Commit cf864569 authored by Gerd Hoffmann's avatar Gerd Hoffmann
Browse files

vnc: refuse to set a password with VNC_AUTH_NONE 



Current code silently changes the authentication settings
in case you try to set a password without password authentication
turned on.  This is bad.  Return an error instead.

If we want allow changing auth settings at runtime this should
be done explicitly using a separate monitor command, not as
side effect of set_passwd.

Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
parent 9bb93180

ui/vnc.c

+6 −28
Original line number Diff line number Diff line
@@ -2976,26 +2976,6 @@ static void vnc_display_close(DisplayState *ds) 
#endif

}



static int vnc_display_disable_login(DisplayState *ds)

{

    VncDisplay *vs = vnc_display;



    if (!vs) {

        return -1;

    }



    if (vs->password) {

        g_free(vs->password);

    }



    vs->password = NULL;

    if (vs->auth == VNC_AUTH_NONE) {

        vs->auth = VNC_AUTH_VNC;

    }



    return 0;

}



int vnc_display_password(DisplayState *ds, const char *password)

{

    VncDisplay *vs = vnc_display;
@@ -3003,20 +2983,18 @@ int vnc_display_password(DisplayState *ds, const char *password) 
    if (!vs) {

        return -EINVAL;

    }



    if (!password) {

        /* This is not the intention of this interface but err on the side

           of being safe */

        return vnc_display_disable_login(ds);

    if (vs->auth == VNC_AUTH_NONE) {

        error_printf_unless_qmp("If you want use passwords please enable "

                                "password auth using '-vnc ${dpy},password'.");

        return -EINVAL;

    }



    if (vs->password) {

        g_free(vs->password);

        vs->password = NULL;

    }

    if (password) {

        vs->password = g_strdup(password);

    if (vs->auth == VNC_AUTH_NONE) {

        vs->auth = VNC_AUTH_VNC;

    }



    return 0;