1688275 – remote-viewer connecting to guest with vnc_sasl setting closed unexpectly after input wrong username and passwd

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1688275 - remote-viewer connecting to guest with vnc_sasl setting closed unexpectly after input wrong username and passwd

Summary: remote-viewer connecting to guest with vnc_sasl setting closed unexpectly aft...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	gtk-vnc
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Daniel Berrangé
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:	1456175
Blocks:
TreeView+	depends on / blocked

Reported:	2019-03-13 12:33 UTC by Daniel Berrangé
Modified:	2023-02-12 22:46 UTC (History)
CC List:	15 users (show)
Fixed In Version:	gtk-vnc-0.9.0-2.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1456175
Environment:
Last Closed:	2020-04-28 15:59:10 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-30282	0	None	None	None	2023-02-12 22:46:09 UTC
Red Hat Product Errata	RHBA-2020:1690	0	None	None	None	2020-04-28 15:59:13 UTC

Description Daniel Berrangé 2019-03-13 12:33:25 UTC

+++ This bug was initially created as a clone of Bug #1456175 +++

Description of problem:
remote-viewer connecting to guest with vnc_sasl setting closed unexpectly after input wrong username and passwd

Version-Release number of selected component:
vnc server:
libvirt-3.2.0-6.virtcov.el7.x86_64
qemu-kvm-rhev-2.9.0-6.el7.x86_64
virt-viewer-5.0-4.el7.x86_64


How reproducible:
100%

Steps to Reproduce:
1.Enable vnc_sasl in /etc/libvirt/qemu.conf:
#vim /etc/libvirt/qemu.conf
vnc_sasl=1

2.Set the DIGEST-MD5 mechanisms in /etc/sasl2/qemu.conf
mech_list: digest-md5
sasldb_path: /tmp/passwd.db

auxprop_plugin: sasldb

3.Restart libvirtd service:
#systemctl restart libvirtd

4.Create a user and set sasl passwd for qemu-kvm (Set the passwd as redhat):
#saslpasswd2 -f /tmp/passwd.db -c redhat

5.Start a guest with vnc setting:
#virsh dumpxml rhel7.3-min
...
<graphics type='vnc' port='5901' autoport='yes' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
</graphics>
...

6.Change the context of /tmp/passwd.db to the same with the context of the qemu process:
#ps auxZ  | grep qemu-kvm
system_u:system_r:svirt_t:s0:c94,c384 qemu 24986 2.1 10.0 6103836 783240 ?     Sl   18:07   0:29 /usr/libexec/qemu-kvm -name guest=rhel7.3-min,debug-threads=on ...
 #chcon system_u:system_r:svirt_t:s0:c94,c384 /tmp/passwd.db 

7.Change the permission of file /tmp/passwd.db:
#chmod o+rx /tmp/passwd.db

8.Connect the guest from client:
#remote-viewer vnc://10.66.70.106:5901 --debug --gtk-vnc-debug

9.Input the wrong user and passwd

Actual results:
remote-viewer closed unexpected.

Expected results:
remote-viewer should show the user/passwd input window again.

Additional info:
The debug log of remote viewer is as follows:
(remote-viewer:11663): Gtk-WARNING **: Allocating size to VncDisplay 0x55ebfffa2250 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Set credential 1 test
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Set credential 0 test
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Waiting for missing credentials
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Got all credentials
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Gather Username test
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Filled SASL interact
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Client step result 1. Data 258 bytes 0x55ec000ca880 'username="test",realm="hosta",nonce="si0JJLViJaBAfE7czZOPKh9Ohhj+FL/GtHs9lTH1r2Y=",cnonce="zvSvnkbHNL7QQezxAdAf6/wfRJnsUVV7n40GWOTOMk8=",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=100000,digest-uri="vnc/10.66.4.215",response=b46522be883f66e1cb1cf98a7656e367'
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Server step with 258 bytes 0x55ec000ca880
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Read error Resource temporarily unavailable
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Closing the connection: vnc_connection_read() - ret=0
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Auth failed
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Doing final VNC cleanup
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Close VncConnection=0x55ebfffad4c0
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Emit main context 14
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Disconnected from VNC server
(remote-viewer:11663): virt-viewer-DEBUG: Not removing main window 0 0x55ebffcc4980
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Grab sequence is now Control_L+Alt_L
(remote-viewer:11663): virt-viewer-DEBUG: Disconnected
(remote-viewer:11663): virt-viewer-DEBUG: close vnc=0x55ebfffa2250
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Init VncConnection=0x55ec000e6190
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplaykeymap.c Using evdev keycode mapping
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Grab sequence is now Control_L+Alt_L
(remote-viewer:11663): virt-viewer-DEBUG: notebook show status 0x55ebffeec3a0
(remote-viewer:11663): virt-viewer-DEBUG: Guest (null) display has disconnected, shutting down
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Display destroy, requesting that VNC connection close
(remote-viewer:11663): gtk-vnc-DEBUG: vncdisplay.c Releasing VNC widget
(remote-viewer:11663): gtk-vnc-DEBUG: vncconnection.c Finalize VncConnection=0x55ec000e6190

--- Additional comment from Christophe Fergeau on 2019-01-09 13:23:45 GMT ---

Moving to gtk-vnc, fixed by https://mail.gnome.org/archives/gtk-vnc-list/2019-January/msg00001.html

Comment 2 Martin Krajnak 2019-12-18 12:18:56 UTC

I am not sure how to verify this, Here is the reproducer I tried 
and it ended ip with vnc-viewer crash.

> Steps to Reproduce:
> 1.Enable vnc_sasl in /etc/libvirt/qemu.conf:
> #vim /etc/libvirt/qemu.conf
> vnc_sasl=1

DONE
 
> 2.Set the DIGEST-MD5 mechanisms in /etc/sasl2/qemu.conf
> mech_list: digest-md5
> sasldb_path: /tmp/passwd.db

I have only /etc/sasl2/qemu-kvm.conf file, there is a message in the file 
describing that MD5 is vulnerable and gssapi is used instead. So I set:

mech_list: gssapi
sasldb_path: /tmp/passwd.db

and also this was allowed by default:
keytab: /etc/qemu/krb5.tab

> 
> auxprop_plugin: sasldb

There is no plugin option in the file

> 3.Restart libvirtd service:
> #systemctl restart libvirtd

Done, service running

> 4.Create a user and set sasl passwd for qemu-kvm (Set the passwd as redhat):
> #saslpasswd2 -f /tmp/passwd.db -c redhat

Done

> 5.Start a guest with vnc setting:
> #virsh dumpxml rhel7.3-min
> ...
> <graphics type='vnc' port='5901' autoport='yes' listen='0.0.0.0'>
>       <listen type='address' address='0.0.0.0'/>
> </graphics>
> ...

I started 
#virsh

#dumpxml 8.2
....
<graphics type='vnc' port='-1' autoport='yes'>
      <listen type='address'/>
    </graphics>
....

Then:
# start 8.2 --console

> 6.Change the context of /tmp/passwd.db to the same with the context of the
> qemu process:
> #ps auxZ  | grep qemu-kvm
> system_u:system_r:svirt_t:s0:c94,c384 qemu 24986 2.1 10.0 6103836 783240 ?  
> Sl   18:07   0:29 /usr/libexec/qemu-kvm -name
> guest=rhel7.3-min,debug-threads=on ...
>  #chcon system_u:system_r:svirt_t:s0:c94,c384 /tmp/passwd.db 
> 
> 7.Change the permission of file /tmp/passwd.db:
> #chmod o+rx /tmp/passwd.db
> 
> 8.Connect the guest from client:
> #remote-viewer vnc://10.66.70.106:5901 --debug --gtk-vnc-debug
> 
> 9.Input the wrong user and passwd
> 
I could only insert the password, username field was blocked.
After 1st password insertion I got the error, dialog spawned again I typed 
the wrong password again and it crashed.

What do you think ? is this reproducer OK ? About the crash is it related to bug ? 
I am installing debuginfos to provide more about crash.

Comment 3 Martin Krajnak 2019-12-18 12:55:47 UTC

I cannot reproduce the crash anymore, I might be doing something wrong, can you please help with reproducer ?

Comment 4 Daniel Berrangé 2020-01-14 09:39:32 UTC

I've never reproduced this bug myself, so the only information I have is what's in the initial bug description here.

Comment 5 Tomas Pelka 2020-01-14 09:43:48 UTC

OK verifying sanity only then.

Comment 6 Christophe Fergeau 2020-01-14 10:54:02 UTC

(In reply to Martin Krajnak from comment #2)

>  
> > 2.Set the DIGEST-MD5 mechanisms in /etc/sasl2/qemu.conf
> > mech_list: digest-md5
> > sasldb_path: /tmp/passwd.db
> 
> I have only /etc/sasl2/qemu-kvm.conf file, there is a message in the file 
> describing that MD5 is vulnerable and gssapi is used instead. So I set:

For testing, I'd stick with digest-md5, I've always assumed gssapi is much more complicated to setup :)

Comment 7 Martin Krajnak 2020-01-15 09:35:37 UTC

(In reply to Christophe Fergeau from comment #6)
> (In reply to Martin Krajnak from comment #2)
> 
> >  
> > > 2.Set the DIGEST-MD5 mechanisms in /etc/sasl2/qemu.conf
> > > mech_list: digest-md5
> > > sasldb_path: /tmp/passwd.db
> > 
> > I have only /etc/sasl2/qemu-kvm.conf file, there is a message in the file 
> > describing that MD5 is vulnerable and gssapi is used instead. So I set:
> 
> For testing, I'd stick with digest-md5, I've always assumed gssapi is much
> more complicated to setup :)

Thanks for advice, I wasn't sure if it is okay to change steps in the setup :)

Comment 9 errata-xmlrpc 2020-04-28 15:59:10 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1690

Note You need to log in before you can comment on or make changes to this bug.