]>
Commit | Line | Data |
---|---|---|
72b1baa0 JR |
1 | diff -ru libvirt-0.8.8/daemon/libvirtd.conf libvirt-0.8.8-sasl/daemon/libvirtd.conf |
2 | --- libvirt-0.8.8/daemon/libvirtd.conf 2010-12-20 14:35:22.000000000 +0100 | |
3 | +++ libvirt-0.8.8-sasl/daemon/libvirtd.conf 2011-04-28 11:45:47.727741165 +0200 | |
4 | @@ -111,7 +111,7 @@ | |
5 | # the network providing auth (eg, TLS/x509 certificates) | |
6 | # | |
7 | # - sasl: use SASL infrastructure. The actual auth scheme is then | |
8 | -# controlled from /etc/sasl2/libvirt.conf. For the TCP | |
9 | +# controlled from /etc/sasl/libvirt.conf. For the TCP | |
10 | # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. | |
11 | # For non-TCP or TLS sockets, any scheme is allowed. | |
12 | # | |
13 | @@ -142,7 +142,7 @@ | |
14 | # If you don't enable SASL, then all TCP traffic is cleartext. | |
15 | # Don't do this outside of a dev/test scenario. For real world | |
16 | # use, always enable SASL and use the GSSAPI or DIGEST-MD5 | |
17 | -# mechanism in /etc/sasl2/libvirt.conf | |
18 | +# mechanism in /etc/sasl/libvirt.conf | |
19 | #auth_tcp = "sasl" | |
20 | ||
21 | # Change the authentication scheme for TLS sockets. | |
22 | diff -ru libvirt-0.8.8/daemon/Makefile.am libvirt-0.8.8-sasl/daemon/Makefile.am | |
23 | --- libvirt-0.8.8/daemon/Makefile.am 2011-01-31 02:30:59.000000000 +0100 | |
24 | +++ libvirt-0.8.8-sasl/daemon/Makefile.am 2011-04-28 11:45:47.703741165 +0200 | |
25 | @@ -326,12 +326,12 @@ | |
26 | # the WITH_LIBVIRTD conditional | |
27 | if HAVE_SASL | |
28 | install-data-sasl: | |
a0b92b5f | 29 | - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/ |
72b1baa0 | 30 | - $(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf |
a0b92b5f | 31 | + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/ |
72b1baa0 JR |
32 | + $(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf |
33 | ||
34 | uninstall-data-sasl: | |
35 | - rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf | |
a0b92b5f | 36 | - rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || : |
72b1baa0 | 37 | + rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf |
a0b92b5f | 38 | + rmdir $(DESTDIR)$(sysconfdir)/sasl/ || : |
72b1baa0 JR |
39 | else |
40 | install-data-sasl: | |
41 | uninstall-data-sasl: | |
42 | diff -ru libvirt-0.8.8/daemon/test_libvirtd.aug libvirt-0.8.8-sasl/daemon/test_libvirtd.aug | |
43 | --- libvirt-0.8.8/daemon/test_libvirtd.aug 2011-01-31 02:30:59.000000000 +0100 | |
44 | +++ libvirt-0.8.8-sasl/daemon/test_libvirtd.aug 2011-04-28 11:45:47.697741165 +0200 | |
45 | @@ -108,7 +108,7 @@ | |
46 | # the network providing auth (eg, TLS/x509 certificates) | |
47 | # | |
48 | # - sasl: use SASL infrastructure. The actual auth scheme is then | |
49 | -# controlled from /etc/sasl2/libvirt.conf. For the TCP | |
50 | +# controlled from /etc/sasl/libvirt.conf. For the TCP | |
51 | # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. | |
52 | # For non-TCP or TLS sockets, any scheme is allowed. | |
53 | # | |
54 | @@ -139,7 +139,7 @@ | |
55 | # If you don't enable SASL, then all TCP traffic is cleartext. | |
56 | # Don't do this outside of a dev/test scenario. For real world | |
57 | # use, always enable SASL and use the GSSAPI or DIGEST-MD5 | |
58 | -# mechanism in /etc/sasl2/libvirt.conf | |
59 | +# mechanism in /etc/sasl/libvirt.conf | |
60 | auth_tcp = \"sasl\" | |
61 | ||
62 | # Change the authentication scheme for TLS sockets. | |
63 | @@ -383,7 +383,7 @@ | |
64 | { "#comment" = "the network providing auth (eg, TLS/x509 certificates)" } | |
65 | { "#comment" = "" } | |
66 | { "#comment" = "- sasl: use SASL infrastructure. The actual auth scheme is then" } | |
67 | - { "#comment" = "controlled from /etc/sasl2/libvirt.conf. For the TCP" } | |
68 | + { "#comment" = "controlled from /etc/sasl/libvirt.conf. For the TCP" } | |
69 | { "#comment" = "socket only GSSAPI & DIGEST-MD5 mechanisms will be used." } | |
70 | { "#comment" = "For non-TCP or TLS sockets, any scheme is allowed." } | |
71 | { "#comment" = "" } | |
72 | @@ -414,7 +414,7 @@ | |
73 | { "#comment" = "If you don't enable SASL, then all TCP traffic is cleartext." } | |
74 | { "#comment" = "Don't do this outside of a dev/test scenario. For real world" } | |
75 | { "#comment" = "use, always enable SASL and use the GSSAPI or DIGEST-MD5" } | |
76 | - { "#comment" = "mechanism in /etc/sasl2/libvirt.conf" } | |
77 | + { "#comment" = "mechanism in /etc/sasl/libvirt.conf" } | |
78 | { "auth_tcp" = "sasl" } | |
79 | { "#empty" } | |
80 | { "#comment" = "Change the authentication scheme for TLS sockets." } | |
81 | diff -ru libvirt-0.8.8/docs/auth.html libvirt-0.8.8-sasl/docs/auth.html | |
82 | --- libvirt-0.8.8/docs/auth.html 2011-02-17 05:13:12.000000000 +0100 | |
83 | +++ libvirt-0.8.8-sasl/docs/auth.html 2011-04-28 11:45:43.429741167 +0200 | |
84 | @@ -273,7 +273,7 @@ | |
85 | The plain TCP socket of the libvirt daemon defaults to using SASL for authentication. | |
86 | The SASL mechanism configured by default is DIGEST-MD5, which provides a basic | |
87 | username+password style authentication. To enable Kerberos single-sign-on instead, | |
88 | -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>. | |
89 | +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>. | |
90 | The <code>mech_list</code> parameter must first be changed to <code>gssapi</code> | |
91 | instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX | |
92 | and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos | |
93 | diff -ru libvirt-0.8.8/docs/auth.html.in libvirt-0.8.8-sasl/docs/auth.html.in | |
94 | --- libvirt-0.8.8/docs/auth.html.in 2010-12-20 14:35:22.000000000 +0100 | |
95 | +++ libvirt-0.8.8-sasl/docs/auth.html.in 2011-04-28 11:45:43.586741167 +0200 | |
96 | @@ -115,7 +115,7 @@ | |
97 | The plain TCP socket of the libvirt daemon defaults to using SASL for authentication. | |
98 | The SASL mechanism configured by default is DIGEST-MD5, which provides a basic | |
99 | username+password style authentication. To enable Kerberos single-sign-on instead, | |
100 | -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>. | |
101 | +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>. | |
102 | The <code>mech_list</code> parameter must first be changed to <code>gssapi</code> | |
103 | instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX | |
104 | and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos | |
105 | diff -ru libvirt-0.8.8/libvirt.spec libvirt-0.8.8-sasl/libvirt.spec | |
106 | --- libvirt-0.8.8/libvirt.spec 2011-02-17 05:13:09.000000000 +0100 | |
107 | +++ libvirt-0.8.8-sasl/libvirt.spec 2011-04-28 11:45:43.675741167 +0200 | |
108 | @@ -933,7 +933,7 @@ | |
109 | %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/ | |
110 | ||
111 | %if %{with_sasl} | |
112 | -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf | |
113 | +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf | |
114 | %endif | |
115 | ||
116 | %files devel | |
117 | diff -ru libvirt-0.8.8/libvirt.spec.in libvirt-0.8.8-sasl/libvirt.spec.in | |
118 | --- libvirt-0.8.8/libvirt.spec.in 2011-02-17 05:10:58.000000000 +0100 | |
119 | +++ libvirt-0.8.8-sasl/libvirt.spec.in 2011-04-28 11:45:43.672741167 +0200 | |
120 | @@ -933,7 +933,7 @@ | |
121 | %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/ | |
122 | ||
123 | %if %{with_sasl} | |
124 | -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf | |
125 | +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf | |
126 | %endif | |
127 | ||
128 | %files devel | |
129 | diff -ru libvirt-0.8.8/src/qemu/qemu.conf libvirt-0.8.8-sasl/src/qemu/qemu.conf | |
130 | --- libvirt-0.8.8/src/qemu/qemu.conf 2011-02-16 07:36:53.000000000 +0100 | |
131 | +++ libvirt-0.8.8-sasl/src/qemu/qemu.conf 2011-04-28 11:45:47.091741165 +0200 | |
132 | @@ -74,18 +74,18 @@ | |
133 | # Examples include vinagre, virt-viewer and virt-manager | |
134 | # itself. UltraVNC, RealVNC, TightVNC do not support this | |
135 | # | |
136 | -# It is necessary to configure /etc/sasl2/qemu.conf to choose | |
137 | +# It is necessary to configure /etc/sasl/qemu.conf to choose | |
138 | # the desired SASL plugin (eg, GSSPI for Kerberos) | |
139 | # | |
140 | # vnc_sasl = 1 | |
141 | ||
142 | ||
143 | -# The default SASL configuration file is located in /etc/sasl2/ | |
144 | +# The default SASL configuration file is located in /etc/sasl/ | |
145 | # When running libvirtd unprivileged, it may be desirable to | |
146 | # override the configs in this location. Set this parameter to | |
147 | # point to the directory, and create a qemu.conf in that location | |
148 | # | |
149 | -# vnc_sasl_dir = "/some/directory/sasl2" | |
150 | +# vnc_sasl_dir = "/some/directory/sasl" | |
151 | ||
152 | ||
153 | ||
154 | diff -ru libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug | |
155 | --- libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug 2011-01-31 02:30:59.000000000 +0100 | |
156 | +++ libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug 2011-04-28 11:45:47.103741165 +0200 | |
157 | @@ -67,18 +67,18 @@ | |
158 | # Examples include vinagre, virt-viewer and virt-manager | |
159 | # itself. UltraVNC, RealVNC, TightVNC do not support this | |
160 | # | |
161 | -# It is necessary to configure /etc/sasl2/qemu.conf to choose | |
162 | +# It is necessary to configure /etc/sasl/qemu.conf to choose | |
163 | # the desired SASL plugin (eg, GSSPI for Kerberos) | |
164 | # | |
165 | vnc_sasl = 1 | |
166 | ||
167 | ||
168 | -# The default SASL configuration file is located in /etc/sasl2/ | |
169 | +# The default SASL configuration file is located in /etc/sasl/ | |
170 | # When running libvirtd unprivileged, it may be desirable to | |
171 | # override the configs in this location. Set this parameter to | |
172 | # point to the directory, and create a qemu.conf in that location | |
173 | # | |
174 | -vnc_sasl_dir = \"/some/directory/sasl2\" | |
175 | +vnc_sasl_dir = \"/some/directory/sasl\" | |
176 | ||
177 | security_driver = \"selinux\" | |
178 | ||
179 | @@ -181,18 +181,18 @@ | |
180 | { "#comment" = "Examples include vinagre, virt-viewer and virt-manager" } | |
181 | { "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" } | |
182 | { "#comment" = "" } | |
183 | -{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" } | |
184 | +{ "#comment" = "It is necessary to configure /etc/sasl/qemu.conf to choose" } | |
185 | { "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" } | |
186 | { "#comment" = "" } | |
187 | { "vnc_sasl" = "1" } | |
188 | { "#empty" } | |
189 | { "#empty" } | |
190 | -{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" } | |
191 | +{ "#comment" = "The default SASL configuration file is located in /etc/sasl/" } | |
192 | { "#comment" = "When running libvirtd unprivileged, it may be desirable to" } | |
193 | { "#comment" = "override the configs in this location. Set this parameter to" } | |
194 | { "#comment" = "point to the directory, and create a qemu.conf in that location" } | |
195 | { "#comment" = "" } | |
196 | -{ "vnc_sasl_dir" = "/some/directory/sasl2" } | |
197 | +{ "vnc_sasl_dir" = "/some/directory/sasl" } | |
198 | { "#empty" } | |
199 | { "security_driver" = "selinux" } | |
200 | { "#empty" } | |
201 | diff -ru libvirt-0.8.8/tests/confdata/libvirtd.conf libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf | |
202 | --- libvirt-0.8.8/tests/confdata/libvirtd.conf 2010-05-27 14:03:22.000000000 +0200 | |
203 | +++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf 2011-04-28 11:45:46.878741165 +0200 | |
204 | @@ -102,7 +102,7 @@ | |
205 | # the network providing auth (eg, TLS/x509 certificates) | |
206 | # | |
207 | # - sasl: use SASL infrastructure. The actual auth scheme is then | |
208 | -# controlled from /etc/sasl2/libvirt.conf. For the TCP | |
209 | +# controlled from /etc/sasl/libvirt.conf. For the TCP | |
210 | # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. | |
211 | # For non-TCP or TLS sockets, any scheme is allowed. | |
212 | # | |
213 | @@ -133,7 +133,7 @@ | |
214 | # If you don't enable SASL, then all TCP traffic is cleartext. | |
215 | # Don't do this outside of a dev/test scenario. For real world | |
216 | # use, always enable SASL and use the GSSAPI or DIGEST-MD5 | |
217 | -# mechanism in /etc/sasl2/libvirt.conf | |
218 | +# mechanism in /etc/sasl/libvirt.conf | |
219 | auth_tcp = "sasl" | |
220 | ||
221 | # Change the authentication scheme for TLS sockets. | |
222 | diff -ru libvirt-0.8.8/tests/confdata/libvirtd.out libvirt-0.8.8-sasl/tests/confdata/libvirtd.out | |
223 | --- libvirt-0.8.8/tests/confdata/libvirtd.out 2010-05-27 14:03:22.000000000 +0200 | |
224 | +++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.out 2011-04-28 11:45:46.875741165 +0200 | |
225 | @@ -82,7 +82,7 @@ | |
226 | # the network providing auth (eg, TLS/x509 certificates) | |
227 | # | |
228 | # - sasl: use SASL infrastructure. The actual auth scheme is then | |
229 | -# controlled from /etc/sasl2/libvirt.conf. For the TCP | |
230 | +# controlled from /etc/sasl/libvirt.conf. For the TCP | |
231 | # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. | |
232 | # For non-TCP or TLS sockets, any scheme is allowed. | |
233 | # | |
234 | @@ -111,7 +111,7 @@ | |
235 | # If you don't enable SASL, then all TCP traffic is cleartext. | |
236 | # Don't do this outside of a dev/test scenario. For real world | |
237 | # use, always enable SASL and use the GSSAPI or DIGEST-MD5 | |
238 | -# mechanism in /etc/sasl2/libvirt.conf | |
239 | +# mechanism in /etc/sasl/libvirt.conf | |
240 | auth_tcp = "sasl" | |
241 | # Change the authentication scheme for TLS sockets. | |
242 | # | |
243 | diff -ru libvirt-0.8.8/tests/qemuargv2xmltest.c libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c | |
244 | --- libvirt-0.8.8/tests/qemuargv2xmltest.c 2011-01-24 03:59:21.000000000 +0100 | |
245 | +++ libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c 2011-04-28 11:45:46.964741165 +0200 | |
246 | @@ -181,7 +181,7 @@ | |
247 | DO_TEST("graphics-vnc-socket"); | |
248 | ||
249 | driver.vncSASL = 1; | |
250 | - driver.vncSASLdir = strdup("/root/.sasl2"); | |
251 | + driver.vncSASLdir = strdup("/root/.sasl"); | |
252 | DO_TEST("graphics-vnc-sasl"); | |
253 | driver.vncTLS = 1; | |
254 | driver.vncTLSx509verify = 1; | |
255 | diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args | |
256 | --- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-02-03 15:05:31.000000000 +0100 | |
257 | +++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-04-28 11:45:46.860741165 +0200 | |
258 | @@ -1,5 +1,5 @@ | |
259 | LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \ | |
260 | -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \ | |
261 | +SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \ | |
262 | -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \ | |
263 | /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \ | |
264 | 127.0.0.1:3,sasl -vga cirrus | |
265 | diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args | |
266 | --- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-02-03 15:05:31.000000000 +0100 | |
267 | +++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-04-28 11:45:46.864741165 +0200 | |
268 | @@ -1,5 +1,5 @@ | |
269 | LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \ | |
270 | -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \ | |
271 | +SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \ | |
272 | -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \ | |
273 | /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \ | |
274 | 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl | |
275 | diff -ru libvirt-0.8.8/tests/qemuxml2argvtest.c libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c | |
276 | --- libvirt-0.8.8/tests/qemuxml2argvtest.c 2011-02-11 10:46:59.000000000 +0100 | |
277 | +++ libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c 2011-04-28 11:45:46.767741165 +0200 | |
278 | @@ -335,7 +335,7 @@ | |
279 | DO_TEST("graphics-vnc-socket", 0, false); | |
280 | ||
281 | driver.vncSASL = 1; | |
282 | - driver.vncSASLdir = strdup("/root/.sasl2"); | |
283 | + driver.vncSASLdir = strdup("/root/.sasl"); | |
36a3330a | 284 | DO_TEST("graphics-vnc-sasl", false, QEMU_CAPS_VGA); |
72b1baa0 JR |
285 | driver.vncTLS = 1; |
286 | driver.vncTLSx509verify = 1; |