diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2021-03-17 13:38:15 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-03-17 13:38:15 +0000 |
| commit | 25a77510432813c3ee9b80f56b8470a52f00c884 (patch) | |
| tree | cd7a0fa1019a399ead303d8f84c9081e458125ac /qemu-options.hx | |
| parent | ff81439aafac58887b18032acd18a117f534cd75 (diff) | |
| parent | ad7f2f8ee9fbded410fbf77158b0065f8e2f08e3 (diff) | |
Merge remote-tracking branch 'remotes/kraxel/tags/ui-20210316-pull-request' into staging
vnc+spice: password-secret option.
bugfixes for cocoa, vnc, opengl.
# gpg: Signature made Tue 16 Mar 2021 05:37:58 GMT
# gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/ui-20210316-pull-request:
ui/cocoa: Comment about modifier key input quirks
ui: fold qemu_alloc_display in only caller
ui: honour the actual guest display dimensions without rounding
ui: use client width/height in WMVi message
ui: avoid sending framebuffer updates outside client desktop bounds
ui: add more trace points for VNC client/server messages
ui/cocoa: Do not exit immediately after shutdown
opengl: Do not convert format with glTexImage2D on OpenGL ES
ui: deprecate "password" option for SPICE server
ui: introduce "password-secret" option for SPICE server
ui: introduce "password-secret" option for VNC servers
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'qemu-options.hx')
| -rw-r--r-- | qemu-options.hx | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/qemu-options.hx b/qemu-options.hx index fe83ea09b2..9128dec510 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1922,7 +1922,8 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice, " [,tls-ciphers=<list>]\n" " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n" " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n" - " [,sasl=on|off][,password=<secret>][,disable-ticketing=on|off]\n" + " [,sasl=on|off][,disable-ticketing=on|off]\n" + " [,password=<string>][,password-secret=<secret-id>]\n" " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n" " [,jpeg-wan-compression=[auto|never|always]]\n" " [,zlib-glz-wan-compression=[auto|never|always]]\n" @@ -1947,9 +1948,17 @@ SRST ``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off`` Force using the specified IP version. - ``password=<secret>`` + ``password=<string>`` Set the password you need to authenticate. + This option is deprecated and insecure because it leaves the + password visible in the process listing. Use ``password-secret`` + instead. + + ``password-secret=<secret-id>`` + Set the ID of the ``secret`` object containing the password + you need to authenticate. + ``sasl=on|off`` Require that the client use SASL to authenticate with the spice. The exact choice of authentication method used is controlled @@ -2188,6 +2197,11 @@ SRST time to allow <protocol> password to expire immediately or never expire. + ``password-secret=<secret-id>`` + Require that password based authentication is used for client + connections, using the password provided by the ``secret`` + object identified by ``secret-id``. + ``tls-creds=ID`` Provides the ID of a set of TLS credentials to use to secure the VNC server. They will apply to both the normal VNC server socket |