Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
libvirt
提交
b44af714
L
libvirt
项目概览
openeuler
/
libvirt
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
libvirt
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
b44af714
编写于
3月 16, 2009
作者:
D
Daniel P. Berrange
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Support SASL auth for VNC server.
上级
8fa62166
变更
12
隐藏空白更改
内联
并排
Showing
12 changed file
with
177 addition
and
5 deletion
+177
-5
ChangeLog
ChangeLog
+16
-0
qemud/libvirtd_qemu.aug
qemud/libvirtd_qemu.aug
+2
-0
qemud/test_libvirtd_qemu.aug
qemud/test_libvirtd_qemu.aug
+38
-0
src/qemu.conf
src/qemu.conf
+21
-0
src/qemu_conf.c
src/qemu_conf.c
+34
-5
src/qemu_conf.h
src/qemu_conf.h
+2
-0
src/qemu_driver.c
src/qemu_driver.c
+1
-0
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
+1
-0
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml
+24
-0
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
+1
-0
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml
+24
-0
tests/qemuxml2argvtest.c
tests/qemuxml2argvtest.c
+13
-0
未找到文件。
ChangeLog
浏览文件 @
b44af714
Mon Mar 16 13:52:00 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
Support SASL auth for VNC server.
* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug: Add
support for VNC sasl config options
* src/qemu.conf: Example VNC sasl config options
* src/qemu_conf.c, src/qemu_conf.h, src/qemu_driver.c: Add
ability to set SASL authentication on VNC servers
* tests/qemuxml2argvtest.c: Test for VNC SASL and TLS security
options
* tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args,
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml,
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args,
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml: Data
files for tests
Mon Mar 16 11:44:00 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
* src/qemu_driver.c: Avoid deadlock in virDomainSetVcpus
...
...
qemud/libvirtd_qemu.aug
浏览文件 @
b44af714
...
...
@@ -27,6 +27,8 @@ module Libvirtd_qemu =
|
str_entry
"vnc_tls_x509_cert_dir"
|
bool_entry
"vnc_tls_x509_verify"
|
str_entry
"vnc_password"
|
bool_entry
"vnc_sasl"
|
str_entry
"vnc_sasl_dir"
(* Each enty in the config is one of the following three ... *)
let
entry
=
vnc_entry
...
...
qemud/test_libvirtd_qemu.aug
浏览文件 @
b44af714
...
...
@@ -60,6 +60,25 @@ vnc_tls_x509_verify = 1
# example here before you set this
#
vnc_password =
\"
XYZ12345
\"
# Enable use of SASL encryption on the VNC server. This requires
# a VNC client which supports the SASL protocol extension.
# Examples include vinagre, virt-viewer and virt-manager
# itself. UltraVNC, RealVNC, TightVNC do not support this
#
# It is necessary to configure /etc/sasl2/qemu.conf to choose
# the desired SASL plugin (eg, GSSPI for Kerberos)
#
vnc_sasl = 1
# The default SASL configuration file is located in /etc/sasl2/
# When running libvirtd unprivileged, it may be desirable to
# override the configs in this location. Set this parameter to
# point to the directory, and create a qemu.conf in that location
#
vnc_sasl_dir =
\"
/some/directory/sasl2
\"
"
test
Libvirtd_qemu
.
lns
get
conf
=
...
...
@@ -123,3 +142,22 @@ vnc_password = \"XYZ12345\"
{
"#comment"
=
"example here before you set this"
}
{
"#comment"
=
""
}
{
"vnc_password"
=
"XYZ12345"
}
{
"#empty"
}
{
"#empty"
}
{
"#comment"
=
"Enable use of SASL encryption on the VNC server. This requires"
}
{
"#comment"
=
"a VNC client which supports the SASL protocol extension."
}
{
"#comment"
=
"Examples include vinagre, virt-viewer and virt-manager"
}
{
"#comment"
=
"itself. UltraVNC, RealVNC, TightVNC do not support this"
}
{
"#comment"
=
""
}
{
"#comment"
=
"It is necessary to configure /etc/sasl2/qemu.conf to choose"
}
{
"#comment"
=
"the desired SASL plugin (eg, GSSPI for Kerberos)"
}
{
"#comment"
=
""
}
{
"vnc_sasl"
=
"1"
}
{
"#empty"
}
{
"#empty"
}
{
"#comment"
=
"The default SASL configuration file is located in /etc/sasl2/"
}
{
"#comment"
=
"When running libvirtd unprivileged, it may be desirable to"
}
{
"#comment"
=
"override the configs in this location. Set this parameter to"
}
{
"#comment"
=
"point to the directory, and create a qemu.conf in that location"
}
{
"#comment"
=
""
}
{
"vnc_sasl_dir"
=
"/some/directory/sasl2"
}
src/qemu.conf
浏览文件 @
b44af714
...
...
@@ -60,6 +60,27 @@
# vnc_password = "XYZ12345"
# Enable use of SASL encryption on the VNC server. This requires
# a VNC client which supports the SASL protocol extension.
# Examples include vinagre, virt-viewer and virt-manager
# itself. UltraVNC, RealVNC, TightVNC do not support this
#
# It is necessary to configure /etc/sasl2/qemu.conf to choose
# the desired SASL plugin (eg, GSSPI for Kerberos)
#
# vnc_sasl = 1
# The default SASL configuration file is located in /etc/sasl2/
# When running libvirtd unprivileged, it may be desirable to
# override the configs in this location. Set this parameter to
# point to the directory, and create a qemu.conf in that location
#
# vnc_sasl_dir = "/some/directory/sasl2"
# The default security driver is SELinux. If SELinux is disabled
# on the host, then the security driver will automatically disable
# itself. If you wish to disable QEMU SELinux security driver while
...
...
src/qemu_conf.c
浏览文件 @
b44af714
...
...
@@ -161,6 +161,21 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
}
}
p
=
virConfGetValue
(
conf
,
"vnc_sasl"
);
CHECK_TYPE
(
"vnc_sasl"
,
VIR_CONF_LONG
);
if
(
p
)
driver
->
vncSASL
=
p
->
l
;
p
=
virConfGetValue
(
conf
,
"vnc_sasl_dir"
);
CHECK_TYPE
(
"vnc_sasl_dir"
,
VIR_CONF_STRING
);
if
(
p
&&
p
->
str
)
{
VIR_FREE
(
driver
->
vncSASLdir
);
if
(
!
(
driver
->
vncSASLdir
=
strdup
(
p
->
str
)))
{
virReportOOMError
(
NULL
);
virConfFree
(
conf
);
return
-
1
;
}
}
virConfFree
(
conf
);
return
0
;
}
...
...
@@ -838,15 +853,20 @@ int qemudBuildCommandLine(virConnectPtr conn,
goto no_memory; \
} while (0)
#define ADD_ENV_
COPY(envname)
\
#define ADD_ENV_
PAIR(envname, val)
\
do { \
char *val = getenv(envname); \
char *envval; \
ADD_ENV_SPACE; \
if (virAsprintf(&envval, "%s=%s", envname, val) < 0) \
goto no_memory; \
qenv[qenvc++] = envval; \
} while (0)
#define ADD_ENV_COPY(envname) \
do { \
char *val = getenv(envname); \
if (val != NULL) { \
if (virAsprintf(&envval, "%s=%s", envname, val) < 0) \
goto no_memory; \
qenv[qenvc++] = envval; \
ADD_ENV_PAIR(envname, val); \
} \
} while (0)
...
...
@@ -1295,6 +1315,15 @@ int qemudBuildCommandLine(virConnectPtr conn,
driver
->
vncTLSx509certdir
);
}
}
if
(
driver
->
vncSASL
)
{
virBufferAddLit
(
&
opt
,
",sasl"
);
if
(
driver
->
vncSASLdir
)
ADD_ENV_PAIR
(
"SASL_CONF_DIR"
,
driver
->
vncSASLdir
);
/* TODO: Support ACLs later */
}
}
else
{
virBufferVSprintf
(
&
opt
,
"%d"
,
vm
->
def
->
graphics
->
data
.
vnc
.
port
-
5900
);
...
...
src/qemu_conf.h
浏览文件 @
b44af714
...
...
@@ -73,9 +73,11 @@ struct qemud_driver {
char
*
stateDir
;
unsigned
int
vncTLS
:
1
;
unsigned
int
vncTLSx509verify
:
1
;
unsigned
int
vncSASL
:
1
;
char
*
vncTLSx509certdir
;
char
*
vncListen
;
char
*
vncPassword
;
char
*
vncSASLdir
;
virCapsPtr
caps
;
...
...
src/qemu_driver.c
浏览文件 @
b44af714
...
...
@@ -621,6 +621,7 @@ qemudShutdown(void) {
VIR_FREE
(
qemu_driver
->
vncTLSx509certdir
);
VIR_FREE
(
qemu_driver
->
vncListen
);
VIR_FREE
(
qemu_driver
->
vncPassword
);
VIR_FREE
(
qemu_driver
->
vncSASLdir
);
/* Free domain callback list */
virDomainEventCallbackListFree
(
qemu_driver
->
domainEventCallbacks
);
...
...
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
0 → 100644
浏览文件 @
b44af714
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test SASL_CONF_DIR=/root/.sasl2 /usr/bin/qemu -S -M pc -m 214 -smp 1 -monitor pty -pidfile /nowhere/QEMUGuest1.pid -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc 127.0.0.1:3,sasl
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml
0 → 100644
浏览文件 @
b44af714
<domain
type=
'qemu'
>
<name>
QEMUGuest1
</name>
<uuid>
c7a5fdbd-edaf-9455-926a-d65c16db1809
</uuid>
<memory>
219200
</memory>
<currentMemory>
219200
</currentMemory>
<vcpu>
1
</vcpu>
<os>
<type
arch=
'i686'
machine=
'pc'
>
hvm
</type>
<boot
dev=
'hd'
/>
</os>
<clock
offset=
'utc'
/>
<on_poweroff>
destroy
</on_poweroff>
<on_reboot>
restart
</on_reboot>
<on_crash>
destroy
</on_crash>
<devices>
<emulator>
/usr/bin/qemu
</emulator>
<disk
type=
'block'
device=
'disk'
>
<source
dev=
'/dev/HostVG/QEMUGuest1'
/>
<target
dev=
'hda'
bus=
'ide'
/>
</disk>
<input
type=
'mouse'
bus=
'ps2'
/>
<graphics
type=
'vnc'
port=
'5903'
autoport=
'no'
listen=
'127.0.0.1'
/>
</devices>
</domain>
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
0 → 100644
浏览文件 @
b44af714
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test SASL_CONF_DIR=/root/.sasl2 /usr/bin/qemu -S -M pc -m 214 -smp 1 -monitor pty -pidfile /nowhere/QEMUGuest1.pid -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml
0 → 100644
浏览文件 @
b44af714
<domain
type=
'qemu'
>
<name>
QEMUGuest1
</name>
<uuid>
c7a5fdbd-edaf-9455-926a-d65c16db1809
</uuid>
<memory>
219200
</memory>
<currentMemory>
219200
</currentMemory>
<vcpu>
1
</vcpu>
<os>
<type
arch=
'i686'
machine=
'pc'
>
hvm
</type>
<boot
dev=
'hd'
/>
</os>
<clock
offset=
'utc'
/>
<on_poweroff>
destroy
</on_poweroff>
<on_reboot>
restart
</on_reboot>
<on_crash>
destroy
</on_crash>
<devices>
<emulator>
/usr/bin/qemu
</emulator>
<disk
type=
'block'
device=
'disk'
>
<source
dev=
'/dev/HostVG/QEMUGuest1'
/>
<target
dev=
'hda'
bus=
'ide'
/>
</disk>
<input
type=
'mouse'
bus=
'ps2'
/>
<graphics
type=
'vnc'
port=
'5903'
autoport=
'no'
listen=
'127.0.0.1'
/>
</devices>
</domain>
tests/qemuxml2argvtest.c
浏览文件 @
b44af714
...
...
@@ -213,6 +213,19 @@ mymain(int argc, char **argv)
QEMUD_CMD_FLAG_DRIVE_CACHE_V2
);
DO_TEST
(
"disk-usb"
,
0
);
DO_TEST
(
"graphics-vnc"
,
0
);
driver
.
vncSASL
=
1
;
driver
.
vncSASLdir
=
strdup
(
"/root/.sasl2"
);
DO_TEST
(
"graphics-vnc-sasl"
,
0
);
driver
.
vncTLS
=
1
;
driver
.
vncTLSx509verify
=
1
;
driver
.
vncTLSx509certdir
=
strdup
(
"/etc/pki/tls/qemu"
);
DO_TEST
(
"graphics-vnc-tls"
,
0
);
driver
.
vncSASL
=
driver
.
vncTLSx509verify
=
driver
.
vncTLS
=
0
;
free
(
driver
.
vncSASLdir
);
free
(
driver
.
vncTLSx509certdir
);
driver
.
vncSASLdir
=
driver
.
vncTLSx509certdir
=
NULL
;
DO_TEST
(
"graphics-sdl"
,
0
);
DO_TEST
(
"graphics-sdl-fullscreen"
,
0
);
DO_TEST
(
"input-usbmouse"
,
0
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录