Bug 653779
Summary: | [RFE] VNC server ignore shared-flag during client init | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | YangFeng <fyang> |
Component: | qemu-kvm | Assignee: | Gerd Hoffmann <kraxel> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 6.1 | CC: | akong, anande, iheim, juzhang, michen, minovotn, mkenneth, shu, tburke, virt-maint, wdai |
Target Milestone: | beta | Keywords: | FutureFeature |
Target Release: | 6.1 | ||
Hardware: | Unspecified | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | qemu-kvm-0.12.1.2-2.240.el6 | Doc Type: | Enhancement |
Doc Text: |
No Documentation Needed
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 11:32:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 580954 |
Description
YangFeng
2010-11-16 06:04:03 UTC
qemu-kvm version: qemu-kvm-0.12.1.2-2.118.el6 [ cut + paste from email discussing this ] While I agree that it can be a DOS attack, I still think it could be worth implementing it, but only in connection with CLI args to allow admin to control its behaviour. Considering VirtualBox's RDP server IIUC they have the following behaviour - Default to only allow 1 single client connection at a time - If 'replaceUser' flag is set New clients kills existing client - Else New clients are dropped - If multipleUser flag is set many clients can connect concurrently The 'shared-flag' at a protocol level is only really useful in the multiuser scenario. It seems to be wanting a 'forceShared' CLI flag to allow the protocol level 'shared-flag' to be ignored. Oh, and of course 'shared-flag' would only ever be considered after authentication has completed. Daniel *** Bug 733676 has been marked as a duplicate of this bug. *** spice simply can't handle multiple parallel connections (yet), thats why a new (main channel) connect disconnects any other spice client. In the future spice will support shared sessions though, then this will change. Management of shared sessions isn't ideal for VNC, that is what this RFE bug is about. vnc clients can indicate whenever they want connect to a shared session, but qemu simply ignores that today. When user (2) connects *without* the shared flag set while user (1) is still connected qemu should do one of two things: (a) refuse user (2) to connect. (b) disconnect user (1). The plan is to implement an option for the vnc server where one can pick whenever qemu should do (a) or (b) or current behavior (for backward compatibility). On qemu-kvm-0.12.1.2-2.248.el6.x86_64, 1.boot guest with "-vnc :10,allow-exclusive" client1 connects w/o -shared && client2 connects w -shared --> client2 fails client1 and clinet2 connect both w -shared --> share correctly client1 connects w -shared && client2 connects w/o -shared --> client1 closes I think this is correct. 2.boot guest with "-vnc :10,force-shared" client1 and clinet2 connect both w -shared --> share correctly client1 connects w -shared && client2 connects w/o -shared --> client1 closes client1 connects w/o -shared --> connect correctly This is incorrect? 3.ignore is the same with force-shared Syntax is "-vnc :10,share=force-shared". Ok, it works well :/ 1.-vnc :10,share=allow-exclusive shared connection requires all client with "-shared", a single client without "-shared" will break all other connection. 2.-vnc :10,share=force-shared connection without "-shared" fails, with "-shared" connection shares correctly. 3.-vnc :10,share=ignore the same behaviour before the patch. Verified. Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No Documentation Needed Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0746.html |