Google Git
Sign in
qemu / qemu / 0f66998ff6d5d2133b9b08471a44e13b11119e50
commit0f66998ff6d5d2133b9b08471a44e13b11119e50[log] [tgz]
authorPaul Moore <pmoore@redhat.com>Fri Aug 03 14:39:21 2012 -0400
committerAnthony Liguori <aliguori@us.ibm.com>Fri Aug 03 14:28:40 2012 -0500
tree498ceec7d881257c2564998762cd635014c51e8d
parent2ad728bd4bf26d8144190ca87d5d36d5f33cfae9 [diff]
vnc: disable VNC password authentication (security type 2) when in FIPS mode

FIPS 140-2 requires disabling certain ciphers, including DES, which is used
by VNC to obscure passwords when they are sent over the network.  The
solution for FIPS users is to disable the use of VNC password auth when the
host system is operating in FIPS compliance mode and the user has specified
'-enable-fips' on the QEMU command line.

This patch causes QEMU to emit a message to stderr when the host system is
running in FIPS mode and a VNC password was specified on the commend line.
If the system is not running in FIPS mode, or is running in FIPS mode but
VNC password authentication was not requested, QEMU operates normally.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
6 files changed
tree: 498ceec7d881257c2564998762cd635014c51e8d
  1. audio/
  2. block/
  3. bsd-user/
  4. default-configs/
  5. docs/
  6. fpu/
  7. fsdev/
  8. gdb-xml/
  9. hw/
  10. include/
  11. libcacard/
  12. linux-headers/
  13. linux-user/
  14. net/
  15. pc-bios/
  16. qapi/
  17. qga/
  18. QMP/
  19. qom/
  20. roms/
  21. scripts/
  22. slirp/
  23. sysconfigs/
  24. target-alpha/
  25. target-arm/
  26. target-cris/
  27. target-i386/
  28. target-lm32/
  29. target-m68k/
  30. target-microblaze/
  31. target-mips/
  32. target-openrisc/
  33. target-ppc/
  34. target-s390x/
  35. target-sh4/
  36. target-sparc/
  37. target-unicore32/
  38. target-xtensa/
  39. tcg/
  40. tests/
  41. trace/
  42. ui/
  43. .gitignore
  44. .gitmodules
  45. .mailmap
  46. a.out.h
  47. acl.c
  48. acl.h
  49. aes.c
  50. aes.h
  51. aio.c
  52. alpha-dis.c
  53. alpha.ld
  54. arch_init.c
  55. arch_init.h
  56. arm-dis.c
  57. arm.ld
  58. async.c
  59. balloon.c
  60. balloon.h
  61. bitmap.c
  62. bitmap.h
  63. bitops.c
  64. bitops.h
  65. block-migration.c
  66. block-migration.h
  67. block.c
  68. block.h
  69. block_int.h
  70. blockdev.c
  71. blockdev.h
  72. bswap.h
  73. bt-host.c
  74. bt-host.h
  75. bt-vhci.c
  76. buffered_file.c
  77. buffered_file.h
  78. cache-utils.c
  79. cache-utils.h
  80. Changelog
  81. cmd.c
  82. cmd.h
  83. CODING_STYLE
  84. compatfd.c
  85. compatfd.h
  86. compiler.h
  87. config.h
  88. configure
  89. console.c
  90. console.h
  91. COPYING
  92. COPYING.LIB
  93. coroutine-gthread.c
  94. coroutine-sigaltstack.c
  95. coroutine-ucontext.c
  96. coroutine-win32.c
  97. cpu-all.h
  98. cpu-common.h
  99. cpu-defs.h
  100. cpu-exec.c
  101. cpus.c
  102. cpus.h
  103. cputlb.c
  104. cputlb.h
  105. cris-dis.c
  106. cursor.c
  107. cursor_hidden.xpm
  108. cursor_left_ptr.xpm
  109. cutils.c
  110. def-helper.h
  111. device_tree.c
  112. device_tree.h
  113. dis-asm.h
  114. disas.c
  115. disas.h
  116. dma-helpers.c
  117. dma.h
  118. dump-stub.c
  119. dump.c
  120. dump.h
  121. dyngen-exec.h
  122. elf.h
  123. envlist.c
  124. envlist.h
  125. error.c
  126. error.h
  127. error_int.h
  128. event_notifier.c
  129. event_notifier.h
  130. exec-all.h
  131. exec-memory.h
  132. exec-obsolete.h
  133. exec.c
  134. gdbstub.c
  135. gdbstub.h
  136. gen-icount.h
  137. HACKING
  138. hmp-commands.hx
  139. hmp.c
  140. hmp.h
  141. host-utils.c
  142. host-utils.h
  143. hppa-dis.c
  144. hppa.ld
  145. i386-dis.c
  146. i386.ld
  147. ia64-dis.c
  148. ia64.ld
  149. input.c
  150. int128.h
  151. iohandler.c
  152. ioport.c
  153. ioport.h
  154. iorange.h
  155. iov.c
  156. iov.h
  157. json-lexer.c
  158. json-lexer.h
  159. json-parser.c
  160. json-parser.h
  161. json-streamer.c
  162. json-streamer.h
  163. kvm-all.c
  164. kvm-stub.c
  165. kvm.h
  166. libfdt_env.h
  167. LICENSE
  168. linux-aio.c
  169. lm32-dis.c
  170. m68k-dis.c
  171. m68k.ld
  172. main-loop.c
  173. main-loop.h
  174. MAINTAINERS
  175. Makefile
  176. Makefile.dis
  177. Makefile.hw
  178. Makefile.objs
  179. Makefile.target
  180. Makefile.user
  181. memory.c
  182. memory.h
  183. memory_mapping-stub.c
  184. memory_mapping.c
  185. memory_mapping.h
  186. microblaze-dis.c
  187. migration-exec.c
  188. migration-fd.c
  189. migration-tcp.c
  190. migration-unix.c
  191. migration.c
  192. migration.h
  193. mips-dis.c
  194. mips.ld
  195. module.c
  196. module.h
  197. monitor.c
  198. monitor.h
  199. nbd.c
  200. nbd.h
  201. net.c
  202. net.h
  203. notify.c
  204. notify.h
  205. os-posix.c
  206. os-win32.c
  207. osdep.c
  208. osdep.h
  209. oslib-posix.c
  210. oslib-win32.c
  211. path.c
  212. pci-ids.txt
  213. pflib.c
  214. pflib.h
  215. poison.h
  216. posix-aio-compat.c
  217. ppc-dis.c
  218. ppc.ld
  219. ppc64.ld
  220. qapi-schema-guest.json
  221. qapi-schema-test.json
  222. qapi-schema.json
  223. qbool.c
  224. qbool.h
  225. qdict-test-data.txt
  226. qdict.c
  227. qdict.h
  228. qemu-aio.h
  229. qemu-barrier.h
  230. qemu-bridge-helper.c
  231. qemu-char.c
  232. qemu-char.h
  233. qemu-common.h
  234. qemu-config.c
  235. qemu-config.h
  236. qemu-coroutine-int.h
  237. qemu-coroutine-io.c
  238. qemu-coroutine-lock.c
  239. qemu-coroutine-sleep.c
  240. qemu-coroutine.c
  241. qemu-coroutine.h
  242. qemu-doc.texi
  243. qemu-error.c
  244. qemu-error.h
  245. qemu-file.h
  246. qemu-ga.c
  247. qemu-img-cmds.hx
  248. qemu-img.c
  249. qemu-img.texi
  250. qemu-io.c
  251. qemu-lock.h
  252. qemu-log.c
  253. qemu-log.h
  254. qemu-nbd.c
  255. qemu-nbd.texi
  256. qemu-objects.h
  257. qemu-option-internal.h
  258. qemu-option.c
  259. qemu-option.h
  260. qemu-options-wrapper.h
  261. qemu-options.h
  262. qemu-options.hx
  263. qemu-os-posix.h
  264. qemu-os-win32.h
  265. qemu-progress.c
  266. qemu-queue.h
  267. qemu-sockets.c
  268. qemu-tech.texi
  269. qemu-thread-posix.c
  270. qemu-thread-posix.h
  271. qemu-thread-win32.c
  272. qemu-thread-win32.h
  273. qemu-thread.h
  274. qemu-timer-common.c
  275. qemu-timer.c
  276. qemu-timer.h
  277. qemu-tls.h
  278. qemu-tool.c
  279. qemu-user.c
  280. qemu-x509.h
  281. qemu-xattr.h
  282. qemu.sasl
  283. qemu_socket.h
  284. qerror.c
  285. qerror.h
  286. qfloat.c
  287. qfloat.h
  288. qint.c
  289. qint.h
  290. qjson.c
  291. qjson.h
  292. qlist.c
  293. qlist.h
  294. qmp-commands.hx
  295. qmp.c
  296. qobject.h
  297. qstring.c
  298. qstring.h
  299. qtest.c
  300. qtest.h
  301. range.h
  302. readline.c
  303. readline.h
  304. README
  305. rules.mak
  306. s390-dis.c
  307. s390.ld
  308. savevm.c
  309. sh4-dis.c
  310. softmmu-semi.h
  311. softmmu_defs.h
  312. softmmu_exec.h
  313. softmmu_header.h
  314. softmmu_template.h
  315. sparc-dis.c
  316. sparc.ld
  317. sparc64.ld
  318. spice-qemu-char.c
  319. sysemu.h
  320. targphys.h
  321. tcg-runtime.c
  322. tci-dis.c
  323. tci.c
  324. thunk.c
  325. thunk.h
  326. TODO
  327. trace-events
  328. translate-all.c
  329. uboot_image.h
  330. user-exec.c
  331. VERSION
  332. version.rc
  333. vgafont.h
  334. vl.c
  335. vmstate.h
  336. x86_64.ld
  337. xen-all.c
  338. xen-mapcache.c
  339. xen-mapcache.h
  340. xen-stub.c