Skip to content

Q
qemu

openeuler / qemu

通知 10
Star 0
Fork 0
Q
qemu

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 06 4月, 2009 3 次提交
  3. 04 4月, 2009 1 次提交
  5. 19 3月, 2009 1 次提交
  7. 10 3月, 2009 1 次提交
  9. 09 3月, 2009 1 次提交
  11. 08 3月, 2009 2 次提交
  13. 07 3月, 2009 2 次提交
    • A
      Support ACLs for controlling VNC access ("Daniel P. Berrange") · 76655d6d
      aliguori 提交于 
      This patch introduces a generic internal API for access control lists
to be used by network servers in QEMU. It adds support for checking
these ACL in the VNC server, in two places. The first ACL is for the
SASL authentication mechanism, checking the SASL username. This ACL
is called 'vnc.username'. The second is for the TLS authentication
mechanism, when x509 client certificates are turned on, checking against
the Distinguished Name of the client. This ACL is called 'vnc.x509dname'

The internal API provides for an ACL with the following characteristics

 - A unique name, eg  vnc.username, and vnc.x509dname.
 - A default policy, allow or deny
 - An ordered series of match rules, with allow or deny policy

If none of the match rules apply, then the default policy is
used.

There is a monitor API to manipulate the ACLs, which I'll describe via
examples

  (qemu) acl show vnc.username
  policy: allow
  (qemu) acl policy vnc.username denya
  acl: policy set to 'deny'
  (qemu) acl allow vnc.username fred
  acl: added rule at position 1
  (qemu) acl allow vnc.username bob
  acl: added rule at position 2
  (qemu) acl allow vnc.username joe 1
  acl: added rule at position 1
  (qemu) acl show vnc.username
  policy: deny
  0: allow fred
  1: allow joe
  2: allow bob


  (qemu) acl show vnc.x509dname
  policy: allow
  (qemu) acl policy vnc.x509dname deny
  acl: policy set to 'deny'
  (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
  acl: added rule at position 1
  (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
  acl: added rule at position 2
  (qemu) acl show vnc.x509dname
  policy: deny
  0: allow C=GB,O=ACME,L=London,CN=*
  1: allow C=GB,O=ACME,L=Boston,CN=bob

By default the VNC server will not use any ACLs, allowing access to
the server if the user successfully authenticates. To enable use of
ACLs to restrict user access, the ',acl' flag should be given when
starting QEMU. The initial ACL activated will be a 'deny all' policy
and should be customized using monitor commands.

eg enable SASL auth and ACLs

    qemu ....  -vnc localhost:1,sasl,acl

The next patch will provide a way to load a pre-defined ACL when
starting up


 Makefile        |    6 +
 b/acl.c         |  185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 b/acl.h         |   74 ++++++++++++++++++++++
 configure       |   18 +++++
 monitor.c       |   95 ++++++++++++++++++++++++++++
 qemu-doc.texi   |   49 ++++++++++++++
 vnc-auth-sasl.c |   16 +++-
 vnc-auth-sasl.h |    7 ++
 vnc-tls.c       |   19 +++++
 vnc-tls.h       |    3 
 vnc.c           |   21 ++++++
 vnc.h           |    3 
 12 files changed, 491 insertions(+), 5 deletions(-)
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
      76655d6d
    • A
      Add SASL authentication support ("Daniel P. Berrange") · 2f9606b3
      aliguori 提交于 
      This patch adds the new SASL authentication protocol to the VNC server.

It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5).  If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.

eg, if using GSSAPI

   qemu -vnc localhost:1,sasl

eg if using  TLS/x509 for encryption

   qemu -vnc localhost:1,sasl,tls,x509


By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf.  For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2.  NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.

Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c.  The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.

There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use

 - Clear.    read/write straight to socket
 - TLS.      read/write via GNUTLS helpers
 - SASL.     encode/decode via SASL SSF layer, then read/write to socket
 - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS

Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.

   vnc_client_read:  main entry point for reading, calls either

       - vnc_client_read_plain   reading, with no intermediate decoding
       - vnc_client_read_sasl    reading, with SASL SSF decoding

   These two methods, then call vnc_client_read_buf(). This decides
   whether to write to the socket directly or write via GNUTLS.

The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.

The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.

The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.


 Makefile            |    7 
 Makefile.target     |    5 
 b/qemu.sasl         |   34 ++
 b/vnc-auth-sasl.c   |  626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 b/vnc-auth-sasl.h   |   67 +++++
 configure           |   34 ++
 qemu-doc.texi       |   97 ++++++++
 vnc-auth-vencrypt.c |   12 
 vnc.c               |  249 ++++++++++++++++++--
 vnc.h               |   31 ++
 10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
      2f9606b3
  15. 04 3月, 2009 1 次提交
  17. 23 2月, 2009 1 次提交
  19. 26 1月, 2009 1 次提交
  21. 24 1月, 2009 1 次提交
  23. 17 1月, 2009 2 次提交
  25. 16 1月, 2009 2 次提交
    • A
      report issues causing the kvm probe to fail (Christian Ehrhardt) · 9fd8d8d7
      aliguori 提交于 
      The patch applies to upstream qemu as well as kvm-userspace, but since it is
the qemu configure script I think it should go to upstream qemu (Anthony)
first and with the next merge to kvm-userspace. On the other hand it is the kvm
probe so an ack from Avi in case v3 is ok would be reasonable.

*updates*
v2 - it also reports other errors than just #error preprocessor statements
     (requested by Avi)
v3 - In case awk or grep is not installed it now gracfully (silently)
     fails still disabling kvm (requested by Anthony)

This patch is about reporting more details of the issue if configuring kvm
fails. Therefore this patch keeps the qemu style configure output which is a
list of "$Feature $Status", but extend the "no" result like "KVM Support no"
with some more information.

There might be a lot of things going wrong with that probe and I don't want
to handle all of them, but if it is one of the known checks e.g. for
KVM_API_VERSION then we could grep/awk that out and report it. The patch
reports in case of a known case in the style
"KVM support no - (Missing KVM capability KVM_CAP_DESTROY_MEMORY_REGION_WORKS)"

In case more than one #error is triggered it creates a comma separated list in
those brackets and in case it is something else than an #error it just reports
plain old "no".
Signed-off-by: NChristian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6334 c046a42c-6fe2-441c-8c8c-71466251a162
      9fd8d8d7
    • A
      Fix kvm configure test for PPC · 406b430d
      aliguori 提交于 
      QEMU uses "ppc" whereas Linux uses "powerpc".
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6326 c046a42c-6fe2-441c-8c8c-71466251a162
      406b430d
  27. 15 1月, 2009 2 次提交
  29. 10 1月, 2009 1 次提交
  31. 09 1月, 2009 1 次提交
  33. 08 1月, 2009 1 次提交
  35. 07 1月, 2009 1 次提交
  37. 01 1月, 2009 1 次提交
  39. 30 12月, 2008 1 次提交
    • A
      Parse --cc and --cross-prefix earlier and use CC to determine cpu and host · ac0df51d
      aliguori 提交于 
      We have been relying on uname to determine the host cpu architecture and
operating system.  This is totally broken for cross compilation.  It was
workable in the past because you can manually override both settings but after
the host USB passthrough refactoring, cross host builds were broken.

This moves the parsing of --cc and --cross-prefix to before the probes for cpu
and host.  Complation testing is used to determine the host and CPU types.  I've
only added checks for i386, x86_64, Linux, and Windows since these are the only
platforms I have access to for testing.  Everything else falls back to uname.

It should be relatively easy to add the right checks for other platforms and
eliminate uname altogether.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6141 c046a42c-6fe2-441c-8c8c-71466251a162
      ac0df51d
  41. 18 12月, 2008 1 次提交
  43. 16 12月, 2008 3 次提交
  45. 15 12月, 2008 2 次提交
  47. 13 12月, 2008 2 次提交
    • A
      Make sure to link librt if we need to. · da93a1fd
      aliguori 提交于 
      This is really a stop-gap.  The recent thread pool changes uncovered a 
deeper issue with how we use librt.  We really should be probing for 
timer_create and then conditionally enabling that code.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5997 c046a42c-6fe2-441c-8c8c-71466251a162
      da93a1fd
    • A
      Replace posix-aio with custom thread pool · 3c529d93
      aliguori 提交于 
      glibc implements posix-aio as a thread pool and imposes a number of limitations.

1) it limits one request per-file descriptor.  we hack around this by dup()'ing
file descriptors which is hideously ugly

2) it's impossible to add new interfaces and we need a vectored read/write
operation to properly support a zero-copy API.

What has been suggested to me by glibc folks, is to implement whatever new
interfaces we want and then it can eventually be proposed for standardization.
This requires that we implement our own posix-aio implementation though.

This patch implements posix-aio using pthreads.  It immediately eliminates the
need for fd pooling.

It performs at least as well as the current posix-aio code (in some
circumstances, even better).
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5996 c046a42c-6fe2-441c-8c8c-71466251a162
      3c529d93
  49. 10 12月, 2008 1 次提交
  51. 09 12月, 2008 1 次提交
  53. 08 12月, 2008 3 次提交