@@ -1007,24 +1007,6 @@ static int do_quit(Monitor *mon, const QDict *qdict, QObject **ret_data)
return 0;
}
-void qmp_change(const char *device, const char *target,
- bool has_arg, const char *arg, Error **err)
-{
- if (strcmp(device, "vnc") == 0) {
- if (strcmp(target, "passwd") == 0 || strcmp(target, "password") == 0) {
- if (!has_arg || !arg[0]) {
- vnc_display_disable_login(NULL);
- } else {
- qmp_change_vnc_password(arg, err);
- }
- } else {
- qmp_change_vnc_listen(target, err);
- }
- } else {
- deprecated_qmp_change_blockdev(device, target, has_arg, arg, err);
- }
-}
-
static int set_password(Monitor *mon, const QDict *qdict, QObject **ret_data)
{
const char *protocol = qdict_get_str(qdict, "protocol");
@@ -16,6 +16,7 @@
#include "sysemu.h"
#include "console.h"
+#include "blockdev.h"
NameInfo *qmp_query_name(Error **errp)
{
@@ -42,3 +43,21 @@ void qmp_change_vnc_listen(const char *target, Error **err)
error_set(err, QERR_VNC_SERVER_FAILED, target);
}
}
+
+void qmp_change(const char *device, const char *target,
+ bool has_arg, const char *arg, Error **err)
+{
+ if (strcmp(device, "vnc") == 0) {
+ if (strcmp(target, "passwd") == 0 || strcmp(target, "password") == 0) {
+ if (!has_arg || !arg[0]) {
+ vnc_display_disable_login(NULL);
+ } else {
+ qmp_change_vnc_password(arg, err);
+ }
+ } else {
+ qmp_change_vnc_listen(target, err);
+ }
+ } else {
+ deprecated_qmp_change_blockdev(device, target, has_arg, arg, err);
+ }
+}
@@ -2648,7 +2648,9 @@ int vnc_display_disable_login(DisplayState *ds)
}
vs->password = NULL;
- vs->auth = VNC_AUTH_VNC;
+ if (vs->auth == VNC_AUTH_NONE) {
+ vs->auth = VNC_AUTH_VNC;
+ }
return 0;
}
@@ -2675,7 +2677,9 @@ int vnc_display_password(DisplayState *ds, const char *password)
vs->password = NULL;
}
vs->password = g_strdup(password);
- vs->auth = VNC_AUTH_VNC;
+ if (vs->auth == VNC_AUTH_NONE) {
+ vs->auth = VNC_AUTH_VNC;
+ }
out:
if (ret != 0) {
qerror_report(QERR_SET_PASSWD_FAILED);
Currently when disabling login in VNC, the password is cleared out and the authentication protocol is forced to AUTH_VNC. If you're using a stronger authentication protocol, this has the effect of downgrading your security protocol. Fix this by only changing the authentication protocol if the current authentication protocol is AUTH_NONE. That ensures we're never downgrading. Reported-by: Daniel Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> --- v1 -> v2 - Make sure to not demote when changing password (Daniel) --- monitor.c | 18 ------------------ qmp.c | 19 +++++++++++++++++++ ui/vnc.c | 8 ++++++-- 3 files changed, 25 insertions(+), 20 deletions(-)