[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [PATCH][Take 2] VNC authentification



Hi Anthony,

> Does this code actually work?

It operates certainly...


>  You call vnc_read_when twice in the same 
> function.  The first one should never get called (it can only be called 
> from the main loop and there can only ever be one outstanding read 
> function).

Original structure in vnc.c(CS11635) is,
vnc_display_init()
    vnc_listen_read()
        vnc_read_when()->protocol_version()
            vnc_read_when()->protocol_client_init()

Patch's structure is,
vnc_display_init()
    vnc_listen_read()
        vnc_read_when()->protocol_version()
            vnc_auth()
                vnc_read_when()->protocol_authtype()
                vnc_read_when()->protocol_response()
                    vnc_read_when()->protocol_client_init()

Is your point above-mentioned vnc_auth?


> There are a couple weird bits in the code too that I cannot reply to 
> (your mailer is sending the attachment as a octet-stream, please inline 
> too next time you send the patch).

My mailer is sending the attachment as a application/octet-stream,
 It cannot be changed to another Content-Type.
Yes, I send next patch by inline. 


Regards,
Masami Watanabe


On Fri, 29 Sep 2006 09:01:23 -0500, Anthony Liguori wrote:
> A couple comments:
> 
> Does this code actually work?  You call vnc_read_when twice in the same 
> function.  The first one should never get called (it can only be called 
> from the main loop and there can only ever be one outstanding read 
> function).
> 
> There are a couple weird bits in the code too that I cannot reply to 
> (your mailer is sending the attachment as a octet-stream, please inline 
> too next time you send the patch).
> 
> Otherwise, it looks really promising!
> 
> Regards,
> 
> Anthony Liguori
> 
> Masami Watanabe wrote:
> > Hi,
> >
> > This is take 2 on VNC authentification.
> >
> > The specification is as mentioned at
> > http://lists.xensource.com/archives/html/xen-devel/2006-09/msg00666.html
> > The difference is follows.
> > - correction that passes information through xenstore.
> > - after information is read, qemu deletes information on xenstore.
> >
> >
> > Signed-off-by: Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>
> >
> > Best regards,
> > Watanabe
> >
> >
> > On Tue, 26 Sep 2006 19:23:47 +0100, Ian Pratt wrote:
> >   
> >>  
> >>     
> >>> Thanks all point about security, I'll do as follows.
> >>> I thought that the point was the following two. 
> >>>
> >>>
> >>> 1. Storage place of encrypted password
> >>>   Should I store it in /etc/xen/passwd ?
> >>>     Or, should I wait for DB of Xen that will be released in 
> >>> the future?
> >>>       
> >> The xend life cycle management patches were posted by Alistair a couple
> >> of months back. They'll go in early in the 3.0.4 cycle.
> >>
> >>     
> >>>   In the latter case, the release time and information, I want you to
> >>>   teach it.
> >>>   Now, I think we have no choice but to use /etc/xen/passwd.
> >>>       
> >> In the mean time, I'd just out them in the domain config file and change
> >> the default permissions and ownership.
> >>
> >>     
> >>> 2. Method of Xen VNC Server receiving stored password
> >>>   By way of xenstore. However, it is necessary to consider 
> >>> xenstore-ls.
> >>>       
> >> It can be passed transiently (i.e. it gets deleted from the store by
> >> qemu-dm)
> >> You need to be root to run xenstore-ls so I'm comfortable with this.
> >>
> >> Ian
> >>
> >> _______________________________________________
> >> Xen-devel mailing list
> >> Xen-devel@xxxxxxxxxxxxxxxxxxx
> >> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.