1 diff -ru libvirt-0.8.8/daemon/libvirtd.conf libvirt-0.8.8-sasl/daemon/libvirtd.conf
2 --- libvirt-0.8.8/daemon/libvirtd.conf 2010-12-20 14:35:22.000000000 +0100
3 +++ libvirt-0.8.8-sasl/daemon/libvirtd.conf 2011-04-28 11:45:47.727741165 +0200
5 # the network providing auth (eg, TLS/x509 certificates)
7 # - sasl: use SASL infrastructure. The actual auth scheme is then
8 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
9 +# controlled from /etc/sasl/libvirt.conf. For the TCP
10 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
11 # For non-TCP or TLS sockets, any scheme is allowed.
14 # If you don't enable SASL, then all TCP traffic is cleartext.
15 # Don't do this outside of a dev/test scenario. For real world
16 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
17 -# mechanism in /etc/sasl2/libvirt.conf
18 +# mechanism in /etc/sasl/libvirt.conf
21 # Change the authentication scheme for TLS sockets.
22 diff -ru libvirt-1.1.1/daemon/Makefile.am libvirt-1.1.1-sasl/daemon/Makefile.am
23 --- libvirt-1.1.1/daemon/Makefile.am.orig 2013-07-30 10:17:30.238116337 +0000
24 +++ libvirt-1.1.1/daemon/Makefile.am 2013-07-30 10:20:08.281117006 +0000
26 # the WITH_LIBVIRTD conditional
29 - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
30 + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
31 $(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
32 - $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
33 + $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
36 - rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
37 - rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
38 + rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
39 + rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
43 diff -ru libvirt-0.8.8/daemon/test_libvirtd.aug libvirt-0.8.8-sasl/daemon/test_libvirtd.aug
44 diff -ru libvirt-0.8.8/docs/auth.html libvirt-0.8.8-sasl/docs/auth.html
45 --- libvirt-0.8.8/docs/auth.html 2011-02-17 05:13:12.000000000 +0100
46 +++ libvirt-0.8.8-sasl/docs/auth.html 2011-04-28 11:45:43.429741167 +0200
48 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
49 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
50 username+password style authentication. To enable Kerberos single-sign-on instead,
51 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
52 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
53 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
54 instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
55 and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
56 diff -ru libvirt-0.8.8/docs/auth.html.in libvirt-0.8.8-sasl/docs/auth.html.in
57 --- libvirt-0.8.8/docs/auth.html.in 2010-12-20 14:35:22.000000000 +0100
58 +++ libvirt-0.8.8-sasl/docs/auth.html.in 2011-04-28 11:45:43.586741167 +0200
60 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
61 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
62 username+password style authentication. To enable Kerberos single-sign-on instead,
63 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
64 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
65 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
66 instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
67 and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
68 diff -ru libvirt-0.8.8/libvirt.spec libvirt-0.8.8-sasl/libvirt.spec
69 --- libvirt-0.8.8/libvirt.spec 2011-02-17 05:13:09.000000000 +0100
70 +++ libvirt-0.8.8-sasl/libvirt.spec 2011-04-28 11:45:43.675741167 +0200
72 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
75 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
76 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
80 diff -ru libvirt-0.8.8/libvirt.spec.in libvirt-0.8.8-sasl/libvirt.spec.in
81 --- libvirt-0.8.8/libvirt.spec.in 2011-02-17 05:10:58.000000000 +0100
82 +++ libvirt-0.8.8-sasl/libvirt.spec.in 2011-04-28 11:45:43.672741167 +0200
84 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
87 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
88 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
92 --- libvirt-0.9.13/src/qemu/qemu.conf.orig 2012-05-31 16:23:22.000000000 +0200
93 +++ libvirt-0.9.13/src/qemu/qemu.conf 2012-07-08 11:37:16.366378718 +0200
95 # Examples include vinagre, virt-viewer and virt-manager
96 # itself. UltraVNC, RealVNC, TightVNC do not support this
98 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
99 +# It is necessary to configure /etc/sasl/qemu.conf to choose
100 # the desired SASL plugin (eg, GSSPI for Kerberos)
105 -# The default SASL configuration file is located in /etc/sasl2/
106 +# The default SASL configuration file is located in /etc/sasl/
107 # When running libvirtd unprivileged, it may be desirable to
108 # override the configs in this location. Set this parameter to
109 # point to the directory, and create a qemu.conf in that location
111 -#vnc_sasl_dir = "/some/directory/sasl2"
112 +#vnc_sasl_dir = "/some/directory/sasl"
115 # QEMU implements an extension for providing audio over a VNC connection,
116 diff -ru libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug
117 diff -ru libvirt-0.8.8/tests/confdata/libvirtd.conf libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf
118 --- libvirt-0.8.8/tests/confdata/libvirtd.conf 2010-05-27 14:03:22.000000000 +0200
119 +++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf 2011-04-28 11:45:46.878741165 +0200
121 # the network providing auth (eg, TLS/x509 certificates)
123 # - sasl: use SASL infrastructure. The actual auth scheme is then
124 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
125 +# controlled from /etc/sasl/libvirt.conf. For the TCP
126 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
127 # For non-TCP or TLS sockets, any scheme is allowed.
130 # If you don't enable SASL, then all TCP traffic is cleartext.
131 # Don't do this outside of a dev/test scenario. For real world
132 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
133 -# mechanism in /etc/sasl2/libvirt.conf
134 +# mechanism in /etc/sasl/libvirt.conf
137 # Change the authentication scheme for TLS sockets.
138 diff -ru libvirt-0.8.8/tests/confdata/libvirtd.out libvirt-0.8.8-sasl/tests/confdata/libvirtd.out
139 --- libvirt-0.8.8/tests/confdata/libvirtd.out 2010-05-27 14:03:22.000000000 +0200
140 +++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.out 2011-04-28 11:45:46.875741165 +0200
142 # the network providing auth (eg, TLS/x509 certificates)
144 # - sasl: use SASL infrastructure. The actual auth scheme is then
145 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
146 +# controlled from /etc/sasl/libvirt.conf. For the TCP
147 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
148 # For non-TCP or TLS sockets, any scheme is allowed.
151 # If you don't enable SASL, then all TCP traffic is cleartext.
152 # Don't do this outside of a dev/test scenario. For real world
153 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
154 -# mechanism in /etc/sasl2/libvirt.conf
155 +# mechanism in /etc/sasl/libvirt.conf
157 # Change the authentication scheme for TLS sockets.
159 diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
160 --- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-02-03 15:05:31.000000000 +0100
161 +++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-04-28 11:45:46.860741165 +0200
163 LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
164 -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
165 +SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
166 -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
167 /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -vnc \
168 127.0.0.1:3,sasl -vga cirrus
169 diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
170 --- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-02-03 15:05:31.000000000 +0100
171 +++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-04-28 11:45:46.864741165 +0200
173 LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
174 -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
175 +SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
176 -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
177 /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -vnc \
178 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
179 --- libvirt-1.0.6/tests/qemuxml2argvtest.c.orig 2013-06-16 15:44:25.855183409 +0200
180 +++ libvirt-1.0.6/tests/qemuxml2argvtest.c 2013-06-16 15:45:12.908515760 +0200
183 driver.config->vncSASL = 1;
184 VIR_FREE(driver.config->vncSASLdir);
185 - ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl2"));
186 + ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl"));
187 DO_TEST("graphics-vnc-sasl", QEMU_CAPS_VNC, QEMU_CAPS_VGA);
188 driver.config->vncTLS = 1;
189 driver.config->vncTLSx509verify = 1;