Re: [Xen-devel] [PATCH][Take 3] VNC authentification

WARNING - OLD ARCHIVES

http://lists.xen.org/

To:

"Daniel P. Berrange" <berrange@xxxxxxxxxx>

Subject:

Re: [Xen-devel] [PATCH][Take 3] VNC authentification

From:

Anthony Liguori <aliguori@xxxxxxxxxx>

Date:

Tue, 03 Oct 2006 13:49:37 -0500

Cc:

Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>

Delivery-date:

Tue, 03 Oct 2006 11:50:09 -0700

Envelope-to:

www-data@xxxxxxxxxxxxxxxxxx

In-reply-to:

<20061003180611.GB29356@xxxxxxxxxx>

List-help:

<mailto:xen-devel-request@lists.xensource.com?subject=help>

List-id:

Xen developer discussion <xen-devel.lists.xensource.com>

List-post:

<mailto:xen-devel@lists.xensource.com>

List-subscribe:

<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>

List-unsubscribe:

<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>

References:

<3AAA99889D105740BE010EB6D5A5A3B202A3D2@xxxxxxxxxxxxxxxxxxxxxxxxxx> <JX200609291747343.1765484@xxxxxxxxxxxxxx> <20060929221145.GE8564@xxxxxxxxxx> <JH200610010353334.2150046@xxxxxxxxxxxxxx> <20061002162232.GB1730@xxxxxxxxxx> <45214B54.8060805@xxxxxxxxxx> <20061002181231.GC1730@xxxxxxxxxx> <3AAA99889D105740BE010EB6D5A5A3B202A4F0@xxxxxxxxxxxxxxxxxxxxxxxxxx> <JZ200610040108511.216281@xxxxxxxxxxxxxx> <4522A44F.1020700@xxxxxxxxxx> <20061003180611.GB29356@xxxxxxxxxx>

Sender:

xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

User-agent:

Thunderbird 1.5.0.7 (X11/20060918)

Daniel P. Berrange wrote:

On Tue, Oct 03, 2006 at 12:56:31PM -0500, Anthony Liguori wrote:

Masami Watanabe wrote:

+static int vnc_auth(VncState *vs)
+{
+    extern char vncpasswd[64];
+    extern unsigned char challenge[AUTHCHALLENGESIZE];
+
+    if (*vncpasswd == '\0') {
+       /* AuthType is None */
+       vnc_write_u32(vs, 1);
+       vnc_flush(vs);
+       vnc_read_when(vs, protocol_client_init, 1);
+    } else {
+       /* AuthType is VncAuth */
+       vnc_write_u32(vs, 2);
+       vnc_flush(vs);
+
+       /* Read AuthType */
+       vnc_read_when(vs, protocol_authtype, 1);

As I mentioned before, you cannot have to vnc_read_when()'s executionpath without returning the the mainloop.

protocol_authtype() cannot possibly be invoked. If the code is workingnow, it's pure luck.


Yeah, the impl of protocol_authtype() in there is a no-op too - it should
be rejecting auth types which aren't supported, even if it was being invoked.
With the code as it is, protocol_authtype never runs & the server starts
doing VNCAuth regardless of what the client says it wants to do, which is
clearly not correct.

Another thing to keep in mind, is that the reason I did 3.3 instead of3.8 is that I knew there was only one auth type we would be supporting.If we do support multiple auth types, we really ought to move to usingthe 3.8 protocol since that provides a negotiation mechanism.


Regards,

Anthony Liguori

Dan.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [Xen-devel] GPL release of Virtual Iron sources, Anthony Liguori

Next by Date:

Re: [Xen-devel] Re: [IMPORTANT BUGFIX][ACM][XM] FIX essential security check in block-attach / indentation problem introduced in change set changeset 11572, Stefan Berger

Previous by Thread:

Re: [Xen-devel] [PATCH][Take 3] VNC authentification, Daniel P. Berrange

Next by Thread:

[Xen-devel] [PATCH][RFC] addition of loglevel for printf in Xen HV, Steven Rostedt

Indexes:

[Date] [Thread] [Top] [All Lists]