1660768 – virt-viewer window is closed unexpectedly if keep password blank, then click OK button for VNC guest

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1660768 - virt-viewer window is closed unexpectedly if keep password blank, then click OK button for VNC guest

Summary: virt-viewer window is closed unexpectedly if keep password blank, then click ...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	gtk-vnc
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	8.0
Assignee:	Virtualization Maintenance
QA Contact:	SPICE QE bug list
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-12-19 07:59 UTC by Xiaodai Wang
Modified:	2022-05-17 07:27 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-05-17 07:27:31 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	pm-rhel: mirror+

Attachments	(Terms of Use)

Description Xiaodai Wang 2018-12-19 07:59:30 UTC

Description of problem:
Virt-viewer window is closed unexpectedly if keeping password blank, then click OK button for VNC guest

Version-Release number of selected component (if applicable):
virt-viewer-7.0-3.el8.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Prepare a vnc guest has authentication required.
2. Open the guest by virt-viewer.
$ virt-viewer -c qemu:///system $vncguest
3. After authentication dialog pops up, keep passwrod blank, and click OK button.

Actual results:
virt-viewer window is closed unexpectedly.

Expected results:
virt-viewer should retry the authentication for the vnc guest.

Additional info:
1) It can not be reprodeced in rhel7.
2) Spice guest has no problem.

Comment 1 Xiaodai Wang 2018-12-19 08:00:43 UTC

$ virt-viewer -c qemu:///system rhel7.6-vnc --debug
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.621: connecting ...
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.621: Opening connection to libvirt with URI qemu:///system
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.645: initial connect
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.645: notebook show status 0x5640ca9e4370
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.645: virt_viewer_app_set_uuid_string: UUID changed to 4b9bf653-19e8-4555-807f-d05944fa6197
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.646: notebook show status 0x5640ca9e4370
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.646: Guest rhel7.6-vnc is running, determining display
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.646: Set connect info: (null),(null),-1,-1,(null),(null),(null),0
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.646: Guest rhel7.6-vnc has a vnc display
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.647: Guest graphics address is 0.0.0.0:5901
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.647: Guest graphics listen '0.0.0.0' is NULL or a wildcard, replacing with 'localhost'
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.647: Set connect info: localhost,localhost,5901,-1,(null),(null),(null),-1
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.648: Error operation forbidden: read only access prevents virDomainOpenGraphicsFD
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.648: After open connection callback fd=-1
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.648: Opening direct TCP connection to display at localhost:5901:-1
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.648: notebook show status 0x5640ca9e4370
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.648: reconnect_poll: 0
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.677: notebook show status 0x5640ca9e4370
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.677: Insert display 0 0x5640ca83dbc0
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.677: notebook show status 0x5640ca9e4370
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.678: Got VNC credential request for 1 credential(s)
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.696: Allocated 1024x740
(virt-viewer:14799): virt-viewer-DEBUG: 15:53:58.696: Child allocate 1024x640
(virt-viewer:14799): virt-viewer-DEBUG: 16:00:00.598: notebook show status 0x5640ca9e4370
(virt-viewer:14799): virt-viewer-DEBUG: 16:00:00.599: notebook show display 0x5640ca9e4370
(virt-viewer:14799): virt-viewer-DEBUG: 16:00:00.600: Allocated 320x200
(virt-viewer:14799): virt-viewer-DEBUG: 16:00:00.600: Child allocate 320x200
(virt-viewer:14799): virt-viewer-DEBUG: 16:00:00.602: Not removing main window 0 0x5640ca7280f0
(virt-viewer:14799): virt-viewer-DEBUG: 16:00:00.602: Disconnected
(virt-viewer:14799): virt-viewer-DEBUG: 16:00:00.602: close vnc=0x5640caa0a240
(virt-viewer:14799): virt-viewer-DEBUG: 16:00:00.602: notebook show status 0x5640ca9e4370
(virt-viewer:14799): virt-viewer-DEBUG: 16:00:00.602: Guest rhel7.6-vnc display has disconnected, shutting down

Comment 2 Christophe Fergeau 2018-12-21 18:07:18 UTC

It's vnc_connection_perform_auth_vnc() which fails because gcry_cipher_setkey() returns GPG_ERR_WEAK_KEY when an empty key is used (all 0). I'm not sure how to work around this though.

Comment 3 Daniel Berrangé 2019-03-13 12:31:17 UTC

(In reply to Christophe Fergeau from comment #2)
> It's vnc_connection_perform_auth_vnc() which fails because
> gcry_cipher_setkey() returns GPG_ERR_WEAK_KEY when an empty key is used (all
> 0). I'm not sure how to work around this though.

If the password is all zeros that's still a valid key from the VNC protocol POV. gcrypt is correct in reporting WEAK_KEY, but we don't care. 

There's no API to disable this weak key check but the key check is only performed /after/ the key has been set. So we can just ignore the weak key error code and carry on as normal.

Everything about the VNC authentication scheme is garbage from a security POV, so using an all-zeros key doesn't make it worse/weaker.

Anyone who cares about real world security should use the TLS auth sceme with SASL.

Comment 4 Daniel Berrangé 2019-03-13 12:40:30 UTC

(In reply to Daniel Berrange from comment #3)
> There's no API to disable this weak key check but the key check is only
> performed /after/ the key has been set. So we can just ignore the weak key
> error code and carry on as normal.

Unfortunately this doesn't work in practice - other parts of the gcrypt code have checks which block us using it :-(

I don't see any way to fix this problem other than to return to using home-grown crypto impls which is not a desirable situation.

Comment 6 zhoujunqin 2020-12-18 09:16:31 UTC

I can reproduce bug issue with package:
virt-viewer-9.0-4.el8.x86_64
gtk-vnc2-0.9.0-2.el8.x86_64


Steps to Reproduce:
1. Prepare a vnc guest has authentication required.

# virsh dumpxml vnc --inactive --security-info |grep -A5 graphics
    <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0' passwd='aabb'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
...

2. Open the guest by virt-viewer.
$ virt-viewer -c qemu:///system $vncguest

3. After authentication dialog pops up, keep password blank, and click OK button.

Test results:
virt-viewer window is closed unexpectedly.

Then I test with latest virt-viewer package, I can't reproduce this issue anymore.
Currently test result is as follows:

Package version:
virt-viewer-9.0-5.el8.x86_64


Steps as above.

Result: After run step_3, virt-viewer window exits, then an authentication failed dialog pops up:

Unable to connect to the graphic server:localhost:5901
Unknown authentication failure: %s: Weak encryption key

Then we can click 'OK' button to exit.

$ virt-viewer -c qemu:///system vnc --debug
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.137: connecting ...
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.137: Opening connection to libvirt with URI qemu:///system
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.154: initial connect
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.154: notebook show status 0x55d857c66220
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.154: virt_viewer_app_set_uuid_string: UUID changed to 9e1d7acb-26e0-4754-9c2a-28f475c8d388
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.155: notebook show status 0x55d857c66220
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.155: Guest vnc is running, determining display
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.155: Set connect info: (null),(null),-1,-1,(null),(null),(null),0
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.155: Guest vnc has a vnc display
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.156: Guest graphics address is 0.0.0.0:5901
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.156: Guest graphics listen '0.0.0.0' is NULL or a wildcard, replacing with 'localhost'
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.156: Set connect info: localhost,localhost,5901,-1,(null),(null),(null),-1
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.156: Error operation forbidden: read only access prevents virDomainOpenGraphicsFD
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.156: After open connection callback fd=-1
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.156: Opening direct TCP connection to display at localhost:5901:-1
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.156: notebook show status 0x55d857c66220
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.157: reconnect_poll: 0
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.186: notebook show status 0x55d857c66220
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.186: Insert display 0 0x55d8579da680
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.186: notebook show status 0x55d857c66220
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.189: Got VNC credential request for 1 credential(s)
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.212: Allocated 1024x740
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:34.212: Child allocate 1024x640

(virt-viewer:53674): virt-viewer-WARNING **: 16:44:36.035: vnc-session: got vnc error Unknown authentication failure: %s: Weak encryption key
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:37.197: close vnc=0x55d857ca2220
(virt-viewer:53674): virt-viewer-DEBUG: 16:44:37.197: Not removing main window 0 0x55d8579c3b20

Additional info:

I also found the behavior of input an invalid password for the vnc authentication has also changed.

Steps:
4. Repeat step1 and step2, after authentication dialog pops up, input an invalid password(such as ttt), then click 'OK' button.

Previous test result with virt-viewer-9.0-4.el8.x86_64:

An authentication failed dialog pops up with:
Unable to authentication with remote desktop server at localhost:5901: Authentication failed

Click 'OK' button for the authentication failed dialog, virt-viewer will not exit and back to the Authentication required dialog, and let user input the password again.


Current test result with virt-viewer-9.0-5.el8.x86_64:

virt-viewer window exits, then an authentication failed dialog pops up:

Unable to connect to the graphic server:localhost:5901
Authentication failed

Click 'OK' button to exit.


@uri, could help double confirm the current test results for above two test scenarios are as expected or not, I think they'are acceptable, thanks.

Comment 7 Uri Lublin 2020-12-20 12:23:13 UTC

I think it's good enough.
It lets the user know there was a problem with authentication, where
before it just exited.
With no password entered - error is indeed "Weak encryption key"
With wrong password entered - error is "Authentication failed"
It's does not re-ask for password like with as spice:// but that's not too important.

Comment 8 zhoujunqin 2020-12-21 01:52:00 UTC

Hi Uri,
Got it, thanks for your reply.
Let's wait for berrange's response together.

Comment 10 Daniel Berrangé 2021-01-04 11:50:39 UTC

I've not got any answer for how to avoid this problem with gcrypt.

Comment 11 RHEL Program Management 2021-02-01 07:31:20 UTC

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.

Comment 12 Daniel Berrangé 2021-11-17 15:00:45 UTC

Re-opening, since upstream I figured out how to rewrite the code in question to use GNUTLS instead of gcrypt to avoid the gcrypt bug with empty passwords. The fix is in the 1.3.0 release of gtk-vnc, and can be backported to fix this regression.

Comment 15 RHEL Program Management 2022-05-17 07:27:31 UTC

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.

Note You need to log in before you can comment on or make changes to this bug.