[packages/libvirt.git] / libvirt-qemu-acl.patch

From: Neil Wilson <neil@brightbox.co.uk>
To: libvir-list@redhat.com
Date: Mon, 10 Jan 2011 09:52:56 +0000
Message-ID: <1294653176.3013.16.camel@lenovo-3000-n100>

Hi,

Here's the patch to add basic ACL support to QEMU within libvirt. Like
SASL it's ignored by RHEL5's default qemu. Newer qemu picks it up as
expected and you can manipulate the acls using 'virsh'. 


diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index ba41f80..7ab5eee 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -71,6 +71,15 @@
 # vnc_sasl = 1
 
 
+# Enable the VNC access control lists. When switched on this will
+# initially block all vnc users from accessing the vnc server. To
+# add and remove ids from the ACLs you will need to send the appropriate
+# commands to the qemu monitor as required by your particular version of
+# QEMU. See the QEMU documentation for more details.
+# 
+# vnc_acl = 1
+
+
 # The default SASL configuration file is located in /etc/sasl/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
--- libvirt-1.0.6/src/qemu/qemu_command.c.orig	2013-06-16 15:45:37.115181922 +0200
+++ libvirt-1.0.6/src/qemu/qemu_command.c	2013-06-16 15:47:49.335179175 +0200
@@ -6178,6 +6178,10 @@
 
             /* TODO: Support ACLs later */
         }
+
+        if (cfg->vncACL) 
+           virBufferAddLit(&opt, ",acl");
+
     }
 
     virCommandAddArg(cmd, "-vnc");
--- libvirt-1.1.3/src/qemu/qemu_conf.c.orig	2013-10-22 20:38:43.522043292 +0200
+++ libvirt-1.1.3/src/qemu/qemu_conf.c	2013-10-22 20:45:19.515360007 +0200
@@ -357,6 +357,7 @@
     GET_VALUE_STR("vnc_sasl_dir", cfg->vncSASLdir);
     GET_VALUE_BOOL("vnc_allow_host_audio", cfg->vncAllowHostAudio);
     GET_VALUE_BOOL("nographics_allow_host_audio", cfg->nogfxAllowHostAudio);
+    GET_VALUE_LONG("vnc_acl", cfg->vncACL);
 
     p = virConfGetValue(conf, "security_driver");
     if (p && p->type == VIR_CONF_LIST) {
--- libvirt-1.0.3/src/qemu/qemu_conf.h.orig	2013-03-09 13:10:30.059751685 +0100
+++ libvirt-1.0.3/src/qemu/qemu_conf.h	2013-03-09 13:54:17.296308093 +0100
@@ -102,6 +102,7 @@
     bool vncTLS;
     bool vncTLSx509verify;
     bool vncSASL;
+    bool vncACL;
     char *vncTLSx509certdir;
     char *vncListen;
     char *vncPassword;
Commit	Line	Data
3f6c4997 JR	1	From: Neil Wilson <neil@brightbox.co.uk>
	2	To: libvir-list@redhat.com
	3	Date: Mon, 10 Jan 2011 09:52:56 +0000
	4	Message-ID: <1294653176.3013.16.camel@lenovo-3000-n100>
	5
	6	Hi,
	7
	8	Here's the patch to add basic ACL support to QEMU within libvirt. Like
	9	SASL it's ignored by RHEL5's default qemu. Newer qemu picks it up as
	10	expected and you can manipulate the acls using 'virsh'.
	11
	12
	13	diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
	14	index ba41f80..7ab5eee 100644
	15	--- a/src/qemu/qemu.conf
	16	+++ b/src/qemu/qemu.conf
	17	@@ -71,6 +71,15 @@
	18	# vnc_sasl = 1
	19
	20
	21	+# Enable the VNC access control lists. When switched on this will
	22	+# initially block all vnc users from accessing the vnc server. To
	23	+# add and remove ids from the ACLs you will need to send the appropriate
	24	+# commands to the qemu monitor as required by your particular version of
	25	+# QEMU. See the QEMU documentation for more details.
	26	+#
	27	+# vnc_acl = 1
	28	+
	29	+
	30	# The default SASL configuration file is located in /etc/sasl/
	31	# When running libvirtd unprivileged, it may be desirable to
	32	# override the configs in this location. Set this parameter to
c4db1ab9 JB	33	--- libvirt-1.0.6/src/qemu/qemu_command.c.orig 2013-06-16 15:45:37.115181922 +0200
	34	+++ libvirt-1.0.6/src/qemu/qemu_command.c 2013-06-16 15:47:49.335179175 +0200
	35	@@ -6178,6 +6178,10 @@
3f6c4997	36
c4db1ab9	37	/* TODO: Support ACLs later */
3f6c4997	38	}
c4db1ab9 JB	39	+
	40	+ if (cfg->vncACL)
	41	+ virBufferAddLit(&opt, ",acl");
	42	+
	43	}
3f6c4997	44
c4db1ab9	45	virCommandAddArg(cmd, "-vnc");
49f89de0 JB	46	--- libvirt-1.1.3/src/qemu/qemu_conf.c.orig 2013-10-22 20:38:43.522043292 +0200
	47	+++ libvirt-1.1.3/src/qemu/qemu_conf.c 2013-10-22 20:45:19.515360007 +0200
	48	@@ -357,6 +357,7 @@
7dbd1599 JB	49	GET_VALUE_STR("vnc_sasl_dir", cfg->vncSASLdir);
7dbd1599 JB	50	GET_VALUE_BOOL("vnc_allow_host_audio", cfg->vncAllowHostAudio);
49f89de0	51	GET_VALUE_BOOL("nographics_allow_host_audio", cfg->nogfxAllowHostAudio);
7dbd1599	52	+ GET_VALUE_LONG("vnc_acl", cfg->vncACL);
3f6c4997	53
4ef34a20 JB	54	p = virConfGetValue(conf, "security_driver");
4ef34a20 JB	55	if (p && p->type == VIR_CONF_LIST) {
7dbd1599 JB	56	--- libvirt-1.0.3/src/qemu/qemu_conf.h.orig 2013-03-09 13:10:30.059751685 +0100
	57	+++ libvirt-1.0.3/src/qemu/qemu_conf.h 2013-03-09 13:54:17.296308093 +0100
	58	@@ -102,6 +102,7 @@
	59	bool vncTLS;
	60	bool vncTLSx509verify;
	61	bool vncSASL;
	62	+ bool vncACL;
3f6c4997 JR	63	char *vncTLSx509certdir;
	64	char *vncListen;
	65	char *vncPassword;