Bug 1434551 - No password is required to connect to guest with graphics password configured
Summary: No password is required to connect to guest with graphics password configured
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: virt-manager
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Pavel Hrdina
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1365367
TreeView+ depends on / blocked
 
Reported: 2017-03-21 17:32 UTC by Pavel Hrdina
Modified: 2017-08-01 21:04 UTC (History)
8 users (show)

Fixed In Version: virt-manager-1.4.1-2.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 21:04:33 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2072 0 normal SHIPPED_LIVE virt-manager bug fix and enhancement update 2017-08-01 18:36:34 UTC

Description Pavel Hrdina 2017-03-21 17:32:13 UTC
If a guest XML contains this configuration:

...
    <graphics type='vnc' port='-1' autoport='yes' passwd='1234'>
      <listen type='address'/>
    </graphics>
...

the password is ignored and the graphics console is successfully opened.

Caused by this commit:

commit 0910c8dcfc38d03178d0cb6f2beb41a192eb45be
Author: Cole Robinson <crobinso>
Date:   Thu Mar 2 15:08:32 2017 -0500

    domain: Use libvirt.VIR_DOMAIN_OPEN_GRAPHICS_SKIPAUTH (bug 1379581)
    
    It's what virt-viewer uses, and apparently it's needed for VNC
    listen type=none
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1379581

Comment 2 Cole Robinson 2017-03-21 18:23:42 UTC
Yeah I'm not sure what to do here really. It's not an unintentional regression as that feature is working as expected, and IMO isn't really reducing security at all since if you have access to qemu:///system you can see the graphical password anyways.

Certainly makes verifying passwords are working more of a pain.

I guess we need to dig to figure out why SKIPAUTH makes listen type=none work, and whether it's a fixable bug somewhere else

Comment 3 Pavel Hrdina 2017-03-23 15:19:47 UTC
Upstream commit:

commit cb182f7e3a569bde926818a4c55bb8427fba2728
Author: Pavel Hrdina <phrdina>
Date:   Thu Mar 23 15:26:19 2017 +0100

    graphics: skip authentication only for VNC with listen type none

Comment 6 zhoujunqin 2017-04-25 03:59:10 UTC
I can reproduce this issue with package:
virt-manager-1.4.1-1.el7.noarch

Then try to verify this bug with:
virt-manager-1.4.1-2.el7.noarch
libvirt-3.2.0-3.el7.x86_64
qemu-kvm-rhev-2.8.0-6.el7.x86_64

Steps:
Scenario-1 Testing with spice guest
On host A:

Scenario-1.1 listen type: address + Address: Localhost only + password setting
1.1.1 Guest with configuration:

# virsh dumpxml rhel6.9 --security-info
    <graphics type='spice' port='5901' autoport='yes' listen='127.0.0.1' passwd='aabb'>
      <listen type='address' address='127.0.0.1'/>
      <image compression='off'/>
    </graphics>

1.1.2 Start guest and open the guest console.

Result for 1.1.2:
I. Password is required when connecting to guest graphical console.
II. We can login guest with typing correct password. 
    If not, with wrong password, 'Input Error' error window will pop up with "Viewer authentication error: Authentication failed: wrong password ? ", after click 'OK' will back to password authentication window, and wrong spice password keeps.

1.1.3 Closed guest window and open again, input correct password, then tick 'Save this password in your keyring', then click 'Login'.

Result for 1.1.3:
I. Login guest successfully.
II. Closed guest window and open again, we can see password is saving, we can login guest directly with click 'Login' button.

Scenario-1.2: Listen type: address + Address: All interfaces + password setting

1.2.1 Guest with configuration:
# virsh dumpxml rhel6.9 --security-info

    <graphics type='spice' port='5901' autoport='yes' listen='0.0.0.0' passwd='aabb'>
      <listen type='address' address='0.0.0.0'/>
      <image compression='off'/>
    </graphics>

1.2.2 Steps as Scenario-1.1 
Result: Get same result with Scenario-1.1.

Scenario-3 Listen type: none + password setting
1.3.1 Guest with configuration:

# virsh dumpxml rhel6.9 --security-info
    <graphics type='spice' passwd='aabb'>
      <listen type='none'/>
      <image compression='off'/>
    </graphics>

1.3.2 Steps as Scenario-1.1 
Result: Get same result with Scenario-1.1.

Scenario-4 Try to connect to above spice guest console in remote connection.
On hostB:

1.4.1 Launch virt-manager on Host B, File->Add connection->Hypervisor choosing 'QEMU/KVM'->Tick 'Connect to remote host'->Method 'SSH'->Username: root ->Hostname: $host A ->Connect.

1.4.2 Open guest console 'rhel6.9' on hostA.

Result for step1.4.2:
I. <listen type='address' address='127.0.0.1'/> - pass
Get same result with Scenario-1.1
II. <listen type='address' address='0.0.0.0'/> - failed
Failed to show password authentication page, it displays error:
Viewer was disconnected.
Encountered SPICE error-connect: could not connect to xx.xx.xx.xx
No route to host
III. <listen type='none'/> - failed
It will fail to open guest window and reports:

"Error connecting to graphical console:
Guest is on a remote host, but is only configured to allow local file
descriptor connections."
It same with Bug 1441127.

Summary for spice guest:
Local connection:
I. Password is required when connecting to guest graphical console.
II. We can login guest with typing correct password. 
    If not, with wrong password, 'Input Error' error window will pop up with "Viewer authentication error: Authentication failed: wrong password ? ", after click 'OK' will back to password authentication window, and wrong spice password keeps.
II. 'Save this password in you keyring' choice works well.

Remote connection:
I. Can only connect to password authentication page for guest (<listen type='address' address='127.0.0.1'/> ).

Comment 7 zhoujunqin 2017-04-25 10:11:22 UTC
Scenario-2 Testing with vnc guest
On host A:

Scenario-2.1 listen type: address + Address: Localhost only + password setting
2.1.1 Guest with configuration:

# virsh dumpxml rhel7.3latest-vnc --security-info
    <graphics type='vnc' port='5901' autoport='yes' listen='127.0.0.1' passwd='aabb'>
      <listen type='address' address='127.0.0.1'/>
    </graphics>

2.1.2 Start guest and open the guest console.

Result for 2.1.2:
I. Password is required when connecting to guest graphical console.
II. We can login guest with typing correct password. 
    If not, with wrong password, 'Input Error' error window will pop up with "Viewer authentication error: Authentication failed ", after click 'OK' will back to password authentication window, and wrong vnc password will be empty.

2.1.3 Close guest window and reopen, input correct password, then tick 'Save this password in your keyring', then click 'Login'.

Result for 2.1.3:
I. Login guest successfully.
II. Closed guest window and open again, we can see password is saving, we can login guest directly with click 'Login' button.

Scenario-2.2: Listen type: address + Address: All interfaces + password setting

2.2.1 Guest with configuration:
# virsh dumpxml rhel7.3latest-vnc --security-info

    <graphics type='vnc' port='5901' autoport='yes' listen='0.0.0.0' passwd='aabb'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>

2.2.2 Steps as Scenario-1.1 
Result: Get same result with Scenario-1.1.

Scenario-2.3: Listen type: none + password setting
2.3.1 Guest with configuration:

# virsh dumpxml rhel7.3latest-vnc --security-info
    <graphics type='vnc' port='-1' autoport='yes' passwd='aabb'>
      <listen type='none'/>
    </graphics>


2.3.2 Steps as Scenario-2.1 
Result: Skip authentication.

Scenario-2.4 Try to connect to above spice guest console in remote connection.
On hostB:

2.4.1 Launch virt-manager on Host B, File->Add connection->Hypervisor choosing 'QEMU/KVM'->Tick 'Connect to remote host'->Method 'SSH'->Username: root ->Hostname: $host A ->Connect.

2.4.2 Open guest console 'rhel7.3latest-vnc' on hostA.

Result for step2.4.2:
I. <listen type='address' address='127.0.0.1'/> - pass
Get same result with Scenario-2.1

II. <listen type='address' address='0.0.0.0'/> - failed
Failed to show password authentication page, it displays error:
Viewer was disconnected.

III. <listen type='none'/> - failed
It will fail to open guest window and reports:
Viewer was disconnected.

SSH tunnel error output: nc: invalid option -- '1'
Ncat: Try `--help' or man(1) ncat for more information, usage options and help. QUITTING.


Summary for vnc guest:
Local connection:
I. Password is required when connecting to guest graphical console.
II. We can login guest with typing correct password. 
    If not, with wrong password, 'Input Error' error window will pop up with "Viewer authentication error: Authentication failed ", after click 'OK' will back to password authentication window, and wrong vnc password will be empty automatically.
III. 'Save this password in you keyring' choice works well.
IV. Skip authentication only for VNC with listen type none.

Remote connection:
I. Can only connect to password authentication page for guest (<listen type='address' address='127.0.0.1'/> ).

Comment 8 zhoujunqin 2017-04-25 10:21:10 UTC
Hi Pavel,
I failed to see authentication for remote connecting, could help me have a look, thanks.

Comment 9 Pavel Hrdina 2017-04-26 10:29:07 UTC
(In reply to zhoujunqin from comment #7)

[...]

> Scenario-2.4 Try to connect to above spice guest console in remote
> connection.
> On hostB:
> 
> 2.4.1 Launch virt-manager on Host B, File->Add connection->Hypervisor
> choosing 'QEMU/KVM'->Tick 'Connect to remote host'->Method 'SSH'->Username:
> root ->Hostname: $host A ->Connect.
> 
> 2.4.2 Open guest console 'rhel7.3latest-vnc' on hostA.
> 
> Result for step2.4.2:
> I. <listen type='address' address='127.0.0.1'/> - pass
> Get same result with Scenario-2.1
> 
> II. <listen type='address' address='0.0.0.0'/> - failed
> Failed to show password authentication page, it displays error:
> Viewer was disconnected.

I'm not able to reproduce it, it works correctly for me.  Full debug log for this case would be nice.

> III. <listen type='none'/> - failed
> It will fail to open guest window and reports:
> Viewer was disconnected.
>
> SSH tunnel error output: nc: invalid option -- '1'
> Ncat: Try `--help' or man(1) ncat for more information, usage options and
> help. QUITTING.

This is yet another bug in virt-manager, it doesn't detect that the listen type is 'none' and virt-manager tries to connect to that guest while it should print this error "Guest is on a remote host, but is only configured to allow local file descriptor connections."

Please create a new bug for this issue, thanks.

Comment 10 zhoujunqin 2017-04-26 11:26:12 UTC
(In reply to Pavel Hrdina from comment #9)
> (In reply to zhoujunqin from comment #7)
> 
> [...]
> 
> > Scenario-2.4 Try to connect to above spice guest console in remote
> > connection.
> > On hostB:
> > 
> > 2.4.1 Launch virt-manager on Host B, File->Add connection->Hypervisor
> > choosing 'QEMU/KVM'->Tick 'Connect to remote host'->Method 'SSH'->Username:
> > root ->Hostname: $host A ->Connect.
> > 
> > 2.4.2 Open guest console 'rhel7.3latest-vnc' on hostA.
> > 
> > Result for step2.4.2:
> > I. <listen type='address' address='127.0.0.1'/> - pass
> > Get same result with Scenario-2.1
> > 
> > II. <listen type='address' address='0.0.0.0'/> - failed
> > Failed to show password authentication page, it displays error:
> > Viewer was disconnected.
> 
> I'm not able to reproduce it, it works correctly for me.  Full debug log for
> this case would be nice.

Yes, Pave.
I tested in another environment, it works for me when listening all interfaces both for spice and vnc guests.
Thanks for your confirmation.

> 
> > III. <listen type='none'/> - failed
> > It will fail to open guest window and reports:
> > Viewer was disconnected.
> >
> > SSH tunnel error output: nc: invalid option -- '1'
> > Ncat: Try `--help' or man(1) ncat for more information, usage options and
> > help. QUITTING.
> 
> This is yet another bug in virt-manager, it doesn't detect that the listen
> type is 'none' and virt-manager tries to connect to that guest while it
> should print this error "Guest is on a remote host, but is only configured
> to allow local file descriptor connections."
> 
> Please create a new bug for this issue, thanks.

Yes, Bug 1445714 filed to track this issue, thanks.

As a summary for this bug, all testing scenarios listed in Comment 6 and Comment 7 will ask for authentication when connect to guest console, except Bug 1445714, Bug 1445239 testing scenarios, so move this bug to VERIFIED.

Comment 11 errata-xmlrpc 2017-08-01 21:04:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2072


Note You need to log in before you can comment on or make changes to this bug.