From 2dc0eb61e87b644494ac33bd4deb9197ffe6af72 Mon Sep 17 00:00:00 2001 From: Stefan Reiter Date: Thu, 27 May 2021 12:27:51 +0200 Subject: [PATCH] qm: assume correct VNC setup in 'vncproxy', disallow passwordless The QMP 'change' command is no longer available since QEMU 6.0, so this cannot work - instead of replacing it, we can just remove it however. The 'if' branch would only set the VNC socket path anew and enable password mode, which is always set and enabled on startup already. The 'else' branch was intended for certificate login (?), which according to the FIXME comment is long gone anyway - simply forbid 'vncproxy' without the PVE ticket environment variable set. Signed-off-by: Stefan Reiter --- PVE/CLI/qm.pm | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/PVE/CLI/qm.pm b/PVE/CLI/qm.pm index f8972bd..1c199b6 100755 --- a/PVE/CLI/qm.pm +++ b/PVE/CLI/qm.pm @@ -217,12 +217,10 @@ __PACKAGE__->register_method ({ my $vnc_socket = PVE::QemuServer::Helpers::vnc_socket($vmid); if (my $ticket = $ENV{LC_PVE_TICKET}) { # NOTE: ssh on debian only pass LC_* variables - mon_cmd($vmid, "change", device => 'vnc', target => "unix:$vnc_socket,password"); mon_cmd($vmid, "set_password", protocol => 'vnc', password => $ticket); mon_cmd($vmid, "expire_password", protocol => 'vnc', time => "+30"); } else { - # FIXME: remove or allow to add tls-creds object, as x509 vnc param is removed with qemu 4?? - mon_cmd($vmid, "change", device => 'vnc', target => "unix:$vnc_socket,password"); + die "LC_PVE_TICKET not set, VNC proxy without password is forbidden\n"; } run_vnc_proxy($vnc_socket); -- 2.39.2