[packages/libvirt.git] / libvirt-qemu-acl.patch

diff -dur -x '*.orig' -x '*.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu_command.c libvirt-2.1.0/src/qemu/qemu_command.c
--- libvirt-2.1.0.orig/src/qemu/qemu_command.c	2016-08-02 09:10:56.000000000 +0200
+++ libvirt-2.1.0/src/qemu/qemu_command.c	2016-08-17 12:43:29.000000000 +0200
@@ -7521,6 +7521,9 @@
         /* TODO: Support ACLs later */
     }
 
+    if (cfg->vncACL) 
+        virBufferAddLit(&opt, ",acl");
+
     virCommandAddArg(cmd, "-vnc");
     virCommandAddArgBuffer(cmd, &opt);
     if (graphics->data.vnc.keymap)
diff -dur -x '*.orig' -x '*.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu.conf libvirt-2.1.0/src/qemu/qemu.conf
--- libvirt-2.1.0.orig/src/qemu/qemu.conf	2016-08-17 12:30:24.000000000 +0200
+++ libvirt-2.1.0/src/qemu/qemu.conf	2016-08-17 12:37:00.000000000 +0200
@@ -80,6 +80,15 @@
 #vnc_sasl = 1
 
 
+# Enable the VNC access control lists. When switched on this will
+# initially block all vnc users from accessing the vnc server. To
+# add and remove ids from the ACLs you will need to send the appropriate
+# commands to the qemu monitor as required by your particular version of
+# QEMU. See the QEMU documentation for more details.
+# 
+# vnc_acl = 1
+
+
 # The default SASL configuration file is located in /etc/sasl/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
diff -dur -x '*.orig' -x '*.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu_conf.c libvirt-2.1.0/src/qemu/qemu_conf.c
--- libvirt-2.1.0.orig/src/qemu/qemu_conf.c	2016-07-27 14:39:35.000000000 +0200
+++ libvirt-2.1.0/src/qemu/qemu_conf.c	2016-08-17 12:40:28.000000000 +0200
@@ -425,7 +425,8 @@
         goto cleanup;
     if (virConfGetValueBool(conf, "nographics_allow_host_audio", &cfg->nogfxAllowHostAudio) < 0)
         goto cleanup;
-
+    if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
+        goto cleanup;
 
     if (virConfGetValueStringList(conf, "security_driver", true, &cfg->securityDriverNames) < 0)
         goto cleanup;
diff -dur -x '*.orig' -x '*.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu_conf.h libvirt-2.1.0/src/qemu/qemu_conf.h
--- libvirt-2.1.0.orig/src/qemu/qemu_conf.h	2016-07-27 14:39:35.000000000 +0200
+++ libvirt-2.1.0/src/qemu/qemu_conf.h	2016-08-17 12:37:00.000000000 +0200
@@ -113,6 +113,7 @@
     bool vncTLS;
     bool vncTLSx509verify;
     bool vncSASL;
+    bool vncACL;
     char *vncTLSx509certdir;
     char *vncListen;
     char *vncPassword;
Commit	Line	Data
be8dc440 JK	1	diff -dur -x '.orig' -x '.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu_command.c libvirt-2.1.0/src/qemu/qemu_command.c
	2	--- libvirt-2.1.0.orig/src/qemu/qemu_command.c 2016-08-02 09:10:56.000000000 +0200
	3	+++ libvirt-2.1.0/src/qemu/qemu_command.c 2016-08-17 12:43:29.000000000 +0200
	4	@@ -7521,6 +7521,9 @@
	5	/* TODO: Support ACLs later */
	6	}
	7
	8	+ if (cfg->vncACL)
	9	+ virBufferAddLit(&opt, ",acl");
	10	+
	11	virCommandAddArg(cmd, "-vnc");
	12	virCommandAddArgBuffer(cmd, &opt);
	13	if (graphics->data.vnc.keymap)
	14	diff -dur -x '.orig' -x '.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu.conf libvirt-2.1.0/src/qemu/qemu.conf
	15	--- libvirt-2.1.0.orig/src/qemu/qemu.conf 2016-08-17 12:30:24.000000000 +0200
	16	+++ libvirt-2.1.0/src/qemu/qemu.conf 2016-08-17 12:37:00.000000000 +0200
	17	@@ -80,6 +80,15 @@
	18	#vnc_sasl = 1
3f6c4997 JR	19
	20
	21	+# Enable the VNC access control lists. When switched on this will
	22	+# initially block all vnc users from accessing the vnc server. To
	23	+# add and remove ids from the ACLs you will need to send the appropriate
	24	+# commands to the qemu monitor as required by your particular version of
	25	+# QEMU. See the QEMU documentation for more details.
	26	+#
	27	+# vnc_acl = 1
	28	+
	29	+
	30	# The default SASL configuration file is located in /etc/sasl/
	31	# When running libvirtd unprivileged, it may be desirable to
	32	# override the configs in this location. Set this parameter to
be8dc440 JK	33	diff -dur -x '.orig' -x '.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu_conf.c libvirt-2.1.0/src/qemu/qemu_conf.c
	34	--- libvirt-2.1.0.orig/src/qemu/qemu_conf.c 2016-07-27 14:39:35.000000000 +0200
	35	+++ libvirt-2.1.0/src/qemu/qemu_conf.c 2016-08-17 12:40:28.000000000 +0200
	36	@@ -425,7 +425,8 @@
	37	goto cleanup;
	38	if (virConfGetValueBool(conf, "nographics_allow_host_audio", &cfg->nogfxAllowHostAudio) < 0)
	39	goto cleanup;
	40	-
	41	+ if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
	42	+ goto cleanup;
3f6c4997	43
be8dc440 JK	44	if (virConfGetValueStringList(conf, "security_driver", true, &cfg->securityDriverNames) < 0)
	45	goto cleanup;
	46	diff -dur -x '.orig' -x '.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu_conf.h libvirt-2.1.0/src/qemu/qemu_conf.h
	47	--- libvirt-2.1.0.orig/src/qemu/qemu_conf.h 2016-07-27 14:39:35.000000000 +0200
	48	+++ libvirt-2.1.0/src/qemu/qemu_conf.h 2016-08-17 12:37:00.000000000 +0200
	49	@@ -113,6 +113,7 @@
7dbd1599 JB	50	bool vncTLS;
	51	bool vncTLSx509verify;
	52	bool vncSASL;
	53	+ bool vncACL;
3f6c4997 JR	54	char *vncTLSx509certdir;
	55	char *vncListen;
	56	char *vncPassword;