aboutsummaryrefslogtreecommitdiff
path: root/configure
AgeCommit message (Collapse)Author
2009-03-07Support for DragonFly BSD (Hasso Tepper)blueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6746 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06Support ACLs for controlling VNC access ("Daniel P. Berrange")aliguori
This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06Add SASL authentication support ("Daniel P. Berrange")aliguori
This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-03Fix SDL on evdev hosts (Anthony Liguori)aliguori
This patch corrects SDL support on X11 hosts using evdev. It's losely based on the previous patch by Dustin Kirkland and the evdev support code in gtk-vnc written by Daniel Berrange. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6678 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-23Darwin: Check for x86_64 only on i386malc
The sysctl variable if we're 64-bit capable only exists on i386. So we should only check it if we're on i386. This suppresses a warning on PowerPC spotted by Andreas Faerber. Signed-off-by: Alexander Graf <alex@csgraf.de> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6640 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-26Enabled building of x86_64 code on Mac OS X (Alexander Graf)aliguori
Mac OS X 10.5 supports 64-bit userspace on an x86_64 kernel and by default uses 32-bit userspace applications, so the detection for the host architecture fails. This patch enabled building of x86_64 code on x86_64 capable CPUS with Mac OS X. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6443 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-24target-ppc: Add XML files for PowerPC registersaurel32
These files are nearly identical to the XML files provided with GDB. The only difference is that power-{fpu,spe}.xml do not assign register numbers; the internal QEMU machinery takes care of that. Define gdb_xml_files for ppc targets in configure as well. Signed-off-by: Nathan Froyd <froydnj@codesourcery.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6420 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-17Use kill instead of sigqueue: re-enables AIO on OpenBSDblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6360 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-16Fix false positive for AIO on OpenBSDblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6343 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15report issues causing the kvm probe to fail (Christian Ehrhardt)aliguori
The patch applies to upstream qemu as well as kvm-userspace, but since it is the qemu configure script I think it should go to upstream qemu (Anthony) first and with the next merge to kvm-userspace. On the other hand it is the kvm probe so an ack from Avi in case v3 is ok would be reasonable. *updates* v2 - it also reports other errors than just #error preprocessor statements (requested by Avi) v3 - In case awk or grep is not installed it now gracfully (silently) fails still disabling kvm (requested by Anthony) This patch is about reporting more details of the issue if configuring kvm fails. Therefore this patch keeps the qemu style configure output which is a list of "$Feature $Status", but extend the "no" result like "KVM Support no" with some more information. There might be a lot of things going wrong with that probe and I don't want to handle all of them, but if it is one of the known checks e.g. for KVM_API_VERSION then we could grep/awk that out and report it. The patch reports in case of a known case in the style "KVM support no - (Missing KVM capability KVM_CAP_DESTROY_MEMORY_REGION_WORKS)" In case more than one #error is triggered it creates a comma separated list in those brackets and in case it is something else than an #error it just reports plain old "no". Signed-off-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6334 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15Fix kvm configure test for PPCaliguori
QEMU uses "ppc" whereas Linux uses "powerpc". Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6326 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-14Migrate to check_definemalc
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6302 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-14Fix iovec probe on OpenBSDblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6297 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-09fix configuring kvm probe when using --kerneldir (Christian Ehrhardt)aliguori
There is already a variable kvm_cflags which gets the path of the kernel includes when using --kerneldir. But eventually with newer kernels we all will need arch/$arch/include too (my case was a incldue of asm/kvm.h which was not found anymore). Headers in a full kernel source are not flattened to one arch like they are if e.g. installed kernel headers are used. To fix that, the includes added to cflags depending on --kerneldir should also contian the arch includes. The patch adds a special check for x86 because its source layout recently changed, all others directly use arch/$cpu/include if existent. Signed-off-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6263 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-09More flexible audio card selectionmalc
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6258 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-07CRIS: Enable NTPL.edgar_igl
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6225 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-06Add missing spacemalc
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6194 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-31Add Sparc define checksblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6144 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-29Parse --cc and --cross-prefix earlier and use CC to determine cpu and hostaliguori
We have been relying on uname to determine the host cpu architecture and operating system. This is totally broken for cross compilation. It was workable in the past because you can manually override both settings but after the host USB passthrough refactoring, cross host builds were broken. This moves the parsing of --cc and --cross-prefix to before the probes for cpu and host. Complation testing is used to determine the host and CPU types. I've only added checks for i386, x86_64, Linux, and Windows since these are the only platforms I have access to for testing. Everything else falls back to uname. It should be relatively easy to add the right checks for other platforms and eliminate uname altogether. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6141 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-17Do not rely on BSD style echo (which accepts -n option)malc
http://www.opengroup.org/onlinepubs/7990989775/xcu/echo.html git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6072 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-16target-ppc: Enable KVM for ppcemb.aurel32
Implement hooks called by generic KVM code. Also add code that will copy the host's CPU and timebase frequencies to the guest, which is necessary on KVM because the guest can directly access the timebase. Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com> Acked-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6065 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-16Implement device tree support needed for Bamboo emulationaurel32
To implement the -kernel, -initrd, and -append options, 4xx board emulation must load the guest kernel as if firmware had loaded it. Where u-boot would be the firmware, we must load the flat device tree into memory and set key fields such as /chosen/bootargs. This patch introduces a dependency on libfdt for flat device tree support. Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6064 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-15configure: also switch ppc64abi32 and ppcemb to CONFIG_SOFTFLOATaurel32
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6043 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-15configure: switch to CONFIG_SOFTFLOAT for PPCaurel32
softfloat-native currently only supports one FPU context, while we need at least 3 of them for the PPC target (FPU, SPE, AVR). Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6041 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-15configure: close stdout for the remaining calls to cc.balrog
r5953 managed to quite most colorgcc errors leakage to console but not all of them. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6040 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-12Make sure to link librt if we need to.aliguori
This is really a stop-gap. The recent thread pool changes uncovered a deeper issue with how we use librt. We really should be probing for timer_create and then conditionally enabling that code. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5997 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-12Replace posix-aio with custom thread poolaliguori
glibc implements posix-aio as a thread pool and imposes a number of limitations. 1) it limits one request per-file descriptor. we hack around this by dup()'ing file descriptors which is hideously ugly 2) it's impossible to add new interfaces and we need a vectored read/write operation to properly support a zero-copy API. What has been suggested to me by glibc folks, is to implement whatever new interfaces we want and then it can eventually be proposed for standardization. This requires that we implement our own posix-aio implementation though. This patch implements posix-aio using pthreads. It immediately eliminates the need for fd pooling. It performs at least as well as the current posix-aio code (in some circumstances, even better). Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5996 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-09Disable KVM support if the kernel modules have broken memory slot handlingaliguori
Prior to kvm-80, memory slot deletion was broken in the KVM kernel modules. In kvm-81, a new capability is introduced to signify that this problem has been fixed. Since we rely on being able to delete memory slots, refuse to work with any kernel module that does not have this capability present. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5960 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-08configure: also close stdout when calling ccaurel32
Remove some ugly outputs with colorgcc Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5953 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07Quote configure's arguments and location while storing them in config_host.makmalc
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5940 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07Enable gcc flag -Wredundant-declsblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5931 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07Enable gcc flag -Wstrict-prototypesblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5930 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07Enable gcc flag -Wmissing-prototypesblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5929 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07Remove gcc 3.4 checkaurel32
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5911 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07target-ppc: convert SPR accesses to TCGaurel32
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5910 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05Make struct iovec universally availablealiguori
Vectored IO APIs will require some sort of vector argument. It makes sense to use struct iovec and just define it globally for Windows. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5889 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05Attached patch makes NetBSD use the native bswap functionsblueswir1
which compile. Signed-off-by: Christoph Egger <Christoph.Egger@amd.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5886 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-29Handle SDL log just like other temporary filesmalc
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5817 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-29Use trap shell builtin to remove temporary filesmalc
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5816 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-27Make installing bios files optional.ths
Signed-off-by: Riku Voipio <riku.voipio@iki.fi> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5800 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-23Fix typo reported by Thiemo Seuferblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5782 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-22Native BSD host USB support (Juergen Lock, Lonnie Mendez)blueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5780 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-22Fix some compile and linking issues on NetBSD.blueswir1
- adapt configure to link against -lrt to fix aio linking errors - adapt configure to link against -lossaudio to fix oss linking errors Signed-off-by: Christoph Egger <Christoph.Egger@amd.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5776 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-18Preliminary AIX supportmalc
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5732 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-05Allow KVM to be used on either 32-bit or 64-bit x86aliguori
Inspired by a patch from Glauber Costa. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5631 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-05Add --kerneldir configure argumentaliguori
This allows a user to override the default search path and also makes cross compilation work a bit nicer wrt KVM detection. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5628 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-05Add KVM support to QEMUaliguori
This patch adds very basic KVM support. KVM is a kernel module for Linux that allows userspace programs to make use of hardware virtualization support. It current supports x86 hardware virtualization using Intel VT-x or AMD-V. It also supports IA64 VT-i, PPC 440, and S390. This patch only implements the bare minimum support to get a guest booting. It has very little impact the rest of QEMU and attempts to integrate nicely with the rest of QEMU. Even though this implementation is basic, it is significantly faster than TCG. Booting and shutting down a Linux guest: w/TCG: 1:32.36 elapsed 84% CPU w/KVM: 0:31.14 elapsed 59% CPU Right now, KVM is disabled by default and must be explicitly enabled with -enable-kvm. We can enable it by default later when we have had better testing. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5627 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-01Avoid ld flag --warn-common on Solarisblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5594 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-26Preliminary BSD user emulator supportblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5544 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-24Fix windows build after migration changesaliguori
The live migration code broke the windows build. As part of this change, I've switched the BIOS path to C:\Program Files\Qemu instead of /c/Program Files/Qemu. The later is only valid when launching from MSYS but the former is always valid. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5524 c046a42c-6fe2-441c-8c8c-71466251a162