[PATCH v2 4/4] bhyve: add VNC password support
Daniel P. Berrangé
berrange at redhat.com
Tue Sep 22 12:47:51 UTC 2020
On Tue, Sep 22, 2020 at 04:28:51PM +0400, Roman Bogorodskiy wrote:
> From: Fabian Freyer <fabian.freyer at physik.tu-berlin.de>
>
> Support setting a password for the VNC framebuffer using the passwd
> attribute on the <graphics/> element, if the driver has the
> BHYVE_CAP_VNC_PASSWORD capability.
>
> Note that virsh domxml-from-native does not output the password in the
> generated XML, as VIR_DOMAIN_DEF_FORMAT_SECURE is not set when
> formatting the domain definition.
>
> Signed-off-by: Fabian Freyer <fabian.freyer at physik.tu-berlin.de>
> Signed-off-by: Roman Bogorodskiy <bogorodskiy at gmail.com>
> ---
> NEWS.rst | 7 +++
> src/bhyve/bhyve_command.c | 33 +++++++++-----
> src/bhyve/bhyve_parse_command.c | 5 +++
> .../bhyveargv2xml-vnc-password.args | 10 +++++
> .../bhyveargv2xml-vnc-password.xml | 22 ++++++++++
> tests/bhyveargv2xmltest.c | 3 +-
> .../bhyvexml2argv-vnc-password-comma.xml | 26 +++++++++++
> .../bhyvexml2argv-vnc-password.args | 12 +++++
> .../bhyvexml2argv-vnc-password.ldargs | 1 +
> .../bhyvexml2argv-vnc-password.xml | 26 +++++++++++
> tests/bhyvexml2argvtest.c | 8 +++-
> .../bhyvexml2xmlout-vnc-password.xml | 44 +++++++++++++++++++
> tests/bhyvexml2xmltest.c | 1 +
> 13 files changed, 185 insertions(+), 13 deletions(-)
> create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
> create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml
> create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml
> create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args
> create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.ldargs
> create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml
> create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml
>
> diff --git a/NEWS.rst b/NEWS.rst
> index bb48f5bd43..c949cb941b 100644
> --- a/NEWS.rst
> +++ b/NEWS.rst
> @@ -25,6 +25,13 @@ v6.8.0 (unreleased)
> Libvirt can now set the framebuffer's "w" and "h" parameters
> using the ``resolution`` element.
>
> + * bhyve: Support VNC password authentication
> +
> + Libvirt can now probe whether the bhyve binary supports
> + VNC password authentication. In case it does, a VNC password
> + can now be passed using the ``passwd`` attribute on
> + the ``<graphics>`` element.
> +
> * **Improvements**
>
> * qemu: Allow migration over UNIX sockets
> diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c
> index 176a339d5a..1b48438168 100644
> --- a/src/bhyve/bhyve_command.c
> +++ b/src/bhyve/bhyve_command.c
> @@ -424,17 +424,6 @@ bhyveBuildGraphicsArgStr(const virDomainDef *def,
> return -1;
> }
>
> - if (graphics->data.vnc.auth.passwd) {
> - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> - _("vnc password auth not supported"));
> - return -1;
> - } else {
> - /* Bhyve doesn't support VNC Auth yet, so print a warning about
> - * unauthenticated VNC sessions */
> - VIR_WARN("%s", _("Security warning: currently VNC auth is not"
> - " supported."));
> - }
> -
> if (glisten->address) {
> escapeAddr = strchr(glisten->address, ':') != NULL;
> if (escapeAddr)
> @@ -468,6 +457,28 @@ bhyveBuildGraphicsArgStr(const virDomainDef *def,
> return -1;
> }
>
> + if (graphics->data.vnc.auth.passwd) {
> + if (!(bhyveDriverGetBhyveCaps(driver) & BHYVE_CAP_VNC_PASSWORD)) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("VNC Passwort authentication not supported "
s/Passwort/Password/
> + "by bhyve"));
> + return -1;
> + }
> +
> + if (strchr(graphics->data.vnc.auth.passwd, ',')) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("Password may not contain ',' character"));
> + return -1;
> + }
> +
> + virBufferAsprintf(&opt, ",password=%s", graphics->data.vnc.auth.passwd);
> + } else {
> + if (!(bhyveDriverGetBhyveCaps(driver) & BHYVE_CAP_VNC_PASSWORD))
> + VIR_WARN("%s", _("Security warning: VNC auth is not supported."));
> + else
> + VIR_WARN("%s", _("Security warning: VNC is used without authentication."));
> + }
> +
> if (video->res)
> virBufferAsprintf(&opt, ",w=%d,h=%d", video->res->x, video->res->y);
>
With typo fixed:
Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list