rpms / libvirt

Clone
Source Code
GIT

Blame libvirt-0.6.1-vnc-sasl-auth.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   905627c8fd938a18a6e0629ba329a50257667771
  2.   libvirt-0.6.1-vnc-sasl-auth.patch
Blob History Raw
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 qemud/libvirtd_qemu.aug
Daniel P. Berrange 905627 
--- a/qemud/libvirtd_qemu.aug	Wed Mar 04 13:17:44 2009 +0000
Daniel P. Berrange 905627 
+++ b/qemud/libvirtd_qemu.aug	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -27,6 +27,8 @@ module Libvirtd_qemu =
Daniel P. Berrange 905627 
                  | str_entry "vnc_tls_x509_cert_dir"
Daniel P. Berrange 905627 
                  | bool_entry "vnc_tls_x509_verify"
Daniel P. Berrange 905627 
                  | str_entry "vnc_password"
Daniel P. Berrange 905627 
+                 | bool_entry "vnc_sasl"
Daniel P. Berrange 905627 
+                 | str_entry "vnc_sasl_dir"
Daniel P. Berrange 905627
Daniel P. Berrange 905627 
    (* Each enty in the config is one of the following three ... *)
Daniel P. Berrange 905627 
    let entry = vnc_entry
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 qemud/test_libvirtd_qemu.aug
Daniel P. Berrange 905627 
--- a/qemud/test_libvirtd_qemu.aug	Wed Mar 04 13:17:44 2009 +0000
Daniel P. Berrange 905627 
+++ b/qemud/test_libvirtd_qemu.aug	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -60,6 +60,25 @@ vnc_tls_x509_verify = 1
Daniel P. Berrange 905627 
 # example here before you set this
Daniel P. Berrange 905627 
 #
Daniel P. Berrange 905627 
 vnc_password = \"XYZ12345\"
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+# Enable use of SASL encryption on the VNC server. This requires
Daniel P. Berrange 905627 
+# a VNC client which supports the SASL protocol extension.
Daniel P. Berrange 905627 
+# Examples include vinagre, virt-viewer and virt-manager
Daniel P. Berrange 905627 
+# itself. UltraVNC, RealVNC, TightVNC do not support this
Daniel P. Berrange 905627 
+#
Daniel P. Berrange 905627 
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
Daniel P. Berrange 905627 
+# the desired SASL plugin (eg, GSSPI for Kerberos)
Daniel P. Berrange 905627 
+#
Daniel P. Berrange 905627 
+vnc_sasl = 1
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+# The default SASL configuration file is located in /etc/sasl2/
Daniel P. Berrange 905627 
+# When running libvirtd unprivileged, it may be desirable to
Daniel P. Berrange 905627 
+# override the configs in this location. Set this parameter to
Daniel P. Berrange 905627 
+# point to the directory, and create a qemu.conf in that location
Daniel P. Berrange 905627 
+#
Daniel P. Berrange 905627 
+vnc_sasl_dir = \"/some/directory/sasl2\"
Daniel P. Berrange 905627 
 "
Daniel P. Berrange 905627
Daniel P. Berrange 905627 
    test Libvirtd_qemu.lns get conf =
Daniel P. Berrange 905627 
@@ -123,3 +142,22 @@ vnc_password = \"XYZ12345\"
Daniel P. Berrange 905627 
 { "#comment" = "example here before you set this" }
Daniel P. Berrange 905627 
 { "#comment" = "" }
Daniel P. Berrange 905627 
 { "vnc_password" = "XYZ12345" }
Daniel P. Berrange 905627 
+{ "#empty" }
Daniel P. Berrange 905627 
+{ "#empty" }
Daniel P. Berrange 905627 
+{ "#comment" = "Enable use of SASL encryption on the VNC server. This requires" }
Daniel P. Berrange 905627 
+{ "#comment" = "a VNC client which supports the SASL protocol extension." }
Daniel P. Berrange 905627 
+{ "#comment" = "Examples include vinagre, virt-viewer and virt-manager" }
Daniel P. Berrange 905627 
+{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" }
Daniel P. Berrange 905627 
+{ "#comment" = "" }
Daniel P. Berrange 905627 
+{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" }
Daniel P. Berrange 905627 
+{ "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" }
Daniel P. Berrange 905627 
+{ "#comment" = "" }
Daniel P. Berrange 905627 
+{ "vnc_sasl" = "1" }
Daniel P. Berrange 905627 
+{ "#empty" }
Daniel P. Berrange 905627 
+{ "#empty" }
Daniel P. Berrange 905627 
+{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" }
Daniel P. Berrange 905627 
+{ "#comment" = "When running libvirtd unprivileged, it may be desirable to" }
Daniel P. Berrange 905627 
+{ "#comment" = "override the configs in this location. Set this parameter to" }
Daniel P. Berrange 905627 
+{ "#comment" = "point to the directory, and create a qemu.conf in that location" }
Daniel P. Berrange 905627 
+{ "#comment" = "" }
Daniel P. Berrange 905627 
+{ "vnc_sasl_dir" = "/some/directory/sasl2" }
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 src/qemu.conf
Daniel P. Berrange 905627 
--- a/src/qemu.conf	Wed Mar 04 13:17:44 2009 +0000
Daniel P. Berrange 905627 
+++ b/src/qemu.conf	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -60,6 +60,27 @@
Daniel P. Berrange 905627 
 # vnc_password = "XYZ12345"
Daniel P. Berrange 905627
Daniel P. Berrange 905627
Daniel P. Berrange 905627 
+# Enable use of SASL encryption on the VNC server. This requires
Daniel P. Berrange 905627 
+# a VNC client which supports the SASL protocol extension.
Daniel P. Berrange 905627 
+# Examples include vinagre, virt-viewer and virt-manager
Daniel P. Berrange 905627 
+# itself. UltraVNC, RealVNC, TightVNC do not support this
Daniel P. Berrange 905627 
+#
Daniel P. Berrange 905627 
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
Daniel P. Berrange 905627 
+# the desired SASL plugin (eg, GSSPI for Kerberos)
Daniel P. Berrange 905627 
+#
Daniel P. Berrange 905627 
+# vnc_sasl = 1
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+# The default SASL configuration file is located in /etc/sasl2/
Daniel P. Berrange 905627 
+# When running libvirtd unprivileged, it may be desirable to
Daniel P. Berrange 905627 
+# override the configs in this location. Set this parameter to
Daniel P. Berrange 905627 
+# point to the directory, and create a qemu.conf in that location
Daniel P. Berrange 905627 
+#
Daniel P. Berrange 905627 
+# vnc_sasl_dir = "/some/directory/sasl2"
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
 # The default security driver is SELinux. If SELinux is disabled
Daniel P. Berrange 905627 
 # on the host, then the security driver will automatically disable
Daniel P. Berrange 905627 
 # itself. If you wish to disable QEMU SELinux security driver while
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 src/qemu_conf.c
Daniel P. Berrange 905627 
--- a/src/qemu_conf.c	Wed Mar 04 13:17:44 2009 +0000
Daniel P. Berrange 905627 
+++ b/src/qemu_conf.c	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -161,6 +161,21 @@ int qemudLoadDriverConfig(struct qemud_d
Daniel P. Berrange 905627 
         }
Daniel P. Berrange 905627 
     }
Daniel P. Berrange 905627
Daniel P. Berrange 905627 
+    p = virConfGetValue (conf, "vnc_sasl");
Daniel P. Berrange 905627 
+    CHECK_TYPE ("vnc_sasl", VIR_CONF_LONG);
Daniel P. Berrange 905627 
+    if (p) driver->vncSASL = p->l;
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+    p = virConfGetValue (conf, "vnc_sasl_dir");
Daniel P. Berrange 905627 
+    CHECK_TYPE ("vnc_sasl_dir", VIR_CONF_STRING);
Daniel P. Berrange 905627 
+    if (p && p->str) {
Daniel P. Berrange 905627 
+        VIR_FREE(driver->vncSASLdir);
Daniel P. Berrange 905627 
+        if (!(driver->vncSASLdir = strdup(p->str))) {
Daniel P. Berrange 905627 
+            virReportOOMError(NULL);
Daniel P. Berrange 905627 
+            virConfFree(conf);
Daniel P. Berrange 905627 
+            return -1;
Daniel P. Berrange 905627 
+        }
Daniel P. Berrange 905627 
+    }
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
     virConfFree (conf);
Daniel P. Berrange 905627 
     return 0;
Daniel P. Berrange 905627 
 }
Daniel P. Berrange 905627 
@@ -838,15 +853,20 @@ int qemudBuildCommandLine(virConnectPtr
Daniel P. Berrange 905627 
             goto no_memory;                                             \
Daniel P. Berrange 905627 
     } while (0)
Daniel P. Berrange 905627
Daniel P. Berrange 905627 
+#define ADD_ENV_PAIR(envname, val)                                      \
Daniel P. Berrange 905627 
+    do {                                                                \
Daniel P. Berrange 905627 
+        char *envval;                                                   \
Daniel P. Berrange 905627 
+        ADD_ENV_SPACE;                                                  \
Daniel P. Berrange 905627 
+        if (virAsprintf(&envval, "%s=%s", envname, val) < 0)            \
Daniel P. Berrange 905627 
+            goto no_memory;                                             \
Daniel P. Berrange 905627 
+        qenv[qenvc++] = envval;                                         \
Daniel P. Berrange 905627 
+    } while (0)
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
 #define ADD_ENV_COPY(envname)                                           \
Daniel P. Berrange 905627 
     do {                                                                \
Daniel P. Berrange 905627 
         char *val = getenv(envname);                                    \
Daniel P. Berrange 905627 
-        char *envval;                                                   \
Daniel P. Berrange 905627 
-        ADD_ENV_SPACE;                                                  \
Daniel P. Berrange 905627 
         if (val != NULL) {                                              \
Daniel P. Berrange 905627 
-            if (virAsprintf(&envval, "%s=%s", envname, val) < 0)        \
Daniel P. Berrange 905627 
-                goto no_memory;                                         \
Daniel P. Berrange 905627 
-            qenv[qenvc++] = envval;                                     \
Daniel P. Berrange 905627 
+            ADD_ENV_PAIR(envname, val);                                 \
Daniel P. Berrange 905627 
         }                                                               \
Daniel P. Berrange 905627 
     } while (0)
Daniel P. Berrange 905627
Daniel P. Berrange 905627 
@@ -1295,6 +1315,15 @@ int qemudBuildCommandLine(virConnectPtr
Daniel P. Berrange 905627 
                                       driver->vncTLSx509certdir);
Daniel P. Berrange 905627 
                 }
Daniel P. Berrange 905627 
             }
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+            if (driver->vncSASL) {
Daniel P. Berrange 905627 
+                virBufferAddLit(&opt, ",sasl");
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+                if (driver->vncSASLdir)
Daniel P. Berrange 905627 
+                    ADD_ENV_PAIR("SASL_CONF_DIR", driver->vncSASLdir);
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+                /* TODO: Support ACLs later */
Daniel P. Berrange 905627 
+            }
Daniel P. Berrange 905627 
         } else {
Daniel P. Berrange 905627 
             virBufferVSprintf(&opt, "%d",
Daniel P. Berrange 905627 
                               vm->def->graphics->data.vnc.port - 5900);
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 src/qemu_conf.h
Daniel P. Berrange 905627 
--- a/src/qemu_conf.h	Wed Mar 04 13:17:44 2009 +0000
Daniel P. Berrange 905627 
+++ b/src/qemu_conf.h	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -73,9 +73,11 @@ struct qemud_driver {
Daniel P. Berrange 905627 
     char *stateDir;
Daniel P. Berrange 905627 
     unsigned int vncTLS : 1;
Daniel P. Berrange 905627 
     unsigned int vncTLSx509verify : 1;
Daniel P. Berrange 905627 
+    unsigned int vncSASL : 1;
Daniel P. Berrange 905627 
     char *vncTLSx509certdir;
Daniel P. Berrange 905627 
     char *vncListen;
Daniel P. Berrange 905627 
     char *vncPassword;
Daniel P. Berrange 905627 
+    char *vncSASLdir;
Daniel P. Berrange 905627
Daniel P. Berrange 905627 
     virCapsPtr caps;
Daniel P. Berrange 905627
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 src/qemu_driver.c
Daniel P. Berrange 905627 
--- a/src/qemu_driver.c	Wed Mar 04 13:17:44 2009 +0000
Daniel P. Berrange 905627 
+++ b/src/qemu_driver.c	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -620,6 +620,7 @@ qemudShutdown(void) {
Daniel P. Berrange 905627 
     VIR_FREE(qemu_driver->vncTLSx509certdir);
Daniel P. Berrange 905627 
     VIR_FREE(qemu_driver->vncListen);
Daniel P. Berrange 905627 
     VIR_FREE(qemu_driver->vncPassword);
Daniel P. Berrange 905627 
+    VIR_FREE(qemu_driver->vncSASLdir);
Daniel P. Berrange 905627
Daniel P. Berrange 905627 
     /* Free domain callback list */
Daniel P. Berrange 905627 
     virDomainEventCallbackListFree(qemu_driver->domainEventCallbacks);
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
Daniel P. Berrange 905627 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
Daniel P. Berrange 905627 
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -0,0 +1,1 @@
Daniel P. Berrange 905627 
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test SASL_CONF_DIR=/root/.sasl2 /usr/bin/qemu -S -M pc -m 214 -smp 1 -monitor pty -pidfile /nowhere/QEMUGuest1.pid -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc 127.0.0.1:3,sasl
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml
Daniel P. Berrange 905627 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
Daniel P. Berrange 905627 
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -0,0 +1,24 @@
Daniel P. Berrange 905627 
+<domain type='qemu'>
Daniel P. Berrange 905627 
+  <name>QEMUGuest1</name>
Daniel P. Berrange 905627 
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
Daniel P. Berrange 905627 
+  <memory>219200</memory>
Daniel P. Berrange 905627 
+  <currentMemory>219200</currentMemory>
Daniel P. Berrange 905627 
+  <vcpu>1</vcpu>
Daniel P. Berrange 905627 
+  <os>
Daniel P. Berrange 905627 
+    <type arch='i686' machine='pc'>hvm</type>
Daniel P. Berrange 905627 
+    <boot dev='hd'/>
Daniel P. Berrange 905627 
+  </os>
Daniel P. Berrange 905627 
+  <clock offset='utc'/>
Daniel P. Berrange 905627 
+  <on_poweroff>destroy</on_poweroff>
Daniel P. Berrange 905627 
+  <on_reboot>restart</on_reboot>
Daniel P. Berrange 905627 
+  <on_crash>destroy</on_crash>
Daniel P. Berrange 905627 
+  <devices>
Daniel P. Berrange 905627 
+    <emulator>/usr/bin/qemu</emulator>
Daniel P. Berrange 905627 
+    <disk type='block' device='disk'>
Daniel P. Berrange 905627 
+      <source dev='/dev/HostVG/QEMUGuest1'/>
Daniel P. Berrange 905627 
+      <target dev='hda' bus='ide'/>
Daniel P. Berrange 905627 
+    </disk>
Daniel P. Berrange 905627 
+    <input type='mouse' bus='ps2'/>
Daniel P. Berrange 905627 
+    <graphics type='vnc' port='5903' autoport='no' listen='127.0.0.1'/>
Daniel P. Berrange 905627 
+  </devices>
Daniel P. Berrange 905627 
+</domain>
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
Daniel P. Berrange 905627 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
Daniel P. Berrange 905627 
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -0,0 +1,1 @@
Daniel P. Berrange 905627 
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test SASL_CONF_DIR=/root/.sasl2 /usr/bin/qemu -S -M pc -m 214 -smp 1 -monitor pty -pidfile /nowhere/QEMUGuest1.pid -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml
Daniel P. Berrange 905627 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
Daniel P. Berrange 905627 
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -0,0 +1,24 @@
Daniel P. Berrange 905627 
+<domain type='qemu'>
Daniel P. Berrange 905627 
+  <name>QEMUGuest1</name>
Daniel P. Berrange 905627 
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
Daniel P. Berrange 905627 
+  <memory>219200</memory>
Daniel P. Berrange 905627 
+  <currentMemory>219200</currentMemory>
Daniel P. Berrange 905627 
+  <vcpu>1</vcpu>
Daniel P. Berrange 905627 
+  <os>
Daniel P. Berrange 905627 
+    <type arch='i686' machine='pc'>hvm</type>
Daniel P. Berrange 905627 
+    <boot dev='hd'/>
Daniel P. Berrange 905627 
+  </os>
Daniel P. Berrange 905627 
+  <clock offset='utc'/>
Daniel P. Berrange 905627 
+  <on_poweroff>destroy</on_poweroff>
Daniel P. Berrange 905627 
+  <on_reboot>restart</on_reboot>
Daniel P. Berrange 905627 
+  <on_crash>destroy</on_crash>
Daniel P. Berrange 905627 
+  <devices>
Daniel P. Berrange 905627 
+    <emulator>/usr/bin/qemu</emulator>
Daniel P. Berrange 905627 
+    <disk type='block' device='disk'>
Daniel P. Berrange 905627 
+      <source dev='/dev/HostVG/QEMUGuest1'/>
Daniel P. Berrange 905627 
+      <target dev='hda' bus='ide'/>
Daniel P. Berrange 905627 
+    </disk>
Daniel P. Berrange 905627 
+    <input type='mouse' bus='ps2'/>
Daniel P. Berrange 905627 
+    <graphics type='vnc' port='5903' autoport='no' listen='127.0.0.1'/>
Daniel P. Berrange 905627 
+  </devices>
Daniel P. Berrange 905627 
+</domain>
Daniel P. Berrange 905627 
diff -r 961d4b1ca1d3 tests/qemuxml2argvtest.c
Daniel P. Berrange 905627 
--- a/tests/qemuxml2argvtest.c	Wed Mar 04 13:17:44 2009 +0000
Daniel P. Berrange 905627 
+++ b/tests/qemuxml2argvtest.c	Thu Mar 05 14:22:50 2009 +0000
Daniel P. Berrange 905627 
@@ -213,6 +213,19 @@ mymain(int argc, char **argv)
Daniel P. Berrange 905627 
             QEMUD_CMD_FLAG_DRIVE_CACHE_V2);
Daniel P. Berrange 905627 
     DO_TEST("disk-usb", 0);
Daniel P. Berrange 905627 
     DO_TEST("graphics-vnc", 0);
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
+    driver.vncSASL = 1;
Daniel P. Berrange 905627 
+    driver.vncSASLdir = strdup("/root/.sasl2");
Daniel P. Berrange 905627 
+    DO_TEST("graphics-vnc-sasl", 0);
Daniel P. Berrange 905627 
+    driver.vncTLS = 1;
Daniel P. Berrange 905627 
+    driver.vncTLSx509verify = 1;
Daniel P. Berrange 905627 
+    driver.vncTLSx509certdir = strdup("/etc/pki/tls/qemu");
Daniel P. Berrange 905627 
+    DO_TEST("graphics-vnc-tls", 0);
Daniel P. Berrange 905627 
+    driver.vncSASL = driver.vncTLSx509verify = driver.vncTLS = 0;
Daniel P. Berrange 905627 
+    free(driver.vncSASLdir);
Daniel P. Berrange 905627 
+    free(driver.vncTLSx509certdir);
Daniel P. Berrange 905627 
+    driver.vncSASLdir = driver.vncTLSx509certdir = NULL;
Daniel P. Berrange 905627 
+
Daniel P. Berrange 905627 
     DO_TEST("graphics-sdl", 0);
Daniel P. Berrange 905627 
     DO_TEST("graphics-sdl-fullscreen", 0);
Daniel P. Berrange 905627 
     DO_TEST("input-usbmouse", 0);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation