1. 08 4月, 2009 1 次提交
  2. 06 4月, 2009 2 次提交
  3. 29 3月, 2009 1 次提交
  4. 13 3月, 2009 1 次提交
  5. 09 3月, 2009 1 次提交
  6. 07 3月, 2009 3 次提交
    • B
      Sparse fixes: NULL use, header order, ANSI prototypes, static · 511d2b14
      blueswir1 提交于
      Fix Sparse warnings:
       * use NULL instead of plain 0
       * rearrange header include order to avoid redefining types accidentally
       * ANSIfy SLIRP
       * avoid "restrict" keyword
       * add static
      
      
      
      git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6736 c046a42c-6fe2-441c-8c8c-71466251a162
      511d2b14
    • A
      Remove tabs introduced from VNC ACL series · 28a76be8
      aliguori 提交于
      Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
      
      
      git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6727 c046a42c-6fe2-441c-8c8c-71466251a162
      28a76be8
    • A
      Support ACLs for controlling VNC access ("Daniel P. Berrange") · 76655d6d
      aliguori 提交于
      This patch introduces a generic internal API for access control lists
      to be used by network servers in QEMU. It adds support for checking
      these ACL in the VNC server, in two places. The first ACL is for the
      SASL authentication mechanism, checking the SASL username. This ACL
      is called 'vnc.username'. The second is for the TLS authentication
      mechanism, when x509 client certificates are turned on, checking against
      the Distinguished Name of the client. This ACL is called 'vnc.x509dname'
      
      The internal API provides for an ACL with the following characteristics
      
       - A unique name, eg  vnc.username, and vnc.x509dname.
       - A default policy, allow or deny
       - An ordered series of match rules, with allow or deny policy
      
      If none of the match rules apply, then the default policy is
      used.
      
      There is a monitor API to manipulate the ACLs, which I'll describe via
      examples
      
        (qemu) acl show vnc.username
        policy: allow
        (qemu) acl policy vnc.username denya
        acl: policy set to 'deny'
        (qemu) acl allow vnc.username fred
        acl: added rule at position 1
        (qemu) acl allow vnc.username bob
        acl: added rule at position 2
        (qemu) acl allow vnc.username joe 1
        acl: added rule at position 1
        (qemu) acl show vnc.username
        policy: deny
        0: allow fred
        1: allow joe
        2: allow bob
      
      
        (qemu) acl show vnc.x509dname
        policy: allow
        (qemu) acl policy vnc.x509dname deny
        acl: policy set to 'deny'
        (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
        acl: added rule at position 1
        (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
        acl: added rule at position 2
        (qemu) acl show vnc.x509dname
        policy: deny
        0: allow C=GB,O=ACME,L=London,CN=*
        1: allow C=GB,O=ACME,L=Boston,CN=bob
      
      By default the VNC server will not use any ACLs, allowing access to
      the server if the user successfully authenticates. To enable use of
      ACLs to restrict user access, the ',acl' flag should be given when
      starting QEMU. The initial ACL activated will be a 'deny all' policy
      and should be customized using monitor commands.
      
      eg enable SASL auth and ACLs
      
          qemu ....  -vnc localhost:1,sasl,acl
      
      The next patch will provide a way to load a pre-defined ACL when
      starting up
      
      
       Makefile        |    6 +
       b/acl.c         |  185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
       b/acl.h         |   74 ++++++++++++++++++++++
       configure       |   18 +++++
       monitor.c       |   95 ++++++++++++++++++++++++++++
       qemu-doc.texi   |   49 ++++++++++++++
       vnc-auth-sasl.c |   16 +++-
       vnc-auth-sasl.h |    7 ++
       vnc-tls.c       |   19 +++++
       vnc-tls.h       |    3 
       vnc.c           |   21 ++++++
       vnc.h           |    3 
       12 files changed, 491 insertions(+), 5 deletions(-)
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
      
      
      git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
      76655d6d
  7. 06 3月, 2009 12 次提交
  8. 03 3月, 2009 1 次提交
  9. 11 2月, 2009 2 次提交
  10. 06 2月, 2009 1 次提交
  11. 25 1月, 2009 1 次提交
    • B
      Synch code, help and docs · d2c639d6
      blueswir1 提交于
      Rearrange code, help printout and docs so that they are in the same
      (hopefully more logical) order for easier maintenance.
      
      Add help and docs for undocumented options.
      
      Reformat slightly for more consistent help output.
      
      Add comments to encourage better synchronization in the future.
      
      
      git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6432 c046a42c-6fe2-441c-8c8c-71466251a162
      d2c639d6
  12. 09 1月, 2009 1 次提交
  13. 28 12月, 2008 1 次提交
  14. 19 12月, 2008 2 次提交
  15. 18 12月, 2008 1 次提交
  16. 10 12月, 2008 2 次提交
  17. 05 12月, 2008 2 次提交
  18. 16 11月, 2008 1 次提交
  19. 06 11月, 2008 1 次提交
    • A
      Add KVM support to QEMU · 7ba1e619
      aliguori 提交于
      This patch adds very basic KVM support.  KVM is a kernel module for Linux that
      allows userspace programs to make use of hardware virtualization support.  It
      current supports x86 hardware virtualization using Intel VT-x or AMD-V.  It
      also supports IA64 VT-i, PPC 440, and S390.
      
      This patch only implements the bare minimum support to get a guest booting.  It
      has very little impact the rest of QEMU and attempts to integrate nicely with
      the rest of QEMU.
      
      Even though this implementation is basic, it is significantly faster than TCG.
      Booting and shutting down a Linux guest:
      
      w/TCG:  1:32.36 elapsed  84% CPU
      
      w/KVM:  0:31.14 elapsed  59% CPU
      
      Right now, KVM is disabled by default and must be explicitly enabled with
       -enable-kvm.  We can enable it by default later when we have had better
      testing.
      Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
      
      
      
      git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5627 c046a42c-6fe2-441c-8c8c-71466251a162
      7ba1e619
  20. 01 11月, 2008 1 次提交
    • A
      Implement "info chardev" command. (Gerd Hoffmann) · 5ccfae10
      aliguori 提交于
      This patch makes qemu keep track of the character devices in use and
      implements a "info chardev" monitor command to print a list.
      
      qemu_chr_open() sticks the devices into a linked list now.  It got a new
      argument (label), so there is a name for each device.  It also assigns a
      filename to each character device.  By default it just copyes the
      filename passed in.  Individual drivers can fill in something else
      though.  qemu_chr_open_pty() sets the filename to name of the pseudo tty
      allocated.
      
      Output looks like this:
      
        (qemu) info chardev
        monitor: filename=unix:/tmp/run.sh-26827/monitor,server,nowait
        serial0: filename=unix:/tmp/run.sh-26827/console,server
        serial1: filename=pty:/dev/pts/5
        parallel0: filename=vc:640x480
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
      
      
      
      git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5575 c046a42c-6fe2-441c-8c8c-71466251a162
      5ccfae10
  21. 26 10月, 2008 1 次提交
  22. 21 10月, 2008 1 次提交