]> TLD Linux GIT Repositories - packages/libvirt.git/blob - libvirt-sasl.patch
TLD / packages / libvirt.git / blob
? search:


d23a77027af33bc8fa780687454a9639fe2dcdfd
[packages/libvirt.git] / libvirt-sasl.patch
1 diff -ur libvirt-5.5.0.orig/docs/auth.html libvirt-5.5.0/docs/auth.html
2 --- libvirt-5.5.0.orig/docs/auth.html   2019-07-14 19:23:33.979000000 +0200
3 +++ libvirt-5.5.0/docs/auth.html        2019-07-14 19:23:54.564000000 +0200
4 @@ -318,7 +318,7 @@
5          <p>
6  Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
7  config change is rquired to enable plain password auth. This is done by
8 -editting <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code>
9 +editting <code>/etc/sasl/libvirt.conf</code> to set the <code>mech_list</code>
10  parameter to <code>scram-sha-1</code>.
11      </p>
12          <p>
13 diff -ur libvirt-5.5.0.orig/docs/auth.html.in libvirt-5.5.0/docs/auth.html.in
14 --- libvirt-5.5.0.orig/docs/auth.html.in        2019-07-14 19:23:33.991000000 +0200
15 +++ libvirt-5.5.0/docs/auth.html.in     2019-07-14 19:23:54.564000000 +0200
16 @@ -277,7 +277,7 @@
17      <p>
18  Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
19  config change is rquired to enable plain password auth. This is done by
20 -editting <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code>
21 +editting <code>/etc/sasl/libvirt.conf</code> to set the <code>mech_list</code>
22  parameter to <code>scram-sha-1</code>.
23      </p>
24      <p>
25 diff -ur libvirt-5.5.0.orig/src/Makefile.in libvirt-5.5.0/src/Makefile.in
26 --- libvirt-5.5.0.orig/src/Makefile.in  2019-07-14 19:23:33.798000000 +0200
27 +++ libvirt-5.5.0/src/Makefile.in       2019-07-14 19:23:54.566000000 +0200
28 @@ -6723,7 +6723,7 @@
29  
30  # This is needed for clients too, so can't wrap in
31  # the WITH_LIBVIRTD conditional
32 -@WITH_SASL_TRUE@sasldir = $(sysconfdir)/sasl2
33 +@WITH_SASL_TRUE@sasldir = $(sysconfdir)/sasl
34  THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD)
35  SECDRIVER_CFLAGS = $(am__append_191) $(am__append_193)
36  SECDRIVER_LIBS = $(am__append_192) $(am__append_194)
37 diff -ur libvirt-5.5.0.orig/src/qemu/qemu.conf libvirt-5.5.0/src/qemu/qemu.conf
38 --- libvirt-5.5.0.orig/src/qemu/qemu.conf       2019-07-14 19:23:33.825000000 +0200
39 +++ libvirt-5.5.0/src/qemu/qemu.conf    2019-07-14 19:23:54.566000000 +0200
40 @@ -135,18 +135,18 @@
41  # Examples include vinagre, virt-viewer and virt-manager
42  # itself. UltraVNC, RealVNC, TightVNC do not support this
43  #
44 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
45 +# It is necessary to configure /etc/sasl/qemu.conf to choose
46  # the desired SASL plugin (eg, GSSPI for Kerberos)
47  #
48  #vnc_sasl = 1
49  
50  
51 -# The default SASL configuration file is located in /etc/sasl2/
52 +# The default SASL configuration file is located in /etc/sasl/
53  # When running libvirtd unprivileged, it may be desirable to
54  # override the configs in this location. Set this parameter to
55  # point to the directory, and create a qemu.conf in that location
56  #
57 -#vnc_sasl_dir = "/some/directory/sasl2"
58 +#vnc_sasl_dir = "/some/directory/sasl"
59  
60  
61  # QEMU implements an extension for providing audio over a VNC connection,
62 @@ -211,17 +211,17 @@
63  # Enable use of SASL encryption on the SPICE server. This requires
64  # a SPICE client which supports the SASL protocol extension.
65  #
66 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
67 +# It is necessary to configure /etc/sasl/qemu.conf to choose
68  # the desired SASL plugin (eg, GSSPI for Kerberos)
69  #
70  #spice_sasl = 1
71  
72 -# The default SASL configuration file is located in /etc/sasl2/
73 +# The default SASL configuration file is located in /etc/sasl/
74  # When running libvirtd unprivileged, it may be desirable to
75  # override the configs in this location. Set this parameter to
76  # point to the directory, and create a qemu.conf in that location
77  #
78 -#spice_sasl_dir = "/some/directory/sasl2"
79 +#spice_sasl_dir = "/some/directory/sasl"
80  
81  # Enable use of TLS encryption on the chardev TCP transports.
82  #
83 diff -ur libvirt-5.5.0.orig/src/qemu/test_libvirtd_qemu.aug.in libvirt-5.5.0/src/qemu/test_libvirtd_qemu.aug.in
84 --- libvirt-5.5.0.orig/src/qemu/test_libvirtd_qemu.aug.in       2019-07-14 19:23:33.824000000 +0200
85 +++ libvirt-5.5.0/src/qemu/test_libvirtd_qemu.aug.in    2019-07-14 19:23:54.566000000 +0200
86 @@ -13,7 +13,7 @@
87  { "vnc_tls_x509_verify" = "1" }
88  { "vnc_password" = "XYZ12345" }
89  { "vnc_sasl" = "1" }
90 -{ "vnc_sasl_dir" = "/some/directory/sasl2" }
91 +{ "vnc_sasl_dir" = "/some/directory/sasl" }
92  { "vnc_allow_host_audio" = "0" }
93  { "spice_listen" = "0.0.0.0" }
94  { "spice_tls" = "1" }
95 @@ -21,7 +21,7 @@
96  { "spice_auto_unix_socket" = "1" }
97  { "spice_password" = "XYZ12345" }
98  { "spice_sasl" = "1" }
99 -{ "spice_sasl_dir" = "/some/directory/sasl2" }
100 +{ "spice_sasl_dir" = "/some/directory/sasl" }
101  { "chardev_tls" = "1" }
102  { "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" }
103  { "chardev_tls_x509_verify" = "1" }
104 diff -ur libvirt-5.5.0.orig/src/remote/libvirtd.conf libvirt-5.5.0/src/remote/libvirtd.conf
105 --- libvirt-5.5.0.orig/src/remote/libvirtd.conf 2019-07-14 19:23:33.810000000 +0200
106 +++ libvirt-5.5.0/src/remote/libvirtd.conf      2019-07-14 19:23:54.566000000 +0200
107 @@ -101,7 +101,7 @@
108  #          the network providing auth (eg, TLS/x509 certificates)
109  #
110  #  - sasl: use SASL infrastructure. The actual auth scheme is then
111 -#          controlled from /etc/sasl2/libvirt.conf. For the TCP
112 +#          controlled from /etc/sasl/libvirt.conf. For the TCP
113  #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
114  #          For non-TCP or TLS sockets, any scheme is allowed.
115  #
116 @@ -132,7 +132,7 @@
117  # If you don't enable SASL, then all TCP traffic is cleartext.
118  # Don't do this outside of a dev/test scenario. For real world
119  # use, always enable SASL and use the GSSAPI or DIGEST-MD5
120 -# mechanism in /etc/sasl2/libvirt.conf
121 +# mechanism in /etc/sasl/libvirt.conf
122  #auth_tcp = "sasl"
123  
124  # Change the authentication scheme for TLS sockets.
125 diff -ur libvirt-5.5.0.orig/src/remote/Makefile.inc.am libvirt-5.5.0/src/remote/Makefile.inc.am
126 --- libvirt-5.5.0.orig/src/remote/Makefile.inc.am       2019-07-14 19:23:33.812000000 +0200
127 +++ libvirt-5.5.0/src/remote/Makefile.inc.am    2019-07-14 19:23:54.567000000 +0200
128 @@ -244,7 +244,7 @@
129  # This is needed for clients too, so can't wrap in
130  # the WITH_LIBVIRTD conditional
131  if WITH_SASL
132 -sasldir = $(sysconfdir)/sasl2
133 +sasldir = $(sysconfdir)/sasl
134  
135  install-sasl:
136         $(MKDIR_P) $(DESTDIR)$(sasldir)
137 diff -ur libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-spice-sasl.args libvirt-5.5.0/tests/qemuxml2argvdata/graphics-spice-sasl.args
138 --- libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-spice-sasl.args  2019-07-14 19:23:33.362000000 +0200
139 +++ libvirt-5.5.0/tests/qemuxml2argvdata/graphics-spice-sasl.args       2019-07-14 19:23:59.923000000 +0200
140 @@ -6,7 +6,7 @@
141  XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
142  XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
143  XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
144 -SASL_CONF_PATH=/root/.sasl2 \
145 +SASL_CONF_PATH=/root/.sasl \
146  QEMU_AUDIO_DRV=spice \
147  /usr/bin/qemu-system-i686 \
148  -name QEMUGuest1 \
149 diff -ur libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-sasl.args libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-sasl.args
150 --- libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-sasl.args    2019-07-14 19:23:33.375000000 +0200
151 +++ libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-sasl.args 2019-07-14 19:23:59.923000000 +0200
152 @@ -6,7 +6,7 @@
153  XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
154  XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
155  XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
156 -SASL_CONF_PATH=/root/.sasl2 \
157 +SASL_CONF_PATH=/root/.sasl \
158  QEMU_AUDIO_DRV=none \
159  /usr/bin/qemu-system-i686 \
160  -name QEMUGuest1 \
161 diff -ur libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.args libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-tls.args
162 --- libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.args     2019-07-14 19:23:33.361000000 +0200
163 +++ libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-tls.args  2019-07-14 19:23:59.923000000 +0200
164 @@ -6,7 +6,7 @@
165  XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
166  XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
167  XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
168 -SASL_CONF_PATH=/root/.sasl2 \
169 +SASL_CONF_PATH=/root/.sasl \
170  QEMU_AUDIO_DRV=none \
171  /usr/bin/qemu-system-i686 \
172  -name QEMUGuest1 \
173 diff -ur libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args
174 --- libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args        2019-07-14 19:23:33.375000000 +0200
175 +++ libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args     2019-07-14 19:26:27.145000000 +0200
176 @@ -6,7 +6,7 @@
177  XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
178  XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
179  XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
180 -SASL_CONF_PATH=/root/.sasl2 \
181 +SASL_CONF_PATH=/root/.sasl \
182  QEMU_AUDIO_DRV=none \
183  /usr/bin/qemu-system-i686 \
184  -name guest=QEMUGuest1,debug-threads=on \
185 diff -ur libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-2.4.0.args libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-2.4.0.args
186 --- libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-2.4.0.args        2019-07-14 19:23:33.369000000 +0200
187 +++ libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-2.4.0.args     2019-07-14 19:26:23.287000000 +0200
188 @@ -6,7 +6,7 @@
189  XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
190  XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
191  XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
192 -SASL_CONF_PATH=/root/.sasl2 \
193 +SASL_CONF_PATH=/root/.sasl \
194  QEMU_AUDIO_DRV=none \
195  /usr/bin/qemu-system-i686 \
196  -name guest=QEMUGuest1,debug-threads=on \
197 diff -ur libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args
198 --- libvirt-5.5.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args       2019-07-14 19:23:33.371000000 +0200
199 +++ libvirt-5.5.0/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args    2019-07-14 19:26:19.952000000 +0200
200 @@ -6,7 +6,7 @@
201  XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
202  XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
203  XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
204 -SASL_CONF_PATH=/root/.sasl2 \
205 +SASL_CONF_PATH=/root/.sasl \
206  QEMU_AUDIO_DRV=none \
207  /usr/bin/qemu-system-i686 \
208  -name guest=QEMUGuest1,debug-threads=on \
209 diff -ur libvirt-5.5.0.orig/tests/qemuxml2argvtest.c libvirt-5.5.0/tests/qemuxml2argvtest.c
210 --- libvirt-5.5.0.orig/tests/qemuxml2argvtest.c 2019-07-14 19:23:33.401000000 +0200
211 +++ libvirt-5.5.0/tests/qemuxml2argvtest.c      2019-07-14 19:23:59.924000000 +0200
212 @@ -1155,7 +1155,7 @@
213  
214      driver.config->vncSASL = 1;
215      VIR_FREE(driver.config->vncSASLdir);
216 -    ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl2"));
217 +    ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl"));
218      DO_TEST("graphics-vnc-sasl", QEMU_CAPS_VNC, QEMU_CAPS_DEVICE_CIRRUS_VGA);
219      driver.config->vncTLS = 1;
220      driver.config->vncTLSx509verify = 1;
221 @@ -1187,7 +1187,7 @@
222      DO_TEST("graphics-spice-no-args",
223              QEMU_CAPS_SPICE, QEMU_CAPS_DEVICE_CIRRUS_VGA);
224      driver.config->spiceSASL = 1;
225 -    ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl2"));
226 +    ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl"));
227      DO_TEST("graphics-spice-sasl",
228              QEMU_CAPS_SPICE,
229              QEMU_CAPS_DEVICE_QXL);
230 diff -ur libvirt-5.5.0.orig/tests/virconfdata/libvirtd.conf libvirt-5.5.0/tests/virconfdata/libvirtd.conf
231 --- libvirt-5.5.0.orig/tests/virconfdata/libvirtd.conf  2019-07-14 19:23:33.602000000 +0200
232 +++ libvirt-5.5.0/tests/virconfdata/libvirtd.conf       2019-07-14 19:23:59.924000000 +0200
233 @@ -91,7 +91,7 @@
234  #          the network providing auth (eg, TLS/x509 certificates)
235  #
236  #  - sasl: use SASL infrastructure. The actual auth scheme is then
237 -#          controlled from /etc/sasl2/libvirt.conf. For the TCP
238 +#          controlled from /etc/sasl/libvirt.conf. For the TCP
239  #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
240  #          For non-TCP or TLS sockets,  any scheme is allowed.
241  #
242 @@ -122,7 +122,7 @@
243  # If you don't enable SASL, then all TCP traffic is cleartext.
244  # Don't do this outside of a dev/test scenario. For real world
245  # use, always enable SASL and use the GSSAPI or DIGEST-MD5
246 -# mechanism in /etc/sasl2/libvirt.conf
247 +# mechanism in /etc/sasl/libvirt.conf
248  auth_tcp = "sasl"
249  
250  # Change the authentication scheme for TLS sockets.
251 diff -ur libvirt-5.5.0.orig/tests/virconfdata/libvirtd.out libvirt-5.5.0/tests/virconfdata/libvirtd.out
252 --- libvirt-5.5.0.orig/tests/virconfdata/libvirtd.out   2019-07-14 19:23:33.602000000 +0200
253 +++ libvirt-5.5.0/tests/virconfdata/libvirtd.out        2019-07-14 19:23:59.924000000 +0200
254 @@ -73,7 +73,7 @@
255  #          the network providing auth (eg, TLS/x509 certificates)
256  #
257  #  - sasl: use SASL infrastructure. The actual auth scheme is then
258 -#          controlled from /etc/sasl2/libvirt.conf. For the TCP
259 +#          controlled from /etc/sasl/libvirt.conf. For the TCP
260  #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
261  #          For non-TCP or TLS sockets,  any scheme is allowed.
262  #
263 @@ -102,7 +102,7 @@
264  # If you don't enable SASL, then all TCP traffic is cleartext.
265  # Don't do this outside of a dev/test scenario. For real world
266  # use, always enable SASL and use the GSSAPI or DIGEST-MD5
267 -# mechanism in /etc/sasl2/libvirt.conf
268 +# mechanism in /etc/sasl/libvirt.conf
269  auth_tcp = "sasl"
270  # Change the authentication scheme for TLS sockets.
271  #
Toolkit to interact with virtualization capabilities