This adds a spice_sasl boolean option to qemu.conf to mimic what is
donc for VNC SASL support.
I did not add a spice_sasl_dir option as the corresponding
vnc_sasl_dir option sets a SASL_CONF_DIR environment variable, but
I could not find any reference to that variable in either QEMU or
cyrus-sasl, and Google was not helpful either.
---
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 11 ++++++
src/qemu/qemu_command.c | 2 +
src/qemu/qemu_conf.c | 1 +
src/qemu/qemu_conf.h | 1 +
src/qemu/test_libvirtd_qemu.aug.in | 1 +
.../qemuxml2argv-graphics-spice-sasl.args | 12 ++++++
.../qemuxml2argv-graphics-spice-sasl.xml | 45 ++++++++++++++++++++++
tests/qemuxml2argvtest.c | 6 +++
9 files changed, 80 insertions(+)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.xml
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 32db983..3dc1b43 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -38,6 +38,7 @@ module Libvirtd_qemu =
| bool_entry "spice_tls"
| str_entry "spice_tls_x509_cert_dir"
| str_entry "spice_password"
+ | bool_entry "spice_sasl"
let nogfx_entry = bool_entry "nographics_allow_host_audio"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index bf57b9c..7b128aa 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -140,6 +140,17 @@
#spice_password = "XYZ12345"
+# Enable use of SASL encryption on the SPICE server. This requires
+# a SPICE client which supports the SASL protocol extension.
+# Examples include vinagre, virt-viewer and virt-manager
+# itself.
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#spice_sasl = 1
+
+
# By default, if no graphical front end is configured, libvirt will disable
# QEMU audio output since directly talking to alsa/pulseaudio may not work
# with various security settings. If you know what you're doing, enable
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index abb62e9..ea5cfcb 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7340,6 +7340,8 @@ qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,
* migration algorithm silently. */
virBufferAddLit(&opt, ",seamless-migration=on");
}
+ if (cfg->spiceSASL)
+ virBufferAddLit(&opt, ",sasl");
virCommandAddArg(cmd, "-spice");
virCommandAddArgBuffer(cmd, &opt);
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 44a2296..532b0ff 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -399,6 +399,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
GET_VALUE_STR("spice_tls_x509_cert_dir", cfg->spiceTLSx509certdir);
GET_VALUE_STR("spice_listen", cfg->spiceListen);
GET_VALUE_STR("spice_password", cfg->spicePassword);
+ GET_VALUE_BOOL("spice_sasl", cfg->spiceSASL);
GET_VALUE_LONG("remote_websocket_port_min", cfg->webSocketPortMin);
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index ea3c691..35a2515 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -110,6 +110,7 @@ struct _virQEMUDriverConfig {
char *vncSASLdir;
bool spiceTLS;
+ bool spiceSASL;
char *spiceTLSx509certdir;
char *spiceListen;
char *spicePassword;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 7af3f64..f759db5 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -15,6 +15,7 @@ module Test_libvirtd_qemu =
{ "spice_tls" = "1" }
{ "spice_tls_x509_cert_dir" = "/etc/pki/libvirt-spice" }
{ "spice_password" = "XYZ12345" }
+{ "spice_sasl" = "1" }
{ "nographics_allow_host_audio" = "1" }
{ "remote_display_port_min" = "5900" }
{ "remote_display_port_max" = "65535" }
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args
new file mode 100644
index 0000000..4fe78a5
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args
@@ -0,0 +1,12 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=spice \
+/usr/bin/qemu -S -M pc -m 214 -smp 1 -nodefaults -monitor \
+unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
+/dev/HostVG/QEMUGuest1 -spice port=5903,tls-port=5904,addr=127.0.0.1,\
+x509-dir=/etc/pki/libvirt-spice,tls-channel=default,tls-channel=main,\
+plaintext-channel=inputs,\
+image-compression=auto_glz,jpeg-wan-compression=auto,\
+zlib-glz-wan-compression=auto,\
+playback-compression=on,streaming-video=filter,disable-copy-paste,sasl -vga \
+qxl -global qxl.ram_size=67108864 -global qxl.vram_size=18874368 \
+-device qxl,id=video1,ram_size=67108864,vram_size=33554432,bus=pci.0,addr=0x4 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.xml
new file mode 100644
index 0000000..b22fbcc
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.xml
@@ -0,0 +1,45 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1' defaultMode='secure'>
+ <listen type='address' address='127.0.0.1'/>
+ <channel name='main' mode='secure'/>
+ <channel name='inputs' mode='insecure'/>
+ <image compression='auto_glz'/>
+ <jpeg compression='auto'/>
+ <zlib compression='auto'/>
+ <playback compression='on'/>
+ <streaming mode='filter'/>
+ <clipboard copypaste='no'/>
+ </graphics>
+ <video>
+ <model type='qxl' ram='65536' vram='18432' heads='1'/>
+ </video>
+ <video>
+ <model type='qxl' ram='65536' vram='32768' heads='1'/>
+ </video>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 060acf2..1cdb964 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -685,6 +685,12 @@ mymain(void)
QEMU_CAPS_PCI_MULTIFUNCTION, QEMU_CAPS_USB_HUB,
QEMU_CAPS_ICH9_USB_EHCI1, QEMU_CAPS_USB_REDIR,
QEMU_CAPS_CHARDEV_SPICEVMC);
+ driver.config->spiceSASL = 1;
+ DO_TEST("graphics-spice-sasl",
+ QEMU_CAPS_VGA, QEMU_CAPS_VGA_QXL,
+ QEMU_CAPS_DEVICE, QEMU_CAPS_SPICE,
+ QEMU_CAPS_DEVICE_QXL);
+ driver.config->spiceSASL = 0;
DO_TEST("input-usbmouse", NONE);
DO_TEST("input-usbtablet", NONE);
--
1.8.3.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list