From nobody Fri May 3 08:25:26 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1615463044; cv=none; d=zohomail.com; s=zohoarc; b=CmwpgjOKrt6k9oWKE9FbdGKxWaNiuQ709w3BnT862UCOyPmZDXOB+sMBeBSF7sDeFTGvh9QJkSKCOE8fv8ejf6bLaHY3uUUvGyrT7/fQqjvq9lRMhEXlJ7JdeFUwH+Hlbe28xjjb5gQBKVMUTYjtGvAtLHpjezkTFGENu3esObo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1615463044; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=HyNnSGpWs1YcGmInWKR02o8cm01G1i69aVtutTTDYHY=; b=h4C3fbhOjRthXjGFlVz7eIOd/eTEkR5W1aLHPeaui68/Rb5Lso4OFveSphBmP0y7No74fvYcd8ojg6QfvHkR+RJe8GOZhrgbmZDxArEoAAtDjO4Eu16a+Ybwg8B/NQdwf5xuGN3fmyZYGP/UvA72v2C8mf9XKAJkUNpGnBIPKjg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1615463044689387.90702310645577; Thu, 11 Mar 2021 03:44:04 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-602-yXsKYhRbM5qf5jtFWSKH0g-1; Thu, 11 Mar 2021 06:44:01 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 52FB9100C618; Thu, 11 Mar 2021 11:43:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 003FE10016FB; Thu, 11 Mar 2021 11:43:55 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B23298E1A; Thu, 11 Mar 2021 11:43:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 12BBhs57024990 for ; Thu, 11 Mar 2021 06:43:54 -0500 Received: by smtp.corp.redhat.com (Postfix) id 9102560C5D; Thu, 11 Mar 2021 11:43:54 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-115-85.ams2.redhat.com [10.36.115.85]) by smtp.corp.redhat.com (Postfix) with ESMTP id E3E6060853; Thu, 11 Mar 2021 11:43:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1615463043; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=HyNnSGpWs1YcGmInWKR02o8cm01G1i69aVtutTTDYHY=; b=IqlNrKRG71nOTiDyb55v8IbbLiFr0Wtp8ql6oevJQus4I/xkHBncmohbs6jtWIUgAxTatc zHd537ehT+cznEgcbXWEfDbhmN64+/plEMsFbdTuIvmLNiQT0t8vXqQx0vY+gtfsOrdsVW //VTPmaxO3P+fvS5kL0EX+brpWYSxjg= X-MC-Unique: yXsKYhRbM5qf5jtFWSKH0g-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v2 1/3] ui: introduce "password-secret" option for VNC servers Date: Thu, 11 Mar 2021 11:43:41 +0000 Message-Id: <20210311114343.439820-2-berrange@redhat.com> In-Reply-To: <20210311114343.439820-1-berrange@redhat.com> References: <20210311114343.439820-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: libvir-list@redhat.com, Gerd Hoffmann , "Dr. David Alan Gilbert" X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Currently when using VNC the "password" flag turns on password based authentication. The actual password has to be provided separately via the monitor. This introduces a "password-secret" option which lets the password be provided up front. $QEMU --object secret,id=3Dvncsec0,file=3Dpasswd.txt \ --vnc localhost:0,password-secret=3Dvncsec0 Signed-off-by: Daniel P. Berrang=C3=A9 --- qemu-options.hx | 5 +++++ ui/vnc.c | 23 ++++++++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/qemu-options.hx b/qemu-options.hx index 90801286c6..722d56eab3 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2165,6 +2165,11 @@ SRST time to allow password to expire immediately or never expire. =20 + ``password-secret=3D`` + Require that password based authentication is used for client + connections, using the password provided by the ``secret`` + object identified by ``secret-id``. + ``tls-creds=3DID`` Provides the ID of a set of TLS credentials to use to secure the VNC server. They will apply to both the normal VNC server socket diff --git a/ui/vnc.c b/ui/vnc.c index 310abc9378..e8e3426a65 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -48,6 +48,7 @@ #include "crypto/tlscredsanon.h" #include "crypto/tlscredsx509.h" #include "crypto/random.h" +#include "crypto/secret_common.h" #include "qom/object_interfaces.h" #include "qemu/cutils.h" #include "qemu/help_option.h" @@ -3459,6 +3460,9 @@ static QemuOptsList qemu_vnc_opts =3D { },{ .name =3D "password", .type =3D QEMU_OPT_BOOL, + },{ + .name =3D "password-secret", + .type =3D QEMU_OPT_STRING, },{ .name =3D "reverse", .type =3D QEMU_OPT_BOOL, @@ -3931,6 +3935,7 @@ void vnc_display_open(const char *id, Error **errp) int lock_key_sync =3D 1; int key_delay_ms; const char *audiodev; + const char *passwordSecret; =20 if (!vd) { error_setg(errp, "VNC display not active"); @@ -3948,7 +3953,23 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } =20 - password =3D qemu_opt_get_bool(opts, "password", false); + + passwordSecret =3D qemu_opt_get(opts, "password-secret"); + if (passwordSecret) { + if (qemu_opt_get(opts, "password")) { + error_setg(errp, + "'password' flag is redundant with 'password-secret= '"); + goto fail; + } + vd->password =3D qcrypto_secret_lookup_as_utf8(passwordSecret, + errp); + if (!vd->password) { + goto fail; + } + password =3D true; + } else { + password =3D qemu_opt_get_bool(opts, "password", false); + } if (password) { if (fips_get_state()) { error_setg(errp, --=20 2.29.2 From nobody Fri May 3 08:25:26 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1615463046; cv=none; d=zohomail.com; s=zohoarc; b=NJx0EGSz0fXSVPRFGHDzf5nop8CnuD5e9dpf3JNetJBjflsDjzR0ZzEWuCmPZ1WZYjZFLt/JnmMikSJMbILXFw3TfMM//qtxyZ0k4I3aGLiSGHbYJ7+YR0vcz3//f9X8wUPy4L3Bm2JkITIX2SK4C2NVaBtwvtpauxj9gdu4yqc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1615463046; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=KGYE/U7BhfD8vIboF6hqHLC2OyL7kb/ES78ULF+IPBc=; b=bcVXvTgrwnlDA2o+txHUZBlEEHrHvGOL/eZMlpBQnTcqdPCARtk0w26dP+H3LQvAbOPfhFdETJwsYrJwMGEN7aE3eZbIaBDtMM3vh6d1euQ0uy6RXM3JJopOos6vE+0D/FKJqugp31Z86x0elw+fBmmb+qMzQc5JR2YQ6pXkt0I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1615463046465882.8805596848646; Thu, 11 Mar 2021 03:44:06 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-202-13Eez4kPPBaKXBZHwV-vmw-1; Thu, 11 Mar 2021 06:44:03 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E6278363AB; Thu, 11 Mar 2021 11:43:57 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B66FA100AE4E; Thu, 11 Mar 2021 11:43:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7DA0618155DE; Thu, 11 Mar 2021 11:43:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 12BBhuMN025006 for ; Thu, 11 Mar 2021 06:43:56 -0500 Received: by smtp.corp.redhat.com (Postfix) id 77B62608DB; Thu, 11 Mar 2021 11:43:56 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-115-85.ams2.redhat.com [10.36.115.85]) by smtp.corp.redhat.com (Postfix) with ESMTP id E4B4260853; Thu, 11 Mar 2021 11:43:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1615463045; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=KGYE/U7BhfD8vIboF6hqHLC2OyL7kb/ES78ULF+IPBc=; b=f+S7xfoHLqpV0qoFvm6XBYEgtqGZKbmu8f4dyy6at19vQScKJWGURWiw3GWejxC8d+U1Mj UOey7z393FQTK7hia4XsAqqkZf82FsVwBLFqLkpvTnBcILRthxx2k0CEOQ+KPUcNcx/0pw u6yxdEfas2zsgCDb5ZKqPKpBDY7cGhg= X-MC-Unique: 13Eez4kPPBaKXBZHwV-vmw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v2 2/3] ui: introduce "password-secret" option for SPICE server Date: Thu, 11 Mar 2021 11:43:42 +0000 Message-Id: <20210311114343.439820-3-berrange@redhat.com> In-Reply-To: <20210311114343.439820-1-berrange@redhat.com> References: <20210311114343.439820-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: libvir-list@redhat.com, Gerd Hoffmann , "Dr. David Alan Gilbert" X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Currently when using SPICE the "password" option provides the password in plain text on the command line. This is insecure as it is visible to all processes on the host. As an alternative, the password can be provided separately via the monitor. This introduces a "password-secret" option which lets the password be provided up front. $QEMU --object secret,id=3Dvncsec0,file=3Dpasswd.txt \ --spice port=3D5901,password-secret=3Dvncsec0 Signed-off-by: Daniel P. Berrang=C3=A9 --- qemu-options.hx | 9 +++++++-- ui/spice-core.c | 30 ++++++++++++++++++++++++++++-- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/qemu-options.hx b/qemu-options.hx index 722d56eab3..77bb834e37 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1899,7 +1899,8 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice, " [,tls-ciphers=3D]\n" " [,tls-channel=3D[main|display|cursor|inputs|record|playback]]\= n" " [,plaintext-channel=3D[main|display|cursor|inputs|record|playb= ack]]\n" - " [,sasl=3Don|off][,password=3D][,disable-ticketing=3Don= |off]\n" + " [,sasl=3Don|off][,disable-ticketing=3Don|off]\n" + " [,password=3D][,password-secret=3D]\n" " [,image-compression=3D[auto_glz|auto_lz|quic|glz|lz|off]]\n" " [,jpeg-wan-compression=3D[auto|never|always]]\n" " [,zlib-glz-wan-compression=3D[auto|never|always]]\n" @@ -1924,9 +1925,13 @@ SRST ``ipv4=3Don|off``; \ ``ipv6=3Don|off``; \ ``unix=3Don|off`` Force using the specified IP version. =20 - ``password=3D`` + ``password=3D`` Set the password you need to authenticate. =20 + ``password-secret=3D`` + Set the ID of the ``secret`` object containing the password + you need to authenticate. + ``sasl=3Don|off`` Require that the client use SASL to authenticate with the spice. The exact choice of authentication method used is controlled diff --git a/ui/spice-core.c b/ui/spice-core.c index beee932f55..7f0e005ca9 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -34,6 +34,7 @@ #include "qapi/qapi-events-ui.h" #include "qemu/notify.h" #include "qemu/option.h" +#include "crypto/secret_common.h" #include "migration/misc.h" #include "hw/pci/pci_bus.h" #include "ui/spice-display.h" @@ -415,6 +416,9 @@ static QemuOptsList qemu_spice_opts =3D { },{ .name =3D "password", .type =3D QEMU_OPT_STRING, + },{ + .name =3D "password-secret", + .type =3D QEMU_OPT_STRING, },{ .name =3D "disable-ticketing", .type =3D QEMU_OPT_BOOL, @@ -636,7 +640,9 @@ void qemu_spice_display_init_done(void) static void qemu_spice_init(void) { QemuOpts *opts =3D QTAILQ_FIRST(&qemu_spice_opts.head); - const char *password, *str, *x509_dir, *addr, + char *password =3D NULL; + const char *passwordSecret; + const char *str, *x509_dir, *addr, *x509_key_password =3D NULL, *x509_dh_file =3D NULL, *tls_ciphers =3D NULL; @@ -663,7 +669,26 @@ static void qemu_spice_init(void) error_report("spice tls-port is out of range"); exit(1); } - password =3D qemu_opt_get(opts, "password"); + passwordSecret =3D qemu_opt_get(opts, "password-secret"); + if (passwordSecret) { + Error *local_err =3D NULL; + if (qemu_opt_get(opts, "password")) { + error_report("'password' option is mutually exclusive with " + "'password-secret'"); + exit(1); + } + password =3D qcrypto_secret_lookup_as_utf8(passwordSecret, + &local_err); + if (!password) { + error_report_err(local_err); + exit(1); + } + } else { + str =3D qemu_opt_get(opts, "password"); + if (str) { + password =3D g_strdup(str); + } + } =20 if (tls_port) { x509_dir =3D qemu_opt_get(opts, "x509-dir"); @@ -809,6 +834,7 @@ static void qemu_spice_init(void) g_free(x509_key_file); g_free(x509_cert_file); g_free(x509_cacert_file); + g_free(password); =20 #ifdef HAVE_SPICE_GL if (qemu_opt_get_bool(opts, "gl", 0)) { --=20 2.29.2 From nobody Fri May 3 08:25:26 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1615463106; cv=none; d=zohomail.com; s=zohoarc; b=DZx9FTf0Itc1spqhDQDPVske+uI5qHgJJvLWT++nbvsDypLJI5jpDUdfKlBCu1oJQ+Jjm05YdVc2xKgHs8sR0qJnxzJcp2ZNmEAIjqEU8bV0flVOl05dyJBZ07hNot10zB4oSwypu4NynclN/7DInAjXczZ/DMEWnv7IYT0agl8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1615463106; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=UPKVZUDm59nOyHgfstHTf3KS/nqwcbJYL53kaAQc4mk=; b=UobtsFnRXw4djx+P/Jr3wURr671QWhq+4TxTfc2pJsdR31KASqbPkJSgf1tvPe6J6kx3dTH6lxgD1Yy7jcq/IDBFTDLp9FycjaWIqO1FRqhLxAzDBBV55cU3elw6cUSpl+fHkGy/r6/2nuLXGE5/6YYm3gudZGeSpWoaqE3a+NA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1615463106912468.9215087179491; Thu, 11 Mar 2021 03:45:06 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-5-bgptL9bnOA2eQ9DviY9dKw-1; Thu, 11 Mar 2021 06:44:06 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1E70F803F50; Thu, 11 Mar 2021 11:44:00 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EFB605D6D1; Thu, 11 Mar 2021 11:43:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B7B2918006D9; Thu, 11 Mar 2021 11:43:59 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 12BBhw06025018 for ; Thu, 11 Mar 2021 06:43:58 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8F4D060C5D; Thu, 11 Mar 2021 11:43:58 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-115-85.ams2.redhat.com [10.36.115.85]) by smtp.corp.redhat.com (Postfix) with ESMTP id E26D360875; Thu, 11 Mar 2021 11:43:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1615463105; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=UPKVZUDm59nOyHgfstHTf3KS/nqwcbJYL53kaAQc4mk=; b=PwG1KI58BKShF84GrsB/QNAvabBVQjJjlCUDVEBbbC+ZW2ynPisvK7OEmmXKpvihO9CWzI JWk3D+Y1rjA6BSD/h2dplJx0irZlGgVm3lGldRA2KYSpsfMhvKLLXyQllXyi7rxYprCLe/ 9+orpGa3PN4al4w93ezoSa1qs5PI9jQ= X-MC-Unique: bgptL9bnOA2eQ9DviY9dKw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v2 3/3] ui: deprecate "password" option for SPICE server Date: Thu, 11 Mar 2021 11:43:43 +0000 Message-Id: <20210311114343.439820-4-berrange@redhat.com> In-Reply-To: <20210311114343.439820-1-berrange@redhat.com> References: <20210311114343.439820-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: libvir-list@redhat.com, Gerd Hoffmann , "Dr. David Alan Gilbert" X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) With the new "password-secret" option, there is no reason to use the old inecure "password" option with -spice, so it can be deprecated. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/system/deprecated.rst | 8 ++++++++ qemu-options.hx | 4 ++++ ui/spice-core.c | 2 ++ 3 files changed, 14 insertions(+) diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst index 241b28a521..e742c8d311 100644 --- a/docs/system/deprecated.rst +++ b/docs/system/deprecated.rst @@ -166,6 +166,14 @@ Using ``-M kernel-irqchip=3Doff`` with x86 machine typ= es that include a local APIC is deprecated. The ``split`` setting is supported, as is using ``-M kernel-irqchip=3Doff`` with the ISA PC machine type. =20 +``-spice password=3Dstring`` (since 6.0) +'''''''''''''''''''''''''''''''''''''' + +This option is insecure because the SPICE password remains visible in +the process listing. This is replaced by the new ``password-secret`` +option which lets the password be securely provided on the command +line using a ``secret`` object instance. + QEMU Machine Protocol (QMP) commands ------------------------------------ =20 diff --git a/qemu-options.hx b/qemu-options.hx index 77bb834e37..48382a8a2a 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1928,6 +1928,10 @@ SRST ``password=3D`` Set the password you need to authenticate. =20 + This option is deprecated and insecure because it leaves the + password visible in the process listing. Use ``password-secret`` + instead. + ``password-secret=3D`` Set the ID of the ``secret`` object containing the password you need to authenticate. diff --git a/ui/spice-core.c b/ui/spice-core.c index 7f0e005ca9..235d61f0c1 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -686,6 +686,8 @@ static void qemu_spice_init(void) } else { str =3D qemu_opt_get(opts, "password"); if (str) { + warn_report("'password' option is deprecated and insecure, " + "use 'password-secret' instead"); password =3D g_strdup(str); } } --=20 2.29.2