diff options
author | Daniel P. Berrange <berrange@redhat.com> | 2012-02-14 12:37:29 +0000 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2012-02-17 09:58:21 -0600 |
commit | 7dfbfc7927c1f7ab9f6910768ed6d966645b5866 (patch) | |
tree | 62fa7843679891c12ccbef59c19539c53be13838 | |
parent | 4ed658ca925249021789d6a51fd6f99f68213f28 (diff) |
vnc: Don't demote authentication scheme when changing password/disabling login
Currently when disabling login in VNC, the password is cleared out and the
authentication protocol is forced to AUTH_VNC. If you're using a stronger
authentication protocol, this has the effect of downgrading your security
protocol.
Fix this by only changing the authentication protocol if the current
authentication protocol is AUTH_NONE. That ensures we're never downgrading.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
--
NB. This patch is derived from one posted by Anthony last year, which got
accidentally lost after Luiz took over the QMP series work
https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg00392.html
v1 -> v2
- Make sure to not demote when changing password (Daniel)
v2 -> v3
- Rebase to latest GIT master wrt QMP changes
-rw-r--r-- | ui/vnc.c | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -2794,7 +2794,9 @@ int vnc_display_disable_login(DisplayState *ds) } vs->password = NULL; - vs->auth = VNC_AUTH_VNC; + if (vs->auth == VNC_AUTH_NONE) { + vs->auth = VNC_AUTH_VNC; + } return 0; } @@ -2818,7 +2820,9 @@ int vnc_display_password(DisplayState *ds, const char *password) vs->password = NULL; } vs->password = g_strdup(password); - vs->auth = VNC_AUTH_VNC; + if (vs->auth == VNC_AUTH_NONE) { + vs->auth = VNC_AUTH_VNC; + } return 0; } |