1 diff -ur libvirt-9.0.0.orig/docs/auth.rst libvirt-9.0.0/docs/auth.rst
2 --- libvirt-9.0.0.orig/docs/auth.rst 2023-02-08 18:26:20.114029939 +0100
3 +++ libvirt-9.0.0/docs/auth.rst 2023-02-08 18:26:39.061029574 +0100
6 Since the libvirt SASL config file defaults to using ``GSSAPI`` (Kerberos), a
7 config change is required to enable plain password auth. This is done by
8 -editing ``/etc/sasl2/libvirt.conf`` to set the ``mech_list``
9 +editing ``/etc/sasl/libvirt.conf`` to set the ``mech_list``
10 parameter to ``scram-sha-256``.
12 **Note:** previous versions of libvirt suggested ``DIGEST-MD5`` and
13 diff -ur libvirt-9.0.0.orig/src/qemu/qemu.conf.in libvirt-9.0.0/src/qemu/qemu.conf.in
14 --- libvirt-9.0.0.orig/src/qemu/qemu.conf.in 2023-02-08 18:26:20.202029937 +0100
15 +++ libvirt-9.0.0/src/qemu/qemu.conf.in 2023-02-08 18:26:39.062029574 +0100
17 # Examples include vinagre, virt-viewer and virt-manager
18 # itself. UltraVNC, RealVNC, TightVNC do not support this
20 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
21 +# It is necessary to configure /etc/sasl/qemu.conf to choose
22 # the desired SASL plugin (eg, GSSPI for Kerberos)
27 -# The default SASL configuration file is located in /etc/sasl2/
28 +# The default SASL configuration file is located in /etc/sasl/
29 # When running libvirtd unprivileged, it may be desirable to
30 # override the configs in this location. Set this parameter to
31 # point to the directory, and create a qemu.conf in that location
33 -#vnc_sasl_dir = "/some/directory/sasl2"
34 +#vnc_sasl_dir = "/some/directory/sasl"
37 # QEMU implements an extension for providing audio over a VNC connection,
39 # Enable use of SASL encryption on the SPICE server. This requires
40 # a SPICE client which supports the SASL protocol extension.
42 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
43 +# It is necessary to configure /etc/sasl/qemu.conf to choose
44 # the desired SASL plugin (eg, GSSPI for Kerberos)
48 -# The default SASL configuration file is located in /etc/sasl2/
49 +# The default SASL configuration file is located in /etc/sasl/
50 # When running libvirtd unprivileged, it may be desirable to
51 # override the configs in this location. Set this parameter to
52 # point to the directory, and create a qemu.conf in that location
54 -#spice_sasl_dir = "/some/directory/sasl2"
55 +#spice_sasl_dir = "/some/directory/sasl"
57 # Enable use of TLS encryption on the chardev TCP transports.
59 diff -ur libvirt-9.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in libvirt-9.0.0/src/qemu/test_libvirtd_qemu.aug.in
60 --- libvirt-9.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in 2023-02-08 18:26:20.209029937 +0100
61 +++ libvirt-9.0.0/src/qemu/test_libvirtd_qemu.aug.in 2023-02-08 18:26:39.062029574 +0100
63 { "vnc_tls_x509_verify" = "1" }
64 { "vnc_password" = "XYZ12345" }
66 -{ "vnc_sasl_dir" = "/some/directory/sasl2" }
67 +{ "vnc_sasl_dir" = "/some/directory/sasl" }
68 { "vnc_allow_host_audio" = "0" }
69 { "spice_listen" = "0.0.0.0" }
72 { "spice_auto_unix_socket" = "1" }
73 { "spice_password" = "XYZ12345" }
74 { "spice_sasl" = "1" }
75 -{ "spice_sasl_dir" = "/some/directory/sasl2" }
76 +{ "spice_sasl_dir" = "/some/directory/sasl" }
77 { "chardev_tls" = "1" }
78 { "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" }
79 { "chardev_tls_x509_verify" = "1" }
80 diff -ur libvirt-9.0.0.orig/src/remote/libvirtd.conf.in libvirt-9.0.0/src/remote/libvirtd.conf.in
81 --- libvirt-9.0.0.orig/src/remote/libvirtd.conf.in 2023-02-08 18:26:20.209029937 +0100
82 +++ libvirt-9.0.0/src/remote/libvirtd.conf.in 2023-02-08 18:26:39.062029574 +0100
84 # the network providing auth (eg, TLS/x509 certificates)
86 # - sasl: use SASL infrastructure. The actual auth scheme is then
87 -# controlled from @sysconfdir@/sasl2/libvirt.conf. For the TCP
88 +# controlled from @sysconfdir@/sasl/libvirt.conf. For the TCP
89 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
90 # For non-TCP or TLS sockets, any scheme is allowed.
93 # If you don't enable SASL, then all TCP traffic is cleartext.
94 # Don't do this outside of a dev/test scenario. For real world
95 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
96 -# mechanism in @sysconfdir@/sasl2/libvirt.conf
97 +# mechanism in @sysconfdir@/sasl/libvirt.conf
100 # Change the authentication scheme for TLS sockets.
101 diff -ur libvirt-9.0.0.orig/src/remote/meson.build libvirt-9.0.0/src/remote/meson.build
102 --- libvirt-9.0.0.orig/src/remote/meson.build 2023-02-08 18:26:20.209029937 +0100
103 +++ libvirt-9.0.0/src/remote/meson.build 2023-02-08 18:26:39.062029574 +0100
105 if conf.has('WITH_SASL')
108 - install_dir: sysconfdir / 'sasl2',
109 + install_dir: sysconfdir / 'sasl',
110 rename: [ 'libvirt.conf' ],
113 diff -ur libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-spice-sasl.x86_64-latest.args libvirt-9.0.0/tests/qemuxml2argvdata/graphics-spice-sasl.x86_64-latest.args
114 --- libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-spice-sasl.x86_64-latest.args 2023-02-08 18:26:20.343029934 +0100
115 +++ libvirt-9.0.0/tests/qemuxml2argvdata/graphics-spice-sasl.x86_64-latest.args 2023-02-08 18:26:39.062029574 +0100
117 XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
118 XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
119 XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
120 -SASL_CONF_PATH=/root/.sasl2 \
121 +SASL_CONF_PATH=/root/.sasl \
122 /usr/bin/qemu-system-x86_64 \
123 -name guest=QEMUGuest1,debug-threads=on \
125 diff -ur libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-vnc-sasl.x86_64-latest.args libvirt-9.0.0/tests/qemuxml2argvdata/graphics-vnc-sasl.x86_64-latest.args
126 --- libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-vnc-sasl.x86_64-latest.args 2023-02-08 18:26:20.344029934 +0100
127 +++ libvirt-9.0.0/tests/qemuxml2argvdata/graphics-vnc-sasl.x86_64-latest.args 2023-02-08 18:26:39.063029574 +0100
129 XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
130 XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
131 XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
132 -SASL_CONF_PATH=/root/.sasl2 \
133 +SASL_CONF_PATH=/root/.sasl \
134 /usr/bin/qemu-system-x86_64 \
135 -name guest=QEMUGuest1,debug-threads=on \
137 diff -ur libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-5.2.0.args libvirt-9.0.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-5.2.0.args
138 --- libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-5.2.0.args 2023-02-08 18:26:20.344029934 +0100
139 +++ libvirt-9.0.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-5.2.0.args 2023-02-08 18:26:39.063029574 +0100
141 XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
142 XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
143 XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
144 -SASL_CONF_PATH=/root/.sasl2 \
145 +SASL_CONF_PATH=/root/.sasl \
146 /usr/bin/qemu-system-x86_64 \
147 -name guest=QEMUGuest1,debug-threads=on \
149 diff -ur libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args libvirt-9.0.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args
150 --- libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args 2023-02-08 18:26:20.344029934 +0100
151 +++ libvirt-9.0.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args 2023-02-08 18:26:39.063029574 +0100
153 XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
154 XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
155 XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
156 -SASL_CONF_PATH=/root/.sasl2 \
157 +SASL_CONF_PATH=/root/.sasl \
158 /usr/bin/qemu-system-x86_64 \
159 -name guest=QEMUGuest1,debug-threads=on \
161 diff -ur libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args libvirt-9.0.0/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args
162 --- libvirt-9.0.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args 2023-02-08 18:26:20.344029934 +0100
163 +++ libvirt-9.0.0/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args 2023-02-08 18:26:39.063029574 +0100
165 XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
166 XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
167 XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
168 -SASL_CONF_PATH=/root/.sasl2 \
169 +SASL_CONF_PATH=/root/.sasl \
170 /usr/bin/qemu-system-x86_64 \
171 -name guest=QEMUGuest1,debug-threads=on \
173 diff -ur libvirt-9.0.0.orig/tests/qemuxml2argvtest.c libvirt-9.0.0/tests/qemuxml2argvtest.c
174 --- libvirt-9.0.0.orig/tests/qemuxml2argvtest.c 2023-02-08 18:26:20.386029934 +0100
175 +++ libvirt-9.0.0/tests/qemuxml2argvtest.c 2023-02-08 18:26:39.064029574 +0100
176 @@ -1394,7 +1394,7 @@
178 driver.config->vncSASL = 1;
179 VIR_FREE(driver.config->vncSASLdir);
180 - driver.config->vncSASLdir = g_strdup("/root/.sasl2");
181 + driver.config->vncSASLdir = g_strdup("/root/.sasl");
182 DO_TEST_CAPS_LATEST("graphics-vnc-sasl");
183 driver.config->vncTLS = 1;
184 driver.config->vncTLSx509verify = 1;
185 @@ -1416,7 +1416,7 @@
186 DO_TEST_CAPS_LATEST("graphics-spice");
187 DO_TEST_CAPS_LATEST("graphics-spice-no-args");
188 driver.config->spiceSASL = 1;
189 - driver.config->spiceSASLdir = g_strdup("/root/.sasl2");
190 + driver.config->spiceSASLdir = g_strdup("/root/.sasl");
191 DO_TEST_CAPS_LATEST("graphics-spice-sasl");
192 VIR_FREE(driver.config->spiceSASLdir);
193 driver.config->spiceSASL = 0;
194 diff -ur libvirt-9.0.0.orig/tests/virconfdata/libvirtd.conf libvirt-9.0.0/tests/virconfdata/libvirtd.conf
195 --- libvirt-9.0.0.orig/tests/virconfdata/libvirtd.conf 2023-02-08 18:26:20.464029932 +0100
196 +++ libvirt-9.0.0/tests/virconfdata/libvirtd.conf 2023-02-08 18:26:39.064029574 +0100
198 # the network providing auth (eg, TLS/x509 certificates)
200 # - sasl: use SASL infrastructure. The actual auth scheme is then
201 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
202 +# controlled from /etc/sasl/libvirt.conf. For the TCP
203 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
204 # For non-TCP or TLS sockets, any scheme is allowed.
207 # If you don't enable SASL, then all TCP traffic is cleartext.
208 # Don't do this outside of a dev/test scenario. For real world
209 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
210 -# mechanism in /etc/sasl2/libvirt.conf
211 +# mechanism in /etc/sasl/libvirt.conf
214 # Change the authentication scheme for TLS sockets.
215 diff -ur libvirt-9.0.0.orig/tests/virconfdata/libvirtd.out libvirt-9.0.0/tests/virconfdata/libvirtd.out
216 --- libvirt-9.0.0.orig/tests/virconfdata/libvirtd.out 2023-02-08 18:26:20.464029932 +0100
217 +++ libvirt-9.0.0/tests/virconfdata/libvirtd.out 2023-02-08 18:26:39.075029574 +0100
219 # the network providing auth (eg, TLS/x509 certificates)
221 # - sasl: use SASL infrastructure. The actual auth scheme is then
222 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
223 +# controlled from /etc/sasl/libvirt.conf. For the TCP
224 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
225 # For non-TCP or TLS sockets, any scheme is allowed.
228 # If you don't enable SASL, then all TCP traffic is cleartext.
229 # Don't do this outside of a dev/test scenario. For real world
230 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
231 -# mechanism in /etc/sasl2/libvirt.conf
232 +# mechanism in /etc/sasl/libvirt.conf
234 # Change the authentication scheme for TLS sockets.