diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2021-02-19 17:47:31 +0000 |
|---|---|---|
| committer | Daniel P. Berrangé <berrange@redhat.com> | 2021-03-18 09:22:55 +0000 |
| commit | 5994dcb8d8525ac044a31913c6bceeee788ec700 (patch) | |
| tree | 8016ae5b1a56d284a8d55599aee05ff0357a1ffd /ui/vnc.c | |
| parent | 571d413b5da6bc6f1c2aaca8484717642255ddb0 (diff) | |
| download | focaccia-qemu-5994dcb8d8525ac044a31913c6bceeee788ec700.tar.gz focaccia-qemu-5994dcb8d8525ac044a31913c6bceeee788ec700.zip | |
ui, monitor: remove deprecated VNC ACL option and HMP commands
The VNC ACL concept has been replaced by the pluggable "authz" framework which does not use monitor commands. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'ui/vnc.c')
| -rw-r--r-- | ui/vnc.c | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/ui/vnc.c b/ui/vnc.c index 9c004a11f4..e0fac2136e 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -3508,9 +3508,6 @@ static QemuOptsList qemu_vnc_opts = { .name = "sasl", .type = QEMU_OPT_BOOL, },{ - .name = "acl", - .type = QEMU_OPT_BOOL, - },{ .name = "tls-authz", .type = QEMU_OPT_STRING, },{ @@ -3961,7 +3958,6 @@ void vnc_display_open(const char *id, Error **errp) bool reverse = false; const char *credid; bool sasl = false; - int acl = 0; const char *tlsauthz; const char *saslauthz; int lock_key_sync = 1; @@ -4053,29 +4049,13 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } } - if (qemu_opt_get(opts, "acl")) { - error_report("The 'acl' option to -vnc is deprecated. " - "Please use the 'tls-authz' and 'sasl-authz' " - "options instead"); - } - acl = qemu_opt_get_bool(opts, "acl", false); tlsauthz = qemu_opt_get(opts, "tls-authz"); - if (acl && tlsauthz) { - error_setg(errp, "'acl' option is mutually exclusive with the " - "'tls-authz' option"); - goto fail; - } if (tlsauthz && !vd->tlscreds) { error_setg(errp, "'tls-authz' provided but TLS is not enabled"); goto fail; } saslauthz = qemu_opt_get(opts, "sasl-authz"); - if (acl && saslauthz) { - error_setg(errp, "'acl' option is mutually exclusive with the " - "'sasl-authz' option"); - goto fail; - } if (saslauthz && !sasl) { error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled"); goto fail; @@ -4113,29 +4093,11 @@ void vnc_display_open(const char *id, Error **errp) if (tlsauthz) { vd->tlsauthzid = g_strdup(tlsauthz); - } else if (acl) { - if (strcmp(vd->id, "default") == 0) { - vd->tlsauthzid = g_strdup("vnc.x509dname"); - } else { - vd->tlsauthzid = g_strdup_printf("vnc.%s.x509dname", vd->id); - } - vd->tlsauthz = QAUTHZ(qauthz_list_new(vd->tlsauthzid, - QAUTHZ_LIST_POLICY_DENY, - &error_abort)); } #ifdef CONFIG_VNC_SASL if (sasl) { if (saslauthz) { vd->sasl.authzid = g_strdup(saslauthz); - } else if (acl) { - if (strcmp(vd->id, "default") == 0) { - vd->sasl.authzid = g_strdup("vnc.username"); - } else { - vd->sasl.authzid = g_strdup_printf("vnc.%s.username", vd->id); - } - vd->sasl.authz = QAUTHZ(qauthz_list_new(vd->sasl.authzid, - QAUTHZ_LIST_POLICY_DENY, - &error_abort)); } } #endif |