aboutsummaryrefslogtreecommitdiff
path: root/ui/vnc.c
diff options
context:
space:
mode:
authorDaniel P. Berrangé <berrange@redhat.com>2021-02-19 17:47:31 +0000
committerDaniel P. Berrangé <berrange@redhat.com>2021-03-18 09:22:55 +0000
commit5994dcb8d8525ac044a31913c6bceeee788ec700 (patch)
tree8016ae5b1a56d284a8d55599aee05ff0357a1ffd /ui/vnc.c
parent571d413b5da6bc6f1c2aaca8484717642255ddb0 (diff)
ui, monitor: remove deprecated VNC ACL option and HMP commands
The VNC ACL concept has been replaced by the pluggable "authz" framework which does not use monitor commands. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'ui/vnc.c')
-rw-r--r--ui/vnc.c38
1 files changed, 0 insertions, 38 deletions
diff --git a/ui/vnc.c b/ui/vnc.c
index 9c004a11f4..e0fac2136e 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3508,9 +3508,6 @@ static QemuOptsList qemu_vnc_opts = {
.name = "sasl",
.type = QEMU_OPT_BOOL,
},{
- .name = "acl",
- .type = QEMU_OPT_BOOL,
- },{
.name = "tls-authz",
.type = QEMU_OPT_STRING,
},{
@@ -3961,7 +3958,6 @@ void vnc_display_open(const char *id, Error **errp)
bool reverse = false;
const char *credid;
bool sasl = false;
- int acl = 0;
const char *tlsauthz;
const char *saslauthz;
int lock_key_sync = 1;
@@ -4053,29 +4049,13 @@ void vnc_display_open(const char *id, Error **errp)
goto fail;
}
}
- if (qemu_opt_get(opts, "acl")) {
- error_report("The 'acl' option to -vnc is deprecated. "
- "Please use the 'tls-authz' and 'sasl-authz' "
- "options instead");
- }
- acl = qemu_opt_get_bool(opts, "acl", false);
tlsauthz = qemu_opt_get(opts, "tls-authz");
- if (acl && tlsauthz) {
- error_setg(errp, "'acl' option is mutually exclusive with the "
- "'tls-authz' option");
- goto fail;
- }
if (tlsauthz && !vd->tlscreds) {
error_setg(errp, "'tls-authz' provided but TLS is not enabled");
goto fail;
}
saslauthz = qemu_opt_get(opts, "sasl-authz");
- if (acl && saslauthz) {
- error_setg(errp, "'acl' option is mutually exclusive with the "
- "'sasl-authz' option");
- goto fail;
- }
if (saslauthz && !sasl) {
error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
goto fail;
@@ -4113,29 +4093,11 @@ void vnc_display_open(const char *id, Error **errp)
if (tlsauthz) {
vd->tlsauthzid = g_strdup(tlsauthz);
- } else if (acl) {
- if (strcmp(vd->id, "default") == 0) {
- vd->tlsauthzid = g_strdup("vnc.x509dname");
- } else {
- vd->tlsauthzid = g_strdup_printf("vnc.%s.x509dname", vd->id);
- }
- vd->tlsauthz = QAUTHZ(qauthz_list_new(vd->tlsauthzid,
- QAUTHZ_LIST_POLICY_DENY,
- &error_abort));
}
#ifdef CONFIG_VNC_SASL
if (sasl) {
if (saslauthz) {
vd->sasl.authzid = g_strdup(saslauthz);
- } else if (acl) {
- if (strcmp(vd->id, "default") == 0) {
- vd->sasl.authzid = g_strdup("vnc.username");
- } else {
- vd->sasl.authzid = g_strdup_printf("vnc.%s.username", vd->id);
- }
- vd->sasl.authz = QAUTHZ(qauthz_list_new(vd->sasl.authzid,
- QAUTHZ_LIST_POLICY_DENY,
- &error_abort));
}
}
#endif