Bug 1257483

Summary: There is no need to set expire_password after set a new password in qemu when the old password expired
Product: Red Hat Enterprise Linux 7 Reporter: jingzhao <jinzhao>
Component: qemu-kvm-rhevAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED NOTABUG QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 7.2CC: huding, jinzhao, juzhang, knoel, mazhang, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-12 09:49:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jingzhao 2015-08-27 07:54:03 UTC 
Description of problem:
There is no need to set expire_password after set a new password in qemu when the old password expired

Version-Release number of selected component (if applicable):
qemu-img-rhev-2.3.0-19.el7.x86_64
Host kernel version:3.10.0-309.el7.x86_64
Guest kernel version:2.6.18-398.el5

How reproducible:
100%

Steps to Reproduce:
1.boot guest with cli:
/usr/libexec/qemu-kvm \
-M pc \
-cpu IvyBridge \
-nodefaults -rtc base=utc -no-hpet \
-m 2G \
-smp 4,sockets=2,cores=2,threads=1 \
-enable-kvm \
-name rhel7.2 \
-uuid 990ea161-6b67-47b2-b803-19fb01d30d12 \
-smbios type=1,manufacturer='Red Hat',product='RHEV Hypervisor',version=el6,serial=koTUXQrb,uuid=feebc8fd-f8b0-4e75-abc3-e63fcdb67170 \
-k en-us \
-monitor stdio \
-qmp tcp:0:6661,server,nowait \
-boot menu=on \
-bios /usr/share/seabios/bios.bin \
-serial unix:/tmp/serial0,server,nowait \
-vga cirrus \
-vnc :10,to=99,password \
-netdev tap,id=hostnet0,vhost=on \
-device virtio-net-pci,netdev=hostnet0,id=net0,mac=54:52:00:B6:40:21 \
-drive file=/usr/test/guest1.img,if=none,media=disk,id=drive-ide1,format=raw \
-device ide-drive,bus=ide.0,unit=1,drive=drive-ide1,id=ide1,bootindex=1 \
-chardev socket,id=seabios,path=/tmp/seabios,server,nowait \
-device isa-debugcon,chardev=seabios,iobase=0x402 \
-usb \
-device usb-tablet,id=tablet0 \

2. (qemu) set_password vnc 1
3. connected to guest through vnc and used password 
4. (qemu) expire_password vnc +10 and then closed vnc brower
5. Then connected to guest through vnc and used password 1, connected failed
6. (qemu) set_password vnc 2
7. connected to guest through vnc and used password 2

Actual results:
Guest connected failed

Expected results:
Guest connected successfully

Additional info:
Guest connected successfully after "expire_password vnc +10" again
Comment 2 Ademar Reis 2015-08-28 21:50:16 UTC 
(In reply to jingzhao from comment #0)
> Description of problem:
> There is no need to set expire_password after set a new password in qemu
> when the old password expired

So if I understood correctly, what you mean is that expiration remains in effect even after changing the password to a new one.

Is that right?
Comment 3 jingzhao 2015-08-31 02:17:30 UTC 
(In reply to Ademar Reis from comment #2)
> (In reply to jingzhao from comment #0)
> > Description of problem:
> > There is no need to set expire_password after set a new password in qemu
> > when the old password expired
> 
> So if I understood correctly, what you mean is that expiration remains in
> effect even after changing the password to a new one.
> 
> Is that right?

[Jing Zhao] Yes, I think there have two options
  1. The old password didn't expired but I want to change to a new password
    - expected result: I think the expiration remains in effect
  2. The old password expired and I changed to a new password
    - expected result: I think there is no need to do expiration if I didn't want after changed the password.
Comment 5 Gerd Hoffmann 2015-11-12 09:49:43 UTC 
Works as intended.  expire_password sets the expire time, and if you specify a relative time (like +10) this is relative to the time you issued the expire_password command.  set_password has no effect at all on the expire time.

So, if you want the new password be valid for a certain time you need to issue both set_password and expire_password commands.  If you want turn off expiration use "expire_password vnc never".