[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 02/11] ui: introduce "password-secret" option for SPICE server
|
From: |
Gerd Hoffmann |
|
Subject: |
[PULL 02/11] ui: introduce "password-secret" option for SPICE server |
|
Date: |
Tue, 16 Mar 2021 06:38:04 +0100 |
From: Daniel P. Berrangé <berrange@redhat.com>
Currently when using SPICE the "password" option provides the password
in plain text on the command line. This is insecure as it is visible
to all processes on the host. As an alternative, the password can be
provided separately via the monitor.
This introduces a "password-secret" option which lets the password be
provided up front.
$QEMU --object secret,id=vncsec0,file=passwd.txt \
--spice port=5901,password-secret=vncsec0
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210311114343.439820-3-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/spice-core.c | 30 ++++++++++++++++++++++++++++--
qemu-options.hx | 9 +++++++--
2 files changed, 35 insertions(+), 4 deletions(-)
diff --git a/ui/spice-core.c b/ui/spice-core.c
index cadec766fe3a..b9d8aced91df 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -34,6 +34,7 @@
#include "qapi/qapi-events-ui.h"
#include "qemu/notify.h"
#include "qemu/option.h"
+#include "crypto/secret_common.h"
#include "migration/misc.h"
#include "hw/pci/pci_bus.h"
#include "ui/spice-display.h"
@@ -415,6 +416,9 @@ static QemuOptsList qemu_spice_opts = {
},{
.name = "password",
.type = QEMU_OPT_STRING,
+ },{
+ .name = "password-secret",
+ .type = QEMU_OPT_STRING,
},{
.name = "disable-ticketing",
.type = QEMU_OPT_BOOL,
@@ -636,7 +640,9 @@ void qemu_spice_display_init_done(void)
static void qemu_spice_init(void)
{
QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head);
- const char *password, *str, *x509_dir, *addr,
+ char *password = NULL;
+ const char *passwordSecret;
+ const char *str, *x509_dir, *addr,
*x509_key_password = NULL,
*x509_dh_file = NULL,
*tls_ciphers = NULL;
@@ -663,7 +669,26 @@ static void qemu_spice_init(void)
error_report("spice tls-port is out of range");
exit(1);
}
- password = qemu_opt_get(opts, "password");
+ passwordSecret = qemu_opt_get(opts, "password-secret");
+ if (passwordSecret) {
+ Error *local_err = NULL;
+ if (qemu_opt_get(opts, "password")) {
+ error_report("'password' option is mutually exclusive with "
+ "'password-secret'");
+ exit(1);
+ }
+ password = qcrypto_secret_lookup_as_utf8(passwordSecret,
+ &local_err);
+ if (!password) {
+ error_report_err(local_err);
+ exit(1);
+ }
+ } else {
+ str = qemu_opt_get(opts, "password");
+ if (str) {
+ password = g_strdup(str);
+ }
+ }
if (tls_port) {
x509_dir = qemu_opt_get(opts, "x509-dir");
@@ -809,6 +834,7 @@ static void qemu_spice_init(void)
g_free(x509_key_file);
g_free(x509_cert_file);
g_free(x509_cacert_file);
+ g_free(password);
#ifdef HAVE_SPICE_GL
if (qemu_opt_get_bool(opts, "gl", 0)) {
diff --git a/qemu-options.hx b/qemu-options.hx
index 357fc4596ecc..a98f8e84a29d 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1899,7 +1899,8 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice,
" [,tls-ciphers=<list>]\n"
" [,tls-channel=[main|display|cursor|inputs|record|playback]]\n"
"
[,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n"
- " [,sasl=on|off][,password=<secret>][,disable-ticketing=on|off]\n"
+ " [,sasl=on|off][,disable-ticketing=on|off]\n"
+ " [,password=<string>][,password-secret=<secret-id>]\n"
" [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n"
" [,jpeg-wan-compression=[auto|never|always]]\n"
" [,zlib-glz-wan-compression=[auto|never|always]]\n"
@@ -1924,9 +1925,13 @@ SRST
``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off``
Force using the specified IP version.
- ``password=<secret>``
+ ``password=<string>``
Set the password you need to authenticate.
+ ``password-secret=<secret-id>``
+ Set the ID of the ``secret`` object containing the password
+ you need to authenticate.
+
``sasl=on|off``
Require that the client use SASL to authenticate with the spice.
The exact choice of authentication method used is controlled
--
2.29.2
- [PULL 00/11] Ui 20210316 patches, Gerd Hoffmann, 2021/03/16
- [PULL 04/11] opengl: Do not convert format with glTexImage2D on OpenGL ES, Gerd Hoffmann, 2021/03/16
- [PULL 03/11] ui: deprecate "password" option for SPICE server, Gerd Hoffmann, 2021/03/16
- [PULL 02/11] ui: introduce "password-secret" option for SPICE server,
Gerd Hoffmann <=
- [PULL 07/11] ui: avoid sending framebuffer updates outside client desktop bounds, Gerd Hoffmann, 2021/03/16
- [PULL 08/11] ui: use client width/height in WMVi message, Gerd Hoffmann, 2021/03/16
- [PULL 05/11] ui/cocoa: Do not exit immediately after shutdown, Gerd Hoffmann, 2021/03/16
- [PULL 01/11] ui: introduce "password-secret" option for VNC servers, Gerd Hoffmann, 2021/03/16
- [PULL 10/11] ui: fold qemu_alloc_display in only caller, Gerd Hoffmann, 2021/03/16
- [PULL 09/11] ui: honour the actual guest display dimensions without rounding, Gerd Hoffmann, 2021/03/16
- [PULL 06/11] ui: add more trace points for VNC client/server messages, Gerd Hoffmann, 2021/03/16
- [PULL 11/11] ui/cocoa: Comment about modifier key input quirks, Gerd Hoffmann, 2021/03/16
- Re: [PULL 00/11] Ui 20210316 patches, Peter Maydell, 2021/03/17