From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:38792) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RySL2-0000TD-Ds for qemu-devel@nongnu.org; Fri, 17 Feb 2012 13:15:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RySKw-0002aW-Mi for qemu-devel@nongnu.org; Fri, 17 Feb 2012 13:15:20 -0500 Received: from e4.ny.us.ibm.com ([32.97.182.144]:60507) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RySKw-0002aL-Ia for qemu-devel@nongnu.org; Fri, 17 Feb 2012 13:15:14 -0500 Received: from /spool/local by e4.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 17 Feb 2012 13:15:12 -0500 Received: from d01relay03.pok.ibm.com (d01relay03.pok.ibm.com [9.56.227.235]) by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 0374538C808F for ; Fri, 17 Feb 2012 13:14:53 -0500 (EST) Received: from d03av06.boulder.ibm.com (d03av06.boulder.ibm.com [9.17.195.245]) by d01relay03.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q1HIEo4P060834 for ; Fri, 17 Feb 2012 13:14:50 -0500 Received: from d03av06.boulder.ibm.com (loopback [127.0.0.1]) by d03av06.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q1HIEptO023032 for ; Fri, 17 Feb 2012 11:14:51 -0700 Message-ID: <4F3E9911.3010304@us.ibm.com> Date: Fri, 17 Feb 2012 12:14:41 -0600 From: Anthony Liguori MIME-Version: 1.0 References: <1329223049-26896-1-git-send-email-berrange@redhat.com> In-Reply-To: <1329223049-26896-1-git-send-email-berrange@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] vnc: Don't demote authentication scheme when changing password/disabling login List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: qemu-devel@nongnu.org, Gerd Hoffmann On 02/14/2012 06:37 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" > > Currently when disabling login in VNC, the password is cleared out and the > authentication protocol is forced to AUTH_VNC. If you're using a stronger > authentication protocol, this has the effect of downgrading your security > protocol. > > Fix this by only changing the authentication protocol if the current > authentication protocol is AUTH_NONE. That ensures we're never downgrading. > > Signed-off-by: Daniel P. Berrange > Signed-off-by: Anthony Liguori Applied. Thanks. Regards, Anthony Liguori > -- > NB. This patch is derived from one posted by Anthony last year, which got > accidentally lost after Luiz took over the QMP series work > > https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg00392.html > > v1 -> v2 > - Make sure to not demote when changing password (Daniel) > v2 -> v3 > - Rebase to latest GIT master wrt QMP changes > --- > ui/vnc.c | 8 ++++++-- > 1 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/ui/vnc.c b/ui/vnc.c > index 16b79ec..c449fcd 100644 > --- a/ui/vnc.c > +++ b/ui/vnc.c > @@ -2679,7 +2679,9 @@ int vnc_display_disable_login(DisplayState *ds) > } > > vs->password = NULL; > - vs->auth = VNC_AUTH_VNC; > + if (vs->auth == VNC_AUTH_NONE) { > + vs->auth = VNC_AUTH_VNC; > + } > > return 0; > } > @@ -2703,7 +2705,9 @@ int vnc_display_password(DisplayState *ds, const char *password) > vs->password = NULL; > } > vs->password = g_strdup(password); > - vs->auth = VNC_AUTH_VNC; > + if (vs->auth == VNC_AUTH_NONE) { > + vs->auth = VNC_AUTH_VNC; > + } > > return 0; > }