Bug 1138639 - fail to login spice session with password + expire time
Summary: fail to login spice session with password + expire time
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm
Version: 7.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Gerd Hoffmann
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1138647 1140975
TreeView+ depends on / blocked
 
Reported: 2014-09-05 10:56 UTC by chcheng
Modified: 2015-03-05 08:11 UTC (History)
12 users (show)

Fixed In Version: qemu-kvm-1.5.3-80.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1138647 1140975 (view as bug list)
Environment:
Last Closed: 2015-03-05 08:11:37 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0349 0 normal SHIPPED_LIVE Important: qemu-kvm security, bug fix, and enhancement update 2015-03-05 12:27:34 UTC

Description chcheng 2014-09-05 10:56:48 UTC
Description of problem:
when set "expire_password" in qemu, can not login the spice session with correct password before the password is expired. 
BTW, vnc not hit it.

Version-Release number of selected component (if applicable):
# uname -r
3.10.0-152.el7.x86_64
# rpm -qa | grep qemu-kvm-rhev
qemu-kvm-rhev-2.1.0-3.el7.x86_64
spice client:
# rpm -qa |grep spice*
spice-glib-0.20-8.el7.x86_64
spice-server-0.12.4-5.el7.x86_64
xorg-x11-server-Xspice-0.1.1-9.el7.x86_64
spice-gtk3-0.20-8.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Prepare a spice guest,set password for spice:
#...-spice port=5932,password=redhat

2.set password expire time as 1000 sec in qemu:
#expire_password  spice +1000

3.before the password expired, use virt-viewer to connect the guest:
#remote-viewer spice://$hostIP:5932

Actual results:
The password is required, but can't login with the correct password although the password is not expired.

Expected results:
can login with the correct password before the password is expired.

Additional info:
This bug is also occurred in rhel6

Comment 2 Marc-Andre Lureau 2014-09-05 12:01:02 UTC
This seems to be a qemu bug

(qemu) expire_password  spice +1000

Breakpoint 3, spice_server_set_ticket (s=0x55555633ec90, passwd=0x0, lifetime=1000, fail_if_connected=0, 
    disconnect_if_connected=0) at reds.c:3403
3403	{
(gdb) up
#1  0x00005555558fa709 in qemu_spice_set_ticket (fail_if_conn=false, disconnect_if_conn=false)
    at ui/spice-core.c:891
891	    return spice_server_set_ticket(spice_server, passwd, lifetime,


qemu_spice_set_ticket() uses auth_passwd which is NULL when set via command line.

Comment 3 Marc-Andre Lureau 2014-09-05 12:46:42 UTC
Sent fix:
http://lists.gnu.org/archive/html/qemu-devel/2014-09/msg01207.html

Comment 4 Marc-Andre Lureau 2014-10-07 09:46:24 UTC
I am not use to qemu-kvm RHEL patch process, Gerd, you are better placed to handle the patch thanks.

Comment 6 Miroslav Rezanina 2014-11-21 07:34:30 UTC
Fix included in qemu-kvm-1.5.3-80.el7

Comment 8 langfang 2014-11-27 07:37:10 UTC
Reproduce this bug as follow version:
Host:
# uname -r
3.10.0-195.el7.x86_64
# rpm -q qemu-kvm
qemu-kvm-1.5.3-77.el7.x86_64

Guest:
rhel7

Steps:
1.Boot guest with 
"spice port=5932,password=redhat "

2.set password expire time 
..
{ "execute": "expire_password", "arguments": { "protocol": "spice", "time": "+60" } }

3.before the password expired, use virt-viewer to connect the guest:
#remote-viewer spice://$hostIP:5932


Results:

can't login with the correct password although the password is not expired.

Verify this bug as follow version:

Version:
Host:
# uname -r
3.10.0-195.el7.x86_64
# rpm -q qemu-kvm
qemu-kvm-1.5.3-82.el7.x86_64


Guest:rhel7

Results:
can login with the correct password .

Addtional info:

Test use win2012r2 guest on AMD machine,work well
Version:
# uname -r
3.10.0-201.el7.x86_64
# rpm -q qemu-kvm
qemu-kvm-1.5.3-82.el7.x86_64

Guest:win2012r2

According to above test ,this bug has been fixed.

Comment 11 errata-xmlrpc 2015-03-05 08:11:37 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0349.html


Note You need to log in before you can comment on or make changes to this bug.