From eab5a930c55194b24e1fba03dd60aea9aa6bcc5f Mon Sep 17 00:00:00 2001
From: Ian Jackson <Ian.Jackson@eu.citrix.com>
Date: Fri, 4 Feb 2011 18:45:26 +0000
Subject: [PATCH] libxl: SECURITY: always honour request for vnc password

qemu only sets a password on its vnc display if the value for the -vnc
option has the ",password" modifier.  The code for constructing
qemu-dm options was broken and only added this modifier for one of the
cases.

Unfortunately there does not appear to be any code for passing the vnc
password to upstream qemu (ie, in the case where
libxl_build_device_model_args_new is called).  To avoid accidentally
running the domain without a password, check for this situation and
fail an assertion.  This will have to be revisited after 4.1.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
 tools/libxl/libxl_dm.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index 8d5dc423c9..d8a2b4d4d5 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -23,6 +23,7 @@
 #include <signal.h>
 #include <unistd.h>
 #include <fcntl.h>
+#include <assert.h>
 #include "libxl_utils.h"
 #include "libxl_internal.h"
 #include "libxl.h"
@@ -55,26 +56,29 @@ static char ** libxl_build_device_model_args_old(libxl__gc *gc,
         flexarray_vappend(dm_args, "-domain-name", info->dom_name, NULL);
 
     if (info->vnc || info->vncdisplay || info->vnclisten || info->vncunused) {
-        flexarray_append(dm_args, "-vnc");
+        char *vncarg;
         if (info->vncdisplay) {
             if (info->vnclisten && strchr(info->vnclisten, ':') == NULL) {
-                flexarray_append(dm_args, 
-                    libxl__sprintf(gc, "%s:%d%s",
+                vncarg = libxl__sprintf(gc, "%s:%d",
                                   info->vnclisten,
-                                  info->vncdisplay,
-                                  info->vncpasswd ? ",password" : ""));
+                                  info->vncdisplay);
             } else {
-                flexarray_append(dm_args, libxl__sprintf(gc, "127.0.0.1:%d", info->vncdisplay));
+                vncarg = libxl__sprintf(gc, "127.0.0.1:%d", info->vncdisplay);
             }
         } else if (info->vnclisten) {
             if (strchr(info->vnclisten, ':') != NULL) {
-                flexarray_append(dm_args, info->vnclisten);
+                vncarg = info->vnclisten;
             } else {
-                flexarray_append(dm_args, libxl__sprintf(gc, "%s:0", info->vnclisten));
+                vncarg = libxl__sprintf(gc, "%s:0", info->vnclisten);
             }
         } else {
-            flexarray_append(dm_args, "127.0.0.1:0");
+            vncarg = "127.0.0.1:0";
         }
+        if (info->vncpasswd)
+            vncarg = libxl__sprintf(gc, "%s,password", vncarg);
+        flexarray_append(dm_args, "-vnc");
+        flexarray_append(dm_args, vncarg);
+        
         if (info->vncunused) {
             flexarray_append(dm_args, "-vncunused");
         }
@@ -193,6 +197,9 @@ static char ** libxl_build_device_model_args_new(libxl__gc *gc,
         int display = 0;
         const char *listen = "127.0.0.1";
 
+        if (info->vncpasswd && info->vncpasswd[0]) {
+            assert(!"missing code for supplying vnc password to qemu");
+        }
         flexarray_append(dm_args, "-vnc");
 
         if (info->vncdisplay) {
-- 
2.30.2