From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49391) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VqmJX-0000e2-Np for qemu-devel@nongnu.org; Wed, 11 Dec 2013 11:07:16 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VqmJP-0004zC-AK for qemu-devel@nongnu.org; Wed, 11 Dec 2013 11:07:07 -0500 Received: from mail-qe0-x230.google.com ([2607:f8b0:400d:c02::230]:62834) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VqmJP-0004z8-5i for qemu-devel@nongnu.org; Wed, 11 Dec 2013 11:06:59 -0500 Received: by mail-qe0-f48.google.com with SMTP id gc15so5368891qeb.21 for ; Wed, 11 Dec 2013 08:06:58 -0800 (PST) Sender: Paolo Bonzini Message-ID: <52A88D9E.2070306@redhat.com> Date: Wed, 11 Dec 2013 17:06:54 +0100 From: Paolo Bonzini MIME-Version: 1.0 References: <1386777271-12667-1-git-send-email-kraxel@redhat.com> In-Reply-To: <1386777271-12667-1-git-send-email-kraxel@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NONE List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Gerd Hoffmann Cc: qemu-devel@nongnu.org, Anthony Liguori Il 11/12/2013 16:54, Gerd Hoffmann ha scritto: > Current code silently changes the authentication settings > in case you try to set a password without password authentication > turned on. This is bad. Return an error instead. > > If we want allow changing auth settings at runtime this should > be done explicitly using a separate monitor command, not as > side effect of set_passwd. > > Signed-off-by: Gerd Hoffmann Isn't this backwards-incompatible? Paolo > --- > ui/vnc.c | 34 ++++++---------------------------- > 1 file changed, 6 insertions(+), 28 deletions(-) > > diff --git a/ui/vnc.c b/ui/vnc.c > index 5601cc3..79efb80 100644 > --- a/ui/vnc.c > +++ b/ui/vnc.c > @@ -2971,26 +2971,6 @@ static void vnc_display_close(DisplayState *ds) > #endif > } > > -static int vnc_display_disable_login(DisplayState *ds) > -{ > - VncDisplay *vs = vnc_display; > - > - if (!vs) { > - return -1; > - } > - > - if (vs->password) { > - g_free(vs->password); > - } > - > - vs->password = NULL; > - if (vs->auth == VNC_AUTH_NONE) { > - vs->auth = VNC_AUTH_VNC; > - } > - > - return 0; > -} > - > int vnc_display_password(DisplayState *ds, const char *password) > { > VncDisplay *vs = vnc_display; > @@ -2998,20 +2978,18 @@ int vnc_display_password(DisplayState *ds, const char *password) > if (!vs) { > return -EINVAL; > } > - > - if (!password) { > - /* This is not the intention of this interface but err on the side > - of being safe */ > - return vnc_display_disable_login(ds); > + if (vs->auth == VNC_AUTH_NONE) { > + error_printf_unless_qmp("If you want use passwords please enable " > + "password auth using '-vnc ${dpy},password'."); > + return -EINVAL; > } > > if (vs->password) { > g_free(vs->password); > vs->password = NULL; > } > - vs->password = g_strdup(password); > - if (vs->auth == VNC_AUTH_NONE) { > - vs->auth = VNC_AUTH_VNC; > + if (password) { > + vs->password = g_strdup(password); > } > > return 0; >