already launched QEMU with neccessary -vnc flags to set the > desired vs->auth and vs->subauth methods. > I think I see how this could work but I'm not sure it's worth doing. I'd rather just leave the (bad) semantics of this command alone and deprecate the interface. Regards, Anthony Liguori > Regards, > Daniel >