| Age | Commit message (Collapse) | Author |
|---|
|
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Resent with fixed formatting.
This patch adds two new command line options:
-chroot <dir>
-runas <user>
This is useful for running qemu as an unprivileged user in a chroot
jail. To avoid having to populate the jail, chrooting happens right
before the start of guest execution.
Signed-off-by: Nolan Leake <nolan@sigbus.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6652 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
This is needed to dynamically add SLIC tables with Windows
activation keys.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6650 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6623 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6560 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Adds "msmouse" character device, which emulates a serial mouse.
Use it with -serial msmouse.
Signed-Off-By: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6559 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Support all kinds of pci vga cards (including none)
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6557 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Rearrange code, help printout and docs so that they are in the same
(hopefully more logical) order for easier maintenance.
Add help and docs for undocumented options.
Reformat slightly for more consistent help output.
Add comments to encourage better synchronization in the future.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6432 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
After my last patch to fix interrupt coalescing was rejected
on the basis that it is too intrusive we decided to make the
fix much more localized and only fix the problem for RTC time
source. Unfortunately it is impossible to fix the problem entirely
inside RTC code like Andrzej proposed since Windows reads RTC
register C more then once on each time interrupt so it is impossible
to count reliably how many interrupt windows actually handled.
Proposed solution is localized to I386 target and is disabled by
default. To enable it "-rtc-td-hack" flag should be used.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6320 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6259 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6230 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6229 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Allow the user to supply a vlan client name on the command line.
This is probably only useful for management tools so that they can
use their own names rather than parsing the output of 'info network'.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6220 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Windows calculates HW "uniqueness" based on a hard drive serial number
among other things. The patch allows to specify drive serial number
from a command line.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6214 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6129 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6128 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6039 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
The TSC2102 chip is not included in documentation because a patch is
pending.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6038 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
(Chris Webb)
This allows easier use of the change vnc password monitor command from
management scripts, without having to implement expect(1)-like behaviour.
Signed-off-by: Chris Webb <chris@arachsys.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5967 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
qcow2 writes a cluster reference count on every cluster update. This causes
performance to crater when using anything but cache=writeback. This is most
noticeable when using savevm. Right now, qcow2 isn't a reliable format
regardless of the type of cache your using because metadata is not updated in
the correct order. Considering this, I think it's somewhat reasonable to use
writeback caching by default with qcow2 files.
It at least avoids the massive performance regression for users until we sort
out the issues in qcow2.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5879 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Virtio-blk is a paravirtual block device based on VirtIO. It can be used by
specifying the if=virtio parameter to the -drive parameter.
When using -enable-kvm, it can achieve very good performance compared to IDE or
SCSI.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5870 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5867 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Minor fixes of spelling and grammar in comments and documentation
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5835 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Addresses comments from Jamie Lokier.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5807 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
From Guido Günther, through the Debian BTS.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5806 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5654 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5544 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
This patch changes the cache= option to accept none, writeback, or writethough
to control the host page cache behavior. By default, writethrough caching is
now used which internally is implemented by using O_DSYNC to open the disk
images. When using -snapshot, writeback is used by default since data integrity
it not at all an issue.
cache=none has the same behavior as cache=off previously. The later syntax is
still supported by now deprecated. I also cleaned up the O_DIRECT
implementation to avoid many of the #ifdefs.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5485 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5418 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5383 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Instead of having (current)three command line switches -std-vga,
-cirrusvga and -vmwarevga, provide one -vga switch which takes
an argument, so that:
qemu -std-vga becomes qemu -vga std
qemu -cirrusvga becomes qemu -vga cirrus
qemu -vmwarevga becomes qemu -vga vmware
Update documentation accordingly.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5335 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
(fix CVE-2008-1945)
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5059 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4965 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4923 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4896 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4884 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4838 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4829 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4800 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4799 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4796 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Instead of having separate option for each card and driver use
--audio-drv-list and --audio-card-list options.
Under Linux it allows to set the default(first probed) driver
to something other than OSS.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4792 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Hopefully someday will be merged with cs4231.c (SPARC version)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4741 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4490 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4417 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
This patch allows the qemu backend debugger to single step an
instruction without running the hardware interrupts.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4391 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4371 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
(Gildas Le Nadan)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4333 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
It is possible for a guest with a raw formatted disk image to write a
header to that disk image describing another format (such as qcow2).
Stopping and subsequent restart of the guest will cause qemu to detect
that format, and could allow the guest to read any host file if qemu is
sufficiently privileged (typical in virt environments).
The patch defaults to existing behaviour (probing based on file contents),
so it still requires the mgmt app (e.g. libvirt xml) to pass a new
"format=raw" parameter for raw disk images.
Originally noted by Avi Kivity, patch from Chris Wright.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4277 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Anthony Liguori.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4265 c046a42c-6fe2-441c-8c8c-71466251a162
|
