[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NON
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NONE |
Date: |
Wed, 11 Dec 2013 17:06:54 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130923 Thunderbird/17.0.9 |
Il 11/12/2013 16:54, Gerd Hoffmann ha scritto:
> Current code silently changes the authentication settings
> in case you try to set a password without password authentication
> turned on. This is bad. Return an error instead.
>
> If we want allow changing auth settings at runtime this should
> be done explicitly using a separate monitor command, not as
> side effect of set_passwd.
>
> Signed-off-by: Gerd Hoffmann <address@hidden>
Isn't this backwards-incompatible?
Paolo
> ---
> ui/vnc.c | 34 ++++++----------------------------
> 1 file changed, 6 insertions(+), 28 deletions(-)
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 5601cc3..79efb80 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2971,26 +2971,6 @@ static void vnc_display_close(DisplayState *ds)
> #endif
> }
>
> -static int vnc_display_disable_login(DisplayState *ds)
> -{
> - VncDisplay *vs = vnc_display;
> -
> - if (!vs) {
> - return -1;
> - }
> -
> - if (vs->password) {
> - g_free(vs->password);
> - }
> -
> - vs->password = NULL;
> - if (vs->auth == VNC_AUTH_NONE) {
> - vs->auth = VNC_AUTH_VNC;
> - }
> -
> - return 0;
> -}
> -
> int vnc_display_password(DisplayState *ds, const char *password)
> {
> VncDisplay *vs = vnc_display;
> @@ -2998,20 +2978,18 @@ int vnc_display_password(DisplayState *ds, const char
> *password)
> if (!vs) {
> return -EINVAL;
> }
> -
> - if (!password) {
> - /* This is not the intention of this interface but err on the side
> - of being safe */
> - return vnc_display_disable_login(ds);
> + if (vs->auth == VNC_AUTH_NONE) {
> + error_printf_unless_qmp("If you want use passwords please enable "
> + "password auth using '-vnc
> ${dpy},password'.");
> + return -EINVAL;
> }
>
> if (vs->password) {
> g_free(vs->password);
> vs->password = NULL;
> }
> - vs->password = g_strdup(password);
> - if (vs->auth == VNC_AUTH_NONE) {
> - vs->auth = VNC_AUTH_VNC;
> + if (password) {
> + vs->password = g_strdup(password);
> }
>
> return 0;
>