[Spice-devel] Always get Invalid password while trying to connect to spice server

Frediano Ziglio fziglio at redhat.com
Wed Dec 26 12:38:28 UTC 2018


> 
> On martedì 25 dicembre 2018 09:04:31 CET, Uri Lublin wrote:
> > Hi,
> 
> Hi and thanks for your answer.
> 
> > It's hard to tell without more details.
> 
> I'll try to provide all the details, let me know if you need anything else.
> 
> > How do you set the password ?
> 
> I set the password using the virt-manager interface: in the "Spice server"
> section I just check the "password" flag and I set a password. It used to
> work. I don't use virt-manager directly from the virtualization server
> because it doesn't have any graphical interface: I connect to it using
> virt-manager from my desktop PC (more details follow).
> 
> > Do you use secure connections ?
> 
> I connect to the remote libvirt server using virt-manager from my desktop.
> The libvirt URI is qemu+ssh://root@ip:22/system so I use ssh to connect.
> 
> > Maybe you turned on a firewall and a rule is missing.
> 
> There is a firewall, but it didn't change. SSH port is open (and I can
> connect to the libvirt server using virt-manager). I also opened a broad
> range of spice ports (5900-5930) and that works too because if I uncheck
> the "password" field it connects to the spice server without any issue.
> 
> I also tried to connect directly to the spice server using virt-viewer
> instead of virt-manager:
> 
> remote-viewer spice://ip:5906
> 
> 5906 is the spice port. I can check which VM gets assigned to which port
> using the virt-manager interface, in the "Spice server" section.
> 
> remote-viewer triggers the same error: wrong password.
> 
> > What is your qemu-kvm command line ?
> 
> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin QEMU_AUDIO_DRV=spice
> /usr/bin/qemu-system-x86_64 -name guest=guild-devel,debug-threads=on -S
> -object
> secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-17-guild-devel/master-key.aes
> -machine pc-q35-3.0,accel=kvm,usb=off,vmport=off,dump-guest-core=off -cpu
> EPYC-IBPB,x2apic=on,tsc-deadline=on,hypervisor=on,tsc_adjust=on,cmp_legacy=on,perfctr_core=on,virt-ssbd=on,monitor=off
> -drive
> file=/usr/share/ovmf/x64/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on
> -drive
> file=/var/lib/libvirt/qemu/nvram/guild-devel_VARS.fd,if=pflash,format=raw,unit=1
> -m 4096 -realtime mlock=off -smp 16,sockets=16,cores=1,threads=1 -uuid
> fd44b44b-2e22-4d2f-ae19-433934443576 -no-user-config -nodefaults -chardev
> socket,id=charmonitor,fd=32,server,nowait -mon
> chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew
> -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global
> ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1 -boot strict=on -device
> pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2
> -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1
> -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2
> -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3
> -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4
> -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5
> -device pcie-root-port,port=0x16,chassis=7,id=pci.7,bus=pcie.0,addr=0x2.0x6
> -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 -device
> virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 -drive
> file=/var/lib/libvirt/images/Fedora-Workstation-Live-x86_64-29-1.2.iso,format=raw,if=none,id=drive-sata0-0-0,media=cdrom,readonly=on
> -device ide-cd,bus=ide.0,drive=drive-sata0-0-0,id=sata0-0-0,bootindex=2
> -drive
> file=/var/lib/libvirt/images/guild-devel/guild-devel.qcow2,format=qcow2,if=none,id=drive-virtio-disk0,cache=writeback,aio=threads
> -device
> virtio-blk-pci,scsi=off,bus=pci.4,addr=0x0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1,write-cache=on,werror=stop,rerror=stop
> -netdev tap,fd=35,id=hostnet0,vhost=on,vhostfd=36 -device
> virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:b6:70:81,bus=pci.1,addr=0x0
> -chardev pty,id=charserial0 -device
> isa-serial,chardev=charserial0,id=serial0 -chardev
> socket,id=charchannel0,fd=37,server,nowait -device
> virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
> -chardev spicevmc,id=charchannel1,name=vdagent -device
> virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0
> -device usb-tablet,id=input0,bus=usb.0,port=1 -spice
> port=5905,addr=0.0.0.0,seamless-migration=on -k en-us -device
> virtio-vga,id=video0,virgl=on,max_outputs=1,bus=pcie.0,addr=0x1 -device
> ich9-intel-hda,id=sound0,bus=pcie.0,addr=0x1b -device
> hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev
> spicevmc,id=charredir0,name=usbredir -device
> usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2 -chardev
> spicevmc,id=charredir1,name=usbredir -device
> usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=3 -device
> virtio-balloon-pci,id=balloon0,bus=pci.5,addr=0x0 -object
> rng-random,id=objrng0,filename=/dev/urandom -device
> virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.6,addr=0x0 -sandbox
> on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny
> -msg timestamp=on
> 
> I just noticed that the problem looks limited to special characters.
> For example if I set "Password" as password it works, while if I set
> "Password%%" it doesn't. It's weird because both my server and my desktop
> client use the same US English layout. It's even more weird because the
> same password used to work fine before.
> 
> I also noticed that if I set "Password%" (with one % instead of two) I get
> the following error while starting the VM:
> 
> Errore nell'avvio del dominio: internal error: qemu unexpectedly closed the
> monitor: qemu-system-x86_64:
> /build/qemu/src/qemu-3.1.0/qobject/json-parser.c:146: parse_string:
> Assertion `*ptr' failed.
> 
> Traceback (most recent call last):
>   File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in
> cb_wrapper
>     callback(asyncjob, *args, **kwargs)
>   File "/usr/share/virt-manager/virtManager/asyncjob.py", line 111, in
> tmpcb
>     callback(*args, **kwargs)
>   File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 66, in
> newfn
>     ret = fn(self, *args, **kwargs)
>   File "/usr/share/virt-manager/virtManager/domain.py", line 1400, in
> startup
>     self._backend.create()
>   File "/usr/lib/python3.7/site-packages/libvirt.py", line 1080, in create
>     if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
> libvirt.libvirtError: internal error: qemu unexpectedly closed the monitor:
> qemu-system-x86_64: /build/qemu/src/qemu-3.1.0/qobject/json-parser.c:146:
> parse_string: Assertion `*ptr' failed.
> 
> This is very, very weird. Any idea?
> 

Yes, this looks like a format string error in the upper (not into spice) layer.

This potentially is a security problem.

The specific '%' character could be the issue, can you try others ('!', '@' and
so on) ?

> > Happy Holidays,
> >     Uri.
> 
> You too,
> Niccolo'

Frediano


More information about the Spice-devel mailing list