diff mbox

spice: Allow to set password even if disable-ticketing was used

Message ID 1439556435-20541-1-git-send-email-cfergeau@redhat.com
State New
Headers show

Commit Message

Christophe Fergeau Aug. 14, 2015, 12:47 p.m. UTC 
Before commit b1ea7b79e1, it was possible to start with -spice
disable-ticketing, and then use the "set_password spice" command to
enable ticketing with SPICE. Since commit b1ea7b79e1 this is no longer
possible as qemu_spice_set_ticket() will return an error unless the
'auth' type is "spice". When ticketing is disabled, 'auth' is "none" so
the attempt to set password fails.

This commit allows to call qemu_spice_set_ticket() when 'auth' is "none"
and changes 'auth' to "spice" when this happens.
---
 ui/spice-core.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Daniel P. Berrangé Aug. 14, 2015, 12:54 p.m. UTC | #1 
On Fri, Aug 14, 2015 at 02:47:15PM +0200, Christophe Fergeau wrote:
> Before commit b1ea7b79e1, it was possible to start with -spice
> disable-ticketing, and then use the "set_password spice" command to
> enable ticketing with SPICE. Since commit b1ea7b79e1 this is no longer
> possible as qemu_spice_set_ticket() will return an error unless the
> 'auth' type is "spice". When ticketing is disabled, 'auth' is "none" so
> the attempt to set password fails.
> 
> This commit allows to call qemu_spice_set_ticket() when 'auth' is "none"
> and changes 'auth' to "spice" when this happens.

IMHO we should not be changing the authentication method as a side
effect of trying to set the password.

If app has disabled ticketing, it should remain disabled and the
set password call is right to return an error.

We should have a graphics-set-auth command for changing authentication
parameters on existing graphics backend.

Regards,
Daniel
Christophe Fergeau Aug. 14, 2015, 1:09 p.m. UTC | #2 
Hey,

On Fri, Aug 14, 2015 at 01:54:59PM +0100, Daniel P. Berrange wrote:
> On Fri, Aug 14, 2015 at 02:47:15PM +0200, Christophe Fergeau wrote:
> > Before commit b1ea7b79e1, it was possible to start with -spice
> > disable-ticketing, and then use the "set_password spice" command to
> > enable ticketing with SPICE. Since commit b1ea7b79e1 this is no longer
> > possible as qemu_spice_set_ticket() will return an error unless the
> > 'auth' type is "spice". When ticketing is disabled, 'auth' is "none" so
> > the attempt to set password fails.
> > 
> > This commit allows to call qemu_spice_set_ticket() when 'auth' is "none"
> > and changes 'auth' to "spice" when this happens.
> 
> IMHO we should not be changing the authentication method as a side
> effect of trying to set the password.
> 
> If app has disabled ticketing, it should remain disabled and the
> set password call is right to return an error.
> 

In general I agree with you. However in this case, this used to be
working until ~1 year ago, and this change of behaviour caused a bug in
oVirt (oVirt side is being fixed). This is why I sent this patch.

The intent of commit b1ea7b seems to be to prevent
qemu_spice_set_passwd() from being called when SASL is used, and does
not mention at all whether preventing going from auth being "none" to
"spice" is intentional.

If this change of behaviour was an intentional bug fix, and if we are
fine with asking for oVirt changes for this, then I'm ok with dropping
this patch.

Christophe
Daniel P. Berrangé Aug. 14, 2015, 2:04 p.m. UTC | #3 
On Fri, Aug 14, 2015 at 03:09:44PM +0200, Christophe Fergeau wrote:
> Hey,
> 
> On Fri, Aug 14, 2015 at 01:54:59PM +0100, Daniel P. Berrange wrote:
> > On Fri, Aug 14, 2015 at 02:47:15PM +0200, Christophe Fergeau wrote:
> > > Before commit b1ea7b79e1, it was possible to start with -spice
> > > disable-ticketing, and then use the "set_password spice" command to
> > > enable ticketing with SPICE. Since commit b1ea7b79e1 this is no longer
> > > possible as qemu_spice_set_ticket() will return an error unless the
> > > 'auth' type is "spice". When ticketing is disabled, 'auth' is "none" so
> > > the attempt to set password fails.
> > > 
> > > This commit allows to call qemu_spice_set_ticket() when 'auth' is "none"
> > > and changes 'auth' to "spice" when this happens.
> > 
> > IMHO we should not be changing the authentication method as a side
> > effect of trying to set the password.
> > 
> > If app has disabled ticketing, it should remain disabled and the
> > set password call is right to return an error.
> > 
> 
> In general I agree with you. However in this case, this used to be
> working until ~1 year ago, and this change of behaviour caused a bug in
> oVirt (oVirt side is being fixed). This is why I sent this patch.
> 
> The intent of commit b1ea7b seems to be to prevent
> qemu_spice_set_passwd() from being called when SASL is used, and does
> not mention at all whether preventing going from auth being "none" to
> "spice" is intentional.
> 
> If this change of behaviour was an intentional bug fix, and if we are
> fine with asking for oVirt changes for this, then I'm ok with dropping
> this patch.

Hmm, is oVirt using this via libvirt ? If so, I guess we have to fix
it, as that would be a break in current usage.


Regards,
Daniel
Christophe Fergeau Aug. 14, 2015, 2:31 p.m. UTC | #4 
On Fri, Aug 14, 2015 at 03:04:48PM +0100, Daniel P. Berrange wrote:
> Hmm, is oVirt using this via libvirt ? If so, I guess we have to fix
> it, as that would be a break in current usage.

Yes this is done through libvirt.

Before commit qemu-2.1.0-rc2~11^2, you could use virsh update-device
with
<graphics type='spice' autoport='yes' listen='127.0.0.1' passwd='bar'/>
to set the password for a running domain whose graphics node is
<graphics type='spice' autoport='yes' listen='127.0.0.1'/>

After qemu-2.1.0-rc2~11^2, this results in an error.

Christophe
Daniel P. Berrangé Aug. 14, 2015, 2:35 p.m. UTC | #5 
On Fri, Aug 14, 2015 at 02:47:15PM +0200, Christophe Fergeau wrote:
> Before commit b1ea7b79e1, it was possible to start with -spice
> disable-ticketing, and then use the "set_password spice" command to
> enable ticketing with SPICE. Since commit b1ea7b79e1 this is no longer
> possible as qemu_spice_set_ticket() will return an error unless the
> 'auth' type is "spice". When ticketing is disabled, 'auth' is "none" so
> the attempt to set password fails.
> 
> This commit allows to call qemu_spice_set_ticket() when 'auth' is "none"
> and changes 'auth' to "spice" when this happens.

BTW, you need to have a Signed-of-by here

> ---
>  ui/spice-core.c | 4 ++++
>  1 file changed, 4 insertions(+)

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

Regards,
Daniel
Christophe Fergeau Aug. 14, 2015, 3:11 p.m. UTC | #6 
On Fri, Aug 14, 2015 at 03:35:21PM +0100, Daniel P. Berrange wrote:
> On Fri, Aug 14, 2015 at 02:47:15PM +0200, Christophe Fergeau wrote:
> > Before commit b1ea7b79e1, it was possible to start with -spice
> > disable-ticketing, and then use the "set_password spice" command to
> > enable ticketing with SPICE. Since commit b1ea7b79e1 this is no longer
> > possible as qemu_spice_set_ticket() will return an error unless the
> > 'auth' type is "spice". When ticketing is disabled, 'auth' is "none" so
> > the attempt to set password fails.
> > 
> > This commit allows to call qemu_spice_set_ticket() when 'auth' is "none"
> > and changes 'auth' to "spice" when this happens.
> 
> BTW, you need to have a Signed-of-by here

Ah right, thanks, just sent a v2 with this added.

Christophe
diff mbox

Patch

diff --git a/ui/spice-core.c b/ui/spice-core.c
index 4da3042..3b20c6c 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -882,6 +882,10 @@  static int qemu_spice_set_ticket(bool fail_if_conn, bool disconnect_if_conn)
 int qemu_spice_set_passwd(const char *passwd,
                           bool fail_if_conn, bool disconnect_if_conn)
 {
+    if (strcmp(auth, "none") == 0) {
+        /* Allow to set a password when started with 'disable-ticketing' */
+        auth = "spice";
+    }
     if (strcmp(auth, "spice") != 0) {
         return -1;
     }