1 diff -urp libvirt-3.0.0.orig/daemon/libvirtd.conf libvirt-3.0.0/daemon/libvirtd.conf
2 --- libvirt-3.0.0.orig/daemon/libvirtd.conf 2017-02-11 15:58:23.924363757 +0000
3 +++ libvirt-3.0.0/daemon/libvirtd.conf 2017-02-11 15:58:43.786363533 +0000
5 # the network providing auth (eg, TLS/x509 certificates)
7 # - sasl: use SASL infrastructure. The actual auth scheme is then
8 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
9 +# controlled from /etc/sasl/libvirt.conf. For the TCP
10 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
11 # For non-TCP or TLS sockets, any scheme is allowed.
14 # If you don't enable SASL, then all TCP traffic is cleartext.
15 # Don't do this outside of a dev/test scenario. For real world
16 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
17 -# mechanism in /etc/sasl2/libvirt.conf
18 +# mechanism in /etc/sasl/libvirt.conf
21 # Change the authentication scheme for TLS sockets.
22 diff -urp libvirt-3.0.0.orig/daemon/Makefile.am libvirt-3.0.0/daemon/Makefile.am
23 --- libvirt-3.0.0.orig/daemon/Makefile.am 2017-02-11 15:58:23.923363757 +0000
24 +++ libvirt-3.0.0/daemon/Makefile.am 2017-02-11 15:58:43.786363533 +0000
25 @@ -532,13 +532,13 @@ POD2MAN = pod2man -c "Virtualization Sup
26 # the WITH_LIBVIRTD conditional
29 - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
30 + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
31 $(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
32 - $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
33 + $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
36 - rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
37 - rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
38 + rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
39 + rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
43 diff -urp libvirt-3.0.0.orig/daemon/Makefile.in libvirt-3.0.0/daemon/Makefile.in
44 --- libvirt-3.0.0.orig/daemon/Makefile.in 2017-02-11 15:58:23.923363757 +0000
45 +++ libvirt-3.0.0/daemon/Makefile.in 2017-02-11 15:58:43.786363533 +0000
46 @@ -2932,13 +2932,13 @@ admin_dispatch.h: $(top_srcdir)/src/rpc/
47 # This is needed for clients too, so can't wrap in
48 # the WITH_LIBVIRTD conditional
49 @WITH_SASL_TRUE@install-data-sasl:
50 -@WITH_SASL_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
51 +@WITH_SASL_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
52 @WITH_SASL_TRUE@ $(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
53 -@WITH_SASL_TRUE@ $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
54 +@WITH_SASL_TRUE@ $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
56 @WITH_SASL_TRUE@uninstall-data-sasl:
57 -@WITH_SASL_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
58 -@WITH_SASL_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
59 +@WITH_SASL_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
60 +@WITH_SASL_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
61 @WITH_SASL_FALSE@install-data-sasl:
62 @WITH_SASL_FALSE@uninstall-data-sasl:
64 diff -urp libvirt-3.0.0.orig/docs/auth.html libvirt-3.0.0/docs/auth.html
65 --- libvirt-3.0.0.orig/docs/auth.html 2017-02-11 15:58:23.865363758 +0000
66 +++ libvirt-3.0.0/docs/auth.html 2017-02-11 15:58:43.787363533 +0000
67 @@ -257,7 +257,7 @@ again:
68 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
69 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
70 username+password style authentication. To enable Kerberos single-sign-on instead,
71 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
72 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
73 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
74 instead of the default <code>digest-md5</code>, and keytab should be set to
75 <code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX
76 diff -urp libvirt-3.0.0.orig/docs/auth.html.in libvirt-3.0.0/docs/auth.html.in
77 --- libvirt-3.0.0.orig/docs/auth.html.in 2017-02-11 15:58:23.867363758 +0000
78 +++ libvirt-3.0.0/docs/auth.html.in 2017-02-11 15:58:43.787363533 +0000
79 @@ -246,7 +246,7 @@ again:
80 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
81 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
82 username+password style authentication. To enable Kerberos single-sign-on instead,
83 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
84 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
85 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
86 instead of the default <code>digest-md5</code>, and keytab should be set to
87 <code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX
88 diff -urp libvirt-3.0.0.orig/libvirt.spec libvirt-3.0.0/libvirt.spec
89 --- libvirt-3.0.0.orig/libvirt.spec 2017-02-11 15:58:23.878363757 +0000
90 +++ libvirt-3.0.0/libvirt.spec 2017-02-11 15:58:43.787363533 +0000
91 @@ -1844,7 +1844,7 @@ exit 0
93 %{_datadir}/libvirt/test-screenshot.png
95 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
96 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
99 %{_mandir}/man1/virt-admin.1*
100 diff -urp libvirt-3.0.0.orig/libvirt.spec.in libvirt-3.0.0/libvirt.spec.in
101 --- libvirt-3.0.0.orig/libvirt.spec.in 2017-02-11 15:58:23.877363757 +0000
102 +++ libvirt-3.0.0/libvirt.spec.in 2017-02-11 15:58:43.787363533 +0000
103 @@ -1844,7 +1844,7 @@ exit 0
105 %{_datadir}/libvirt/test-screenshot.png
107 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
108 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
111 %{_mandir}/man1/virt-admin.1*
112 diff -urp libvirt-3.0.0.orig/src/qemu/qemu.conf libvirt-3.0.0/src/qemu/qemu.conf
113 --- libvirt-3.0.0.orig/src/qemu/qemu.conf 2017-02-11 15:58:23.898363757 +0000
114 +++ libvirt-3.0.0/src/qemu/qemu.conf 2017-02-11 15:58:43.788363533 +0000
115 @@ -112,18 +112,18 @@
116 # Examples include vinagre, virt-viewer and virt-manager
117 # itself. UltraVNC, RealVNC, TightVNC do not support this
119 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
120 +# It is necessary to configure /etc/sasl/qemu.conf to choose
121 # the desired SASL plugin (eg, GSSPI for Kerberos)
126 -# The default SASL configuration file is located in /etc/sasl2/
127 +# The default SASL configuration file is located in /etc/sasl/
128 # When running libvirtd unprivileged, it may be desirable to
129 # override the configs in this location. Set this parameter to
130 # point to the directory, and create a qemu.conf in that location
132 -#vnc_sasl_dir = "/some/directory/sasl2"
133 +#vnc_sasl_dir = "/some/directory/sasl"
136 # QEMU implements an extension for providing audio over a VNC connection,
137 @@ -187,17 +187,17 @@
138 # Enable use of SASL encryption on the SPICE server. This requires
139 # a SPICE client which supports the SASL protocol extension.
141 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
142 +# It is necessary to configure /etc/sasl/qemu.conf to choose
143 # the desired SASL plugin (eg, GSSPI for Kerberos)
147 -# The default SASL configuration file is located in /etc/sasl2/
148 +# The default SASL configuration file is located in /etc/sasl/
149 # When running libvirtd unprivileged, it may be desirable to
150 # override the configs in this location. Set this parameter to
151 # point to the directory, and create a qemu.conf in that location
153 -#spice_sasl_dir = "/some/directory/sasl2"
154 +#spice_sasl_dir = "/some/directory/sasl"
156 # Enable use of TLS encryption on the chardev TCP transports.
158 diff -urp libvirt-3.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in libvirt-3.0.0/src/qemu/test_libvirtd_qemu.aug.in
159 --- libvirt-3.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in 2017-02-11 15:58:23.898363757 +0000
160 +++ libvirt-3.0.0/src/qemu/test_libvirtd_qemu.aug.in 2017-02-11 15:58:43.788363533 +0000
161 @@ -12,7 +12,7 @@ module Test_libvirtd_qemu =
162 { "vnc_tls_x509_verify" = "1" }
163 { "vnc_password" = "XYZ12345" }
165 -{ "vnc_sasl_dir" = "/some/directory/sasl2" }
166 +{ "vnc_sasl_dir" = "/some/directory/sasl" }
167 { "vnc_allow_host_audio" = "0" }
168 { "spice_listen" = "0.0.0.0" }
169 { "spice_tls" = "1" }
170 @@ -20,7 +20,7 @@ module Test_libvirtd_qemu =
171 { "spice_auto_unix_socket" = "1" }
172 { "spice_password" = "XYZ12345" }
173 { "spice_sasl" = "1" }
174 -{ "spice_sasl_dir" = "/some/directory/sasl2" }
175 +{ "spice_sasl_dir" = "/some/directory/sasl" }
176 { "chardev_tls" = "1" }
177 { "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" }
178 { "chardev_tls_x509_verify" = "1" }
179 diff -urp libvirt-3.0.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args libvirt-3.0.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args
180 --- libvirt-3.0.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args 2017-02-11 15:58:23.938363757 +0000
181 +++ libvirt-3.0.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args 2017-02-11 15:58:43.788363533 +0000
182 @@ -3,7 +3,7 @@ PATH=/bin \
186 -SASL_CONF_PATH=/root/.sasl2 \
187 +SASL_CONF_PATH=/root/.sasl \
188 QEMU_AUDIO_DRV=none \
191 diff -urp libvirt-3.0.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args libvirt-3.0.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args
192 --- libvirt-3.0.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args 2017-02-11 15:58:23.938363757 +0000
193 +++ libvirt-3.0.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args 2017-02-11 15:58:43.788363533 +0000
194 @@ -3,7 +3,7 @@ PATH=/bin \
198 -SASL_CONF_PATH=/root/.sasl2 \
199 +SASL_CONF_PATH=/root/.sasl \
200 QEMU_AUDIO_DRV=none \
203 diff -urp libvirt-3.0.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args libvirt-3.0.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args
204 --- libvirt-3.0.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args 2017-02-11 15:58:23.949363757 +0000
205 +++ libvirt-3.0.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args 2017-02-11 15:58:43.788363533 +0000
206 @@ -3,7 +3,7 @@ PATH=/bin \
210 -SASL_CONF_PATH=/root/.sasl2 \
211 +SASL_CONF_PATH=/root/.sasl \
212 QEMU_AUDIO_DRV=spice \
215 diff -urp libvirt-3.0.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args libvirt-3.0.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
216 --- libvirt-3.0.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2017-02-11 15:58:23.950363757 +0000
217 +++ libvirt-3.0.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2017-02-11 15:58:43.788363533 +0000
218 @@ -3,7 +3,7 @@ PATH=/bin \
222 -SASL_CONF_PATH=/root/.sasl2 \
223 +SASL_CONF_PATH=/root/.sasl \
224 QEMU_AUDIO_DRV=none \
227 diff -urp libvirt-3.0.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args libvirt-3.0.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
228 --- libvirt-3.0.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2017-02-11 15:58:23.950363757 +0000
229 +++ libvirt-3.0.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2017-02-11 15:58:43.788363533 +0000
230 @@ -3,7 +3,7 @@ PATH=/bin \
234 -SASL_CONF_PATH=/root/.sasl2 \
235 +SASL_CONF_PATH=/root/.sasl \
236 QEMU_AUDIO_DRV=none \
239 diff -urp libvirt-3.0.0.orig/tests/qemuxml2argvtest.c libvirt-3.0.0/tests/qemuxml2argvtest.c
240 --- libvirt-3.0.0.orig/tests/qemuxml2argvtest.c 2017-02-11 15:58:23.934363757 +0000
241 +++ libvirt-3.0.0/tests/qemuxml2argvtest.c 2017-02-11 15:59:22.996363092 +0000
242 @@ -1033,7 +1033,7 @@ mymain(void)
244 driver.config->vncSASL = 1;
245 VIR_FREE(driver.config->vncSASLdir);
246 - ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl2"));
247 + ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl"));
248 DO_TEST("graphics-vnc-sasl", QEMU_CAPS_VNC, QEMU_CAPS_DEVICE_CIRRUS_VGA);
249 driver.config->vncTLS = 1;
250 driver.config->vncTLSx509verify = 1;
251 @@ -1057,7 +1057,7 @@ mymain(void)
252 DO_TEST("graphics-spice-no-args",
253 QEMU_CAPS_SPICE, QEMU_CAPS_DEVICE_CIRRUS_VGA);
254 driver.config->spiceSASL = 1;
255 - ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl2"));
256 + ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl"));
257 DO_TEST("graphics-spice-sasl",
259 QEMU_CAPS_DEVICE_QXL);
260 diff -urp libvirt-3.0.0.orig/tests/virconfdata/libvirtd.conf libvirt-3.0.0/tests/virconfdata/libvirtd.conf
261 --- libvirt-3.0.0.orig/tests/virconfdata/libvirtd.conf 2017-02-11 15:58:24.047363756 +0000
262 +++ libvirt-3.0.0/tests/virconfdata/libvirtd.conf 2017-02-11 15:58:43.789363533 +0000
263 @@ -108,7 +108,7 @@ unix_sock_admin_perms = "0700"
264 # the network providing auth (eg, TLS/x509 certificates)
266 # - sasl: use SASL infrastructure. The actual auth scheme is then
267 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
268 +# controlled from /etc/sasl/libvirt.conf. For the TCP
269 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
270 # For non-TCP or TLS sockets, any scheme is allowed.
272 @@ -139,7 +139,7 @@ auth_unix_rw = "none"
273 # If you don't enable SASL, then all TCP traffic is cleartext.
274 # Don't do this outside of a dev/test scenario. For real world
275 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
276 -# mechanism in /etc/sasl2/libvirt.conf
277 +# mechanism in /etc/sasl/libvirt.conf
280 # Change the authentication scheme for TLS sockets.
281 diff -urp libvirt-3.0.0.orig/tests/virconfdata/libvirtd.out libvirt-3.0.0/tests/virconfdata/libvirtd.out
282 --- libvirt-3.0.0.orig/tests/virconfdata/libvirtd.out 2017-02-11 15:58:24.047363756 +0000
283 +++ libvirt-3.0.0/tests/virconfdata/libvirtd.out 2017-02-11 15:58:43.789363533 +0000
284 @@ -87,7 +87,7 @@ unix_sock_admin_perms = "0700"
285 # the network providing auth (eg, TLS/x509 certificates)
287 # - sasl: use SASL infrastructure. The actual auth scheme is then
288 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
289 +# controlled from /etc/sasl/libvirt.conf. For the TCP
290 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
291 # For non-TCP or TLS sockets, any scheme is allowed.
293 @@ -116,7 +116,7 @@ auth_unix_rw = "none"
294 # If you don't enable SASL, then all TCP traffic is cleartext.
295 # Don't do this outside of a dev/test scenario. For real world
296 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
297 -# mechanism in /etc/sasl2/libvirt.conf
298 +# mechanism in /etc/sasl/libvirt.conf
300 # Change the authentication scheme for TLS sockets.