1 diff -urp libvirt-2.3.0.orig/daemon/libvirtd.conf libvirt-2.3.0/daemon/libvirtd.conf
2 --- libvirt-2.3.0.orig/daemon/libvirtd.conf 2016-10-28 19:13:22.641715000 +0000
3 +++ libvirt-2.3.0/daemon/libvirtd.conf 2016-10-28 19:13:48.452715000 +0000
5 # the network providing auth (eg, TLS/x509 certificates)
7 # - sasl: use SASL infrastructure. The actual auth scheme is then
8 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
9 +# controlled from /etc/sasl/libvirt.conf. For the TCP
10 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
11 # For non-TCP or TLS sockets, any scheme is allowed.
14 # If you don't enable SASL, then all TCP traffic is cleartext.
15 # Don't do this outside of a dev/test scenario. For real world
16 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
17 -# mechanism in /etc/sasl2/libvirt.conf
18 +# mechanism in /etc/sasl/libvirt.conf
21 # Change the authentication scheme for TLS sockets.
22 diff -urp libvirt-2.3.0.orig/daemon/Makefile.am libvirt-2.3.0/daemon/Makefile.am
23 --- libvirt-2.3.0.orig/daemon/Makefile.am 2016-10-28 19:13:22.638715000 +0000
24 +++ libvirt-2.3.0/daemon/Makefile.am 2016-10-28 19:13:48.468715000 +0000
25 @@ -528,13 +528,13 @@ POD2MAN = pod2man -c "Virtualization Sup
26 # the WITH_LIBVIRTD conditional
29 - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
30 + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
31 $(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
32 - $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
33 + $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
36 - rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
37 - rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
38 + rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
39 + rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
43 diff -urp libvirt-2.3.0.orig/daemon/Makefile.in libvirt-2.3.0/daemon/Makefile.in
44 --- libvirt-2.3.0.orig/daemon/Makefile.in 2016-10-28 19:13:22.638715000 +0000
45 +++ libvirt-2.3.0/daemon/Makefile.in 2016-10-28 19:13:48.469715000 +0000
46 @@ -2847,13 +2847,13 @@ admin_dispatch.h: $(top_srcdir)/src/rpc/
47 # This is needed for clients too, so can't wrap in
48 # the WITH_LIBVIRTD conditional
49 @WITH_SASL_TRUE@install-data-sasl:
50 -@WITH_SASL_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
51 +@WITH_SASL_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
52 @WITH_SASL_TRUE@ $(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
53 -@WITH_SASL_TRUE@ $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
54 +@WITH_SASL_TRUE@ $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
56 @WITH_SASL_TRUE@uninstall-data-sasl:
57 -@WITH_SASL_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
58 -@WITH_SASL_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
59 +@WITH_SASL_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
60 +@WITH_SASL_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
61 @WITH_SASL_FALSE@install-data-sasl:
62 @WITH_SASL_FALSE@uninstall-data-sasl:
64 diff -urp libvirt-2.3.0.orig/docs/auth.html libvirt-2.3.0/docs/auth.html
65 --- libvirt-2.3.0.orig/docs/auth.html 2016-10-28 19:13:22.665715000 +0000
66 +++ libvirt-2.3.0/docs/auth.html 2016-10-28 19:13:48.470715000 +0000
67 @@ -415,7 +415,7 @@ again:
68 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
69 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
70 username+password style authentication. To enable Kerberos single-sign-on instead,
71 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
72 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
73 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
74 instead of the default <code>digest-md5</code>, and keytab should be set to
75 <code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX
76 diff -urp libvirt-2.3.0.orig/docs/auth.html.in libvirt-2.3.0/docs/auth.html.in
77 --- libvirt-2.3.0.orig/docs/auth.html.in 2016-10-28 19:13:22.677715000 +0000
78 +++ libvirt-2.3.0/docs/auth.html.in 2016-10-28 19:13:48.474715000 +0000
79 @@ -246,7 +246,7 @@ again:
80 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
81 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
82 username+password style authentication. To enable Kerberos single-sign-on instead,
83 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
84 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
85 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
86 instead of the default <code>digest-md5</code>, and keytab should be set to
87 <code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX
88 Only in libvirt-2.3.0: libvirt-sasl.patch
89 diff -urp libvirt-2.3.0.orig/libvirt.spec libvirt-2.3.0/libvirt.spec
90 --- libvirt-2.3.0.orig/libvirt.spec 2016-10-28 19:13:22.458715000 +0000
91 +++ libvirt-2.3.0/libvirt.spec 2016-10-28 19:13:48.474715000 +0000
92 @@ -1832,7 +1832,7 @@ exit 0
93 %{_datadir}/libvirt/cpu_map.xml
94 %{_datadir}/libvirt/libvirtLogo.png
96 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
97 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
100 %{_mandir}/man1/virt-admin.1*
101 diff -urp libvirt-2.3.0.orig/libvirt.spec.in libvirt-2.3.0/libvirt.spec.in
102 --- libvirt-2.3.0.orig/libvirt.spec.in 2016-10-28 19:13:22.455715000 +0000
103 +++ libvirt-2.3.0/libvirt.spec.in 2016-10-28 19:13:48.475715000 +0000
104 @@ -1832,7 +1832,7 @@ exit 0
105 %{_datadir}/libvirt/cpu_map.xml
106 %{_datadir}/libvirt/libvirtLogo.png
108 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
109 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
112 %{_mandir}/man1/virt-admin.1*
113 diff -urp libvirt-2.3.0.orig/src/qemu/qemu.conf libvirt-2.3.0/src/qemu/qemu.conf
114 --- libvirt-2.3.0.orig/src/qemu/qemu.conf 2016-10-28 19:13:22.586715000 +0000
115 +++ libvirt-2.3.0/src/qemu/qemu.conf 2016-10-28 19:13:48.475715000 +0000
117 # Examples include vinagre, virt-viewer and virt-manager
118 # itself. UltraVNC, RealVNC, TightVNC do not support this
120 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
121 +# It is necessary to configure /etc/sasl/qemu.conf to choose
122 # the desired SASL plugin (eg, GSSPI for Kerberos)
127 -# The default SASL configuration file is located in /etc/sasl2/
128 +# The default SASL configuration file is located in /etc/sasl/
129 # When running libvirtd unprivileged, it may be desirable to
130 # override the configs in this location. Set this parameter to
131 # point to the directory, and create a qemu.conf in that location
133 -#vnc_sasl_dir = "/some/directory/sasl2"
134 +#vnc_sasl_dir = "/some/directory/sasl"
137 # QEMU implements an extension for providing audio over a VNC connection,
138 @@ -173,17 +173,17 @@
139 # Enable use of SASL encryption on the SPICE server. This requires
140 # a SPICE client which supports the SASL protocol extension.
142 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
143 +# It is necessary to configure /etc/sasl/qemu.conf to choose
144 # the desired SASL plugin (eg, GSSPI for Kerberos)
148 -# The default SASL configuration file is located in /etc/sasl2/
149 +# The default SASL configuration file is located in /etc/sasl/
150 # When running libvirtd unprivileged, it may be desirable to
151 # override the configs in this location. Set this parameter to
152 # point to the directory, and create a qemu.conf in that location
154 -#spice_sasl_dir = "/some/directory/sasl2"
155 +#spice_sasl_dir = "/some/directory/sasl"
157 # Enable use of TLS encryption on the chardev TCP transports.
159 diff -urp libvirt-2.3.0.orig/src/qemu/test_libvirtd_qemu.aug.in libvirt-2.3.0/src/qemu/test_libvirtd_qemu.aug.in
160 --- libvirt-2.3.0.orig/src/qemu/test_libvirtd_qemu.aug.in 2016-10-28 19:13:22.588715000 +0000
161 +++ libvirt-2.3.0/src/qemu/test_libvirtd_qemu.aug.in 2016-10-28 19:14:27.032715000 +0000
162 @@ -11,7 +11,7 @@ module Test_libvirtd_qemu =
163 { "vnc_tls_x509_verify" = "1" }
164 { "vnc_password" = "XYZ12345" }
166 -{ "vnc_sasl_dir" = "/some/directory/sasl2" }
167 +{ "vnc_sasl_dir" = "/some/directory/sasl" }
168 { "vnc_allow_host_audio" = "0" }
169 { "spice_listen" = "0.0.0.0" }
170 { "spice_tls" = "1" }
171 @@ -19,7 +19,7 @@ module Test_libvirtd_qemu =
172 { "spice_auto_unix_socket" = "1" }
173 { "spice_password" = "XYZ12345" }
174 { "spice_sasl" = "1" }
175 -{ "spice_sasl_dir" = "/some/directory/sasl2" }
176 +{ "spice_sasl_dir" = "/some/directory/sasl" }
177 { "chardev_tls" = "1" }
178 { "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" }
179 { "chardev_tls_x509_verify" = "1" }
180 diff -urp libvirt-2.3.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args libvirt-2.3.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args
181 --- libvirt-2.3.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args 2016-10-28 19:13:23.321715000 +0000
182 +++ libvirt-2.3.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args 2016-10-28 19:13:48.476715000 +0000
183 @@ -3,7 +3,7 @@ PATH=/bin \
187 -SASL_CONF_PATH=/root/.sasl2 \
188 +SASL_CONF_PATH=/root/.sasl \
189 QEMU_AUDIO_DRV=none \
192 diff -urp libvirt-2.3.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args libvirt-2.3.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args
193 --- libvirt-2.3.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args 2016-10-28 19:13:23.321715000 +0000
194 +++ libvirt-2.3.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args 2016-10-28 19:13:48.476715000 +0000
195 @@ -3,7 +3,7 @@ PATH=/bin \
199 -SASL_CONF_PATH=/root/.sasl2 \
200 +SASL_CONF_PATH=/root/.sasl \
201 QEMU_AUDIO_DRV=none \
204 diff -urp libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args
205 --- libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args 2016-10-28 19:13:23.399715000 +0000
206 +++ libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args 2016-10-28 19:13:48.476715000 +0000
207 @@ -3,7 +3,7 @@ PATH=/bin \
211 -SASL_CONF_PATH=/root/.sasl2 \
212 +SASL_CONF_PATH=/root/.sasl \
213 QEMU_AUDIO_DRV=spice \
216 diff -urp libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
217 --- libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2016-10-28 19:13:23.399715000 +0000
218 +++ libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2016-10-28 19:13:48.477715000 +0000
219 @@ -3,7 +3,7 @@ PATH=/bin \
223 -SASL_CONF_PATH=/root/.sasl2 \
224 +SASL_CONF_PATH=/root/.sasl \
225 QEMU_AUDIO_DRV=none \
228 diff -urp libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
229 --- libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2016-10-28 19:13:23.399715000 +0000
230 +++ libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2016-10-28 19:13:48.477715000 +0000
231 @@ -3,7 +3,7 @@ PATH=/bin \
235 -SASL_CONF_PATH=/root/.sasl2 \
236 +SASL_CONF_PATH=/root/.sasl \
237 QEMU_AUDIO_DRV=none \
240 diff -urp libvirt-2.3.0.orig/tests/qemuxml2argvtest.c libvirt-2.3.0/tests/qemuxml2argvtest.c
241 --- libvirt-2.3.0.orig/tests/qemuxml2argvtest.c 2016-10-28 19:13:22.696715000 +0000
242 +++ libvirt-2.3.0/tests/qemuxml2argvtest.c 2016-10-28 19:13:48.478715000 +0000
243 @@ -978,7 +978,7 @@ mymain(void)
245 driver.config->vncSASL = 1;
246 VIR_FREE(driver.config->vncSASLdir);
247 - ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl2"));
248 + ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl"));
249 DO_TEST("graphics-vnc-sasl", QEMU_CAPS_VNC);
250 driver.config->vncTLS = 1;
251 driver.config->vncTLSx509verify = 1;
252 @@ -1002,7 +1002,7 @@ mymain(void)
253 DO_TEST("graphics-spice-no-args",
255 driver.config->spiceSASL = 1;
256 - ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl2"));
257 + ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl"));
258 DO_TEST("graphics-spice-sasl",
261 diff -urp libvirt-2.3.0.orig/tests/virconfdata/libvirtd.conf libvirt-2.3.0/tests/virconfdata/libvirtd.conf
262 --- libvirt-2.3.0.orig/tests/virconfdata/libvirtd.conf 2016-10-28 19:13:23.469715000 +0000
263 +++ libvirt-2.3.0/tests/virconfdata/libvirtd.conf 2016-10-28 19:13:48.478715000 +0000
264 @@ -108,7 +108,7 @@ unix_sock_admin_perms = "0700"
265 # the network providing auth (eg, TLS/x509 certificates)
267 # - sasl: use SASL infrastructure. The actual auth scheme is then
268 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
269 +# controlled from /etc/sasl/libvirt.conf. For the TCP
270 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
271 # For non-TCP or TLS sockets, any scheme is allowed.
273 @@ -139,7 +139,7 @@ auth_unix_rw = "none"
274 # If you don't enable SASL, then all TCP traffic is cleartext.
275 # Don't do this outside of a dev/test scenario. For real world
276 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
277 -# mechanism in /etc/sasl2/libvirt.conf
278 +# mechanism in /etc/sasl/libvirt.conf
281 # Change the authentication scheme for TLS sockets.
282 diff -urp libvirt-2.3.0.orig/tests/virconfdata/libvirtd.out libvirt-2.3.0/tests/virconfdata/libvirtd.out
283 --- libvirt-2.3.0.orig/tests/virconfdata/libvirtd.out 2016-10-28 19:13:23.469715000 +0000
284 +++ libvirt-2.3.0/tests/virconfdata/libvirtd.out 2016-10-28 19:13:48.479715000 +0000
285 @@ -87,7 +87,7 @@ unix_sock_admin_perms = "0700"
286 # the network providing auth (eg, TLS/x509 certificates)
288 # - sasl: use SASL infrastructure. The actual auth scheme is then
289 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
290 +# controlled from /etc/sasl/libvirt.conf. For the TCP
291 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
292 # For non-TCP or TLS sockets, any scheme is allowed.
294 @@ -116,7 +116,7 @@ auth_unix_rw = "none"
295 # If you don't enable SASL, then all TCP traffic is cleartext.
296 # Don't do this outside of a dev/test scenario. For real world
297 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
298 -# mechanism in /etc/sasl2/libvirt.conf
299 +# mechanism in /etc/sasl/libvirt.conf
301 # Change the authentication scheme for TLS sockets.