diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2021-03-11 11:43:42 +0000 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2021-03-15 17:36:20 +0100 |
| commit | 99522f69d62216f5d9581f66f2c0edca6bd48f78 (patch) | |
| tree | 5f0ad49410504389ac7f87f3d1f2e8019f729c94 /ui/spice-core.c | |
| parent | 6c6840e9281cf2fd3b29d77f45b18949d4a83944 (diff) | |
ui: introduce "password-secret" option for SPICE server
Currently when using SPICE the "password" option provides the password
in plain text on the command line. This is insecure as it is visible
to all processes on the host. As an alternative, the password can be
provided separately via the monitor.
This introduces a "password-secret" option which lets the password be
provided up front.
$QEMU --object secret,id=vncsec0,file=passwd.txt \
--spice port=5901,password-secret=vncsec0
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210311114343.439820-3-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'ui/spice-core.c')
| -rw-r--r-- | ui/spice-core.c | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/ui/spice-core.c b/ui/spice-core.c index cadec766fe..b9d8aced91 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -34,6 +34,7 @@ #include "qapi/qapi-events-ui.h" #include "qemu/notify.h" #include "qemu/option.h" +#include "crypto/secret_common.h" #include "migration/misc.h" #include "hw/pci/pci_bus.h" #include "ui/spice-display.h" @@ -416,6 +417,9 @@ static QemuOptsList qemu_spice_opts = { .name = "password", .type = QEMU_OPT_STRING, },{ + .name = "password-secret", + .type = QEMU_OPT_STRING, + },{ .name = "disable-ticketing", .type = QEMU_OPT_BOOL, },{ @@ -636,7 +640,9 @@ void qemu_spice_display_init_done(void) static void qemu_spice_init(void) { QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head); - const char *password, *str, *x509_dir, *addr, + char *password = NULL; + const char *passwordSecret; + const char *str, *x509_dir, *addr, *x509_key_password = NULL, *x509_dh_file = NULL, *tls_ciphers = NULL; @@ -663,7 +669,26 @@ static void qemu_spice_init(void) error_report("spice tls-port is out of range"); exit(1); } - password = qemu_opt_get(opts, "password"); + passwordSecret = qemu_opt_get(opts, "password-secret"); + if (passwordSecret) { + Error *local_err = NULL; + if (qemu_opt_get(opts, "password")) { + error_report("'password' option is mutually exclusive with " + "'password-secret'"); + exit(1); + } + password = qcrypto_secret_lookup_as_utf8(passwordSecret, + &local_err); + if (!password) { + error_report_err(local_err); + exit(1); + } + } else { + str = qemu_opt_get(opts, "password"); + if (str) { + password = g_strdup(str); + } + } if (tls_port) { x509_dir = qemu_opt_get(opts, "x509-dir"); @@ -809,6 +834,7 @@ static void qemu_spice_init(void) g_free(x509_key_file); g_free(x509_cert_file); g_free(x509_cacert_file); + g_free(password); #ifdef HAVE_SPICE_GL if (qemu_opt_get_bool(opts, "gl", 0)) { |