1 diff -ru libvirt-0.8.8/daemon/libvirtd.conf libvirt-0.8.8-sasl/daemon/libvirtd.conf
2 --- libvirt-0.8.8/daemon/libvirtd.conf 2010-12-20 14:35:22.000000000 +0100
3 +++ libvirt-0.8.8-sasl/daemon/libvirtd.conf 2011-04-28 11:45:47.727741165 +0200
5 # the network providing auth (eg, TLS/x509 certificates)
7 # - sasl: use SASL infrastructure. The actual auth scheme is then
8 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
9 +# controlled from /etc/sasl/libvirt.conf. For the TCP
10 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
11 # For non-TCP or TLS sockets, any scheme is allowed.
14 # If you don't enable SASL, then all TCP traffic is cleartext.
15 # Don't do this outside of a dev/test scenario. For real world
16 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
17 -# mechanism in /etc/sasl2/libvirt.conf
18 +# mechanism in /etc/sasl/libvirt.conf
21 # Change the authentication scheme for TLS sockets.
22 diff -ru libvirt-0.8.8/daemon/Makefile.am libvirt-0.8.8-sasl/daemon/Makefile.am
23 --- libvirt-0.8.8/daemon/Makefile.am 2011-01-31 02:30:59.000000000 +0100
24 +++ libvirt-0.8.8-sasl/daemon/Makefile.am 2011-04-28 11:45:47.703741165 +0200
26 # the WITH_LIBVIRTD conditional
29 - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
30 - $(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
31 + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
32 + $(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
35 - rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
36 - rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
37 + rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
38 + rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
42 diff -ru libvirt-0.8.8/daemon/test_libvirtd.aug libvirt-0.8.8-sasl/daemon/test_libvirtd.aug
43 --- libvirt-0.8.8/daemon/test_libvirtd.aug 2011-01-31 02:30:59.000000000 +0100
44 +++ libvirt-0.8.8-sasl/daemon/test_libvirtd.aug 2011-04-28 11:45:47.697741165 +0200
46 # the network providing auth (eg, TLS/x509 certificates)
48 # - sasl: use SASL infrastructure. The actual auth scheme is then
49 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
50 +# controlled from /etc/sasl/libvirt.conf. For the TCP
51 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
52 # For non-TCP or TLS sockets, any scheme is allowed.
55 # If you don't enable SASL, then all TCP traffic is cleartext.
56 # Don't do this outside of a dev/test scenario. For real world
57 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
58 -# mechanism in /etc/sasl2/libvirt.conf
59 +# mechanism in /etc/sasl/libvirt.conf
62 # Change the authentication scheme for TLS sockets.
64 { "#comment" = "the network providing auth (eg, TLS/x509 certificates)" }
66 { "#comment" = "- sasl: use SASL infrastructure. The actual auth scheme is then" }
67 - { "#comment" = "controlled from /etc/sasl2/libvirt.conf. For the TCP" }
68 + { "#comment" = "controlled from /etc/sasl/libvirt.conf. For the TCP" }
69 { "#comment" = "socket only GSSAPI & DIGEST-MD5 mechanisms will be used." }
70 { "#comment" = "For non-TCP or TLS sockets, any scheme is allowed." }
73 { "#comment" = "If you don't enable SASL, then all TCP traffic is cleartext." }
74 { "#comment" = "Don't do this outside of a dev/test scenario. For real world" }
75 { "#comment" = "use, always enable SASL and use the GSSAPI or DIGEST-MD5" }
76 - { "#comment" = "mechanism in /etc/sasl2/libvirt.conf" }
77 + { "#comment" = "mechanism in /etc/sasl/libvirt.conf" }
78 { "auth_tcp" = "sasl" }
80 { "#comment" = "Change the authentication scheme for TLS sockets." }
81 diff -ru libvirt-0.8.8/docs/auth.html libvirt-0.8.8-sasl/docs/auth.html
82 --- libvirt-0.8.8/docs/auth.html 2011-02-17 05:13:12.000000000 +0100
83 +++ libvirt-0.8.8-sasl/docs/auth.html 2011-04-28 11:45:43.429741167 +0200
85 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
86 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
87 username+password style authentication. To enable Kerberos single-sign-on instead,
88 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
89 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
90 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
91 instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
92 and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
93 diff -ru libvirt-0.8.8/docs/auth.html.in libvirt-0.8.8-sasl/docs/auth.html.in
94 --- libvirt-0.8.8/docs/auth.html.in 2010-12-20 14:35:22.000000000 +0100
95 +++ libvirt-0.8.8-sasl/docs/auth.html.in 2011-04-28 11:45:43.586741167 +0200
97 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
98 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
99 username+password style authentication. To enable Kerberos single-sign-on instead,
100 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
101 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
102 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
103 instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
104 and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
105 diff -ru libvirt-0.8.8/libvirt.spec libvirt-0.8.8-sasl/libvirt.spec
106 --- libvirt-0.8.8/libvirt.spec 2011-02-17 05:13:09.000000000 +0100
107 +++ libvirt-0.8.8-sasl/libvirt.spec 2011-04-28 11:45:43.675741167 +0200
109 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
112 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
113 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
117 diff -ru libvirt-0.8.8/libvirt.spec.in libvirt-0.8.8-sasl/libvirt.spec.in
118 --- libvirt-0.8.8/libvirt.spec.in 2011-02-17 05:10:58.000000000 +0100
119 +++ libvirt-0.8.8-sasl/libvirt.spec.in 2011-04-28 11:45:43.672741167 +0200
121 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
124 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
125 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
129 diff -ru libvirt-0.8.8/src/qemu/qemu.conf libvirt-0.8.8-sasl/src/qemu/qemu.conf
130 --- libvirt-0.8.8/src/qemu/qemu.conf 2011-02-16 07:36:53.000000000 +0100
131 +++ libvirt-0.8.8-sasl/src/qemu/qemu.conf 2011-04-28 11:45:47.091741165 +0200
133 # Examples include vinagre, virt-viewer and virt-manager
134 # itself. UltraVNC, RealVNC, TightVNC do not support this
136 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
137 +# It is necessary to configure /etc/sasl/qemu.conf to choose
138 # the desired SASL plugin (eg, GSSPI for Kerberos)
143 -# The default SASL configuration file is located in /etc/sasl2/
144 +# The default SASL configuration file is located in /etc/sasl/
145 # When running libvirtd unprivileged, it may be desirable to
146 # override the configs in this location. Set this parameter to
147 # point to the directory, and create a qemu.conf in that location
149 -# vnc_sasl_dir = "/some/directory/sasl2"
150 +# vnc_sasl_dir = "/some/directory/sasl"
154 diff -ru libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug
155 --- libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug 2011-01-31 02:30:59.000000000 +0100
156 +++ libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug 2011-04-28 11:45:47.103741165 +0200
158 # Examples include vinagre, virt-viewer and virt-manager
159 # itself. UltraVNC, RealVNC, TightVNC do not support this
161 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
162 +# It is necessary to configure /etc/sasl/qemu.conf to choose
163 # the desired SASL plugin (eg, GSSPI for Kerberos)
168 -# The default SASL configuration file is located in /etc/sasl2/
169 +# The default SASL configuration file is located in /etc/sasl/
170 # When running libvirtd unprivileged, it may be desirable to
171 # override the configs in this location. Set this parameter to
172 # point to the directory, and create a qemu.conf in that location
174 -vnc_sasl_dir = \"/some/directory/sasl2\"
175 +vnc_sasl_dir = \"/some/directory/sasl\"
177 security_driver = \"selinux\"
179 @@ -181,18 +181,18 @@
180 { "#comment" = "Examples include vinagre, virt-viewer and virt-manager" }
181 { "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" }
183 -{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" }
184 +{ "#comment" = "It is necessary to configure /etc/sasl/qemu.conf to choose" }
185 { "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" }
190 -{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" }
191 +{ "#comment" = "The default SASL configuration file is located in /etc/sasl/" }
192 { "#comment" = "When running libvirtd unprivileged, it may be desirable to" }
193 { "#comment" = "override the configs in this location. Set this parameter to" }
194 { "#comment" = "point to the directory, and create a qemu.conf in that location" }
196 -{ "vnc_sasl_dir" = "/some/directory/sasl2" }
197 +{ "vnc_sasl_dir" = "/some/directory/sasl" }
199 { "security_driver" = "selinux" }
201 diff -ru libvirt-0.8.8/tests/confdata/libvirtd.conf libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf
202 --- libvirt-0.8.8/tests/confdata/libvirtd.conf 2010-05-27 14:03:22.000000000 +0200
203 +++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf 2011-04-28 11:45:46.878741165 +0200
205 # the network providing auth (eg, TLS/x509 certificates)
207 # - sasl: use SASL infrastructure. The actual auth scheme is then
208 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
209 +# controlled from /etc/sasl/libvirt.conf. For the TCP
210 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
211 # For non-TCP or TLS sockets, any scheme is allowed.
214 # If you don't enable SASL, then all TCP traffic is cleartext.
215 # Don't do this outside of a dev/test scenario. For real world
216 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
217 -# mechanism in /etc/sasl2/libvirt.conf
218 +# mechanism in /etc/sasl/libvirt.conf
221 # Change the authentication scheme for TLS sockets.
222 diff -ru libvirt-0.8.8/tests/confdata/libvirtd.out libvirt-0.8.8-sasl/tests/confdata/libvirtd.out
223 --- libvirt-0.8.8/tests/confdata/libvirtd.out 2010-05-27 14:03:22.000000000 +0200
224 +++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.out 2011-04-28 11:45:46.875741165 +0200
226 # the network providing auth (eg, TLS/x509 certificates)
228 # - sasl: use SASL infrastructure. The actual auth scheme is then
229 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
230 +# controlled from /etc/sasl/libvirt.conf. For the TCP
231 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
232 # For non-TCP or TLS sockets, any scheme is allowed.
235 # If you don't enable SASL, then all TCP traffic is cleartext.
236 # Don't do this outside of a dev/test scenario. For real world
237 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
238 -# mechanism in /etc/sasl2/libvirt.conf
239 +# mechanism in /etc/sasl/libvirt.conf
241 # Change the authentication scheme for TLS sockets.
243 diff -ru libvirt-0.8.8/tests/qemuargv2xmltest.c libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c
244 --- libvirt-0.8.8/tests/qemuargv2xmltest.c 2011-01-24 03:59:21.000000000 +0100
245 +++ libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c 2011-04-28 11:45:46.964741165 +0200
247 DO_TEST("graphics-vnc-socket");
250 - driver.vncSASLdir = strdup("/root/.sasl2");
251 + driver.vncSASLdir = strdup("/root/.sasl");
252 DO_TEST("graphics-vnc-sasl");
254 driver.vncTLSx509verify = 1;
255 diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
256 --- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-02-03 15:05:31.000000000 +0100
257 +++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-04-28 11:45:46.860741165 +0200
259 LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
260 -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
261 +SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
262 -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
263 /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
264 127.0.0.1:3,sasl -vga cirrus
265 diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
266 --- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-02-03 15:05:31.000000000 +0100
267 +++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-04-28 11:45:46.864741165 +0200
269 LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
270 -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
271 +SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
272 -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
273 /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
274 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
275 diff -ru libvirt-0.8.8/tests/qemuxml2argvtest.c libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c
276 --- libvirt-0.8.8/tests/qemuxml2argvtest.c 2011-02-11 10:46:59.000000000 +0100
277 +++ libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c 2011-04-28 11:45:46.767741165 +0200
279 DO_TEST("graphics-vnc-socket", 0, false);
282 - driver.vncSASLdir = strdup("/root/.sasl2");
283 + driver.vncSASLdir = strdup("/root/.sasl");
284 DO_TEST("graphics-vnc-sasl", false, QEMU_CAPS_VGA);
286 driver.vncTLSx509verify = 1;