mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-30 11:25:47 +00:00
bhyve: add VNC password support
Support setting a password for the VNC framebuffer using the passwd attribute on the <graphics/> element, if the driver has the BHYVE_CAP_VNC_PASSWORD capability. Note that virsh domxml-from-native does not output the password in the generated XML, as VIR_DOMAIN_DEF_FORMAT_SECURE is not set when formatting the domain definition. Signed-off-by: Fabian Freyer <fabian.freyer@physik.tu-berlin.de> Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
e3a520797f
commit
81a9194cbf
7
NEWS.rst
7
NEWS.rst
@ -25,6 +25,13 @@ v6.8.0 (unreleased)
|
|||||||
Libvirt can now set the framebuffer's "w" and "h" parameters
|
Libvirt can now set the framebuffer's "w" and "h" parameters
|
||||||
using the ``resolution`` element.
|
using the ``resolution`` element.
|
||||||
|
|
||||||
|
* bhyve: Support VNC password authentication
|
||||||
|
|
||||||
|
Libvirt can now probe whether the bhyve binary supports
|
||||||
|
VNC password authentication. In case it does, a VNC password
|
||||||
|
can now be passed using the ``passwd`` attribute on
|
||||||
|
the ``<graphics>`` element.
|
||||||
|
|
||||||
* **Improvements**
|
* **Improvements**
|
||||||
|
|
||||||
* qemu: Allow migration over UNIX sockets
|
* qemu: Allow migration over UNIX sockets
|
||||||
|
@ -424,17 +424,6 @@ bhyveBuildGraphicsArgStr(const virDomainDef *def,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (graphics->data.vnc.auth.passwd) {
|
|
||||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
||||||
_("vnc password auth not supported"));
|
|
||||||
return -1;
|
|
||||||
} else {
|
|
||||||
/* Bhyve doesn't support VNC Auth yet, so print a warning about
|
|
||||||
* unauthenticated VNC sessions */
|
|
||||||
VIR_WARN("%s", _("Security warning: currently VNC auth is not"
|
|
||||||
" supported."));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (glisten->address) {
|
if (glisten->address) {
|
||||||
escapeAddr = strchr(glisten->address, ':') != NULL;
|
escapeAddr = strchr(glisten->address, ':') != NULL;
|
||||||
if (escapeAddr)
|
if (escapeAddr)
|
||||||
@ -468,6 +457,28 @@ bhyveBuildGraphicsArgStr(const virDomainDef *def,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (graphics->data.vnc.auth.passwd) {
|
||||||
|
if (!(bhyveDriverGetBhyveCaps(driver) & BHYVE_CAP_VNC_PASSWORD)) {
|
||||||
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
|
_("VNC Password authentication not supported "
|
||||||
|
"by bhyve"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strchr(graphics->data.vnc.auth.passwd, ',')) {
|
||||||
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
|
_("Password may not contain ',' character"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
virBufferAsprintf(&opt, ",password=%s", graphics->data.vnc.auth.passwd);
|
||||||
|
} else {
|
||||||
|
if (!(bhyveDriverGetBhyveCaps(driver) & BHYVE_CAP_VNC_PASSWORD))
|
||||||
|
VIR_WARN("%s", _("Security warning: VNC auth is not supported."));
|
||||||
|
else
|
||||||
|
VIR_WARN("%s", _("Security warning: VNC is used without authentication."));
|
||||||
|
}
|
||||||
|
|
||||||
if (video->res)
|
if (video->res)
|
||||||
virBufferAsprintf(&opt, ",w=%d,h=%d", video->res->x, video->res->y);
|
virBufferAsprintf(&opt, ",w=%d,h=%d", video->res->x, video->res->y);
|
||||||
|
|
||||||
|
@ -641,6 +641,11 @@ bhyveParsePCIFbuf(virDomainDefPtr def,
|
|||||||
if (virStrToLong_uip(param, NULL, 10, &video->res->y))
|
if (virStrToLong_uip(param, NULL, 10, &video->res->y))
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (STRPREFIX(param, "password=")) {
|
||||||
|
param += strlen("password=");
|
||||||
|
graphics->data.vnc.auth.passwd = g_strdup(param);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
|
10
tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
Normal file
10
tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
/usr/sbin/bhyve \
|
||||||
|
-c 1 \
|
||||||
|
-m 214 \
|
||||||
|
-u \
|
||||||
|
-H \
|
||||||
|
-P \
|
||||||
|
-s 0:0,hostbridge \
|
||||||
|
-l bootrom,/path/to/test.fd \
|
||||||
|
-s 4:0,fbuf,tcp=127.0.0.1:5904,password=s3cr3t \
|
||||||
|
-s 1,lpc bhyve
|
22
tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml
Normal file
22
tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
<domain type='bhyve'>
|
||||||
|
<name>bhyve</name>
|
||||||
|
<uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
|
||||||
|
<memory unit='KiB'>219136</memory>
|
||||||
|
<currentMemory unit='KiB'>219136</currentMemory>
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os>
|
||||||
|
<type>hvm</type>
|
||||||
|
</os>
|
||||||
|
<clock offset='utc'/>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
<on_reboot>destroy</on_reboot>
|
||||||
|
<on_crash>destroy</on_crash>
|
||||||
|
<devices>
|
||||||
|
<graphics type='vnc' port='5904' autoport='no' listen='127.0.0.1' passwd='s3cr3t'>
|
||||||
|
<listen type='address' address='127.0.0.1'/>
|
||||||
|
</graphics>
|
||||||
|
<video>
|
||||||
|
<model type='default' heads='1'/>
|
||||||
|
</video>
|
||||||
|
</devices>
|
||||||
|
</domain>
|
@ -76,7 +76,7 @@ testCompareXMLToArgvFiles(const char *xmlfile,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (vmdef && !(actualxml = virDomainDefFormat(vmdef, driver.xmlopt, 0)))
|
if (vmdef && !(actualxml = virDomainDefFormat(vmdef, driver.xmlopt, VIR_DOMAIN_DEF_FORMAT_SECURE)))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (vmdef && virTestCompareToFile(actualxml, xmlfile) < 0)
|
if (vmdef && virTestCompareToFile(actualxml, xmlfile) < 0)
|
||||||
@ -187,6 +187,7 @@ mymain(void)
|
|||||||
DO_TEST("vnc-vga-off");
|
DO_TEST("vnc-vga-off");
|
||||||
DO_TEST("vnc-vga-io");
|
DO_TEST("vnc-vga-io");
|
||||||
DO_TEST("vnc-resolution");
|
DO_TEST("vnc-resolution");
|
||||||
|
DO_TEST("vnc-password");
|
||||||
|
|
||||||
virObjectUnref(driver.caps);
|
virObjectUnref(driver.caps);
|
||||||
virObjectUnref(driver.xmlopt);
|
virObjectUnref(driver.xmlopt);
|
||||||
|
26
tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml
Normal file
26
tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<domain type='bhyve'>
|
||||||
|
<name>bhyve</name>
|
||||||
|
<uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
|
||||||
|
<memory>219136</memory>
|
||||||
|
<vcpu>1</vcpu>
|
||||||
|
<os>
|
||||||
|
<type>hvm</type>
|
||||||
|
<loader readonly="yes" type="pflash">/path/to/test.fd</loader>
|
||||||
|
</os>
|
||||||
|
<devices>
|
||||||
|
<disk type='file'>
|
||||||
|
<driver name='file' type='raw'/>
|
||||||
|
<source file='/tmp/freebsd.img'/>
|
||||||
|
<target dev='hda' bus='sata'/>
|
||||||
|
<address type='drive' controller='0' bus='0' target='2' unit='0'/>
|
||||||
|
</disk>
|
||||||
|
<interface type='bridge'>
|
||||||
|
<model type='virtio'/>
|
||||||
|
<source bridge="virbr0"/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
|
||||||
|
</interface>
|
||||||
|
<graphics type='vnc' port='5904' passwd="in,valid">
|
||||||
|
<listen type='address' address='127.0.0.1'/>
|
||||||
|
</graphics>
|
||||||
|
</devices>
|
||||||
|
</domain>
|
12
tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args
Normal file
12
tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
/usr/sbin/bhyve \
|
||||||
|
-c 1 \
|
||||||
|
-m 214 \
|
||||||
|
-u \
|
||||||
|
-H \
|
||||||
|
-P \
|
||||||
|
-s 0:0,hostbridge \
|
||||||
|
-l bootrom,/path/to/test.fd \
|
||||||
|
-s 1:0,lpc \
|
||||||
|
-s 2:0,ahci,hd:/tmp/freebsd.img \
|
||||||
|
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
|
||||||
|
-s 4:0,fbuf,tcp=127.0.0.1:5904,password=s3cr3t bhyve
|
@ -0,0 +1 @@
|
|||||||
|
dummy
|
26
tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml
Normal file
26
tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<domain type='bhyve'>
|
||||||
|
<name>bhyve</name>
|
||||||
|
<uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
|
||||||
|
<memory>219136</memory>
|
||||||
|
<vcpu>1</vcpu>
|
||||||
|
<os>
|
||||||
|
<type>hvm</type>
|
||||||
|
<loader readonly="yes" type="pflash">/path/to/test.fd</loader>
|
||||||
|
</os>
|
||||||
|
<devices>
|
||||||
|
<disk type='file'>
|
||||||
|
<driver name='file' type='raw'/>
|
||||||
|
<source file='/tmp/freebsd.img'/>
|
||||||
|
<target dev='hda' bus='sata'/>
|
||||||
|
<address type='drive' controller='0' bus='0' target='2' unit='0'/>
|
||||||
|
</disk>
|
||||||
|
<interface type='bridge'>
|
||||||
|
<model type='virtio'/>
|
||||||
|
<source bridge="virbr0"/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
|
||||||
|
</interface>
|
||||||
|
<graphics type='vnc' port='5904' passwd="s3cr3t">
|
||||||
|
<listen type='address' address='127.0.0.1'/>
|
||||||
|
</graphics>
|
||||||
|
</devices>
|
||||||
|
</domain>
|
@ -166,7 +166,8 @@ mymain(void)
|
|||||||
driver.bhyvecaps = BHYVE_CAP_RTC_UTC | BHYVE_CAP_AHCI32SLOT | \
|
driver.bhyvecaps = BHYVE_CAP_RTC_UTC | BHYVE_CAP_AHCI32SLOT | \
|
||||||
BHYVE_CAP_NET_E1000 | BHYVE_CAP_LPC_BOOTROM | \
|
BHYVE_CAP_NET_E1000 | BHYVE_CAP_LPC_BOOTROM | \
|
||||||
BHYVE_CAP_FBUF | BHYVE_CAP_XHCI | \
|
BHYVE_CAP_FBUF | BHYVE_CAP_XHCI | \
|
||||||
BHYVE_CAP_CPUTOPOLOGY | BHYVE_CAP_SOUND_HDA;
|
BHYVE_CAP_CPUTOPOLOGY | BHYVE_CAP_SOUND_HDA | \
|
||||||
|
BHYVE_CAP_VNC_PASSWORD;
|
||||||
|
|
||||||
DO_TEST("base");
|
DO_TEST("base");
|
||||||
DO_TEST("wired");
|
DO_TEST("wired");
|
||||||
@ -198,6 +199,8 @@ mymain(void)
|
|||||||
DO_TEST("vnc-vgaconf-io");
|
DO_TEST("vnc-vgaconf-io");
|
||||||
DO_TEST("vnc-autoport");
|
DO_TEST("vnc-autoport");
|
||||||
DO_TEST("vnc-resolution");
|
DO_TEST("vnc-resolution");
|
||||||
|
DO_TEST("vnc-password");
|
||||||
|
DO_TEST_FAILURE("vnc-password-comma");
|
||||||
DO_TEST("cputopology");
|
DO_TEST("cputopology");
|
||||||
DO_TEST_FAILURE("cputopology-nvcpu-mismatch");
|
DO_TEST_FAILURE("cputopology-nvcpu-mismatch");
|
||||||
DO_TEST("commandline");
|
DO_TEST("commandline");
|
||||||
@ -250,6 +253,9 @@ mymain(void)
|
|||||||
driver.bhyvecaps &= ~BHYVE_CAP_SOUND_HDA;
|
driver.bhyvecaps &= ~BHYVE_CAP_SOUND_HDA;
|
||||||
DO_TEST_FAILURE("sound");
|
DO_TEST_FAILURE("sound");
|
||||||
|
|
||||||
|
driver.bhyvecaps &= ~BHYVE_CAP_VNC_PASSWORD;
|
||||||
|
DO_TEST_FAILURE("vnc-password");
|
||||||
|
|
||||||
virObjectUnref(driver.caps);
|
virObjectUnref(driver.caps);
|
||||||
virObjectUnref(driver.xmlopt);
|
virObjectUnref(driver.xmlopt);
|
||||||
virPortAllocatorRangeFree(driver.remotePorts);
|
virPortAllocatorRangeFree(driver.remotePorts);
|
||||||
|
44
tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml
Normal file
44
tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
<domain type='bhyve'>
|
||||||
|
<name>bhyve</name>
|
||||||
|
<uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
|
||||||
|
<memory unit='KiB'>219136</memory>
|
||||||
|
<currentMemory unit='KiB'>219136</currentMemory>
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os>
|
||||||
|
<type arch='x86_64'>hvm</type>
|
||||||
|
<loader readonly='yes' type='pflash'>/path/to/test.fd</loader>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
</os>
|
||||||
|
<clock offset='utc'/>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
<on_reboot>restart</on_reboot>
|
||||||
|
<on_crash>destroy</on_crash>
|
||||||
|
<devices>
|
||||||
|
<disk type='file' device='disk'>
|
||||||
|
<driver name='file' type='raw'/>
|
||||||
|
<source file='/tmp/freebsd.img'/>
|
||||||
|
<target dev='hda' bus='sata'/>
|
||||||
|
<address type='drive' controller='0' bus='0' target='2' unit='0'/>
|
||||||
|
</disk>
|
||||||
|
<controller type='pci' index='0' model='pci-root'/>
|
||||||
|
<controller type='isa' index='0'>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='sata' index='0'>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
|
||||||
|
</controller>
|
||||||
|
<interface type='bridge'>
|
||||||
|
<mac address='52:54:00:00:00:00'/>
|
||||||
|
<source bridge='virbr0'/>
|
||||||
|
<model type='virtio'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
|
||||||
|
</interface>
|
||||||
|
<graphics type='vnc' port='5904' autoport='no' listen='127.0.0.1' passwd='s3cr3t'>
|
||||||
|
<listen type='address' address='127.0.0.1'/>
|
||||||
|
</graphics>
|
||||||
|
<video>
|
||||||
|
<model type='gop' heads='1' primary='yes'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
|
||||||
|
</video>
|
||||||
|
</devices>
|
||||||
|
</domain>
|
@ -107,6 +107,7 @@ mymain(void)
|
|||||||
DO_TEST_DIFFERENT("vnc-vgaconf-io");
|
DO_TEST_DIFFERENT("vnc-vgaconf-io");
|
||||||
DO_TEST_DIFFERENT("vnc-autoport");
|
DO_TEST_DIFFERENT("vnc-autoport");
|
||||||
DO_TEST_DIFFERENT("vnc-resolution");
|
DO_TEST_DIFFERENT("vnc-resolution");
|
||||||
|
DO_TEST_DIFFERENT("vnc-password");
|
||||||
DO_TEST_DIFFERENT("commandline");
|
DO_TEST_DIFFERENT("commandline");
|
||||||
DO_TEST_DIFFERENT("msrs");
|
DO_TEST_DIFFERENT("msrs");
|
||||||
DO_TEST_DIFFERENT("sound");
|
DO_TEST_DIFFERENT("sound");
|
||||||
|
Loading…
Reference in New Issue
Block a user