git.proxmox.com Git - mirror_qemu.git/commit

author	Paul Moore <pmoore@redhat.com>
	Fri, 3 Aug 2012 18:39:21 +0000 (14:39 -0400)
committer	Anthony Liguori <aliguori@us.ibm.com>
	Fri, 3 Aug 2012 19:28:40 +0000 (14:28 -0500)
commit	0f66998ff6d5d2133b9b08471a44e13b11119e50
tree	498ceec7d881257c2564998762cd635014c51e8d	tree
parent	2ad728bd4bf26d8144190ca87d5d36d5f33cfae9	commit \| diff

vnc: disable VNC password authentication (security type 2) when in FIPS mode

FIPS 140-2 requires disabling certain ciphers, including DES, which is used
by VNC to obscure passwords when they are sent over the network. The
solution for FIPS users is to disable the use of VNC password auth when the
host system is operating in FIPS compliance mode and the user has specified
'-enable-fips' on the QEMU command line.

This patch causes QEMU to emit a message to stderr when the host system is
running in FIPS mode and a VNC password was specified on the commend line.
If the system is not running in FIPS mode, or is running in FIPS mode but
VNC password authentication was not requested, QEMU operates normally.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

osdep.c		diff \| blob \| blame \| history
osdep.h		diff \| blob \| blame \| history
qemu-doc.texi		diff \| blob \| blame \| history
qemu-options.hx		diff \| blob \| blame \| history
ui/vnc.c		diff \| blob \| blame \| history
vl.c		diff \| blob \| blame \| history