From 6c6840e9281cf2fd3b29d77f45b18949d4a83944 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 11 Mar 2021 11:43:41 +0000 Subject: ui: introduce "password-secret" option for VNC servers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently when using VNC the "password" flag turns on password based authentication. The actual password has to be provided separately via the monitor. This introduces a "password-secret" option which lets the password be provided up front. $QEMU --object secret,id=vncsec0,file=passwd.txt \ --vnc localhost:0,password-secret=vncsec0 Signed-off-by: Daniel P. Berrangé Message-Id: <20210311114343.439820-2-berrange@redhat.com> Signed-off-by: Gerd Hoffmann --- qemu-options.hx | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'qemu-options.hx') diff --git a/qemu-options.hx b/qemu-options.hx index 622d3bfa5a..357fc4596e 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2165,6 +2165,11 @@ SRST time to allow password to expire immediately or never expire. + ``password-secret=`` + Require that password based authentication is used for client + connections, using the password provided by the ``secret`` + object identified by ``secret-id``. + ``tls-creds=ID`` Provides the ID of a set of TLS credentials to use to secure the VNC server. They will apply to both the normal VNC server socket -- cgit v1.2.3 From 99522f69d62216f5d9581f66f2c0edca6bd48f78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 11 Mar 2021 11:43:42 +0000 Subject: ui: introduce "password-secret" option for SPICE server MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently when using SPICE the "password" option provides the password in plain text on the command line. This is insecure as it is visible to all processes on the host. As an alternative, the password can be provided separately via the monitor. This introduces a "password-secret" option which lets the password be provided up front. $QEMU --object secret,id=vncsec0,file=passwd.txt \ --spice port=5901,password-secret=vncsec0 Signed-off-by: Daniel P. Berrangé Message-Id: <20210311114343.439820-3-berrange@redhat.com> Signed-off-by: Gerd Hoffmann --- qemu-options.hx | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'qemu-options.hx') diff --git a/qemu-options.hx b/qemu-options.hx index 357fc4596e..a98f8e84a2 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1899,7 +1899,8 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice, " [,tls-ciphers=]\n" " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n" " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n" - " [,sasl=on|off][,password=][,disable-ticketing=on|off]\n" + " [,sasl=on|off][,disable-ticketing=on|off]\n" + " [,password=][,password-secret=]\n" " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n" " [,jpeg-wan-compression=[auto|never|always]]\n" " [,zlib-glz-wan-compression=[auto|never|always]]\n" @@ -1924,9 +1925,13 @@ SRST ``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off`` Force using the specified IP version. - ``password=`` + ``password=`` Set the password you need to authenticate. + ``password-secret=`` + Set the ID of the ``secret`` object containing the password + you need to authenticate. + ``sasl=on|off`` Require that the client use SASL to authenticate with the spice. The exact choice of authentication method used is controlled -- cgit v1.2.3 From c47c0bcb33e154b82b4f6b90984aba998fcc4f18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 11 Mar 2021 11:43:43 +0000 Subject: ui: deprecate "password" option for SPICE server MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With the new "password-secret" option, there is no reason to use the old inecure "password" option with -spice, so it can be deprecated. Signed-off-by: Daniel P. Berrangé Message-Id: <20210311114343.439820-4-berrange@redhat.com> Signed-off-by: Gerd Hoffmann --- qemu-options.hx | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'qemu-options.hx') diff --git a/qemu-options.hx b/qemu-options.hx index a98f8e84a2..4da3f4f48c 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1928,6 +1928,10 @@ SRST ``password=`` Set the password you need to authenticate. + This option is deprecated and insecure because it leaves the + password visible in the process listing. Use ``password-secret`` + instead. + ``password-secret=`` Set the ID of the ``secret`` object containing the password you need to authenticate. -- cgit v1.2.3