Bug 1456175

Summary: remote-viewer connecting to guest with vnc_sasl setting closed unexpectly after input wrong username and passwd
Product: Red Hat Enterprise Linux 7 Reporter: yafu <yafu>
Component: gtk-vncAssignee: Daniel Berrangé <berrange>
Status: CLOSED WONTFIX QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: cfergeau, dblechte, dyuan, elima, fjin, fziglio, jjongsma, juzhou, tpelka, tzheng, xiaodwan, zpeng
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1688275 (view as bug list) Environment:
Last Closed: 2019-08-07 17:22:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1688275    

Description yafu 2017-05-27 11:04:50 UTC 
Description of problem:
remote-viewer connecting to guest with vnc_sasl setting closed unexpectly after input wrong username and passwd

Version-Release number of selected component:
vnc server:
libvirt-3.2.0-6.virtcov.el7.x86_64
qemu-kvm-rhev-2.9.0-6.el7.x86_64
virt-viewer-5.0-4.el7.x86_64


How reproducible:
100%

Steps to Reproduce:
1.Enable vnc_sasl in /etc/libvirt/qemu.conf:
#vim /etc/libvirt/qemu.conf
vnc_sasl=1

2.Set the DIGEST-MD5 mechanisms in /etc/sasl2/qemu.conf
mech_list: digest-md5
sasldb_path: /tmp/passwd.db

auxprop_plugin: sasldb

3.Restart libvirtd service:
#systemctl restart libvirtd

4.Create a user and set sasl passwd for qemu-kvm (Set the passwd as redhat):
#saslpasswd2 -f /tmp/passwd.db -c redhat

5.Start a guest with vnc setting:
#virsh dumpxml rhel7.3-min
...
<graphics type='vnc' port='5901' autoport='yes' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
</graphics>
...

6.Change the context of /tmp/passwd.db to the same with the context of the qemu process:
#ps auxZ  | grep qemu-kvm
system_u:system_r:svirt_t:s0:c94,c384 qemu 24986 2.1 10.0 6103836 783240 ?     Sl   18:07   0:29 /usr/libexec/qemu-kvm -name guest=rhel7.3-min,debug-threads=on ...
 #chcon system_u:system_r:svirt_t:s0:c94,c384 /tmp/passwd.db 

7.Change the permission of file /tmp/passwd.db:
#chmod o+rx /tmp/passwd.db

8.Connect the guest from client:
#remote-viewer vnc://10.66.70.106:5901 --debug --gtk-vnc-debug

9.Input the wrong user and passwd

Actual results:
remote-viewer closed unexpected.

Expected results:
remote-viewer should show the user/passwd input window again.

Additional info:
The debug log of remote viewer is as follows:
(remote-viewer:11663): Gtk-WARNING **: Allocating size to VncDisplay 0x55ebfffa2250 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Set credential 1 test
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Set credential 0 test
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Waiting for missing credentials
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Got all credentials
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Gather Username test
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Filled SASL interact
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Client step result 1. Data 258 bytes 0x55ec000ca880 'username="test",realm="hosta",nonce="si0JJLViJaBAfE7czZOPKh9Ohhj+FL/GtHs9lTH1r2Y=",cnonce="zvSvnkbHNL7QQezxAdAf6/wfRJnsUVV7n40GWOTOMk8=",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=100000,digest-uri="vnc/10.66.4.215",response=b46522be883f66e1cb1cf98a7656e367'
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Server step with 258 bytes 0x55ec000ca880
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Read error Resource temporarily unavailable
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Closing the connection: vnc_connection_read() - ret=0
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Auth failed
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Doing final VNC cleanup
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Close VncConnection=0x55ebfffad4c0
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Emit main context 14
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Disconnected from VNC server
(remote-viewer:11663): virt-viewer-DEBUG: Not removing main window 0 0x55ebffcc4980
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Grab sequence is now Control_L+Alt_L
(remote-viewer:11663): virt-viewer-DEBUG: Disconnected
(remote-viewer:11663): virt-viewer-DEBUG: close vnc=0x55ebfffa2250
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Init VncConnection=0x55ec000e6190
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplaykeymap.c Using evdev keycode mapping
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Grab sequence is now Control_L+Alt_L
(remote-viewer:11663): virt-viewer-DEBUG: notebook show status 0x55ebffeec3a0
(remote-viewer:11663): virt-viewer-DEBUG: Guest (null) display has disconnected, shutting down
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Display destroy, requesting that VNC connection close
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Releasing VNC widget
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Finalize VncConnection=0x55ec000e6190
Comment 2 Christophe Fergeau 2019-01-09 13:23:45 UTC 
Moving to gtk-vnc, fixed by https://mail.gnome.org/archives/gtk-vnc-list/2019-January/msg00001.html
Comment 3 Daniel Berrangé 2019-08-07 17:22:46 UTC 
Given limited QE resources, we are closing this bug and don't intend to address it in RHEL-7. It is still tracked for RHEL-8 in bug 1688275