Bug 667097

Summary: vnc_password does not behave as advertised.
Product: [Community] Virtualization Tools Reporter: Neil Wilson <neil>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: berrange, crobinso, xen-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-07 14:45:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Neil Wilson 2011-01-04 12:30:55 UTC 
Description of problem:

The help for 'vnc_password' in qemu.conf states "An empty string will still enable passwords, but be rejected by QEMU effectively preventing any use of VNC.".

Yet if you set vnc_password="" then you can access the VNC console without any password prompt at all - just as you can if the entry is hashed out.

Version-Release number of selected component (if applicable):

libvirtd (libvirt) 0.8.3


How reproducible:

Every time by configuration

Steps to Reproduce:
1. Create a VNC console without a password.
2. Set vnc_password="" in /etc/libvirt/qemu.conf
3. Start up a guest and access the VNC console with a client. 
  
Actual results:

You get straight into the console with no prompts.


Expected results:

Should have come up with a prompt and rejected the access. Or the instructions in the qemu.conf file need changing to take account of the current behaviour.

Additional info:
Comment 1 Neil Wilson 2011-01-04 12:48:32 UTC 
Similarly if you set the passwd attribute to '' in the vnc graphics XML stanza.
Comment 2 Daniel Berrangé 2011-01-07 14:45:34 UTC 
This is not a libvirt bug. This is caused by a flaw in particular QEMU version you are using, which silently disables auth when the password is set to "". This bug was introduced in QEMU in this bogus commit

commit 52c18be9e99dabe295321153fda7fce9f76647ac
Author: Zachary Amsden <zamsden>
Date:   Thu Jul 30 00:15:01 2009 -1000

    When using stdio monitor and VNC display, one can set or clear a VNC password; this should set or turn off VNC authentication as well.