4:40 p.m.
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/qemu/libvirtd_qemu.aug | 7 ++++++
src/qemu/qemu.conf.in | 31 ++++++++++++++++++++++++
src/qemu/qemu_conf.c | 39 ++++++++++++++++++++++++++++++
src/qemu/qemu_conf.h | 6 +++++
src/qemu/test_libvirtd_qemu.aug.in | 5 ++++
tests/testutilsqemu.c | 2 ++
6 files changed, 90 insertions(+)
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 1377fd89cc..9fcdec29d1 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -50,6 +50,11 @@ module Libvirtd_qemu =
| bool_entry "spice_sasl"
| str_entry "spice_sasl_dir"
+ let rdp_entry = str_entry "rdp_listen"
+ | str_entry "rdp_tls_x509_cert_dir"
+ | str_entry "rdp_username"
+ | str_entry "rdp_password"
+
let chardev_entry = bool_entry "chardev_tls"
| str_entry "chardev_tls_x509_cert_dir"
| bool_entry "chardev_tls_x509_verify"
@@ -102,6 +107,7 @@ module Libvirtd_qemu =
| str_entry "bridge_helper"
| str_entry "pr_helper"
| str_entry "slirp_helper"
+ | str_entry "qemu_rdp"
| str_entry "dbus_daemon"
| bool_entry "set_process_name"
| int_entry "max_processes"
@@ -155,6 +161,7 @@ module Libvirtd_qemu =
let entry = default_tls_entry
| vnc_entry
| spice_entry
+ | rdp_entry
| chardev_entry
| migrate_entry
| backup_entry
diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index d853136f10..a623b12195 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -229,6 +229,31 @@
#
#spice_sasl_dir = "/some/directory/sasl2"
+# RDP is configured to listen on 127.0.0.1 by default.
+# To make it listen on all public interfaces, uncomment
+# this next option.
+#
+#rdp_listen = "0.0.0.0"
+
+# In order to override the default TLS certificate location for
+# RDP certificates, supply a valid path to the certificate directory.
+# If the path is not provided, then the default_tls_x509_cert_dir path
+# will be used.
+#
+#rdp_tls_x509_cert_dir = "/etc/pki/libvirt-rdp"
+
+# The default RDP username. This parameter is only used if the
+# per-domain XML config does not already provide a username.
+#
+#rdp_username = "user"
+
+# The default RDP password. This parameter is only used if the
+# per-domain XML config does not already provide a password.
+# By default, RDP server will not allow password-less connections.
+# Obviously change this example here before you set this.
+#
+#rdp_password = "RDP12345"
+
# Enable use of TLS encryption on the chardev TCP transports.
#
# It is necessary to setup CA and issue a server certificate
@@ -918,6 +943,12 @@
# Path to the SLIRP networking helper.
#slirp_helper = "/usr/bin/slirp-helper"
+
+# Path to qemu-rdp
+# If this is not an absolute path, the program will be searched for
+# in $PATH.
+#qemu_rdp = "qemu-rdp"
+
# Path to the dbus-daemon
# If this is not an absolute path, the program will be searched for
# in $PATH.
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 3c0bde1284..4c8bfb97a9 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -103,6 +103,7 @@ VIR_ONCE_GLOBAL_INIT(virQEMUConfig);
#define QEMU_BRIDGE_HELPER "qemu-bridge-helper"
#define QEMU_PR_HELPER "qemu-pr-helper"
+#define QEMU_RDP "qemu-rdp"
#define QEMU_DBUS_DAEMON "dbus-daemon"
@@ -240,6 +241,7 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged,
}
cfg->vncListen = g_strdup(VIR_LOOPBACK_IPV4_ADDR);
+ cfg->rdpListen = g_strdup(VIR_LOOPBACK_IPV4_ADDR);
cfg->spiceListen = g_strdup(VIR_LOOPBACK_IPV4_ADDR);
cfg->remotePortMin = QEMU_REMOTE_PORT_MIN;
@@ -265,6 +267,7 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged,
cfg->prHelperName = g_strdup(QEMU_PR_HELPER);
cfg->slirpHelperName = g_strdup(QEMU_SLIRP_HELPER);
cfg->dbusDaemonName = g_strdup(QEMU_DBUS_DAEMON);
+ cfg->qemuRdpName = g_strdup(QEMU_RDP);
cfg->securityDefaultConfined = true;
cfg->securityRequireConfined = false;
@@ -351,6 +354,11 @@ static void virQEMUDriverConfigDispose(void *obj)
g_free(cfg->spicePassword);
g_free(cfg->spiceSASLdir);
+ g_free(cfg->rdpTLSx509certdir);
+ g_free(cfg->rdpListen);
+ g_free(cfg->rdpUsername);
+ g_free(cfg->rdpPassword);
+
g_free(cfg->chardevTLSx509certdir);
g_free(cfg->chardevTLSx509secretUUID);
@@ -375,6 +383,7 @@ static void virQEMUDriverConfigDispose(void *obj)
g_free(cfg->prHelperName);
g_free(cfg->slirpHelperName);
g_free(cfg->dbusDaemonName);
+ g_free(cfg->qemuRdpName);
g_free(cfg->saveImageFormat);
g_free(cfg->dumpImageFormat);
@@ -502,6 +511,21 @@ virQEMUDriverConfigLoadSPICEEntry(virQEMUDriverConfig *cfg,
return 0;
}
+static int
+virQEMUDriverConfigLoadRDPEntry(virQEMUDriverConfig *cfg,
+ virConf *conf)
+{
+ if (virConfGetValueString(conf, "rdp_tls_x509_cert_dir",
&cfg->rdpTLSx509certdir) < 0)
+ return -1;
+ if (virConfGetValueString(conf, "rdp_listen", &cfg->rdpListen) <
0)
+ return -1;
+ if (virConfGetValueString(conf, "rdp_username", &cfg->rdpUsername)
< 0)
+ return -1;
+ if (virConfGetValueString(conf, "rdp_password", &cfg->rdpPassword)
< 0)
+ return -1;
+
+ return 0;
+}
static int
virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverConfig *cfg,
@@ -689,6 +713,9 @@ virQEMUDriverConfigLoadProcessEntry(virQEMUDriverConfig *cfg,
if (virConfGetValueString(conf, "dbus_daemon", &cfg->dbusDaemonName)
< 0)
return -1;
+ if (virConfGetValueString(conf, "qemu_rdp", &cfg->qemuRdpName) <
0)
+ return -1;
+
if (virConfGetValueBool(conf, "set_process_name",
&cfg->setProcessName) < 0)
return -1;
if (virConfGetValueUInt(conf, "max_processes", &cfg->maxProcesses)
< 0)
@@ -1159,6 +1186,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfig *cfg,
if (virQEMUDriverConfigLoadSPICEEntry(cfg, conf) < 0)
return -1;
+ if (virQEMUDriverConfigLoadRDPEntry(cfg, conf) < 0)
+ return -1;
+
if (virQEMUDriverConfigLoadSpecificTLSEntry(cfg, conf) < 0)
return -1;
@@ -1246,6 +1276,14 @@ virQEMUDriverConfigValidate(virQEMUDriverConfig *cfg)
return -1;
}
+ if (cfg->rdpTLSx509certdir &&
+ !virFileExists(cfg->rdpTLSx509certdir)) {
+ virReportError(VIR_ERR_CONF_SYNTAX,
+ _("rdp_tls_x509_cert_dir directory '%1$s' does not
exist"),
+ cfg->rdpTLSx509certdir);
+ return -1;
+ }
+
if (cfg->chardevTLSx509certdir &&
!virFileExists(cfg->chardevTLSx509certdir)) {
virReportError(VIR_ERR_CONF_SYNTAX,
@@ -1331,6 +1369,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfig *cfg)
SET_TLS_X509_CERT_DEFAULT(vnc);
SET_TLS_X509_CERT_DEFAULT(spice);
+ SET_TLS_X509_CERT_DEFAULT(rdp);
SET_TLS_X509_CERT_DEFAULT(chardev);
SET_TLS_X509_CERT_DEFAULT(migrate);
SET_TLS_X509_CERT_DEFAULT(backup);
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 8ded2b597c..3ab1c19e57 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -136,6 +136,11 @@ struct _virQEMUDriverConfig {
char *spicePassword;
bool spiceAutoUnixSocket;
+ char *rdpTLSx509certdir;
+ char *rdpListen;
+ char *rdpUsername;
+ char *rdpPassword;
+
bool chardevTLS;
char *chardevTLSx509certdir;
bool chardevTLSx509verify;
@@ -174,6 +179,7 @@ struct _virQEMUDriverConfig {
char *prHelperName;
char *slirpHelperName;
char *dbusDaemonName;
+ char *qemuRdpName;
bool macFilter;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 69fdae215a..9760976a22 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -22,6 +22,10 @@ module Test_libvirtd_qemu =
{ "spice_password" = "XYZ12345" }
{ "spice_sasl" = "1" }
{ "spice_sasl_dir" = "/some/directory/sasl2" }
+{ "rdp_listen" = "0.0.0.0" }
+{ "rdp_tls_x509_cert_dir" = "/etc/pki/libvirt-rdp" }
+{ "rdp_username" = "user" }
+{ "rdp_password" = "RDP12345" }
{ "chardev_tls" = "1" }
{ "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" }
{ "chardev_tls_x509_verify" = "1" }
@@ -110,6 +114,7 @@ module Test_libvirtd_qemu =
{ "memory_backing_dir" = "/var/lib/libvirt/qemu/ram" }
{ "pr_helper" = "qemu-pr-helper" }
{ "slirp_helper" = "/usr/bin/slirp-helper" }
+{ "qemu_rdp" = "qemu-rdp" }
{ "dbus_daemon" = "dbus-daemon" }
{ "swtpm_user" = "tss" }
{ "swtpm_group" = "tss" }
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 6635e5e0cd..c6bea72783 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -382,6 +382,8 @@ int qemuTestDriverInit(virQEMUDriver *driver)
cfg->vncTLSx509certdir = g_strdup("/etc/pki/libvirt-vnc");
VIR_FREE(cfg->spiceTLSx509certdir);
cfg->spiceTLSx509certdir = g_strdup("/etc/pki/libvirt-spice");
+ VIR_FREE(cfg->rdpTLSx509certdir);
+ cfg->rdpTLSx509certdir = g_strdup("/etc/pki/libvirt-rdp");
VIR_FREE(cfg->chardevTLSx509certdir);
cfg->chardevTLSx509certdir = g_strdup("/etc/pki/libvirt-chardev");
VIR_FREE(cfg->vxhsTLSx509certdir);
--
2.47.0