From patchwork Tue Feb 14 12:37:29 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: vnc: Don't demote authentication scheme when changing password/disabling login Date: Tue, 14 Feb 2012 02:37:29 -0000 From: "Daniel P. Berrange" X-Patchwork-Id: 141108 Message-Id: <1329223049-26896-1-git-send-email-berrange@redhat.com> To: qemu-devel@nongnu.org Cc: Anthony Liguori , Gerd Hoffmann From: "Daniel P. Berrange" Currently when disabling login in VNC, the password is cleared out and the authentication protocol is forced to AUTH_VNC. If you're using a stronger authentication protocol, this has the effect of downgrading your security protocol. Fix this by only changing the authentication protocol if the current authentication protocol is AUTH_NONE. That ensures we're never downgrading. Signed-off-by: Daniel P. Berrange Signed-off-by: Anthony Liguori --- NB. This patch is derived from one posted by Anthony last year, which got accidentally lost after Luiz took over the QMP series work https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg00392.html v1 -> v2 - Make sure to not demote when changing password (Daniel) v2 -> v3 - Rebase to latest GIT master wrt QMP changes --- ui/vnc.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ui/vnc.c b/ui/vnc.c index 16b79ec..c449fcd 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2679,7 +2679,9 @@ int vnc_display_disable_login(DisplayState *ds) } vs->password = NULL; - vs->auth = VNC_AUTH_VNC; + if (vs->auth == VNC_AUTH_NONE) { + vs->auth = VNC_AUTH_VNC; + } return 0; } @@ -2703,7 +2705,9 @@ int vnc_display_password(DisplayState *ds, const char *password) vs->password = NULL; } vs->password = g_strdup(password); - vs->auth = VNC_AUTH_VNC; + if (vs->auth == VNC_AUTH_NONE) { + vs->auth = VNC_AUTH_VNC; + } return 0; }