[packages/libvirt.git] / libvirt-qemu-acl.patch

diff -urNp -x '*.orig' libvirt-8.4.0.org/src/qemu/qemu.conf.in libvirt-8.4.0/src/qemu/qemu.conf.in
--- libvirt-8.4.0.org/src/qemu/qemu.conf.in	2022-06-19 22:15:27.653173791 +0200
+++ libvirt-8.4.0/src/qemu/qemu.conf.in	2022-06-19 22:15:28.366510311 +0200
@@ -147,6 +147,15 @@
 #vnc_sasl = 1
 
 
+# Enable the VNC access control lists. When switched on this will
+# initially block all vnc users from accessing the vnc server. To
+# add and remove ids from the ACLs you will need to send the appropriate
+# commands to the qemu monitor as required by your particular version of
+# QEMU. See the QEMU documentation for more details.
+#
+# vnc_acl = 1
+
+
 # The default SASL configuration file is located in /etc/sasl/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
diff -urNp -x '*.orig' libvirt-8.4.0.org/src/qemu/qemu_command.c libvirt-8.4.0/src/qemu/qemu_command.c
--- libvirt-8.4.0.org/src/qemu/qemu_command.c	2022-06-01 09:28:24.000000000 +0200
+++ libvirt-8.4.0/src/qemu/qemu_command.c	2022-06-19 22:15:28.366510311 +0200
@@ -8333,6 +8333,9 @@ qemuBuildGraphicsVNCCommandLine(virQEMUD
         virBufferAsprintf(&opt, ",audiodev=%s", audioid);
     }
 
+    if (cfg->vncACL)
+	    virBufferAddLit(&opt, ",acl");
+
     virCommandAddArg(cmd, "-vnc");
     virCommandAddArgBuffer(cmd, &opt);
     if (graphics->data.vnc.keymap)
diff -urNp -x '*.orig' libvirt-8.4.0.org/src/qemu/qemu_conf.c libvirt-8.4.0/src/qemu/qemu_conf.c
--- libvirt-8.4.0.org/src/qemu/qemu_conf.c	2022-06-01 09:28:24.000000000 +0200
+++ libvirt-8.4.0/src/qemu/qemu_conf.c	2022-06-19 22:15:28.366510311 +0200
@@ -439,6 +439,8 @@ virQEMUDriverConfigLoadVNCEntry(virQEMUD
         return -1;
     if (virConfGetValueBool(conf, "vnc_allow_host_audio", &cfg->vncAllowHostAudio) < 0)
         return -1;
+    if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
+	return -1;
 
     if (cfg->vncPassword &&
         strlen(cfg->vncPassword) > 8) {
diff -urNp -x '*.orig' libvirt-8.4.0.org/src/qemu/qemu_conf.h libvirt-8.4.0/src/qemu/qemu_conf.h
--- libvirt-8.4.0.org/src/qemu/qemu_conf.h	2022-06-01 09:28:24.000000000 +0200
+++ libvirt-8.4.0/src/qemu/qemu_conf.h	2022-06-19 22:15:28.366510311 +0200
@@ -114,6 +114,7 @@ struct _virQEMUDriverConfig {
     bool vncTLSx509verify;
     bool vncTLSx509verifyPresent;
     bool vncSASL;
+    bool vncACL;
     char *vncTLSx509certdir;
     char *vncTLSx509secretUUID;
     char *vncListen;
Commit	Line	Data
927caa3c JR	1	diff -urNp -x '*.orig' libvirt-8.4.0.org/src/qemu/qemu.conf.in libvirt-8.4.0/src/qemu/qemu.conf.in
	2	--- libvirt-8.4.0.org/src/qemu/qemu.conf.in 2022-06-19 22:15:27.653173791 +0200
	3	+++ libvirt-8.4.0/src/qemu/qemu.conf.in 2022-06-19 22:15:28.366510311 +0200
	4	@@ -147,6 +147,15 @@
	5	#vnc_sasl = 1
	6
	7
	8	+# Enable the VNC access control lists. When switched on this will
	9	+# initially block all vnc users from accessing the vnc server. To
	10	+# add and remove ids from the ACLs you will need to send the appropriate
	11	+# commands to the qemu monitor as required by your particular version of
	12	+# QEMU. See the QEMU documentation for more details.
	13	+#
	14	+# vnc_acl = 1
	15	+
	16	+
	17	# The default SASL configuration file is located in /etc/sasl/
	18	# When running libvirtd unprivileged, it may be desirable to
	19	# override the configs in this location. Set this parameter to
	20	diff -urNp -x '*.orig' libvirt-8.4.0.org/src/qemu/qemu_command.c libvirt-8.4.0/src/qemu/qemu_command.c
	21	--- libvirt-8.4.0.org/src/qemu/qemu_command.c 2022-06-01 09:28:24.000000000 +0200
	22	+++ libvirt-8.4.0/src/qemu/qemu_command.c 2022-06-19 22:15:28.366510311 +0200
	23	@@ -8333,6 +8333,9 @@ qemuBuildGraphicsVNCCommandLine(virQEMUD
	24	virBufferAsprintf(&opt, ",audiodev=%s", audioid);
be8dc440 JK	25	}
be8dc440 JK	26
875b1e77 KM	27	+ if (cfg->vncACL)
875b1e77 KM	28	+ virBufferAddLit(&opt, ",acl");
be8dc440 JK	29	+
	30	virCommandAddArg(cmd, "-vnc");
	31	virCommandAddArgBuffer(cmd, &opt);
	32	if (graphics->data.vnc.keymap)
927caa3c JR	33	diff -urNp -x '*.orig' libvirt-8.4.0.org/src/qemu/qemu_conf.c libvirt-8.4.0/src/qemu/qemu_conf.c
	34	--- libvirt-8.4.0.org/src/qemu/qemu_conf.c 2022-06-01 09:28:24.000000000 +0200
	35	+++ libvirt-8.4.0/src/qemu/qemu_conf.c 2022-06-19 22:15:28.366510311 +0200
	36	@@ -439,6 +439,8 @@ virQEMUDriverConfigLoadVNCEntry(virQEMUD
875b1e77 KM	37	return -1;
	38	if (virConfGetValueBool(conf, "vnc_allow_host_audio", &cfg->vncAllowHostAudio) < 0)
	39	return -1;
	40	+ if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
	41	+ return -1;
	42
927caa3c JR	43	if (cfg->vncPassword &&
	44	strlen(cfg->vncPassword) > 8) {
	45	diff -urNp -x '*.orig' libvirt-8.4.0.org/src/qemu/qemu_conf.h libvirt-8.4.0/src/qemu/qemu_conf.h
	46	--- libvirt-8.4.0.org/src/qemu/qemu_conf.h 2022-06-01 09:28:24.000000000 +0200
	47	+++ libvirt-8.4.0/src/qemu/qemu_conf.h 2022-06-19 22:15:28.366510311 +0200
	48	@@ -114,6 +114,7 @@ struct _virQEMUDriverConfig {
875b1e77 KM	49	bool vncTLSx509verify;
	50	bool vncTLSx509verifyPresent;
	51	bool vncSASL;
	52	+ bool vncACL;
	53	char *vncTLSx509certdir;
	54	char *vncTLSx509secretUUID;
	55	char *vncListen;