From nobody Sat May 4 23:58:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1613760384; cv=none; d=zohomail.com; s=zohoarc; b=e/O0/L4AwYiNkjI/eyHYpZE9UI1T+ZIxumPeNhd4j2I3N8OoWq01FaryAU0mBxb4OLbjTXv71zGhwWJUjUPXHKQuIRDllp/hbC/b/Pd913RNu0CyvOLAQv6Jpnu/1fq2bWFRw6nYfoB7v7jP7jaZ/KRCN1o3q9Wdy370lZFDzQk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1613760384; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=BtXOAq6it1BcF5yzBIOic/BpRKe8WNEUHKw406Fxt4M=; b=HBnKmhSELfKWksdZjFmVzY1Kp/+KBI8HY//QTwty36iKZJPp8JeV7ZWMIvykpcnWKI+QsnpUCskznEXdKF4WBcjo7066y2IiM1z8xBcLIqv/lyLb8DesyDahmgIFjI3AEJA0ujCtpPmY4L5m0XpUkfKfS17+Dja9KRcZJV/xndk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 161376038436718.941318502562922; Fri, 19 Feb 2021 10:46:24 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-277-zLlat72RNqe4Q2fjJfoTxQ-1; Fri, 19 Feb 2021 13:46:20 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 11841C293; Fri, 19 Feb 2021 18:46:14 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6A0D660C05; Fri, 19 Feb 2021 18:46:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D569B18095CB; Fri, 19 Feb 2021 18:46:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 11JIk8ge029380 for ; Fri, 19 Feb 2021 13:46:08 -0500 Received: by smtp.corp.redhat.com (Postfix) id BB09E1970A; Fri, 19 Feb 2021 18:46:08 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-33.ams2.redhat.com [10.36.112.33]) by smtp.corp.redhat.com (Postfix) with ESMTP id B087019D9B; Fri, 19 Feb 2021 18:46:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613760383; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=BtXOAq6it1BcF5yzBIOic/BpRKe8WNEUHKw406Fxt4M=; b=S/lK7Hu3UEb+JEZbRiLkUAxafvIIxhzzsSRrLXIyYjnrgf0fjLRwUR3pFdlpZ3ME8pyz3/ GyS0Tjry4I19SbF0AIjcE8rxgVIPUKc32x8b6kgROAk6Lm5IjXA8TQutpUV8mM52/uLrp9 vwF2ndZZmBeWdDOzqEYLY+cOu96pF80= X-MC-Unique: zLlat72RNqe4Q2fjJfoTxQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 1/4] ui: introduce "password-secret" option for VNC servers Date: Fri, 19 Feb 2021 18:45:53 +0000 Message-Id: <20210219184556.154972-2-berrange@redhat.com> In-Reply-To: <20210219184556.154972-1-berrange@redhat.com> References: <20210219184556.154972-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: libvir-list@redhat.com, Gerd Hoffmann , "Dr. David Alan Gilbert" X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Currently when using VNC the "password" flag turns on password based authentication. The actual password has to be provided separately via the monitor. This introduces a "password-secret" option which lets the password be provided up front. $QEMU --object secret,id=3Dvncsec0,file=3Dpasswd.txt \ --vnc localhost:0,password-secret=3Dvncsec0 Signed-off-by: Daniel P. Berrang=C3=A9 --- qemu-options.hx | 5 +++++ ui/vnc.c | 23 ++++++++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/qemu-options.hx b/qemu-options.hx index 6c34c7050f..893d0f500b 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2164,6 +2164,11 @@ SRST time to allow password to expire immediately or never expire. =20 + ``password-secret=3D`` + Require that password based authentication is used for client + connections, using the password provided by the ``secret`` + object identified by ``secret-id``. + ``tls-creds=3DID`` Provides the ID of a set of TLS credentials to use to secure the VNC server. They will apply to both the normal VNC server socket diff --git a/ui/vnc.c b/ui/vnc.c index 16bb3be770..77e07ac351 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -48,6 +48,7 @@ #include "crypto/tlscredsanon.h" #include "crypto/tlscredsx509.h" #include "crypto/random.h" +#include "crypto/secret_common.h" #include "qom/object_interfaces.h" #include "qemu/cutils.h" #include "qemu/help_option.h" @@ -3469,6 +3470,9 @@ static QemuOptsList qemu_vnc_opts =3D { },{ .name =3D "password", .type =3D QEMU_OPT_BOOL, + },{ + .name =3D "password-secret", + .type =3D QEMU_OPT_STRING, },{ .name =3D "reverse", .type =3D QEMU_OPT_BOOL, @@ -3941,6 +3945,7 @@ void vnc_display_open(const char *id, Error **errp) int lock_key_sync =3D 1; int key_delay_ms; const char *audiodev; + const char *passwordSecret; =20 if (!vd) { error_setg(errp, "VNC display not active"); @@ -3958,7 +3963,23 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } =20 - password =3D qemu_opt_get_bool(opts, "password", false); + + passwordSecret =3D qemu_opt_get(opts, "password-secret"); + if (passwordSecret) { + if (qemu_opt_get(opts, "password")) { + error_setg(errp, + "'password' flag is redundant with 'password-secret= '"); + goto fail; + } + vd->password =3D qcrypto_secret_lookup_as_utf8(passwordSecret, + errp); + if (!vd->password) { + goto fail; + } + password =3D true; + } else { + password =3D qemu_opt_get_bool(opts, "password", false); + } if (password) { if (fips_get_state()) { error_setg(errp, --=20 2.29.2 From nobody Sat May 4 23:58:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1613760395; cv=none; d=zohomail.com; s=zohoarc; b=lw4RaKsKdG+bH4tG4cmGY7oYMYaQ8x47lKDZp8/zoWJX+hYoGYscJbmMpkTORlfBoiBI/r6mDGXLGHR4mBHgTOb92BuWVNEKE2r530+OX5ymud1Q4YvaGwLokFhBiE4PZoJdM6Zef/lFzqXIVz8sU+lc+FUYKLNGw0lrNdFK3D0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1613760395; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=pQ/foB9uBR0CA11WeN72PR/8jMINUpIXOzJt4AZvhbk=; b=Hpx8t3Tj9K5NRVzmFJgJgbVsT39I7sNP7z8xZ7PQYNc8RGJJW8QCkeBN5nGpX6fFyhcLXGClpQCpoC42mOTFic/ADaAeWWNST7oymFVXjnQqU9Idj1Ps7h/Vs+YRvfpXMoUAUlfNu/ENawrGmAt7MWtzwKtmT+0nvPppFRUEETY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1613760395011752.7028728735827; Fri, 19 Feb 2021 10:46:35 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-47-Acckd4leMKadcOxxtMhboA-1; Fri, 19 Feb 2021 13:46:31 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6F4FE100A8E8; Fri, 19 Feb 2021 18:46:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 49B1410016F9; Fri, 19 Feb 2021 18:46:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 13AA018095CE; Fri, 19 Feb 2021 18:46:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 11JIkBUf029392 for ; Fri, 19 Feb 2021 13:46:11 -0500 Received: by smtp.corp.redhat.com (Postfix) id 1172219D9C; Fri, 19 Feb 2021 18:46:11 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-33.ams2.redhat.com [10.36.112.33]) by smtp.corp.redhat.com (Postfix) with ESMTP id 742FA1970A; Fri, 19 Feb 2021 18:46:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613760394; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=pQ/foB9uBR0CA11WeN72PR/8jMINUpIXOzJt4AZvhbk=; b=dkmKQ+MGtH9Lb9w70RBtZ82xLyb3y9SHyVOHlC173mHiZUI1QsxpZ5mYedTmBbMW/z7R0f fPk1JY0tceU5mMEJxmPCQId+dSfckcm+uspAo2j573+8DgEu89SrnbHGaVZdMSHEQUY6nk DaqchAoyM9eQnG9hlzkd0+qGofRNpFo= X-MC-Unique: Acckd4leMKadcOxxtMhboA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 2/4] ui: introduce "password-secret" option for SPICE server Date: Fri, 19 Feb 2021 18:45:54 +0000 Message-Id: <20210219184556.154972-3-berrange@redhat.com> In-Reply-To: <20210219184556.154972-1-berrange@redhat.com> References: <20210219184556.154972-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: libvir-list@redhat.com, Gerd Hoffmann , "Dr. David Alan Gilbert" X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Currently when using SPICE the "password" option provides the password in plain text on the command line. This is insecure as it is visible to all processes on the host. As an alternative, the password can be provided separately via the monitor. This introduces a "password-secret" option which lets the password be provided up front. $QEMU --object secret,id=3Dvncsec0,file=3Dpasswd.txt \ --spice port=3D5901,password-secret=3Dvncsec0 Signed-off-by: Daniel P. Berrang=C3=A9 --- qemu-options.hx | 8 ++++++-- ui/spice-core.c | 28 ++++++++++++++++++++++++++-- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/qemu-options.hx b/qemu-options.hx index 893d0f500b..ff4ef3b708 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1898,7 +1898,7 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice, " [,tls-ciphers=3D]\n" " [,tls-channel=3D[main|display|cursor|inputs|record|playback]]\= n" " [,plaintext-channel=3D[main|display|cursor|inputs|record|playb= ack]]\n" - " [,sasl][,password=3D][,disable-ticketing]\n" + " [,sasl][,password=3D][,password-secret=3D][= ,disable-ticketing]\n" " [,image-compression=3D[auto_glz|auto_lz|quic|glz|lz|off]]\n" " [,jpeg-wan-compression=3D[auto|never|always]]\n" " [,zlib-glz-wan-compression=3D[auto|never|always]]\n" @@ -1923,9 +1923,13 @@ SRST ``ipv4``; \ ``ipv6``; \ ``unix`` Force using the specified IP version. =20 - ``password=3D`` + ``password=3D`` Set the password you need to authenticate. =20 + ``password-secret=3D`` + Set the ID of the ``secret`` object containing the password + you need to authenticate. + ``sasl`` Require that the client use SASL to authenticate with the spice. The exact choice of authentication method used is controlled diff --git a/ui/spice-core.c b/ui/spice-core.c index beee932f55..353848b244 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -34,6 +34,7 @@ #include "qapi/qapi-events-ui.h" #include "qemu/notify.h" #include "qemu/option.h" +#include "crypto/secret_common.h" #include "migration/misc.h" #include "hw/pci/pci_bus.h" #include "ui/spice-display.h" @@ -415,6 +416,9 @@ static QemuOptsList qemu_spice_opts =3D { },{ .name =3D "password", .type =3D QEMU_OPT_STRING, + },{ + .name =3D "password-secret", + .type =3D QEMU_OPT_STRING, },{ .name =3D "disable-ticketing", .type =3D QEMU_OPT_BOOL, @@ -636,7 +640,9 @@ void qemu_spice_display_init_done(void) static void qemu_spice_init(void) { QemuOpts *opts =3D QTAILQ_FIRST(&qemu_spice_opts.head); - const char *password, *str, *x509_dir, *addr, + char *password =3D NULL; + const char *passwordSecret; + const char *str, *x509_dir, *addr, *x509_key_password =3D NULL, *x509_dh_file =3D NULL, *tls_ciphers =3D NULL; @@ -663,7 +669,24 @@ static void qemu_spice_init(void) error_report("spice tls-port is out of range"); exit(1); } - password =3D qemu_opt_get(opts, "password"); + passwordSecret =3D qemu_opt_get(opts, "password-secret"); + if (passwordSecret) { + Error *local_err =3D NULL; + if (qemu_opt_get(opts, "password")) { + error_report("'password' option is mutually exclusive with " + "'password-secret'"); + exit(1); + } + password =3D qcrypto_secret_lookup_as_utf8(passwordSecret, + &local_err); + if (!password) { + error_report_err(local_err); + exit(1); + } + } else { + str =3D qemu_opt_get(opts, "password"); + password =3D g_strdup(str); + } =20 if (tls_port) { x509_dir =3D qemu_opt_get(opts, "x509-dir"); @@ -809,6 +832,7 @@ static void qemu_spice_init(void) g_free(x509_key_file); g_free(x509_cert_file); g_free(x509_cacert_file); + g_free(password); =20 #ifdef HAVE_SPICE_GL if (qemu_opt_get_bool(opts, "gl", 0)) { --=20 2.29.2 From nobody Sat May 4 23:58:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1613760424; cv=none; d=zohomail.com; s=zohoarc; b=cMqT6sMTsM2fcTmUF70EqZcqo0tK/FegobhcoeyHjpLzTa44+7tElgStl05AC76U1RlJGkNTBadteeKEj1nsv6OnUK2gjQ8plQnL7FZvWIiCPyp3f6KED1AJem1Vdeks3DzazG3HXsLjQ/CDQ8cleZ0f5i4YtOnxfp2m2Ydc9Wg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1613760424; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=70YiwS+Mt/KT4H0sb13wx+Z0CHCB+Frf6Usm84JH6Oc=; b=azNXJTklI/KybTADSDtDGFhhZ6bi+FtfFXjT6NfFABwKJksL+Evi2qtVWqp/4+EPeNo+12umSzuxzFaOvoS+3mbkQ7tihHudbby4T8/dGhVfv8Ikv7VV/i3nR8Cxd9A8+q5FreJPiNK3j65leZaH5434bT5Rpu9RjDa5cM65zoY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1613760424323415.55849936891855; Fri, 19 Feb 2021 10:47:04 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-216-kV309rpxP86lSPyhtDRXeA-1; Fri, 19 Feb 2021 13:46:35 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 19BCA107ACE3; Fri, 19 Feb 2021 18:46:29 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E4CA810016F9; Fri, 19 Feb 2021 18:46:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B10121809C90; Fri, 19 Feb 2021 18:46:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 11JIkCGS029402 for ; Fri, 19 Feb 2021 13:46:12 -0500 Received: by smtp.corp.redhat.com (Postfix) id E4EA11970A; Fri, 19 Feb 2021 18:46:12 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-33.ams2.redhat.com [10.36.112.33]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5EBFB19D9B; Fri, 19 Feb 2021 18:46:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613760423; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=70YiwS+Mt/KT4H0sb13wx+Z0CHCB+Frf6Usm84JH6Oc=; b=gQbEu+SXBvxbXAEF/qHUyXbEU16iPZT6UlFZHoHx/QLW5W/ZxO2aHZOrA7UJb6smrg+ZuV DFGkfO4Ga8/30ZI7iuT14cBRn6wH9CsbOu9ANtmJ+xA22vmtYG9pewYcgFdin65pfZfezL LLKmllw+RJCESXGCsaE8t2CkOtrC0ws= X-MC-Unique: kV309rpxP86lSPyhtDRXeA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 3/4] ui: deprecate "password" option for SPICE server Date: Fri, 19 Feb 2021 18:45:55 +0000 Message-Id: <20210219184556.154972-4-berrange@redhat.com> In-Reply-To: <20210219184556.154972-1-berrange@redhat.com> References: <20210219184556.154972-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: libvir-list@redhat.com, Gerd Hoffmann , "Dr. David Alan Gilbert" X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) With the new "password-secret" option, there is no reason to use the old inecure "password" option with -spice, so it can be deprecated. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/system/deprecated.rst | 8 ++++++++ qemu-options.hx | 4 ++++ ui/spice-core.c | 4 ++++ 3 files changed, 16 insertions(+) diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst index 2fcac7861e..57ff9f47cc 100644 --- a/docs/system/deprecated.rst +++ b/docs/system/deprecated.rst @@ -146,6 +146,14 @@ library enabled as a cryptography provider. Neither the ``nettle`` library, or the built-in cryptography provider are supported on FIPS enabled hosts. =20 +``-spice password=3Dstring`` (since 6.0) +'''''''''''''''''''''''''''''''''''''' + +This option is insecure because the SPICE password remains visible in +the process listing. This is replaced by the new ``password-secret`` +option which lets the password be securely provided on the command +line using a ``secret`` object instance. + QEMU Machine Protocol (QMP) commands ------------------------------------ =20 diff --git a/qemu-options.hx b/qemu-options.hx index ff4ef3b708..4833bd59cf 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1926,6 +1926,10 @@ SRST ``password=3D`` Set the password you need to authenticate. =20 + This option is deprecated and insecure because it leaves the + password visible in the process listing. Use ``password-secret`` + instead. + ``password-secret=3D`` Set the ID of the ``secret`` object containing the password you need to authenticate. diff --git a/ui/spice-core.c b/ui/spice-core.c index 353848b244..5e00e31457 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -685,6 +685,10 @@ static void qemu_spice_init(void) } } else { str =3D qemu_opt_get(opts, "password"); + if (str) { + warn_report("'password' option is deprecated and insecure, " + "use 'password-secret' instead"); + } password =3D g_strdup(str); } =20 --=20 2.29.2 From nobody Sat May 4 23:58:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 16137604817881001.1309178257229; Fri, 19 Feb 2021 10:48:01 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-137-SmxobGNuNLuntnL8E7yO0w-1; Fri, 19 Feb 2021 13:46:39 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EA6BC80403A; Fri, 19 Feb 2021 18:46:31 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BB41819D9B; Fri, 19 Feb 2021 18:46:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 811BACF75; Fri, 19 Feb 2021 18:46:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 11JIkFip029415 for ; Fri, 19 Feb 2021 13:46:15 -0500 Received: by smtp.corp.redhat.com (Postfix) id F151F19713; Fri, 19 Feb 2021 18:46:14 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-33.ams2.redhat.com [10.36.112.33]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4F5051970A; Fri, 19 Feb 2021 18:46:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613760480; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=zCNcaEZloCKhIAzc4ZFSyCKe7zpwyMqkRQbG6RkVakQ=; b=OSIXWP+hlwkA/8nvDLLfkBYctGMHG2KwAvmxs8eacV/jXf+bwsbDVNYW+yK3nCiBJe8hZa 4REuAzZ4xriTMrW7TljBJJV/L3UkTsB0XVefVRRgfJdG+sSVLWNdlpsN7K/iq1/Vln/ljL xdNoC4oHMAzdBOqbhvJc+hL4Jciw12k= X-MC-Unique: SmxobGNuNLuntnL8E7yO0w-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 4/4] ui, monitor: remove deprecated VNC ACL option and HMP commands Date: Fri, 19 Feb 2021 18:45:56 +0000 Message-Id: <20210219184556.154972-5-berrange@redhat.com> In-Reply-To: <20210219184556.154972-1-berrange@redhat.com> References: <20210219184556.154972-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: libvir-list@redhat.com, Gerd Hoffmann , "Dr. David Alan Gilbert" X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) The VNC ACL concept has been replaced by the pluggable "authz" framework which does not use monitor commands. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Dr. David Alan Gilbert --- docs/system/deprecated.rst | 16 --- docs/system/removed-features.rst | 13 +++ hmp-commands.hx | 76 ------------- monitor/misc.c | 187 ------------------------------- ui/vnc.c | 38 ------- 5 files changed, 13 insertions(+), 317 deletions(-) diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst index 57ff9f47cc..beed4b4f02 100644 --- a/docs/system/deprecated.rst +++ b/docs/system/deprecated.rst @@ -37,12 +37,6 @@ The 'file' driver for drives is no longer appropriate fo= r character or host devices and will only accept regular files (S_IFREG). The correct driver for these file types is 'host_cdrom' or 'host_device' as appropriate. =20 -``-vnc acl`` (since 4.0.0) -'''''''''''''''''''''''''' - -The ``acl`` option to the ``-vnc`` argument has been replaced -by the ``tls-authz`` and ``sasl-authz`` options. - ``QEMU_AUDIO_`` environment variables and ``-audio-help`` (since 4.0) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' =20 @@ -262,16 +256,6 @@ Use the more generic commands ``block-export-add`` and= ``block-export-del`` instead. As part of this deprecation, where ``nbd-server-add`` used a single ``bitmap``, the new ``block-export-add`` uses a list of ``bitmaps``. =20 -Human Monitor Protocol (HMP) commands -------------------------------------- - -``acl_show``, ``acl_reset``, ``acl_policy``, ``acl_add``, ``acl_remove`` (= since 4.0.0) -''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''= '''''''''''' - -The ``acl_show``, ``acl_reset``, ``acl_policy``, ``acl_add``, and -``acl_remove`` commands are deprecated with no replacement. Authorization -for VNC should be performed using the pluggable QAuthZ objects. - System emulator CPUS -------------------- =20 diff --git a/docs/system/removed-features.rst b/docs/system/removed-feature= s.rst index c8481cafbd..0424b9a89d 100644 --- a/docs/system/removed-features.rst +++ b/docs/system/removed-features.rst @@ -38,6 +38,12 @@ or ``-display default,show-cursor=3Don`` instead. QEMU 5.0 introduced an alternative syntax to specify the size of the trans= lation block cache, ``-accel tcg,tb-size=3D``. =20 +``-vnc acl`` (removed in 6.0) +''''''''''''''''''''''''''''' + +The ``acl`` option to the ``-vnc`` argument has been replaced +by the ``tls-authz`` and ``sasl-authz`` options. + QEMU Machine Protocol (QMP) commands ------------------------------------ =20 @@ -79,6 +85,13 @@ documentation of ``query-hotpluggable-cpus`` for additio= nal details. No replacement. The ``change vnc password`` and ``change DEVICE MEDIUM`` commands are not affected. =20 +``acl_show``, ``acl_reset``, ``acl_policy``, ``acl_add``, ``acl_remove`` (= removed in 6.0) +''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''= ''''''''''''''' + +The ``acl_show``, ``acl_reset``, ``acl_policy``, ``acl_add``, and +``acl_remove`` commands were removed with no replacement. Authorization +for VNC should be performed using the pluggable QAuthZ objects. + Guest Emulator ISAs ------------------- =20 diff --git a/hmp-commands.hx b/hmp-commands.hx index d4001f9c5d..b500b8526d 100644 --- a/hmp-commands.hx +++ b/hmp-commands.hx @@ -1433,82 +1433,6 @@ SRST Change watchdog action. ERST =20 - { - .name =3D "acl_show", - .args_type =3D "aclname:s", - .params =3D "aclname", - .help =3D "list rules in the access control list", - .cmd =3D hmp_acl_show, - }, - -SRST -``acl_show`` *aclname* - List all the matching rules in the access control list, and the default - policy. There are currently two named access control lists, - *vnc.x509dname* and *vnc.username* matching on the x509 client - certificate distinguished name, and SASL username respectively. -ERST - - { - .name =3D "acl_policy", - .args_type =3D "aclname:s,policy:s", - .params =3D "aclname allow|deny", - .help =3D "set default access control list policy", - .cmd =3D hmp_acl_policy, - }, - -SRST -``acl_policy`` *aclname* ``allow|deny`` - Set the default access control list policy, used in the event that - none of the explicit rules match. The default policy at startup is - always ``deny``. -ERST - - { - .name =3D "acl_add", - .args_type =3D "aclname:s,match:s,policy:s,index:i?", - .params =3D "aclname match allow|deny [index]", - .help =3D "add a match rule to the access control list", - .cmd =3D hmp_acl_add, - }, - -SRST -``acl_add`` *aclname* *match* ``allow|deny`` [*index*] - Add a match rule to the access control list, allowing or denying access. - The match will normally be an exact username or x509 distinguished name, - but can optionally include wildcard globs. eg ``*@EXAMPLE.COM`` to - allow all users in the ``EXAMPLE.COM`` kerberos realm. The match will - normally be appended to the end of the ACL, but can be inserted - earlier in the list if the optional *index* parameter is supplied. -ERST - - { - .name =3D "acl_remove", - .args_type =3D "aclname:s,match:s", - .params =3D "aclname match", - .help =3D "remove a match rule from the access control list", - .cmd =3D hmp_acl_remove, - }, - -SRST -``acl_remove`` *aclname* *match* - Remove the specified match rule from the access control list. -ERST - - { - .name =3D "acl_reset", - .args_type =3D "aclname:s", - .params =3D "aclname", - .help =3D "reset the access control list", - .cmd =3D hmp_acl_reset, - }, - -SRST -``acl_reset`` *aclname* - Remove all matches from the access control list, and set the default - policy back to ``deny``. -ERST - { .name =3D "nbd_server_start", .args_type =3D "all:-a,writable:-w,uri:s", diff --git a/monitor/misc.c b/monitor/misc.c index a7650ed747..d9ed2bacef 100644 --- a/monitor/misc.c +++ b/monitor/misc.c @@ -1045,193 +1045,6 @@ static void hmp_wavcapture(Monitor *mon, const QDic= t *qdict) QLIST_INSERT_HEAD (&capture_head, s, entries); } =20 -static QAuthZList *find_auth(Monitor *mon, const char *name) -{ - Object *obj; - Object *container; - - container =3D object_get_objects_root(); - obj =3D object_resolve_path_component(container, name); - if (!obj) { - monitor_printf(mon, "acl: unknown list '%s'\n", name); - return NULL; - } - - return QAUTHZ_LIST(obj); -} - -static bool warn_acl; -static void hmp_warn_acl(void) -{ - if (warn_acl) { - return; - } - error_report("The acl_show, acl_reset, acl_policy, acl_add, acl_remove= " - "commands are deprecated with no replacement. Authorizati= on " - "for VNC should be performed using the pluggable QAuthZ " - "objects"); - warn_acl =3D true; -} - -static void hmp_acl_show(Monitor *mon, const QDict *qdict) -{ - const char *aclname =3D qdict_get_str(qdict, "aclname"); - QAuthZList *auth =3D find_auth(mon, aclname); - QAuthZListRuleList *rules; - size_t i =3D 0; - - hmp_warn_acl(); - - if (!auth) { - return; - } - - monitor_printf(mon, "policy: %s\n", - QAuthZListPolicy_str(auth->policy)); - - rules =3D auth->rules; - while (rules) { - QAuthZListRule *rule =3D rules->value; - i++; - monitor_printf(mon, "%zu: %s %s\n", i, - QAuthZListPolicy_str(rule->policy), - rule->match); - rules =3D rules->next; - } -} - -static void hmp_acl_reset(Monitor *mon, const QDict *qdict) -{ - const char *aclname =3D qdict_get_str(qdict, "aclname"); - QAuthZList *auth =3D find_auth(mon, aclname); - - hmp_warn_acl(); - - if (!auth) { - return; - } - - auth->policy =3D QAUTHZ_LIST_POLICY_DENY; - qapi_free_QAuthZListRuleList(auth->rules); - auth->rules =3D NULL; - monitor_printf(mon, "acl: removed all rules\n"); -} - -static void hmp_acl_policy(Monitor *mon, const QDict *qdict) -{ - const char *aclname =3D qdict_get_str(qdict, "aclname"); - const char *policy =3D qdict_get_str(qdict, "policy"); - QAuthZList *auth =3D find_auth(mon, aclname); - int val; - Error *err =3D NULL; - - hmp_warn_acl(); - - if (!auth) { - return; - } - - val =3D qapi_enum_parse(&QAuthZListPolicy_lookup, - policy, - QAUTHZ_LIST_POLICY_DENY, - &err); - if (err) { - error_free(err); - monitor_printf(mon, "acl: unknown policy '%s', " - "expected 'deny' or 'allow'\n", policy); - } else { - auth->policy =3D val; - if (auth->policy =3D=3D QAUTHZ_LIST_POLICY_ALLOW) { - monitor_printf(mon, "acl: policy set to 'allow'\n"); - } else { - monitor_printf(mon, "acl: policy set to 'deny'\n"); - } - } -} - -static QAuthZListFormat hmp_acl_get_format(const char *match) -{ - if (strchr(match, '*')) { - return QAUTHZ_LIST_FORMAT_GLOB; - } else { - return QAUTHZ_LIST_FORMAT_EXACT; - } -} - -static void hmp_acl_add(Monitor *mon, const QDict *qdict) -{ - const char *aclname =3D qdict_get_str(qdict, "aclname"); - const char *match =3D qdict_get_str(qdict, "match"); - const char *policystr =3D qdict_get_str(qdict, "policy"); - int has_index =3D qdict_haskey(qdict, "index"); - int index =3D qdict_get_try_int(qdict, "index", -1); - QAuthZList *auth =3D find_auth(mon, aclname); - Error *err =3D NULL; - QAuthZListPolicy policy; - QAuthZListFormat format; - size_t i =3D 0; - - hmp_warn_acl(); - - if (!auth) { - return; - } - - policy =3D qapi_enum_parse(&QAuthZListPolicy_lookup, - policystr, - QAUTHZ_LIST_POLICY_DENY, - &err); - if (err) { - error_free(err); - monitor_printf(mon, "acl: unknown policy '%s', " - "expected 'deny' or 'allow'\n", policystr); - return; - } - - format =3D hmp_acl_get_format(match); - - if (has_index && index =3D=3D 0) { - monitor_printf(mon, "acl: unable to add acl entry\n"); - return; - } - - if (has_index) { - i =3D qauthz_list_insert_rule(auth, match, policy, - format, index - 1, &err); - } else { - i =3D qauthz_list_append_rule(auth, match, policy, - format, &err); - } - if (err) { - monitor_printf(mon, "acl: unable to add rule: %s", - error_get_pretty(err)); - error_free(err); - } else { - monitor_printf(mon, "acl: added rule at position %zu\n", i + 1); - } -} - -static void hmp_acl_remove(Monitor *mon, const QDict *qdict) -{ - const char *aclname =3D qdict_get_str(qdict, "aclname"); - const char *match =3D qdict_get_str(qdict, "match"); - QAuthZList *auth =3D find_auth(mon, aclname); - ssize_t i =3D 0; - - hmp_warn_acl(); - - if (!auth) { - return; - } - - i =3D qauthz_list_delete_rule(auth, match); - if (i >=3D 0) { - monitor_printf(mon, "acl: removed rule at position %zu\n", i + 1); - } else { - monitor_printf(mon, "acl: no matching acl entry\n"); - } -} - void qmp_getfd(const char *fdname, Error **errp) { Monitor *cur_mon =3D monitor_cur(); diff --git a/ui/vnc.c b/ui/vnc.c index 77e07ac351..5aea2652d4 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -3485,9 +3485,6 @@ static QemuOptsList qemu_vnc_opts =3D { },{ .name =3D "sasl", .type =3D QEMU_OPT_BOOL, - },{ - .name =3D "acl", - .type =3D QEMU_OPT_BOOL, },{ .name =3D "tls-authz", .type =3D QEMU_OPT_STRING, @@ -3939,7 +3936,6 @@ void vnc_display_open(const char *id, Error **errp) bool reverse =3D false; const char *credid; bool sasl =3D false; - int acl =3D 0; const char *tlsauthz; const char *saslauthz; int lock_key_sync =3D 1; @@ -4031,29 +4027,13 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } } - if (qemu_opt_get(opts, "acl")) { - error_report("The 'acl' option to -vnc is deprecated. " - "Please use the 'tls-authz' and 'sasl-authz' " - "options instead"); - } - acl =3D qemu_opt_get_bool(opts, "acl", false); tlsauthz =3D qemu_opt_get(opts, "tls-authz"); - if (acl && tlsauthz) { - error_setg(errp, "'acl' option is mutually exclusive with the " - "'tls-authz' option"); - goto fail; - } if (tlsauthz && !vd->tlscreds) { error_setg(errp, "'tls-authz' provided but TLS is not enabled"); goto fail; } =20 saslauthz =3D qemu_opt_get(opts, "sasl-authz"); - if (acl && saslauthz) { - error_setg(errp, "'acl' option is mutually exclusive with the " - "'sasl-authz' option"); - goto fail; - } if (saslauthz && !sasl) { error_setg(errp, "'sasl-authz' provided but SASL auth is not enabl= ed"); goto fail; @@ -4091,29 +4071,11 @@ void vnc_display_open(const char *id, Error **errp) =20 if (tlsauthz) { vd->tlsauthzid =3D g_strdup(tlsauthz); - } else if (acl) { - if (strcmp(vd->id, "default") =3D=3D 0) { - vd->tlsauthzid =3D g_strdup("vnc.x509dname"); - } else { - vd->tlsauthzid =3D g_strdup_printf("vnc.%s.x509dname", vd->id); - } - vd->tlsauthz =3D QAUTHZ(qauthz_list_new(vd->tlsauthzid, - QAUTHZ_LIST_POLICY_DENY, - &error_abort)); } #ifdef CONFIG_VNC_SASL if (sasl) { if (saslauthz) { vd->sasl.authzid =3D g_strdup(saslauthz); - } else if (acl) { - if (strcmp(vd->id, "default") =3D=3D 0) { - vd->sasl.authzid =3D g_strdup("vnc.username"); - } else { - vd->sasl.authzid =3D g_strdup_printf("vnc.%s.username", vd= ->id); - } - vd->sasl.authz =3D QAUTHZ(qauthz_list_new(vd->sasl.authzid, - QAUTHZ_LIST_POLICY_DEN= Y, - &error_abort)); } } #endif --=20 2.29.2