bhyve: add VNC password support

Support setting a password for the VNC framebuffer using the passwd
attribute on the <graphics/> element, if the driver has the
BHYVE_CAP_VNC_PASSWORD capability.

Note that virsh domxml-from-native does not output the password in the
generated XML, as VIR_DOMAIN_DEF_FORMAT_SECURE is not set when
formatting the domain definition.

Signed-off-by: Fabian Freyer <fabian.freyer@physik.tu-berlin.de>
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

NEWS.rst

@@ -25,6 +25,13 @@ v6.8.0 (unreleased)
     Libvirt can now set the framebuffer's "w" and "h" parameters
     using the ``resolution`` element.
 
+  * bhyve: Support VNC password authentication
+
+    Libvirt can now probe whether the bhyve binary supports
+    VNC password authentication. In case it does, a VNC password
+    can now be passed using the ``passwd`` attribute on
+    the ``<graphics>`` element.
+
 * **Improvements**
 
   * qemu: Allow migration over UNIX sockets

src/bhyve/bhyve_command.c

@@ -424,17 +424,6 @@ bhyveBuildGraphicsArgStr(const virDomainDef *def,
             return -1;
         }
 
-        if (graphics->data.vnc.auth.passwd) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                           _("vnc password auth not supported"));
-            return -1;
-        } else {
-             /* Bhyve doesn't support VNC Auth yet, so print a warning about
-              * unauthenticated VNC sessions */
-             VIR_WARN("%s", _("Security warning: currently VNC auth is not"
-                              " supported."));
-        }
-
         if (glisten->address) {
             escapeAddr = strchr(glisten->address, ':') != NULL;
             if (escapeAddr)
@@ -468,6 +457,28 @@ bhyveBuildGraphicsArgStr(const virDomainDef *def,
         return -1;
     }
 
+    if (graphics->data.vnc.auth.passwd) {
+        if (!(bhyveDriverGetBhyveCaps(driver) & BHYVE_CAP_VNC_PASSWORD)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("VNC Password authentication not supported "
+                             "by bhyve"));
+            return -1;
+        }
+
+        if (strchr(graphics->data.vnc.auth.passwd, ',')) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("Password may not contain ',' character"));
+            return -1;
+        }
+
+        virBufferAsprintf(&opt, ",password=%s", graphics->data.vnc.auth.passwd);
+    } else {
+        if (!(bhyveDriverGetBhyveCaps(driver) & BHYVE_CAP_VNC_PASSWORD))
+            VIR_WARN("%s", _("Security warning: VNC auth is not supported."));
+        else
+            VIR_WARN("%s", _("Security warning: VNC is used without authentication."));
+    }
+
     if (video->res)
         virBufferAsprintf(&opt, ",w=%d,h=%d", video->res->x, video->res->y);
 

src/bhyve/bhyve_parse_command.c

@@ -641,6 +641,11 @@ bhyveParsePCIFbuf(virDomainDefPtr def,
             if (virStrToLong_uip(param, NULL, 10, &video->res->y))
                 goto error;
         }
+
+        if (STRPREFIX(param, "password=")) {
+            param += strlen("password=");
+            graphics->data.vnc.auth.passwd = g_strdup(param);
+        }
     }
 
  cleanup:

tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args

@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 4:0,fbuf,tcp=127.0.0.1:5904,password=s3cr3t \
+-s 1,lpc bhyve

tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml

@@ -0,0 +1,22 @@
+<domain type='bhyve'>
+  <name>bhyve</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <currentMemory unit='KiB'>219136</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type>hvm</type>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>destroy</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <graphics type='vnc' port='5904' autoport='no' listen='127.0.0.1' passwd='s3cr3t'>
+      <listen type='address' address='127.0.0.1'/>
+    </graphics>
+    <video>
+      <model type='default' heads='1'/>
+    </video>
+  </devices>
+</domain>

tests/bhyveargv2xmltest.c

@@ -76,7 +76,7 @@ testCompareXMLToArgvFiles(const char *xmlfile,
         return -1;
     }
 
-    if (vmdef && !(actualxml = virDomainDefFormat(vmdef, driver.xmlopt, 0)))
+    if (vmdef && !(actualxml = virDomainDefFormat(vmdef, driver.xmlopt, VIR_DOMAIN_DEF_FORMAT_SECURE)))
         return -1;
 
     if (vmdef && virTestCompareToFile(actualxml, xmlfile) < 0)
@@ -187,6 +187,7 @@ mymain(void)
     DO_TEST("vnc-vga-off");
     DO_TEST("vnc-vga-io");
     DO_TEST("vnc-resolution");
+    DO_TEST("vnc-password");
 
     virObjectUnref(driver.caps);
     virObjectUnref(driver.xmlopt);

tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml

@@ -0,0 +1,26 @@
+<domain type='bhyve'>
+  <name>bhyve</name>
+  <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+  <memory>219136</memory>
+  <vcpu>1</vcpu>
+  <os>
+    <type>hvm</type>
+    <loader readonly="yes" type="pflash">/path/to/test.fd</loader>
+  </os>
+  <devices>
+    <disk type='file'>
+      <driver name='file' type='raw'/>
+      <source file='/tmp/freebsd.img'/>
+      <target dev='hda' bus='sata'/>
+      <address type='drive' controller='0' bus='0' target='2' unit='0'/>
+    </disk>
+    <interface type='bridge'>
+      <model type='virtio'/>
+      <source bridge="virbr0"/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <graphics type='vnc' port='5904' passwd="in,valid">
+      <listen type='address' address='127.0.0.1'/>
+    </graphics>
+  </devices>
+</domain>

tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args

@@ -0,0 +1,12 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 1:0,lpc \
+-s 2:0,ahci,hd:/tmp/freebsd.img \
+-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
+-s 4:0,fbuf,tcp=127.0.0.1:5904,password=s3cr3t bhyve

tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.ldargs

@@ -0,0 +1 @@
+dummy

tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml

@@ -0,0 +1,26 @@
+<domain type='bhyve'>
+  <name>bhyve</name>
+  <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+  <memory>219136</memory>
+  <vcpu>1</vcpu>
+  <os>
+    <type>hvm</type>
+    <loader readonly="yes" type="pflash">/path/to/test.fd</loader>
+  </os>
+  <devices>
+    <disk type='file'>
+      <driver name='file' type='raw'/>
+      <source file='/tmp/freebsd.img'/>
+      <target dev='hda' bus='sata'/>
+      <address type='drive' controller='0' bus='0' target='2' unit='0'/>
+    </disk>
+    <interface type='bridge'>
+      <model type='virtio'/>
+      <source bridge="virbr0"/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <graphics type='vnc' port='5904' passwd="s3cr3t">
+      <listen type='address' address='127.0.0.1'/>
+    </graphics>
+  </devices>
+</domain>

tests/bhyvexml2argvtest.c

@@ -166,7 +166,8 @@ mymain(void)
     driver.bhyvecaps = BHYVE_CAP_RTC_UTC | BHYVE_CAP_AHCI32SLOT | \
                        BHYVE_CAP_NET_E1000 | BHYVE_CAP_LPC_BOOTROM | \
                        BHYVE_CAP_FBUF | BHYVE_CAP_XHCI | \
-                       BHYVE_CAP_CPUTOPOLOGY | BHYVE_CAP_SOUND_HDA;
+                       BHYVE_CAP_CPUTOPOLOGY | BHYVE_CAP_SOUND_HDA | \
+                       BHYVE_CAP_VNC_PASSWORD;
 
     DO_TEST("base");
     DO_TEST("wired");
@@ -198,6 +199,8 @@ mymain(void)
     DO_TEST("vnc-vgaconf-io");
     DO_TEST("vnc-autoport");
     DO_TEST("vnc-resolution");
+    DO_TEST("vnc-password");
+    DO_TEST_FAILURE("vnc-password-comma");
     DO_TEST("cputopology");
     DO_TEST_FAILURE("cputopology-nvcpu-mismatch");
     DO_TEST("commandline");
@@ -250,6 +253,9 @@ mymain(void)
     driver.bhyvecaps &= ~BHYVE_CAP_SOUND_HDA;
     DO_TEST_FAILURE("sound");
 
+    driver.bhyvecaps &= ~BHYVE_CAP_VNC_PASSWORD;
+    DO_TEST_FAILURE("vnc-password");
+
     virObjectUnref(driver.caps);
     virObjectUnref(driver.xmlopt);
     virPortAllocatorRangeFree(driver.remotePorts);

tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml

@@ -0,0 +1,44 @@
+<domain type='bhyve'>
+  <name>bhyve</name>
+  <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+  <memory unit='KiB'>219136</memory>
+  <currentMemory unit='KiB'>219136</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64'>hvm</type>
+    <loader readonly='yes' type='pflash'>/path/to/test.fd</loader>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <disk type='file' device='disk'>
+      <driver name='file' type='raw'/>
+      <source file='/tmp/freebsd.img'/>
+      <target dev='hda' bus='sata'/>
+      <address type='drive' controller='0' bus='0' target='2' unit='0'/>
+    </disk>
+    <controller type='pci' index='0' model='pci-root'/>
+    <controller type='isa' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:00:00:00'/>
+      <source bridge='virbr0'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <graphics type='vnc' port='5904' autoport='no' listen='127.0.0.1' passwd='s3cr3t'>
+      <listen type='address' address='127.0.0.1'/>
+    </graphics>
+    <video>
+      <model type='gop' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </video>
+  </devices>
+</domain>

tests/bhyvexml2xmltest.c

@@ -107,6 +107,7 @@ mymain(void)
     DO_TEST_DIFFERENT("vnc-vgaconf-io");
     DO_TEST_DIFFERENT("vnc-autoport");
     DO_TEST_DIFFERENT("vnc-resolution");
+    DO_TEST_DIFFERENT("vnc-password");
     DO_TEST_DIFFERENT("commandline");
     DO_TEST_DIFFERENT("msrs");
     DO_TEST_DIFFERENT("sound");