[PATCH 5/6] authz: support passing sasl acl in vnc to qemu cmd

Thursday, 14 January 2021

support passing sasl acl in vnc to qemu cmd.
turn the xml example:
...
<graphics ...>
  <authz type='sasl' index='1'/>
</graphics>
...
into qemu cmd:
qemu-kvm
...
-vnc 0.0.0.0:0,sasl,sasl-authz=authz1

Signed-off-by: Zihao Chang <changzihao1(a)huawei.com&gt;
---
 src/qemu/qemu_command.c | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 8679c62d550f..e1a07a6e7113 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7537,6 +7537,30 @@ qemuBuildGraphicsSDLCommandLine(virQEMUDriverConfigPtr cfg
G_GNUC_UNUSED,
 }
 
 
+static int
+qemuBuildGraphicsVNCAuthzCommandLine(virBufferPtr opt,
+                                     virDomainGraphicsDefPtr graphics)
+{
+    size_t i;
+    int nAuthzs = graphics->data.vnc.auth.nAuthzs;
+    virDomainGraphicsAuthzDefPtr authzs = graphics->data.vnc.auth.authzs;
+
+    if (nAuthzs <= 0) {
+        return 0;
+    }
+
+    for (i = 0; i < nAuthzs; i++) {
+        if (authzs[i].type == VIR_DOMAIN_AUTHZ_TYPE_SASL) {
+            virBufferAsprintf(opt, ",sasl-authz=authz%lu", authzs[i].index);
+        } else if (authzs[i].type == VIR_DOMAIN_AUTHZ_TYPE_TLS) {
+            virBufferAsprintf(opt, ",tls-authz=authz%lu", authzs[i].index);
+        }
+    }
+
+    return 0;
+}
+
+
 static int
 qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
                                 virCommandPtr cmd,
@@ -7643,7 +7667,10 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
         if (cfg->vncSASLdir)
             virCommandAddEnvPair(cmd, "SASL_CONF_PATH", cfg->vncSASLdir);
 
-        /* TODO: Support ACLs later */
+    }
+
+    if (cfg->vncSASL || cfg->vncTLS) {
+        qemuBuildGraphicsVNCAuthzCommandLine(&opt, graphics);
     }
 
     virCommandAddArg(cmd, "-vnc");
-- 
2.28.0



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH 5/6] authz: support passing sasl acl in vnc to qemu cmd