[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 6c6840: ui: introduce "password-secret" optio
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 6c6840: ui: introduce "password-secret" option for VNC ser... |
|
Date: |
Wed, 17 Mar 2021 08:00:30 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 6c6840e9281cf2fd3b29d77f45b18949d4a83944
https://github.com/qemu/qemu/commit/6c6840e9281cf2fd3b29d77f45b18949d4a83944
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2021-03-15 (Mon, 15 Mar 2021)
Changed paths:
M qemu-options.hx
M ui/vnc.c
Log Message:
-----------
ui: introduce "password-secret" option for VNC servers
Currently when using VNC the "password" flag turns on password based
authentication. The actual password has to be provided separately via
the monitor.
This introduces a "password-secret" option which lets the password be
provided up front.
$QEMU --object secret,id=vncsec0,file=passwd.txt \
--vnc localhost:0,password-secret=vncsec0
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210311114343.439820-2-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 99522f69d62216f5d9581f66f2c0edca6bd48f78
https://github.com/qemu/qemu/commit/99522f69d62216f5d9581f66f2c0edca6bd48f78
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2021-03-15 (Mon, 15 Mar 2021)
Changed paths:
M qemu-options.hx
M ui/spice-core.c
Log Message:
-----------
ui: introduce "password-secret" option for SPICE server
Currently when using SPICE the "password" option provides the password
in plain text on the command line. This is insecure as it is visible
to all processes on the host. As an alternative, the password can be
provided separately via the monitor.
This introduces a "password-secret" option which lets the password be
provided up front.
$QEMU --object secret,id=vncsec0,file=passwd.txt \
--spice port=5901,password-secret=vncsec0
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210311114343.439820-3-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: c47c0bcb33e154b82b4f6b90984aba998fcc4f18
https://github.com/qemu/qemu/commit/c47c0bcb33e154b82b4f6b90984aba998fcc4f18
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2021-03-15 (Mon, 15 Mar 2021)
Changed paths:
M docs/system/deprecated.rst
M qemu-options.hx
M ui/spice-core.c
Log Message:
-----------
ui: deprecate "password" option for SPICE server
With the new "password-secret" option, there is no reason to use the old
inecure "password" option with -spice, so it can be deprecated.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210311114343.439820-4-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 14c235eb40eb82e0d7e89601b1a47028fe24deca
https://github.com/qemu/qemu/commit/14c235eb40eb82e0d7e89601b1a47028fe24deca
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2021-03-15 (Mon, 15 Mar 2021)
Changed paths:
M ui/console-gl.c
Log Message:
-----------
opengl: Do not convert format with glTexImage2D on OpenGL ES
OpenGL ES does not support conversion from the given data format
to the internal format with glTexImage2D.
Use the given data format as the internal format, and ignore
the given alpha channels with GL_TEXTURE_SWIZZLE_A in case the
format contains alpha channels.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210219094803.90860-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 40c0193739eb08f76505f736c259928279d0376a
https://github.com/qemu/qemu/commit/40c0193739eb08f76505f736c259928279d0376a
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2021-03-15 (Mon, 15 Mar 2021)
Changed paths:
M ui/cocoa.m
Log Message:
-----------
ui/cocoa: Do not exit immediately after shutdown
ui/cocoa used to call exit immediately after calling
qemu_system_shutdown_request, which prevents QEMU from actually
perfoming system shutdown. Just sleep forever, and wait QEMU to call
exit and kill the Cocoa thread.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210219111652.20623-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: adc8fce871afd30b4bf13cf5440a96a3ffb486db
https://github.com/qemu/qemu/commit/adc8fce871afd30b4bf13cf5440a96a3ffb486db
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2021-03-15 (Mon, 15 Mar 2021)
Changed paths:
M ui/trace-events
M ui/vnc.c
Log Message:
-----------
ui: add more trace points for VNC client/server messages
This adds trace points for desktop size and audio related messages.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210311182957.486939-2-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 55b400497cf9c79acbb5c01abc58737bc52c081c
https://github.com/qemu/qemu/commit/55b400497cf9c79acbb5c01abc58737bc52c081c
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2021-03-15 (Mon, 15 Mar 2021)
Changed paths:
M ui/trace-events
M ui/vnc-jobs.c
Log Message:
-----------
ui: avoid sending framebuffer updates outside client desktop bounds
We plan framebuffer update rects based on the VNC server surface. If the
client doesn't support desktop resize, then the client bounds may differ
from the server surface bounds. VNC clients may become upset if we then
send an update message outside the bounds of the client desktop.
This takes the approach of clamping the rectangles from the worker
thread immediately before sending them. This may sometimes results in
sending a framebuffer update message with zero rectangles.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210311182957.486939-3-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 3d3a528da4215a55f6557ad0925507680da7ceb8
https://github.com/qemu/qemu/commit/3d3a528da4215a55f6557ad0925507680da7ceb8
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2021-03-15 (Mon, 15 Mar 2021)
Changed paths:
M ui/vnc.c
Log Message:
-----------
ui: use client width/height in WMVi message
The WMVi message is supposed to provide the same width/height
information as the regular desktop resize and extended desktop
resize messages. There can be times where the client width and
height are different from the pixman surface dimensions.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210311182957.486939-4-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 69cc8db44bdf7c9289e1fd1f695e01ec6132bf2b
https://github.com/qemu/qemu/commit/69cc8db44bdf7c9289e1fd1f695e01ec6132bf2b
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2021-03-15 (Mon, 15 Mar 2021)
Changed paths:
M ui/trace-events
M ui/vnc.c
M ui/vnc.h
Log Message:
-----------
ui: honour the actual guest display dimensions without rounding
A long time ago the VNC server code had some memory corruption
fixes done in:
commit bea60dd7679364493a0d7f5b54316c767cf894ef
Author: Peter Lieven <pl@kamp.de>
Date: Mon Jun 30 10:57:51 2014 +0200
ui/vnc: fix potential memory corruption issues
One of the implications of the fix was that the VNC server would have a
thin black bad down the right hand side if the guest desktop width was
not a multiple of 16. In practice this was a non-issue since the VNC
server was always honouring a guest specified resolution and guests
essentially always pick from a small set of sane resolutions likely in
real world hardware.
We recently introduced support for the extended desktop resize extension
and as a result the VNC client has ability to specify an arbitrary
desktop size and the guest OS may well honour it exactly. As a result we
no longer have any guarantee that the width will be a multiple of 16,
and so when resizing the desktop we have a 93% chance of getting the
black bar on the right hand size.
The VNC server maintains three different desktop dimensions
1. The guest surface
2. The server surface
3. The client desktop
The requirement for the width to be a multiple of 16 only applies to
item 2, the server surface, for the purpose of doing dirty bitmap
tracking.
Normally we will set the client desktop size to always match the server
surface size, but that's not a strict requirement. In order to cope with
clients that don't support the desktop size encoding, we already allow
for the client desktop to be a different size that the server surface.
Thus we can trivially eliminate the black bar, but setting the client
desktop size to be the un-rounded server surface size - the so called
"true width".
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210311182957.486939-5-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: eb69442a06ea3be6af294c9db0e66e277a529a27
https://github.com/qemu/qemu/commit/eb69442a06ea3be6af294c9db0e66e277a529a27
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2021-03-16 (Tue, 16 Mar 2021)
Changed paths:
M ui/console.c
Log Message:
-----------
ui: fold qemu_alloc_display in only caller
A minor code simplification.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210312100108.2706195-2-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: ad7f2f8ee9fbded410fbf77158b0065f8e2f08e3
https://github.com/qemu/qemu/commit/ad7f2f8ee9fbded410fbf77158b0065f8e2f08e3
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2021-03-16 (Tue, 16 Mar 2021)
Changed paths:
M ui/cocoa.m
Log Message:
-----------
ui/cocoa: Comment about modifier key input quirks
Based-on: <20210310042348.21931-1-akihiko.odaki@gmail.com>
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210312133212.3131-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 25a77510432813c3ee9b80f56b8470a52f00c884
https://github.com/qemu/qemu/commit/25a77510432813c3ee9b80f56b8470a52f00c884
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2021-03-17 (Wed, 17 Mar 2021)
Changed paths:
M docs/system/deprecated.rst
M qemu-options.hx
M ui/cocoa.m
M ui/console-gl.c
M ui/console.c
M ui/spice-core.c
M ui/trace-events
M ui/vnc-jobs.c
M ui/vnc.c
M ui/vnc.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/ui-20210316-pull-request'
into staging
vnc+spice: password-secret option.
bugfixes for cocoa, vnc, opengl.
# gpg: Signature made Tue 16 Mar 2021 05:37:58 GMT
# gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/ui-20210316-pull-request:
ui/cocoa: Comment about modifier key input quirks
ui: fold qemu_alloc_display in only caller
ui: honour the actual guest display dimensions without rounding
ui: use client width/height in WMVi message
ui: avoid sending framebuffer updates outside client desktop bounds
ui: add more trace points for VNC client/server messages
ui/cocoa: Do not exit immediately after shutdown
opengl: Do not convert format with glTexImage2D on OpenGL ES
ui: deprecate "password" option for SPICE server
ui: introduce "password-secret" option for SPICE server
ui: introduce "password-secret" option for VNC servers
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/ff81439aafac...25a775104328