Commit 7dfbfc79 authored Feb 14, 2012 by Daniel P. Berrangé Committed by Anthony Liguori Feb 17, 2012

vnc: Don't demote authentication scheme when changing password/disabling login



Currently when disabling login in VNC, the password is cleared out and the
authentication protocol is forced to AUTH_VNC.  If you're using a stronger
authentication protocol, this has the effect of downgrading your security
protocol.

Fix this by only changing the authentication protocol if the current
authentication protocol is AUTH_NONE.  That ensures we're never downgrading.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
--
NB. This patch is derived from one posted by Anthony last year, which got
accidentally lost after Luiz took over the QMP series work

  https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg00392.html

 v1 -> v2
 - Make sure to not demote when changing password (Daniel)
 v2 -> v3
 - Rebase to latest GIT master wrt QMP changes

parent 4ed658ca

ui/vnc.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -2794,7 +2794,9 @@ int vnc_display_disable_login(DisplayState *ds)
		}

		vs->password = NULL;
		if (vs->auth == VNC_AUTH_NONE) {
		vs->auth = VNC_AUTH_VNC;
		}

		return 0;
		}
		@@ -2818,7 +2820,9 @@ int vnc_display_password(DisplayState ds, const char password)
		vs->password = NULL;
		}
		vs->password = g_strdup(password);
		if (vs->auth == VNC_AUTH_NONE) {
		vs->auth = VNC_AUTH_VNC;
		}

		return 0;
		}