]>
Commit | Line | Data |
---|---|---|
3f6c4997 JR |
1 | From: Neil Wilson <neil@brightbox.co.uk> |
2 | To: libvir-list@redhat.com | |
3 | Date: Mon, 10 Jan 2011 09:52:56 +0000 | |
4 | Message-ID: <1294653176.3013.16.camel@lenovo-3000-n100> | |
5 | ||
6 | Hi, | |
7 | ||
8 | Here's the patch to add basic ACL support to QEMU within libvirt. Like | |
9 | SASL it's ignored by RHEL5's default qemu. Newer qemu picks it up as | |
10 | expected and you can manipulate the acls using 'virsh'. | |
11 | ||
12 | ||
13 | diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf | |
14 | index ba41f80..7ab5eee 100644 | |
15 | --- a/src/qemu/qemu.conf | |
16 | +++ b/src/qemu/qemu.conf | |
17 | @@ -71,6 +71,15 @@ | |
18 | # vnc_sasl = 1 | |
19 | ||
20 | ||
21 | +# Enable the VNC access control lists. When switched on this will | |
22 | +# initially block all vnc users from accessing the vnc server. To | |
23 | +# add and remove ids from the ACLs you will need to send the appropriate | |
24 | +# commands to the qemu monitor as required by your particular version of | |
25 | +# QEMU. See the QEMU documentation for more details. | |
26 | +# | |
27 | +# vnc_acl = 1 | |
28 | + | |
29 | + | |
30 | # The default SASL configuration file is located in /etc/sasl/ | |
31 | # When running libvirtd unprivileged, it may be desirable to | |
32 | # override the configs in this location. Set this parameter to | |
33 | diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c | |
34 | index 7dd8e03..0ffeaab 100644 | |
35 | --- a/src/qemu/qemu_command.c | |
36 | +++ b/src/qemu/qemu_command.c | |
37 | @@ -3542,8 +3542,11 @@ qemuBuildCommandLine(virConnectPtr conn, | |
38 | virCommandAddEnvPair(cmd, "SASL_CONF_DIR", | |
39 | driver->vncSASLdir); | |
40 | ||
41 | - /* TODO: Support ACLs later */ | |
42 | } | |
43 | + | |
44 | + if (driver->vncACL) | |
45 | + virBufferAddLit(&opt, ",acl"); | |
46 | + | |
47 | } | |
48 | ||
49 | virCommandAddArg(cmd, "-vnc"); | |
50 | diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c | |
51 | index e1502dc..806432d 100644 | |
52 | --- a/src/qemu/qemu_conf.c | |
53 | +++ b/src/qemu/qemu_conf.c | |
54 | @@ -204,6 +204,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, | |
55 | } | |
56 | } | |
57 | ||
58 | + p = virConfGetValue (conf, "vnc_acl"); | |
59 | + CHECK_TYPE ("vnc_acl", VIR_CONF_LONG); | |
60 | + if (p) driver->vncACL = p->l; | |
61 | + | |
62 | p = virConfGetValue (conf, "spice_tls"); | |
63 | CHECK_TYPE ("spice_tls", VIR_CONF_LONG); | |
64 | if (p) driver->spiceTLS = p->l; | |
65 | diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h | |
66 | index 83ddedd..3e7506d 100644 | |
67 | --- a/src/qemu/qemu_conf.h | |
68 | +++ b/src/qemu/qemu_conf.h | |
69 | @@ -85,6 +85,7 @@ struct qemud_driver { | |
70 | unsigned int vncTLS : 1; | |
71 | unsigned int vncTLSx509verify : 1; | |
72 | unsigned int vncSASL : 1; | |
73 | + unsigned int vncACL : 1; | |
74 | char *vncTLSx509certdir; | |
75 | char *vncListen; | |
76 | char *vncPassword; | |
77 |