From: Paolo Bonzini <pbonzini@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org, Anthony Liguori <aliguori@amazon.com>
Subject: Re: [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NONE
Date: Wed, 11 Dec 2013 17:06:54 +0100 [thread overview]
Message-ID: <52A88D9E.2070306@redhat.com> (raw)
In-Reply-To: <1386777271-12667-1-git-send-email-kraxel@redhat.com>
Il 11/12/2013 16:54, Gerd Hoffmann ha scritto:
> Current code silently changes the authentication settings
> in case you try to set a password without password authentication
> turned on. This is bad. Return an error instead.
>
> If we want allow changing auth settings at runtime this should
> be done explicitly using a separate monitor command, not as
> side effect of set_passwd.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Isn't this backwards-incompatible?
Paolo
> ---
> ui/vnc.c | 34 ++++++----------------------------
> 1 file changed, 6 insertions(+), 28 deletions(-)
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 5601cc3..79efb80 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2971,26 +2971,6 @@ static void vnc_display_close(DisplayState *ds)
> #endif
> }
>
> -static int vnc_display_disable_login(DisplayState *ds)
> -{
> - VncDisplay *vs = vnc_display;
> -
> - if (!vs) {
> - return -1;
> - }
> -
> - if (vs->password) {
> - g_free(vs->password);
> - }
> -
> - vs->password = NULL;
> - if (vs->auth == VNC_AUTH_NONE) {
> - vs->auth = VNC_AUTH_VNC;
> - }
> -
> - return 0;
> -}
> -
> int vnc_display_password(DisplayState *ds, const char *password)
> {
> VncDisplay *vs = vnc_display;
> @@ -2998,20 +2978,18 @@ int vnc_display_password(DisplayState *ds, const char *password)
> if (!vs) {
> return -EINVAL;
> }
> -
> - if (!password) {
> - /* This is not the intention of this interface but err on the side
> - of being safe */
> - return vnc_display_disable_login(ds);
> + if (vs->auth == VNC_AUTH_NONE) {
> + error_printf_unless_qmp("If you want use passwords please enable "
> + "password auth using '-vnc ${dpy},password'.");
> + return -EINVAL;
> }
>
> if (vs->password) {
> g_free(vs->password);
> vs->password = NULL;
> }
> - vs->password = g_strdup(password);
> - if (vs->auth == VNC_AUTH_NONE) {
> - vs->auth = VNC_AUTH_VNC;
> + if (password) {
> + vs->password = g_strdup(password);
> }
>
> return 0;
>
next prev parent reply other threads:[~2013-12-11 16:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-11 15:54 [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NONE Gerd Hoffmann
2013-12-11 16:06 ` Paolo Bonzini [this message]
2013-12-11 16:29 ` Gerd Hoffmann
2013-12-11 16:43 ` Paolo Bonzini
2013-12-12 12:44 ` Gerd Hoffmann
-- strict thread matches above, loose matches on Subject: below --
2014-05-21 10:54 Gerd Hoffmann
2014-05-22 4:05 ` Gonglei (Arei)
2014-05-22 5:47 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52A88D9E.2070306@redhat.com \
--to=pbonzini@redhat.com \
--cc=aliguori@amazon.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).