Red Hat Bugzilla – Bug 1138639
fail to login spice session with password + expire time
Last modified: 2015-03-05 03:11:37 EST
Description of problem: when set "expire_password" in qemu, can not login the spice session with correct password before the password is expired. BTW, vnc not hit it. Version-Release number of selected component (if applicable): # uname -r 3.10.0-152.el7.x86_64 # rpm -qa | grep qemu-kvm-rhev qemu-kvm-rhev-2.1.0-3.el7.x86_64 spice client: # rpm -qa |grep spice* spice-glib-0.20-8.el7.x86_64 spice-server-0.12.4-5.el7.x86_64 xorg-x11-server-Xspice-0.1.1-9.el7.x86_64 spice-gtk3-0.20-8.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1.Prepare a spice guest,set password for spice: #...-spice port=5932,password=redhat 2.set password expire time as 1000 sec in qemu: #expire_password spice +1000 3.before the password expired, use virt-viewer to connect the guest: #remote-viewer spice://$hostIP:5932 Actual results: The password is required, but can't login with the correct password although the password is not expired. Expected results: can login with the correct password before the password is expired. Additional info: This bug is also occurred in rhel6
This seems to be a qemu bug (qemu) expire_password spice +1000 Breakpoint 3, spice_server_set_ticket (s=0x55555633ec90, passwd=0x0, lifetime=1000, fail_if_connected=0, disconnect_if_connected=0) at reds.c:3403 3403 { (gdb) up #1 0x00005555558fa709 in qemu_spice_set_ticket (fail_if_conn=false, disconnect_if_conn=false) at ui/spice-core.c:891 891 return spice_server_set_ticket(spice_server, passwd, lifetime, qemu_spice_set_ticket() uses auth_passwd which is NULL when set via command line.
Sent fix: http://lists.gnu.org/archive/html/qemu-devel/2014-09/msg01207.html
I am not use to qemu-kvm RHEL patch process, Gerd, you are better placed to handle the patch thanks.
Fix included in qemu-kvm-1.5.3-80.el7
Reproduce this bug as follow version: Host: # uname -r 3.10.0-195.el7.x86_64 # rpm -q qemu-kvm qemu-kvm-1.5.3-77.el7.x86_64 Guest: rhel7 Steps: 1.Boot guest with "spice port=5932,password=redhat " 2.set password expire time .. { "execute": "expire_password", "arguments": { "protocol": "spice", "time": "+60" } } 3.before the password expired, use virt-viewer to connect the guest: #remote-viewer spice://$hostIP:5932 Results: can't login with the correct password although the password is not expired. Verify this bug as follow version: Version: Host: # uname -r 3.10.0-195.el7.x86_64 # rpm -q qemu-kvm qemu-kvm-1.5.3-82.el7.x86_64 Guest:rhel7 Results: can login with the correct password . Addtional info: Test use win2012r2 guest on AMD machine,work well Version: # uname -r 3.10.0-201.el7.x86_64 # rpm -q qemu-kvm qemu-kvm-1.5.3-82.el7.x86_64 Guest:win2012r2 According to above test ,this bug has been fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0349.html