vnc: Don't demote authentication scheme when changing password/disabling login
Currently when disabling login in VNC, the password is cleared out and the authentication protocol is forced to AUTH_VNC. If you're using a stronger authentication protocol, this has the effect of downgrading your security protocol. Fix this by only changing the authentication protocol if the current authentication protocol is AUTH_NONE. That ensures we're never downgrading. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> -- NB. This patch is derived from one posted by Anthony last year, which got accidentally lost after Luiz took over the QMP series work https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg00392.html v1 -> v2 - Make sure to not demote when changing password (Daniel) v2 -> v3 - Rebase to latest GIT master wrt QMP changes
This commit is contained in:
parent
4ed658ca92
commit
7dfbfc7927
8
ui/vnc.c
8
ui/vnc.c
@ -2794,7 +2794,9 @@ int vnc_display_disable_login(DisplayState *ds)
|
||||
}
|
||||
|
||||
vs->password = NULL;
|
||||
vs->auth = VNC_AUTH_VNC;
|
||||
if (vs->auth == VNC_AUTH_NONE) {
|
||||
vs->auth = VNC_AUTH_VNC;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -2818,7 +2820,9 @@ int vnc_display_password(DisplayState *ds, const char *password)
|
||||
vs->password = NULL;
|
||||
}
|
||||
vs->password = g_strdup(password);
|
||||
vs->auth = VNC_AUTH_VNC;
|
||||
if (vs->auth == VNC_AUTH_NONE) {
|
||||
vs->auth = VNC_AUTH_VNC;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user