8:35 a.m.
Add support for setting the bhyve framebuffer resolution and probe
whether bhyve supports VNC password authentication. If it does, allow
setting the password.
While we're here, also add support for parsing bhyve's framebuffer
argument string.
Fabian Freyer (4):
bhyve: support parsing fbuf PCI device
bhyve: add support for setting fbuf resolution
bhyve: probe for VNC password capability
bhyve: add VNC password support
docs/formatdomain.html.in | 2 +-
docs/news.xml | 20 +++
src/bhyve/bhyve_capabilities.c | 16 ++-
src/bhyve/bhyve_capabilities.h | 1 +
src/bhyve/bhyve_command.c | 36 ++++--
src/bhyve/bhyve_parse_command.c | 116 +++++++++++++++++-
src/libvirt_private.syms | 1 +
.../bhyveargv2xml-vnc-listen.args | 10 ++
.../bhyveargv2xml-vnc-listen.xml | 22 ++++
.../bhyveargv2xml-vnc-password.args | 10 ++
.../bhyveargv2xml-vnc-password.xml | 22 ++++
.../bhyveargv2xml-vnc-resolution.args | 10 ++
.../bhyveargv2xml-vnc-resolution.xml | 24 ++++
.../bhyveargv2xml-vnc-vga-io.args | 10 ++
.../bhyveargv2xml-vnc-vga-io.xml | 22 ++++
.../bhyveargv2xml-vnc-vga-off.args | 10 ++
.../bhyveargv2xml-vnc-vga-off.xml | 23 ++++
.../bhyveargv2xml-vnc-vga-on.args | 10 ++
.../bhyveargv2xml-vnc-vga-on.xml | 23 ++++
.../bhyveargv2xmldata/bhyveargv2xml-vnc.args | 10 ++
tests/bhyveargv2xmldata/bhyveargv2xml-vnc.xml | 22 ++++
tests/bhyveargv2xmltest.c | 9 +-
.../bhyvexml2argv-vnc-password-comma.xml | 26 ++++
.../bhyvexml2argv-vnc-password.args | 12 ++
.../bhyvexml2argv-vnc-password.ldargs | 1 +
.../bhyvexml2argv-vnc-password.xml | 26 ++++
.../bhyvexml2argv-vnc-resolution.args | 10 ++
.../bhyvexml2argv-vnc-resolution.ldargs | 1 +
.../bhyvexml2argv-vnc-resolution.xml | 20 +++
tests/bhyvexml2argvtest.c | 8 +-
.../bhyvexml2xmlout-vnc-password.xml | 41 +++++++
.../bhyvexml2xmlout-vnc-resolution.xml | 28 +++++
tests/bhyvexml2xmltest.c | 2 +
33 files changed, 588 insertions(+), 16 deletions(-)
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.ldargs
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.args
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.ldargs
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.xml
create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml
create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-resolution.xml
--
2.19.2
8:35 a.m.
New subject: [PATCH 1/4] bhyve: support parsing fbuf PCI device
Add a new helper function, bhyveParsePCIFbuf, to parse the bhyve-argv
parameters for a frame-buffer device to <graphics/> and <video/>
definitions.
For now, only the listen address, port, and vga mode are detected.
Unsupported parameters are silently skipped.
This involves upgrading the private API to expose the
virDomainGraphicsDefNew helper function, which is used by
bhyveParsePCIFbuf.
Signed-off-by: Fabian Freyer <fabian.freyer(a)physik.tu-berlin.de>
---
src/bhyve/bhyve_parse_command.c | 91 ++++++++++++++++++-
src/libvirt_private.syms | 1 +
.../bhyveargv2xml-vnc-listen.args | 10 ++
.../bhyveargv2xml-vnc-listen.xml | 22 +++++
.../bhyveargv2xml-vnc-vga-io.args | 10 ++
.../bhyveargv2xml-vnc-vga-io.xml | 22 +++++
.../bhyveargv2xml-vnc-vga-off.args | 10 ++
.../bhyveargv2xml-vnc-vga-off.xml | 23 +++++
.../bhyveargv2xml-vnc-vga-on.args | 10 ++
.../bhyveargv2xml-vnc-vga-on.xml | 23 +++++
.../bhyveargv2xmldata/bhyveargv2xml-vnc.args | 10 ++
tests/bhyveargv2xmldata/bhyveargv2xml-vnc.xml | 22 +++++
tests/bhyveargv2xmltest.c | 5 +
13 files changed, 258 insertions(+), 1 deletion(-)
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc.xml
diff --git a/src/bhyve/bhyve_parse_command.c b/src/bhyve/bhyve_parse_command.c
index 76423730d9..39cce67ea9 100644
--- a/src/bhyve/bhyve_parse_command.c
+++ b/src/bhyve/bhyve_parse_command.c
@@ -4,7 +4,7 @@
* Copyright (C) 2006-2016 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
* Copyright (c) 2011 NetApp, Inc.
- * Copyright (C) 2016 Fabian Freyer
+ * Copyright (C) 2020 Fabian Freyer
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -552,6 +552,93 @@ bhyveParsePCINet(virDomainDefPtr def,
return -1;
}
+static int
+bhyveParsePCIFbuf(virDomainDefPtr def,
+ virDomainXMLOptionPtr xmlopt,
+ unsigned caps G_GNUC_UNUSED,
+ unsigned bus,
+ unsigned slot,
+ unsigned function,
+ const char *config)
+{
+ /* -s slot,fbuf,wait,vga=on|io|off,rfb=<ip>:port,w=width,h=height */
+
+ virDomainVideoDefPtr video = NULL;
+ virDomainGraphicsDefPtr graphics = NULL;
+ char **params = NULL;
+ char *param = NULL, *separator = NULL;
+ size_t nparams = 0;
+ unsigned int i = 0;
+
+ if (!(video = virDomainVideoDefNew(xmlopt)))
+ goto cleanup;
+
+ if (!(graphics = virDomainGraphicsDefNew(xmlopt)))
+ goto cleanup;
+
+ graphics->type = VIR_DOMAIN_GRAPHICS_TYPE_VNC;
+ video->info.addr.pci.bus = bus;
+ video->info.addr.pci.slot = slot;
+ video->info.addr.pci.function = function;
+
+ if (!config)
+ goto error;
+
+ if (!(params = virStringSplitCount(config, ",", 0, &nparams)))
+ goto error;
+
+ for (i = 0; i < nparams; i++) {
+ param = params[i];
+ if (!video->driver && VIR_ALLOC(video->driver) < 0)
+ goto error;
+
+ if (STREQ(param, "vga=on"))
+ video->driver->vgaconf = VIR_DOMAIN_VIDEO_VGACONF_ON;
+
+ if (STREQ(param, "vga=io"))
+ video->driver->vgaconf = VIR_DOMAIN_VIDEO_VGACONF_IO;
+
+ if (STREQ(param, "vga=off"))
+ video->driver->vgaconf = VIR_DOMAIN_VIDEO_VGACONF_OFF;
+
+ if (STRPREFIX(param, "rfb=") || STRPREFIX(param, "tcp=")) {
+ /* fortunately, this is the same length as "tcp=" */
+ param += strlen("rfb=");
+
+ if (!(separator = strchr(param, ':')))
+ goto error;
+
+ *separator = '\0';
+
+ if (separator != param)
+ virDomainGraphicsListenAppendAddress(graphics, param);
+ else
+ /* Default to 127.0.0.1, just like bhyve does */
+ virDomainGraphicsListenAppendAddress(graphics, "127.0.0.1");
+
+ param = ++separator;
+ if (virStrToLong_i(param, NULL, 10, &graphics->data.vnc.port))
+ goto error;
+ }
+ }
+
+ cleanup:
+ if (VIR_APPEND_ELEMENT(def->videos, def->nvideos, video) < 0)
+ goto error;
+
+ if (VIR_APPEND_ELEMENT(def->graphics, def->ngraphics, graphics) < 0)
+ goto error;
+
+ virStringListFree(params);
+ return 0;
+
+ error:
+ virDomainVideoDefFree(video);
+ virDomainGraphicsDefFree(graphics);
+ virStringListFree(params);
+ return -1;
+}
+
static int
bhyveParseBhyvePCIArg(virDomainDefPtr def,
virDomainXMLOptionPtr xmlopt,
@@ -614,6 +701,8 @@ bhyveParseBhyvePCIArg(virDomainDefPtr def,
else if (STREQ(emulation, "e1000"))
bhyveParsePCINet(def, xmlopt, caps, bus, slot, function,
VIR_DOMAIN_NET_MODEL_E1000, conf);
+ else if (STREQ(emulation, "fbuf"))
+ bhyveParsePCIFbuf(def, xmlopt, caps, bus, slot, function, conf);
VIR_FREE(emulation);
VIR_FREE(slotdef);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 935ef7303b..6fed32bfb9 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -414,6 +414,7 @@ virDomainGraphicsAuthConnectedTypeFromString;
virDomainGraphicsAuthConnectedTypeToString;
virDomainGraphicsDefFree;
virDomainGraphicsDefHasOpenGL;
+virDomainGraphicsDefNew;
virDomainGraphicsGetListen;
virDomainGraphicsGetRenderNode;
virDomainGraphicsListenAppendAddress;
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.args
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.args
new file mode 100644
index 0000000000..b97b64a0dc
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.args
@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 2:0,fbuf,tcp=1.2.3.4:5900 \
+-s 1,lpc bhyve
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.xml
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.xml
new file mode 100644
index 0000000000..4ab17aef81
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-listen.xml
@@ -0,0 +1,22 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>destroy</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <graphics type='vnc' port='5900' autoport='no'
listen='1.2.3.4'>
+ <listen type='address' address='1.2.3.4'/>
+ </graphics>
+ <video>
+ <model type='default' heads='1'/>
+ </video>
+ </devices>
+</domain>
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.args
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.args
new file mode 100644
index 0000000000..f4c0067b79
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.args
@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 2:0,fbuf,tcp=:5900,vga=io \
+-s 1,lpc bhyve
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.xml
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.xml
new file mode 100644
index 0000000000..1e2f3d6938
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-io.xml
@@ -0,0 +1,22 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>destroy</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <graphics type='vnc' port='5900' autoport='no'
listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <model type='default' heads='1'/>
+ </video>
+ </devices>
+</domain>
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.args
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.args
new file mode 100644
index 0000000000..4bd5ed1027
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.args
@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 2:0,fbuf,tcp=:5900,vga=off \
+-s 1,lpc bhyve
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.xml
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.xml
new file mode 100644
index 0000000000..3c9c76e5aa
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-off.xml
@@ -0,0 +1,23 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>destroy</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <graphics type='vnc' port='5900' autoport='no'
listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <driver vgaconf='off'/>
+ <model type='default' heads='1'/>
+ </video>
+ </devices>
+</domain>
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.args
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.args
new file mode 100644
index 0000000000..d17f347a39
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.args
@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 2:0,fbuf,tcp=:5900,vga=on \
+-s 1,lpc bhyve
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.xml
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.xml
new file mode 100644
index 0000000000..b83772c47a
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-vga-on.xml
@@ -0,0 +1,23 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>destroy</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <graphics type='vnc' port='5900' autoport='no'
listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <driver vgaconf='on'/>
+ <model type='default' heads='1'/>
+ </video>
+ </devices>
+</domain>
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc.args
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc.args
new file mode 100644
index 0000000000..fd4178f0a8
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc.args
@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 2:0,fbuf,tcp=:5900 \
+-s 1,lpc bhyve
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc.xml
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc.xml
new file mode 100644
index 0000000000..1e2f3d6938
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc.xml
@@ -0,0 +1,22 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>destroy</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <graphics type='vnc' port='5900' autoport='no'
listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <model type='default' heads='1'/>
+ </video>
+ </devices>
+</domain>
diff --git a/tests/bhyveargv2xmltest.c b/tests/bhyveargv2xmltest.c
index 735cc4b338..88690ba304 100644
--- a/tests/bhyveargv2xmltest.c
+++ b/tests/bhyveargv2xmltest.c
@@ -194,6 +194,11 @@ mymain(void)
DO_TEST_FAIL("bhyveload-memsize-fail");
DO_TEST("bhyveload-bootorder");
DO_TEST_FAIL("extraargs");
+ DO_TEST("vnc");
+ DO_TEST("vnc-listen");
+ DO_TEST("vnc-vga-on");
+ DO_TEST("vnc-vga-off");
+ DO_TEST("vnc-vga-io");
virObjectUnref(driver.caps);
virObjectUnref(driver.xmlopt);
--
2.19.2
8:35 a.m.
New subject: [PATCH 2/4] bhyve: add support for setting fbuf resolution
The resolution of the VNC framebuffer can now be set via the resolution
definition introduced in 5.9.0.
Also, add "gop" to the list of model types the <resolution/>
sub-element is valid for.
Signed-off-by: Fabian Freyer <fabian.freyer(a)physik.tu-berlin.de>
---
docs/formatdomain.html.in | 2 +-
docs/news.xml | 9 ++++++
src/bhyve/bhyve_command.c | 3 ++
src/bhyve/bhyve_parse_command.c | 20 +++++++++++++
.../bhyveargv2xml-vnc-resolution.args | 10 +++++++
.../bhyveargv2xml-vnc-resolution.xml | 24 ++++++++++++++++
tests/bhyveargv2xmltest.c | 1 +
.../bhyvexml2argv-vnc-resolution.args | 10 +++++++
.../bhyvexml2argv-vnc-resolution.ldargs | 1 +
.../bhyvexml2argv-vnc-resolution.xml | 20 +++++++++++++
tests/bhyvexml2argvtest.c | 1 +
.../bhyvexml2xmlout-vnc-resolution.xml | 28 +++++++++++++++++++
tests/bhyvexml2xmltest.c | 1 +
13 files changed, 129 insertions(+), 1 deletion(-)
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.args
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.ldargs
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.xml
create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-resolution.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 23eb029234..06bbbf7fea 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -7543,7 +7543,7 @@ qemu-kvm -net nic,model=? /dev/null
element may also have an optional <code>resolution</code>
sub-element.
The <code>resolution</code> element has attributes
<code>x</code> and
<code>y</code> to set the minimum resolution for the video device.
This
- sub-element is valid for model types "vga", "qxl",
"bochs", and
+ sub-element is valid for model types "vga", "qxl",
"bochs", "gop", and
"virtio".
</p>
</dd>
diff --git a/docs/news.xml b/docs/news.xml
index 4cef804aac..d728dfa93c 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -44,6 +44,15 @@
<libvirt>
<release version="v6.4.0" date="unreleased">
<section title="New features">
+ <change>
+ <summary>
+ bhyve: support setting the framebuffer resolution
+ </summary>
+ <description>
+ libvirt can now set the framebuffer's "w" and "h"
parameters
+ using the <code>resolution</code> element.
+ </description>
+ </change>
</section>
<section title="Improvements">
</section>
diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c
index 5b1d80083a..db35cb9bd8 100644
--- a/src/bhyve/bhyve_command.c
+++ b/src/bhyve/bhyve_command.c
@@ -469,6 +469,9 @@ bhyveBuildGraphicsArgStr(const virDomainDef *def,
goto error;
}
+ if (video->res)
+ virBufferAsprintf(&opt, ",w=%d,h=%d", video->res->x,
video->res->y);
+
if (video->driver)
virBufferAsprintf(&opt, ",vga=%s",
virDomainVideoVGAConfTypeToString(video->driver->vgaconf));
diff --git a/src/bhyve/bhyve_parse_command.c b/src/bhyve/bhyve_parse_command.c
index 39cce67ea9..0414cb1ef1 100644
--- a/src/bhyve/bhyve_parse_command.c
+++ b/src/bhyve/bhyve_parse_command.c
@@ -620,6 +620,26 @@ bhyveParsePCIFbuf(virDomainDefPtr def,
if (virStrToLong_i(param, NULL, 10, &graphics->data.vnc.port))
goto error;
}
+
+ if (STRPREFIX(param, "w=")) {
+ param += strlen("w=");
+
+ if (video->res == NULL)
+ video->res = g_new0(virDomainVideoResolutionDef, 1);
+
+ if (virStrToLong_uip(param, NULL, 10, &video->res->x))
+ goto error;
+ }
+
+ if (STRPREFIX(param, "h=")) {
+ param += strlen("h=");
+
+ if (video->res == NULL)
+ video->res = g_new0(virDomainVideoResolutionDef, 1);
+
+ if (virStrToLong_uip(param, NULL, 10, &video->res->y))
+ goto error;
+ }
}
cleanup:
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.args
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.args
new file mode 100644
index 0000000000..e5e2c0f2e8
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.args
@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 2:0,fbuf,tcp=127.0.0.1:5904,w=1920,h=1080 \
+-s 1,lpc bhyve
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.xml
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.xml
new file mode 100644
index 0000000000..f8fa0ed1ce
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-resolution.xml
@@ -0,0 +1,24 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>destroy</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <graphics type='vnc' port='5904' autoport='no'
listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <model type='default' heads='1'>
+ <resolution x='1920' y='1080'/>
+ </model>
+ </video>
+ </devices>
+</domain>
diff --git a/tests/bhyveargv2xmltest.c b/tests/bhyveargv2xmltest.c
index 88690ba304..09d14e3fd0 100644
--- a/tests/bhyveargv2xmltest.c
+++ b/tests/bhyveargv2xmltest.c
@@ -199,6 +199,7 @@ mymain(void)
DO_TEST("vnc-vga-on");
DO_TEST("vnc-vga-off");
DO_TEST("vnc-vga-io");
+ DO_TEST("vnc-resolution");
virObjectUnref(driver.caps);
virObjectUnref(driver.xmlopt);
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.args
b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.args
new file mode 100644
index 0000000000..e5e2c0f2e8
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.args
@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 2:0,fbuf,tcp=127.0.0.1:5904,w=1920,h=1080 \
+-s 1,lpc bhyve
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.ldargs
b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.ldargs
new file mode 100644
index 0000000000..421376db9e
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.ldargs
@@ -0,0 +1 @@
+dummy
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.xml
b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.xml
new file mode 100644
index 0000000000..637a121fb7
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-resolution.xml
@@ -0,0 +1,20 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+ <memory>219136</memory>
+ <vcpu>1</vcpu>
+ <os>
+ <type>hvm</type>
+ <loader readonly="yes"
type="pflash">/path/to/test.fd</loader>
+ </os>
+ <devices>
+ <video>
+ <model type='gop' heads='1' primary='yes'>
+ <resolution x="1920" y="1080"/>
+ </model>
+ </video>
+ <graphics type='vnc' port='5904'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ </devices>
+</domain>
diff --git a/tests/bhyvexml2argvtest.c b/tests/bhyvexml2argvtest.c
index 9e7eb218b8..b948f740bd 100644
--- a/tests/bhyvexml2argvtest.c
+++ b/tests/bhyvexml2argvtest.c
@@ -206,6 +206,7 @@ mymain(void)
DO_TEST("vnc-vgaconf-off");
DO_TEST("vnc-vgaconf-io");
DO_TEST("vnc-autoport");
+ DO_TEST("vnc-resolution");
DO_TEST("cputopology");
DO_TEST_FAILURE("cputopology-nvcpu-mismatch");
DO_TEST("commandline");
diff --git a/tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-resolution.xml
b/tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-resolution.xml
new file mode 100644
index 0000000000..958da4f82c
--- /dev/null
+++ b/tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-resolution.xml
@@ -0,0 +1,28 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64'>hvm</type>
+ <loader readonly='yes'
type='pflash'>/path/to/test.fd</loader>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <controller type='pci' index='0' model='pci-root'/>
+ <graphics type='vnc' port='5904' autoport='no'
listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <model type='gop' heads='1' primary='yes'>
+ <resolution x='1920' y='1080'/>
+ </model>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x02' function='0x0'/>
+ </video>
+ </devices>
+</domain>
diff --git a/tests/bhyvexml2xmltest.c b/tests/bhyvexml2xmltest.c
index a0c20a14c1..f6e4d44b8a 100644
--- a/tests/bhyvexml2xmltest.c
+++ b/tests/bhyvexml2xmltest.c
@@ -108,6 +108,7 @@ mymain(void)
DO_TEST_DIFFERENT("vnc-vgaconf-off");
DO_TEST_DIFFERENT("vnc-vgaconf-io");
DO_TEST_DIFFERENT("vnc-autoport");
+ DO_TEST_DIFFERENT("vnc-resolution");
DO_TEST_DIFFERENT("commandline");
DO_TEST_DIFFERENT("msrs");
--
2.19.2
8:35 a.m.
New subject: [PATCH 3/4] bhyve: probe for VNC password capability
Introduces the BHYVE_CAP_VNC_PASSWORD capability, which is probed by
parsing the error message from the bhyve command. When it is not
supported, bhyve -s 0,fbuf,password= will return an error message.
Signed-off-by: Fabian Freyer <fabian.freyer(a)physik.tu-berlin.de>
---
src/bhyve/bhyve_capabilities.c | 16 +++++++++++++++-
src/bhyve/bhyve_capabilities.h | 1 +
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/bhyve/bhyve_capabilities.c b/src/bhyve/bhyve_capabilities.c
index fb8829d571..59783f8576 100644
--- a/src/bhyve/bhyve_capabilities.c
+++ b/src/bhyve/bhyve_capabilities.c
@@ -3,7 +3,7 @@
*
* Copyright (C) 2014 Roman Bogorodskiy
* Copyright (C) 2014 Semihalf
- * Copyright (C) 2016 Fabian Freyer
+ * Copyright (C) 2020 Fabian Freyer
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -323,6 +323,17 @@ bhyveProbeCapsXHCIController(unsigned int *caps, char *binary)
}
+static int
+bhyveProbeCapsVNCPassword(unsigned int *caps, char *binary)
+{
+ return bhyveProbeCapsDeviceHelper(caps, binary,
+ "-s",
+ "0,fbuf,password=",
+ "Invalid fbuf emulation
\"password\"",
+ BHYVE_CAP_VNC_PASSWORD);
+}
+
+
int
virBhyveProbeCaps(unsigned int *caps)
{
@@ -351,6 +362,9 @@ virBhyveProbeCaps(unsigned int *caps)
if ((ret = bhyveProbeCapsXHCIController(caps, binary)))
goto out;
+ if ((ret = bhyveProbeCapsVNCPassword(caps, binary)))
+ goto out;
+
out:
VIR_FREE(binary);
return ret;
diff --git a/src/bhyve/bhyve_capabilities.h b/src/bhyve/bhyve_capabilities.h
index 12926cf423..89f4b0308e 100644
--- a/src/bhyve/bhyve_capabilities.h
+++ b/src/bhyve/bhyve_capabilities.h
@@ -49,6 +49,7 @@ typedef enum {
BHYVE_CAP_FBUF = 1 << 4,
BHYVE_CAP_XHCI = 1 << 5,
BHYVE_CAP_CPUTOPOLOGY = 1 << 6,
+ BHYVE_CAP_VNC_PASSWORD = 1 << 7,
} virBhyveCapsFlags;
int virBhyveProbeGrubCaps(virBhyveGrubCapsFlags *caps);
--
2.19.2
8:35 a.m.
New subject: [PATCH 4/4] bhyve: add VNC password support
Support setting a password for the VNC framebuffer using the passwd
attribute on the <graphics/> element, if the driver has the
BHYVE_CAP_VNC_PASSWORD capability.
Note that virsh domxml-from-native does not output the password in the
generated XML, as VIR_DOMAIN_DEF_FORMAT_SECURE is not set when
formatting the domain definition.
Signed-off-by: Fabian Freyer <fabian.freyer(a)physik.tu-berlin.de>
---
docs/news.xml | 11 +++++
src/bhyve/bhyve_command.c | 33 ++++++++++-----
src/bhyve/bhyve_parse_command.c | 5 +++
.../bhyveargv2xml-vnc-password.args | 10 +++++
.../bhyveargv2xml-vnc-password.xml | 22 ++++++++++
tests/bhyveargv2xmltest.c | 3 +-
.../bhyvexml2argv-vnc-password-comma.xml | 26 ++++++++++++
.../bhyvexml2argv-vnc-password.args | 12 ++++++
.../bhyvexml2argv-vnc-password.ldargs | 1 +
.../bhyvexml2argv-vnc-password.xml | 26 ++++++++++++
tests/bhyvexml2argvtest.c | 7 +++-
.../bhyvexml2xmlout-vnc-password.xml | 41 +++++++++++++++++++
tests/bhyvexml2xmltest.c | 1 +
13 files changed, 185 insertions(+), 13 deletions(-)
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.ldargs
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml
create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml
diff --git a/docs/news.xml b/docs/news.xml
index d728dfa93c..bd951c2e04 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -44,6 +44,17 @@
<libvirt>
<release version="v6.4.0" date="unreleased">
<section title="New features">
+ <change>
+ <summary>
+ bhyve: support VNC password authentication
+ </summary>
+ <description>
+ libvirt can now probe whether the bhyve binary supports
+ VNC password authentication. In case it does, a VNC password
+ can now be passed using the <code>passwd</code> attribute on
+ the <code>graphics</code> element.
+ </description>
+ </change>
<change>
<summary>
bhyve: support setting the framebuffer resolution
diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c
index db35cb9bd8..369278214c 100644
--- a/src/bhyve/bhyve_command.c
+++ b/src/bhyve/bhyve_command.c
@@ -425,17 +425,6 @@ bhyveBuildGraphicsArgStr(const virDomainDef *def,
goto error;
}
- if (graphics->data.vnc.auth.passwd) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("vnc password auth not supported"));
- goto error;
- } else {
- /* Bhyve doesn't support VNC Auth yet, so print a warning about
- * unauthenticated VNC sessions */
- VIR_WARN("%s", _("Security warning: currently VNC auth is
not"
- " supported."));
- }
-
if (glisten->address) {
escapeAddr = strchr(glisten->address, ':') != NULL;
if (escapeAddr)
@@ -469,6 +458,28 @@ bhyveBuildGraphicsArgStr(const virDomainDef *def,
goto error;
}
+ if (graphics->data.vnc.auth.passwd) {
+ if (!(bhyveDriverGetBhyveCaps(driver) & BHYVE_CAP_VNC_PASSWORD)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("VNC Passwort authentication not supported "
+ "by bhyve"));
+ goto error;
+ }
+
+ if (strchr(graphics->data.vnc.auth.passwd, ',')) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Password may not contain ','
character"));
+ goto error;
+ }
+
+ virBufferAsprintf(&opt, ",password=%s",
graphics->data.vnc.auth.passwd);
+ } else {
+ if (!(bhyveDriverGetBhyveCaps(driver) & BHYVE_CAP_VNC_PASSWORD))
+ VIR_WARN("%s", _("Security warning: VNC auth is not
supported."));
+ else
+ VIR_WARN("%s", _("Security warning: VNC is used without
authentication."));
+ }
+
if (video->res)
virBufferAsprintf(&opt, ",w=%d,h=%d", video->res->x,
video->res->y);
diff --git a/src/bhyve/bhyve_parse_command.c b/src/bhyve/bhyve_parse_command.c
index 0414cb1ef1..af990f8e51 100644
--- a/src/bhyve/bhyve_parse_command.c
+++ b/src/bhyve/bhyve_parse_command.c
@@ -640,6 +640,11 @@ bhyveParsePCIFbuf(virDomainDefPtr def,
if (virStrToLong_uip(param, NULL, 10, &video->res->y))
goto error;
}
+
+ if (STRPREFIX(param, "password=")) {
+ param += strlen("password=");
+ graphics->data.vnc.auth.passwd = g_strdup(param);
+ }
}
cleanup:
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
new file mode 100644
index 0000000000..c16e970795
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 4:0,fbuf,tcp=127.0.0.1:5904,password=s3cr3t \
+-s 1,lpc bhyve
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml
new file mode 100644
index 0000000000..456a1ee9e3
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml
@@ -0,0 +1,22 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>destroy</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <graphics type='vnc' port='5904' autoport='no'
listen='127.0.0.1' passwd='s3cr3t'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <model type='default' heads='1'/>
+ </video>
+ </devices>
+</domain>
diff --git a/tests/bhyveargv2xmltest.c b/tests/bhyveargv2xmltest.c
index 09d14e3fd0..5ec8c7f22a 100644
--- a/tests/bhyveargv2xmltest.c
+++ b/tests/bhyveargv2xmltest.c
@@ -77,7 +77,7 @@ testCompareXMLToArgvFiles(const char *xmlfile,
goto fail;
}
- if (vmdef && !(actualxml = virDomainDefFormat(vmdef, driver.xmlopt, 0)))
+ if (vmdef && !(actualxml = virDomainDefFormat(vmdef, driver.xmlopt,
VIR_DOMAIN_DEF_FORMAT_SECURE)))
goto fail;
if (vmdef && virTestCompareToFile(actualxml, xmlfile) < 0)
@@ -200,6 +200,7 @@ mymain(void)
DO_TEST("vnc-vga-off");
DO_TEST("vnc-vga-io");
DO_TEST("vnc-resolution");
+ DO_TEST("vnc-password");
virObjectUnref(driver.caps);
virObjectUnref(driver.xmlopt);
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml
b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml
new file mode 100644
index 0000000000..76dd36f72a
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml
@@ -0,0 +1,26 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+ <memory>219136</memory>
+ <vcpu>1</vcpu>
+ <os>
+ <type>hvm</type>
+ <loader readonly="yes"
type="pflash">/path/to/test.fd</loader>
+ </os>
+ <devices>
+ <disk type='file'>
+ <driver name='file' type='raw'/>
+ <source file='/tmp/freebsd.img'/>
+ <target dev='hda' bus='sata'/>
+ <address type='drive' controller='0' bus='0'
target='2' unit='0'/>
+ </disk>
+ <interface type='bridge'>
+ <model type='virtio'/>
+ <source bridge="virbr0"/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
+ </interface>
+ <graphics type='vnc' port='5904' passwd="in,valid">
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ </devices>
+</domain>
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args
b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args
new file mode 100644
index 0000000000..41b679b51f
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args
@@ -0,0 +1,12 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 2:0,ahci,hd:/tmp/freebsd.img \
+-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
+-s 4:0,fbuf,tcp=127.0.0.1:5904,password=s3cr3t \
+-s 1,lpc bhyve
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.ldargs
b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.ldargs
new file mode 100644
index 0000000000..421376db9e
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.ldargs
@@ -0,0 +1 @@
+dummy
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml
b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml
new file mode 100644
index 0000000000..97925a74fc
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml
@@ -0,0 +1,26 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+ <memory>219136</memory>
+ <vcpu>1</vcpu>
+ <os>
+ <type>hvm</type>
+ <loader readonly="yes"
type="pflash">/path/to/test.fd</loader>
+ </os>
+ <devices>
+ <disk type='file'>
+ <driver name='file' type='raw'/>
+ <source file='/tmp/freebsd.img'/>
+ <target dev='hda' bus='sata'/>
+ <address type='drive' controller='0' bus='0'
target='2' unit='0'/>
+ </disk>
+ <interface type='bridge'>
+ <model type='virtio'/>
+ <source bridge="virbr0"/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
+ </interface>
+ <graphics type='vnc' port='5904' passwd="s3cr3t">
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ </devices>
+</domain>
diff --git a/tests/bhyvexml2argvtest.c b/tests/bhyvexml2argvtest.c
index b948f740bd..914aa0e54f 100644
--- a/tests/bhyvexml2argvtest.c
+++ b/tests/bhyvexml2argvtest.c
@@ -175,7 +175,7 @@ mymain(void)
driver.bhyvecaps = BHYVE_CAP_RTC_UTC | BHYVE_CAP_AHCI32SLOT | \
BHYVE_CAP_NET_E1000 | BHYVE_CAP_LPC_BOOTROM | \
BHYVE_CAP_FBUF | BHYVE_CAP_XHCI | \
- BHYVE_CAP_CPUTOPOLOGY;
+ BHYVE_CAP_CPUTOPOLOGY | BHYVE_CAP_VNC_PASSWORD;
DO_TEST("base");
DO_TEST("wired");
@@ -207,6 +207,8 @@ mymain(void)
DO_TEST("vnc-vgaconf-io");
DO_TEST("vnc-autoport");
DO_TEST("vnc-resolution");
+ DO_TEST("vnc-password");
+ DO_TEST_FAILURE("vnc-password-comma");
DO_TEST("cputopology");
DO_TEST_FAILURE("cputopology-nvcpu-mismatch");
DO_TEST("commandline");
@@ -250,6 +252,9 @@ mymain(void)
driver.bhyvecaps &= ~BHYVE_CAP_CPUTOPOLOGY;
DO_TEST_FAILURE("cputopology");
+ driver.bhyvecaps &= ~BHYVE_CAP_VNC_PASSWORD;
+ DO_TEST_FAILURE("vnc-password");
+
virObjectUnref(driver.caps);
virObjectUnref(driver.xmlopt);
virPortAllocatorRangeFree(driver.remotePorts);
diff --git a/tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml
b/tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml
new file mode 100644
index 0000000000..4bacc94e94
--- /dev/null
+++ b/tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml
@@ -0,0 +1,41 @@
+<domain type='bhyve'>
+ <name>bhyve</name>
+ <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64'>hvm</type>
+ <loader readonly='yes'
type='pflash'>/path/to/test.fd</loader>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <disk type='file' device='disk'>
+ <driver name='file' type='raw'/>
+ <source file='/tmp/freebsd.img'/>
+ <target dev='hda' bus='sata'/>
+ <address type='drive' controller='0' bus='0'
target='2' unit='0'/>
+ </disk>
+ <controller type='pci' index='0' model='pci-root'/>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x02' function='0x0'/>
+ </controller>
+ <interface type='bridge'>
+ <mac address='52:54:00:00:00:00'/>
+ <source bridge='virbr0'/>
+ <model type='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
+ </interface>
+ <graphics type='vnc' port='5904' autoport='no'
listen='127.0.0.1' passwd='s3cr3t'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <model type='gop' heads='1' primary='yes'/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x04' function='0x0'/>
+ </video>
+ </devices>
+</domain>
diff --git a/tests/bhyvexml2xmltest.c b/tests/bhyvexml2xmltest.c
index f6e4d44b8a..4514fccf20 100644
--- a/tests/bhyvexml2xmltest.c
+++ b/tests/bhyvexml2xmltest.c
@@ -109,6 +109,7 @@ mymain(void)
DO_TEST_DIFFERENT("vnc-vgaconf-io");
DO_TEST_DIFFERENT("vnc-autoport");
DO_TEST_DIFFERENT("vnc-resolution");
+ DO_TEST_DIFFERENT("vnc-password");
DO_TEST_DIFFERENT("commandline");
DO_TEST_DIFFERENT("msrs");
--
2.19.2
8:41 a.m.
New subject: [PATCH 4/4] bhyve: add VNC password support
On Wed, May 06, 2020 at 01:35:55PM +0000, Fabian Freyer wrote:
Support setting a password for the VNC framebuffer using the passwd
attribute on the <graphics/> element, if the driver has the
BHYVE_CAP_VNC_PASSWORD capability.
Note that virsh domxml-from-native does not output the password in the
generated XML, as VIR_DOMAIN_DEF_FORMAT_SECURE is not set when
formatting the domain definition.
Signed-off-by: Fabian Freyer <fabian.freyer(a)physik.tu-berlin.de>
---
docs/news.xml | 11 +++++
src/bhyve/bhyve_command.c | 33 ++++++++++-----
src/bhyve/bhyve_parse_command.c | 5 +++
.../bhyveargv2xml-vnc-password.args | 10 +++++
.../bhyveargv2xml-vnc-password.xml | 22 ++++++++++
tests/bhyveargv2xmltest.c | 3 +-
.../bhyvexml2argv-vnc-password-comma.xml | 26 ++++++++++++
.../bhyvexml2argv-vnc-password.args | 12 ++++++
.../bhyvexml2argv-vnc-password.ldargs | 1 +
.../bhyvexml2argv-vnc-password.xml | 26 ++++++++++++
tests/bhyvexml2argvtest.c | 7 +++-
.../bhyvexml2xmlout-vnc-password.xml | 41 +++++++++++++++++++
tests/bhyvexml2xmltest.c | 1 +
13 files changed, 185 insertions(+), 13 deletions(-)
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password-comma.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.args
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.ldargs
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc-password.xml
create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-vnc-password.xml
diff --git a/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
new file mode 100644
index 0000000000..c16e970795
--- /dev/null
+++ b/tests/bhyveargv2xmldata/bhyveargv2xml-vnc-password.args
@@ -0,0 +1,10 @@
+/usr/sbin/bhyve \
+-c 1 \
+-m 214 \
+-u \
+-H \
+-P \
+-s 0:0,hostbridge \
+-l bootrom,/path/to/test.fd \
+-s 4:0,fbuf,tcp=127.0.0.1:5904,password=s3cr3t \
On Linux at least, providing passwords on the command line is considered
a security flaw, because any user can see the command line args of any
other process on the host.
If CLI args of processes are similarly visible to other users on FreeBSD,
then this VNC password would be a security flaw.
Of course VNC password auth scheme itself is a security flaw since it is
using Single-DES :-)
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
9:02 a.m.
New subject: [PATCH 4/4] bhyve: add VNC password support
On 6 May 2020, at 15:41, Daniel P. Berrangé wrote:
On Linux at least, providing passwords on the command line is
considered
a security flaw, because any user can see the command line args of any
other process on the host.
Agreed. The only reason bhyve supports this is to support VNC clients
that don’t support password-less authentication. Since it doesn’t
have any configuration file, and stdin may be used by the client, I’m
unsure what the alternative would be.
If CLI args of processes are similarly visible to other users on
FreeBSD,
then this VNC password would be a security flaw.
They are by default, however
FreeBSD does have a sysctl that disallows
seeing other user’s processes. Since a few versions, users can easily
configure this sysctl in the FreeBSD installer.
Of course VNC password auth scheme itself is a security flaw since it
is
using Single-DES :-)
The bhyve(8) man page states that too:
This type of authentication is known to be cryptographically weak and
is
not intended for use on untrusted networks. Many implementations will
want
to use stronger security, such as running the session over an
encrypted
channel provided by IPsec or SSH.
(On a side note, it seems that Single-DES got even more broken recently:
https://eprint.iacr.org/2020/523)
I guess this is something that should probably also be added to that man
page.
Should we add a comment about this as well as the password being visible
to the docs on libvirt’s side?
1661
days inactive
1661
days old
6 comments
2 participants
participants (2)
-
Daniel P. Berrangé -
Fabian Freyer