[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH][Take 3] VNC authentification

To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Tue, 03 Oct 2006 13:49:37 -0500
Cc: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>
Delivery-date: Tue, 03 Oct 2006 11:50:09 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Daniel P. Berrange wrote:

On Tue, Oct 03, 2006 at 12:56:31PM -0500, Anthony Liguori wrote:

Masami Watanabe wrote:

+static int vnc_auth(VncState *vs)
+{
+    extern char vncpasswd[64];
+    extern unsigned char challenge[AUTHCHALLENGESIZE];
+
+    if (*vncpasswd == '\0') {
+       /* AuthType is None */
+       vnc_write_u32(vs, 1);
+       vnc_flush(vs);
+       vnc_read_when(vs, protocol_client_init, 1);
+    } else {
+       /* AuthType is VncAuth */
+       vnc_write_u32(vs, 2);
+       vnc_flush(vs);
+
+       /* Read AuthType */
+       vnc_read_when(vs, protocol_authtype, 1);

As I mentioned before, you cannot have to vnc_read_when()'s executionpath without returning the the mainloop.

protocol_authtype() cannot possibly be invoked. If the code is workingnow, it's pure luck.


Yeah, the impl of protocol_authtype() in there is a no-op too - it should
be rejecting auth types which aren't supported, even if it was being invoked.
With the code as it is, protocol_authtype never runs & the server starts
doing VNCAuth regardless of what the client says it wants to do, which is
clearly not correct.

Another thing to keep in mind, is that the reason I did 3.3 instead of3.8 is that I knew there was only one auth type we would be supporting.If we do support multiple auth types, we really ought to move to usingthe 3.8 protocol since that provides a negotiation mechanism.


Regards,

Anthony Liguori

Dan.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- [Xen-devel] Re: [PATCH][Take 2] VNC authentification
  - From: Daniel P. Berrange
- [Xen-devel] Re: [PATCH][Take 2] VNC authentification
  - From: Anthony Liguori
- [Xen-devel] Re: [PATCH][Take 2] VNC authentification
  - From: Daniel P. Berrange
- [Xen-devel] RE: [PATCH][Take 2] VNC authentification
  - From: Ian Pratt
- [Xen-devel] [PATCH][Take 3] VNC authentification
  - From: Masami Watanabe
- Re: [Xen-devel] [PATCH][Take 3] VNC authentification
  - From: Anthony Liguori
- Re: [Xen-devel] [PATCH][Take 3] VNC authentification
  - From: Daniel P. Berrange

Prev by Date: Re: [Xen-devel] GPL release of Virtual Iron sources
Next by Date: Re: [Xen-devel] Re: [IMPORTANT BUGFIX][ACM][XM] FIX essential security check in block-attach / indentation problem introduced in change set changeset 11572
Previous by thread: Re: [Xen-devel] [PATCH][Take 3] VNC authentification
Next by thread: [Xen-devel] [PATCH][RFC] addition of loglevel for printf in Xen HV
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.