Bug 653779
| Summary: | [RFE] VNC server ignore shared-flag during client init | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | YangFeng <fyang> |
| Component: | qemu-kvm | Assignee: | Gerd Hoffmann <kraxel> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 6.1 | CC: | akong, anande, iheim, juzhang, michen, minovotn, mkenneth, shu, tburke, virt-maint, wdai |
| Target Milestone: | beta | Keywords: | FutureFeature |
| Target Release: | 6.1 | ||
| Hardware: | Unspecified | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | qemu-kvm-0.12.1.2-2.240.el6 | Doc Type: | Enhancement |
| Doc Text: |
No Documentation Needed
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 11:32:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 580954 | ||
qemu-kvm version: qemu-kvm-0.12.1.2-2.118.el6 [ cut + paste from email discussing this ]
While I agree that it can be a DOS attack, I still think it could be worth
implementing it, but only in connection with CLI args to allow admin to
control its behaviour.
Considering VirtualBox's RDP server IIUC they have the following behaviour
- Default to only allow 1 single client connection at a time
- If 'replaceUser' flag is set
New clients kills existing client
- Else
New clients are dropped
- If multipleUser flag is set many clients can connect concurrently
The 'shared-flag' at a protocol level is only really useful in the
multiuser scenario. It seems to be wanting a 'forceShared' CLI
flag to allow the protocol level 'shared-flag' to be ignored.
Oh, and of course 'shared-flag' would only ever be considered after
authentication has completed.
Daniel
*** Bug 733676 has been marked as a duplicate of this bug. *** spice simply can't handle multiple parallel connections (yet), thats why a new (main channel) connect disconnects any other spice client. In the future spice will support shared sessions though, then this will change. Management of shared sessions isn't ideal for VNC, that is what this RFE bug is about. vnc clients can indicate whenever they want connect to a shared session, but qemu simply ignores that today. When user (2) connects *without* the shared flag set while user (1) is still connected qemu should do one of two things: (a) refuse user (2) to connect. (b) disconnect user (1). The plan is to implement an option for the vnc server where one can pick whenever qemu should do (a) or (b) or current behavior (for backward compatibility). On qemu-kvm-0.12.1.2-2.248.el6.x86_64, 1.boot guest with "-vnc :10,allow-exclusive" client1 connects w/o -shared && client2 connects w -shared --> client2 fails client1 and clinet2 connect both w -shared --> share correctly client1 connects w -shared && client2 connects w/o -shared --> client1 closes I think this is correct. 2.boot guest with "-vnc :10,force-shared" client1 and clinet2 connect both w -shared --> share correctly client1 connects w -shared && client2 connects w/o -shared --> client1 closes client1 connects w/o -shared --> connect correctly This is incorrect? 3.ignore is the same with force-shared Syntax is "-vnc :10,share=force-shared". Ok, it works well :/ 1.-vnc :10,share=allow-exclusive shared connection requires all client with "-shared", a single client without "-shared" will break all other connection. 2.-vnc :10,share=force-shared connection without "-shared" fails, with "-shared" connection shares correctly. 3.-vnc :10,share=ignore the same behaviour before the patch. Verified.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
No Documentation Needed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0746.html |
Description of problem: During testing, I found that VNC server ignore 'shared-flag' during client init. shared-flag is defined in The RFB Protocol: 6.3.1 ClientInit No. of bytes Type [Value] Description 1 shared-flag U8 Shared-flag is non-zero (true) if the server should try to share the desktop by leaving other clients connected, zero (false) if it should give exclusive access to this client by disconnecting all other clients. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. Start a VM with VNC. 2. Connect to guest through VNC. 3. Start another VNC connection to guest with Shared-flag is zero. Actual results: Two VNC connection share the desktop. Expected results: The first VNC connection should be disconnected. Additional info: