aboutsummaryrefslogtreecommitdiff
path: root/ui
diff options
context:
space:
mode:
authorGerd Hoffmann <kraxel@redhat.com>2013-12-11 13:15:37 +0100
committerGerd Hoffmann <kraxel@redhat.com>2014-06-02 16:29:01 +0200
commitcf864569cd9134ee503ad9eb6be2881001c0ed80 (patch)
treeab3c48358f06c59332ede9d3d84d6c213830edb8 /ui
parent9bb931802e6ab5ab6947e3cb9cea934fc0724274 (diff)
vnc: refuse to set a password with VNC_AUTH_NONE
Current code silently changes the authentication settings in case you try to set a password without password authentication turned on. This is bad. Return an error instead. If we want allow changing auth settings at runtime this should be done explicitly using a separate monitor command, not as side effect of set_passwd. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'ui')
-rw-r--r--ui/vnc.c34
1 files changed, 6 insertions, 28 deletions
diff --git a/ui/vnc.c b/ui/vnc.c
index 2d7def9aa2..64aa2fa82c 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2976,26 +2976,6 @@ static void vnc_display_close(DisplayState *ds)
#endif
}
-static int vnc_display_disable_login(DisplayState *ds)
-{
- VncDisplay *vs = vnc_display;
-
- if (!vs) {
- return -1;
- }
-
- if (vs->password) {
- g_free(vs->password);
- }
-
- vs->password = NULL;
- if (vs->auth == VNC_AUTH_NONE) {
- vs->auth = VNC_AUTH_VNC;
- }
-
- return 0;
-}
-
int vnc_display_password(DisplayState *ds, const char *password)
{
VncDisplay *vs = vnc_display;
@@ -3003,20 +2983,18 @@ int vnc_display_password(DisplayState *ds, const char *password)
if (!vs) {
return -EINVAL;
}
-
- if (!password) {
- /* This is not the intention of this interface but err on the side
- of being safe */
- return vnc_display_disable_login(ds);
+ if (vs->auth == VNC_AUTH_NONE) {
+ error_printf_unless_qmp("If you want use passwords please enable "
+ "password auth using '-vnc ${dpy},password'.");
+ return -EINVAL;
}
if (vs->password) {
g_free(vs->password);
vs->password = NULL;
}
- vs->password = g_strdup(password);
- if (vs->auth == VNC_AUTH_NONE) {
- vs->auth = VNC_AUTH_VNC;
+ if (password) {
+ vs->password = g_strdup(password);
}
return 0;