qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] PATCH 3/8: VNC password authentication

From: Anthony Liguori
Subject: Re: [Qemu-devel] PATCH 3/8: VNC password authentication
Date: Thu, 02 Aug 2007 09:35:54 -0500
User-agent: Thunderbird 1.5.0.12 (X11/20070604) 
Daniel P. Berrange wrote:

On Tue, Jul 31, 2007 at 08:46:49PM -0500, Anthony Liguori wrote:

Daniel P. Berrange wrote:

This patch introduces support for VNC protocols upto 3.8 and with
it, support for password based authentication. VNC's password based
authentication is not entirely secure, but it is a standard and the
RFB spec requires that all clients support it. The password can be
provided by using the monitor 'change vnc :1' and it will prompt for
a password to be entered. Passwords have upto 8 letters of context.
Pressing 'enter' without entering any characters disables password
auth in the server. NB, we need a custom copy of d3des here because
VNC uses a 'special' modification of the algorithm. This d3des code
is public domain & in all other VNC servers & clients.
I think it may be better to have a command to explicitly set the vnc password. Issuing "change vnc :1" just to change the password is a little awkward IMHO. 

Ok I'll add a separate command for that - any preference for naming.
I thought about 'change vncpassword', but the 'change' command requires
2 args and we'd only have 1 here.  Or if we think there may be other
devices/drivers which will have passwords in the future we could have
'change password vnc' as the command. 

I don't really have that strong of preference.

Regards,

Anthony Liguori


-
-    vnc_write_u32(vs, 1); /* None */
-    vnc_flush(vs);
-
-    vnc_read_when(vs, protocol_client_init, 1);
+ VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 
+    if (vs->major != 3 ||
+       (vs->minor != 3 &&
+        vs->minor != 7 &&
+        vs->minor != 8)) {
+       VNC_DEBUG("Unsupported client version\n");
+       vnc_write_u32(vs, VNC_AUTH_INVALID);
+       vnc_flush(vs);
+       vnc_client_error(vs);
+       return 0;
+    }
A very popular VNC client uses 3.5 as the protocol version. I believe the specification requires that 3.5 be treated at 3.3 because of that. 

Good point. I'll add support for that.

Regards,
Dan.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]