This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
This patch add an emulation of MPC8544DS board.
It can work on All E500 platforms.
Signed-off-by: Liu Yu <yu.liu@freescale.com>
Acked-by: Hollis Blanchard <hollisb@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6663 c046a42c-6fe2-441c-8c8c-71466251a162
This patch add the emulation of freescale's pci controller for MPC85xx platform.
Signed-off-by: Liu Yu <yu.liu@freescale.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6661 c046a42c-6fe2-441c-8c8c-71466251a162
Add monitor command to hot-add PCI devices (nic and storage).
Syntax is:
pci_add pci_addr=[[<domain>:]<bus>:]<slot> nic|storage params
It returns the domain, bus and slot for the newly added device on success.
It is possible to attach a disk to a device after PCI initialization via
the drive_add command. If so, a manual scan of the SCSI bus on the guest
is necessary.
Save QEMUMachine necessary for drive_init.
Add monitor command to hot-remove devices, remove device data on _EJ0 notification.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6610 c046a42c-6fe2-441c-8c8c-71466251a162
Adds "msmouse" character device, which emulates a serial mouse.
Use it with -serial msmouse.
Signed-Off-By: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6559 c046a42c-6fe2-441c-8c8c-71466251a162
Support all kinds of pci vga cards (including none)
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6557 c046a42c-6fe2-441c-8c8c-71466251a162
Scatter-gather lists are used extensively in dma-capable devices; a
single data structure allows more code reuse later on.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6522 c046a42c-6fe2-441c-8c8c-71466251a162
Adds support for qemu to modify target process environment
variables using -E and -U commandline switches. This replaces
eventually the -drop-ld-preload flag.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6484 c046a42c-6fe2-441c-8c8c-71466251a162
Put archive utility (ar) invocations into a rule, and have it generate
quiet output by default.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6381 c046a42c-6fe2-441c-8c8c-71466251a162
Use generic rules where posssible, and a LINK macro where not.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6379 c046a42c-6fe2-441c-8c8c-71466251a162
Add a file for common makefile rules.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6378 c046a42c-6fe2-441c-8c8c-71466251a162
Instead of specifying the compilation command over and over, use a single
rule and adjust it as necessary using target specific target overrides.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6377 c046a42c-6fe2-441c-8c8c-71466251a162
OP_CFLAGS is no longer used, except for machine.c, where it is not needed.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6376 c046a42c-6fe2-441c-8c8c-71466251a162
This patch adds the virtio console to qemu. This console can be found after the
serial and parallel outputs as another virtual console. In the -nographic case
it is redirected to the null output by default.
Signed-off-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6315 c046a42c-6fe2-441c-8c8c-71466251a162
According to $GCC/gcc/config/rs6000/rs6000-c.c _ARCH_PPC is the
ubiquitous define which should be used to test whether gcc targets
PowerPC, on 64bit platforms _ARCH_PPC64 will be also defined.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6301 c046a42c-6fe2-441c-8c8c-71466251a162
ac97 has drivers for Vista 64-bit whereas sb16 and es1370 do not appear to. I
asked malc why it was disabled and he said it was because it was GPL. He did
not object to enabling it now that more QEMU code is GPL'd.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6253 c046a42c-6fe2-441c-8c8c-71466251a162
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6197 c046a42c-6fe2-441c-8c8c-71466251a162
Since pci.c creates network devices, anything that links against pci.c
(everything) has to link against all network devices. Since virtio-net
also requires virtio, we might as well link every target against all of
the virtio devices.
This suggests that the pci.c network device creation function needs some
refactoring.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6082 c046a42c-6fe2-441c-8c8c-71466251a162
This patch adds HPET emulation. It can be disabled with -disable-hpet. An hpet
provides a more finely granular clocksource than otherwise available on PC.
This means that latency-dependent applications (e.g. multimedia) will generally
be smoother when using the HPET.
Signed-off-by: Beth Kon <eak@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6081 c046a42c-6fe2-441c-8c8c-71466251a162
This adds virtio-net support. This is based on the virtio-net driver
that exists in kvm-userspace. This also adds a new qemu_sendv_packet
which virtio-net requires.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6073 c046a42c-6fe2-441c-8c8c-71466251a162
Since most IO devices are integrated into the 440EP chip, "Bamboo support"
mostly entails implementing the -kernel, -initrd, and -append options.
These options are implemented by loading the guest as if u-boot had done it,
i.e. loading a flat device tree, updating it to hold initrd addresses, ram
size, and command line, and passing the FDT address in r3.
Since we use it with KVM, we enable the virtio block driver and include hooks
necessary for KVM support.
Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6067 c046a42c-6fe2-441c-8c8c-71466251a162
Wire up the system-on-chip devices present on 440EP chips.
This patch is a little unusual in that qemu doesn't actually emulate the 440
core, but we use this board code with KVM (which does). If/when 440 core
emulation is supported, the kvm_enabled() hack can be removed.
Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6066 c046a42c-6fe2-441c-8c8c-71466251a162
Implement hooks called by generic KVM code.
Also add code that will copy the host's CPU and timebase frequencies to the
guest, which is necessary on KVM because the guest can directly access the
timebase.
Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6065 c046a42c-6fe2-441c-8c8c-71466251a162
To implement the -kernel, -initrd, and -append options, 4xx board emulation
must load the guest kernel as if firmware had loaded it. Where u-boot would be
the firmware, we must load the flat device tree into memory and set key fields
such as /chosen/bootargs.
This patch introduces a dependency on libfdt for flat device tree support.
Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6064 c046a42c-6fe2-441c-8c8c-71466251a162
The TSC2102 chip is not included in documentation because a patch is
pending.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6038 c046a42c-6fe2-441c-8c8c-71466251a162
glibc implements posix-aio as a thread pool and imposes a number of limitations.
1) it limits one request per-file descriptor. we hack around this by dup()'ing
file descriptors which is hideously ugly
2) it's impossible to add new interfaces and we need a vectored read/write
operation to properly support a zero-copy API.
What has been suggested to me by glibc folks, is to implement whatever new
interfaces we want and then it can eventually be proposed for standardization.
This requires that we implement our own posix-aio implementation though.
This patch implements posix-aio using pthreads. It immediately eliminates the
need for fd pooling.
It performs at least as well as the current posix-aio code (in some
circumstances, even better).
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5996 c046a42c-6fe2-441c-8c8c-71466251a162
This patch adds emulation for a CompactFlash on sh4/r2d board.
The device is CF, but wired to be worked as True-IDE mode, and connected
directly to SH bus. So, this code is to support generally mmio based
IDEs which are supported by "pata_platform" driver in linux kernel.
Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5924 c046a42c-6fe2-441c-8c8c-71466251a162
this patch removes some now unused things after dyngen removal.
1. dyngen-exec.h: op_param, op _jmp and some associated macros
are now unused;
2. Makefile.target: tcg-dyngen is not needed anymore
2. tcg/tcg-op.h, tcg/tcg-opc.h: gen-op.h is dead
3. tcg.c:
- INDEX_op_end is now the first op
- CONFIG_DYNGEN_OP is never defined
4. tcg.h: dyngen_op not needed anymore
5. exec-all.h: remove some ASM macros.
Signed-off-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5922 c046a42c-6fe2-441c-8c8c-71466251a162
This adds a VirtIO based balloon driver. It uses madvise() to actually balloon
the memory when possible.
Until 2.6.27, KVM forced memory pinning so we must disable ballooning unless the
kernel actually supports it when using KVM. It's always safe when using TCG.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5874 c046a42c-6fe2-441c-8c8c-71466251a162
Virtio-blk is a paravirtual block device based on VirtIO. It can be used by
specifying the if=virtio parameter to the -drive parameter.
When using -enable-kvm, it can achieve very good performance compared to IDE or
SCSI.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5870 c046a42c-6fe2-441c-8c8c-71466251a162
This patch adds core support for VirtIO. VirtIO is a paravirtualization
framework that has been in Linux since 2.6.21. A PCI transport has been
available since 2.6.25. Network drivers are also available for Windows.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5869 c046a42c-6fe2-441c-8c8c-71466251a162
This PCI controller can be found on a number of 4xx SoCs, including the 440EP.
Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5862 c046a42c-6fe2-441c-8c8c-71466251a162
This will improve the build time.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5699 c046a42c-6fe2-441c-8c8c-71466251a162
This patch creates a new source file qemu-sockets.c with a bunch of
helper functions to create listening and connected sockets.
New features of this code are (a) support for searching for a free
port in a given range and (b) support for IPv6.
The following patches put that code into use.
Compile fixes for Windows added by Anthony Liguori
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5695 c046a42c-6fe2-441c-8c8c-71466251a162
KVM's live migration support included support for exec: URLs, allowing system
state to be written or received via an arbitrary popen()ed subprocess. This
provides a convenient way to pipe state through a compression algorithm or an
arbitrary network transport on its way to its destination, and a convenient way
to write state to disk; libvirt's qemu driver currently uses migration to exec:
targets for this latter purpose.
This version of the patch refactors now-common code from migrate-tcp.c into
migrate.c.
Signed-off-by: Charles Duffy <Charles_Duffy@messageone.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5694 c046a42c-6fe2-441c-8c8c-71466251a162