Patchwork [14/14] vnc: don't demote authentication protocol when disabling login

login
register
mail settings
Submitter Anthony Liguori
Date Aug. 24, 2011, 6:43 p.m.
Message ID <1314211389-28915-15-git-send-email-aliguori@us.ibm.com>
Download mbox | patch
Permalink /patch/111404/
State New
Headers show

Comments

Anthony Liguori - Aug. 24, 2011, 6:43 p.m.
Currently when disabling login in VNC, the password is cleared out and the
authentication protocol is forced to AUTH_VNC.  If you're using a stronger
authentication protocol, this has the effect of downgrading your security
protocol.

Fix this by only changing the authentication protocol if the current
authentication protocol is AUTH_NONE.  That ensures we're never downgrading.

Reported-by: Daniel Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
 monitor.c |   18 ------------------
 qmp.c     |   19 +++++++++++++++++++
 ui/vnc.c  |    4 +++-
 3 files changed, 22 insertions(+), 19 deletions(-)
Daniel P. Berrange - Aug. 24, 2011, 8:45 p.m.
On Wed, Aug 24, 2011 at 01:43:09PM -0500, Anthony Liguori wrote:
> Currently when disabling login in VNC, the password is cleared out and the
> authentication protocol is forced to AUTH_VNC.  If you're using a stronger
> authentication protocol, this has the effect of downgrading your security
> protocol.
> 
> Fix this by only changing the authentication protocol if the current
> authentication protocol is AUTH_NONE.  That ensures we're never downgrading.
> 
> Reported-by: Daniel Berrange <berrange@redhat.com>
> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
> ---
>  monitor.c |   18 ------------------
>  qmp.c     |   19 +++++++++++++++++++
>  ui/vnc.c  |    4 +++-
>  3 files changed, 22 insertions(+), 19 deletions(-)
> 
> diff --git a/monitor.c b/monitor.c
> index 9801a2d..ad73bc5 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -1005,24 +1005,6 @@ static int do_quit(Monitor *mon, const QDict *qdict, QObject **ret_data)
>      return 0;
>  }
>  
> -void qmp_change(const char *device, const char *target,
> -                bool has_arg, const char *arg, Error **err)
> -{
> -    if (strcmp(device, "vnc") == 0) {
> -        if (strcmp(target, "passwd") == 0 || strcmp(target, "password") == 0) {
> -            if (!has_arg || !arg[0]) {
> -                vnc_display_disable_login(NULL);
> -            } else {
> -                qmp_change_vnc_password(arg, err);
> -            }
> -        } else {
> -            qmp_change_vnc_listen(target, err);
> -        }
> -    } else {
> -        deprecated_qmp_change_blockdev(device, target, has_arg, arg, err);
> -    }
> -}
> -
>  static int set_password(Monitor *mon, const QDict *qdict, QObject **ret_data)
>  {
>      const char *protocol  = qdict_get_str(qdict, "protocol");
> diff --git a/qmp.c b/qmp.c
> index 73d6172..5674adc 100644
> --- a/qmp.c
> +++ b/qmp.c
> @@ -16,6 +16,7 @@
>  
>  #include "sysemu.h"
>  #include "console.h"
> +#include "blockdev.h"
>  
>  NameInfo *qmp_query_name(Error **errp)
>  {
> @@ -42,3 +43,21 @@ void qmp_change_vnc_listen(const char *target, Error **err)
>          error_set(err, QERR_VNC_SERVER_FAILED, target);
>      }
>  }
> +
> +void qmp_change(const char *device, const char *target,
> +                bool has_arg, const char *arg, Error **err)
> +{
> +    if (strcmp(device, "vnc") == 0) {
> +        if (strcmp(target, "passwd") == 0 || strcmp(target, "password") == 0) {
> +            if (!has_arg || !arg[0]) {
> +                vnc_display_disable_login(NULL);
> +            } else {
> +                qmp_change_vnc_password(arg, err);
> +            }
> +        } else {
> +            qmp_change_vnc_listen(target, err);
> +        }
> +    } else {
> +        deprecated_qmp_change_blockdev(device, target, has_arg, arg, err);
> +    }
> +}
> diff --git a/ui/vnc.c b/ui/vnc.c
> index fc3a612..ecb216f 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2648,7 +2648,9 @@ int vnc_display_disable_login(DisplayState *ds)
>      }
>  
>      vs->password = NULL;
> -    vs->auth = VNC_AUTH_VNC;
> +    if (vs->auth == VNC_AUTH_NONE) {
> +        vs->auth = VNC_AUTH_VNC;
> +    }
>  
>      return 0;
>  }

Thanks for making this change. The same also needs to be done in the
'vnc_display_password()' method.

Regards,
Daniel
Anthony Liguori - Aug. 24, 2011, 8:47 p.m.
On 08/24/2011 03:45 PM, Daniel P. Berrange wrote:
> On Wed, Aug 24, 2011 at 01:43:09PM -0500, Anthony Liguori wrote:
>> Currently when disabling login in VNC, the password is cleared out and the
>> authentication protocol is forced to AUTH_VNC.  If you're using a stronger
>> authentication protocol, this has the effect of downgrading your security
>> protocol.
>>
>> Fix this by only changing the authentication protocol if the current
>> authentication protocol is AUTH_NONE.  That ensures we're never downgrading.
>>
>> Reported-by: Daniel Berrange<berrange@redhat.com>
>> Signed-off-by: Anthony Liguori<aliguori@us.ibm.com>
>> ---
>>   monitor.c |   18 ------------------
>>   qmp.c     |   19 +++++++++++++++++++
>>   ui/vnc.c  |    4 +++-
>>   3 files changed, 22 insertions(+), 19 deletions(-)
>>
>> diff --git a/monitor.c b/monitor.c
>> index 9801a2d..ad73bc5 100644
>> --- a/monitor.c
>> +++ b/monitor.c
>> @@ -1005,24 +1005,6 @@ static int do_quit(Monitor *mon, const QDict *qdict, QObject **ret_data)
>>       return 0;
>>   }
>>
>> -void qmp_change(const char *device, const char *target,
>> -                bool has_arg, const char *arg, Error **err)
>> -{
>> -    if (strcmp(device, "vnc") == 0) {
>> -        if (strcmp(target, "passwd") == 0 || strcmp(target, "password") == 0) {
>> -            if (!has_arg || !arg[0]) {
>> -                vnc_display_disable_login(NULL);
>> -            } else {
>> -                qmp_change_vnc_password(arg, err);
>> -            }
>> -        } else {
>> -            qmp_change_vnc_listen(target, err);
>> -        }
>> -    } else {
>> -        deprecated_qmp_change_blockdev(device, target, has_arg, arg, err);
>> -    }
>> -}
>> -
>>   static int set_password(Monitor *mon, const QDict *qdict, QObject **ret_data)
>>   {
>>       const char *protocol  = qdict_get_str(qdict, "protocol");
>> diff --git a/qmp.c b/qmp.c
>> index 73d6172..5674adc 100644
>> --- a/qmp.c
>> +++ b/qmp.c
>> @@ -16,6 +16,7 @@
>>
>>   #include "sysemu.h"
>>   #include "console.h"
>> +#include "blockdev.h"
>>
>>   NameInfo *qmp_query_name(Error **errp)
>>   {
>> @@ -42,3 +43,21 @@ void qmp_change_vnc_listen(const char *target, Error **err)
>>           error_set(err, QERR_VNC_SERVER_FAILED, target);
>>       }
>>   }
>> +
>> +void qmp_change(const char *device, const char *target,
>> +                bool has_arg, const char *arg, Error **err)
>> +{
>> +    if (strcmp(device, "vnc") == 0) {
>> +        if (strcmp(target, "passwd") == 0 || strcmp(target, "password") == 0) {
>> +            if (!has_arg || !arg[0]) {
>> +                vnc_display_disable_login(NULL);
>> +            } else {
>> +                qmp_change_vnc_password(arg, err);
>> +            }
>> +        } else {
>> +            qmp_change_vnc_listen(target, err);
>> +        }
>> +    } else {
>> +        deprecated_qmp_change_blockdev(device, target, has_arg, arg, err);
>> +    }
>> +}
>> diff --git a/ui/vnc.c b/ui/vnc.c
>> index fc3a612..ecb216f 100644
>> --- a/ui/vnc.c
>> +++ b/ui/vnc.c
>> @@ -2648,7 +2648,9 @@ int vnc_display_disable_login(DisplayState *ds)
>>       }
>>
>>       vs->password = NULL;
>> -    vs->auth = VNC_AUTH_VNC;
>> +    if (vs->auth == VNC_AUTH_NONE) {
>> +        vs->auth = VNC_AUTH_VNC;
>> +    }
>>
>>       return 0;
>>   }
>
> Thanks for making this change. The same also needs to be done in the
> 'vnc_display_password()' method.

Ack.

Regards,

Anthony Liguori

>
> Regards,
> Daniel

Patch

diff --git a/monitor.c b/monitor.c
index 9801a2d..ad73bc5 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1005,24 +1005,6 @@  static int do_quit(Monitor *mon, const QDict *qdict, QObject **ret_data)
     return 0;
 }
 
-void qmp_change(const char *device, const char *target,
-                bool has_arg, const char *arg, Error **err)
-{
-    if (strcmp(device, "vnc") == 0) {
-        if (strcmp(target, "passwd") == 0 || strcmp(target, "password") == 0) {
-            if (!has_arg || !arg[0]) {
-                vnc_display_disable_login(NULL);
-            } else {
-                qmp_change_vnc_password(arg, err);
-            }
-        } else {
-            qmp_change_vnc_listen(target, err);
-        }
-    } else {
-        deprecated_qmp_change_blockdev(device, target, has_arg, arg, err);
-    }
-}
-
 static int set_password(Monitor *mon, const QDict *qdict, QObject **ret_data)
 {
     const char *protocol  = qdict_get_str(qdict, "protocol");
diff --git a/qmp.c b/qmp.c
index 73d6172..5674adc 100644
--- a/qmp.c
+++ b/qmp.c
@@ -16,6 +16,7 @@ 
 
 #include "sysemu.h"
 #include "console.h"
+#include "blockdev.h"
 
 NameInfo *qmp_query_name(Error **errp)
 {
@@ -42,3 +43,21 @@  void qmp_change_vnc_listen(const char *target, Error **err)
         error_set(err, QERR_VNC_SERVER_FAILED, target);
     }
 }
+
+void qmp_change(const char *device, const char *target,
+                bool has_arg, const char *arg, Error **err)
+{
+    if (strcmp(device, "vnc") == 0) {
+        if (strcmp(target, "passwd") == 0 || strcmp(target, "password") == 0) {
+            if (!has_arg || !arg[0]) {
+                vnc_display_disable_login(NULL);
+            } else {
+                qmp_change_vnc_password(arg, err);
+            }
+        } else {
+            qmp_change_vnc_listen(target, err);
+        }
+    } else {
+        deprecated_qmp_change_blockdev(device, target, has_arg, arg, err);
+    }
+}
diff --git a/ui/vnc.c b/ui/vnc.c
index fc3a612..ecb216f 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2648,7 +2648,9 @@  int vnc_display_disable_login(DisplayState *ds)
     }
 
     vs->password = NULL;
-    vs->auth = VNC_AUTH_VNC;
+    if (vs->auth == VNC_AUTH_NONE) {
+        vs->auth = VNC_AUTH_VNC;
+    }
 
     return 0;
 }