2003-03-07 02:23:54 +03:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
2003-03-23 23:17:16 +03:00
|
|
|
# qemu configure script (c) 2003 Fabrice Bellard
|
2003-03-07 02:23:54 +03:00
|
|
|
#
|
|
|
|
# set temporary file name
|
|
|
|
if test ! -z "$TMPDIR" ; then
|
|
|
|
TMPDIR1="${TMPDIR}"
|
|
|
|
elif test ! -z "$TEMPDIR" ; then
|
|
|
|
TMPDIR1="${TEMPDIR}"
|
|
|
|
else
|
|
|
|
TMPDIR1="/tmp"
|
|
|
|
fi
|
|
|
|
|
2003-03-23 23:17:16 +03:00
|
|
|
TMPC="${TMPDIR1}/qemu-conf-${RANDOM}-$$-${RANDOM}.c"
|
|
|
|
TMPO="${TMPDIR1}/qemu-conf-${RANDOM}-$$-${RANDOM}.o"
|
|
|
|
TMPE="${TMPDIR1}/qemu-conf-${RANDOM}-$$-${RANDOM}"
|
2003-03-07 02:23:54 +03:00
|
|
|
|
2009-08-03 16:46:04 +04:00
|
|
|
trap "rm -f $TMPC $TMPO $TMPE ; exit" 0 2 3 15
|
2008-11-29 23:09:56 +03:00
|
|
|
|
2009-08-03 16:46:03 +04:00
|
|
|
compile_object() {
|
2009-08-03 16:46:21 +04:00
|
|
|
$cc $QEMU_CFLAGS -c -o $TMPO $TMPC > /dev/null 2> /dev/null
|
2009-08-03 16:46:03 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
compile_prog() {
|
|
|
|
local_cflags="$1"
|
|
|
|
local_ldflags="$2"
|
2009-08-03 16:46:21 +04:00
|
|
|
$cc $QEMU_CFLAGS $local_cflags -o $TMPE $TMPC $LDFLAGS $local_ldflags > /dev/null 2> /dev/null
|
2009-08-03 16:46:03 +04:00
|
|
|
}
|
|
|
|
|
2003-03-07 02:23:54 +03:00
|
|
|
# default parameters
|
2009-08-03 16:45:55 +04:00
|
|
|
cpu=""
|
2004-04-03 00:55:59 +04:00
|
|
|
prefix=""
|
2003-10-01 00:54:24 +04:00
|
|
|
interp_prefix="/usr/gnemul/qemu-%M"
|
2003-06-09 23:53:12 +04:00
|
|
|
static="no"
|
2009-08-03 16:46:11 +04:00
|
|
|
sparc_cpu=""
|
2003-03-07 02:23:54 +03:00
|
|
|
cross_prefix=""
|
|
|
|
cc="gcc"
|
2008-06-26 01:04:05 +04:00
|
|
|
audio_drv_list=""
|
2009-01-09 13:46:34 +03:00
|
|
|
audio_card_list="ac97 es1370 sb16"
|
|
|
|
audio_possible_cards="ac97 es1370 sb16 cs4231a adlib gus"
|
2003-03-07 02:23:54 +03:00
|
|
|
host_cc="gcc"
|
|
|
|
ar="ar"
|
|
|
|
make="make"
|
2006-04-17 17:57:12 +04:00
|
|
|
install="install"
|
2009-07-11 17:48:29 +04:00
|
|
|
objcopy="objcopy"
|
|
|
|
ld="ld"
|
2009-08-03 16:46:24 +04:00
|
|
|
helper_cflags=""
|
2009-08-03 16:46:26 +04:00
|
|
|
libs_softmmu=""
|
2008-12-29 20:14:15 +03:00
|
|
|
|
|
|
|
# parse CC options first
|
|
|
|
for opt do
|
|
|
|
optarg=`expr "x$opt" : 'x[^=]*=\(.*\)'`
|
|
|
|
case "$opt" in
|
|
|
|
--cross-prefix=*) cross_prefix="$optarg"
|
|
|
|
;;
|
|
|
|
--cc=*) cc="$optarg"
|
|
|
|
;;
|
2009-08-03 16:45:55 +04:00
|
|
|
--cpu=*) cpu="$optarg"
|
|
|
|
;;
|
2009-08-03 16:46:21 +04:00
|
|
|
--extra-cflags=*) QEMU_CFLAGS="$optarg $QEMU_CFLAGS"
|
2009-08-03 16:46:02 +04:00
|
|
|
;;
|
|
|
|
--extra-ldflags=*) LDFLAGS="$optarg $LDFLAGS"
|
|
|
|
;;
|
2009-08-03 16:46:10 +04:00
|
|
|
--sparc_cpu=*)
|
|
|
|
sparc_cpu="$optarg"
|
|
|
|
case $sparc_cpu in
|
2009-08-03 16:46:11 +04:00
|
|
|
v7|v8|v8plus|v8plusa)
|
2009-08-03 16:46:10 +04:00
|
|
|
cpu="sparc"
|
|
|
|
;;
|
|
|
|
v9)
|
|
|
|
cpu="sparc64"
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo "undefined SPARC architecture. Exiting";
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
;;
|
2008-12-29 20:14:15 +03:00
|
|
|
esac
|
|
|
|
done
|
|
|
|
# OS specific
|
|
|
|
# Using uname is really, really broken. Once we have the right set of checks
|
|
|
|
# we can eliminate it's usage altogether
|
|
|
|
|
|
|
|
cc="${cross_prefix}${cc}"
|
|
|
|
ar="${cross_prefix}${ar}"
|
2009-07-11 17:48:29 +04:00
|
|
|
objcopy="${cross_prefix}${objcopy}"
|
|
|
|
ld="${cross_prefix}${ld}"
|
2008-12-29 20:14:15 +03:00
|
|
|
|
|
|
|
# check that the C compiler works.
|
|
|
|
cat > $TMPC <<EOF
|
|
|
|
int main(void) {}
|
|
|
|
EOF
|
|
|
|
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_object ; then
|
2008-12-29 20:14:15 +03:00
|
|
|
: C compiler works ok
|
|
|
|
else
|
|
|
|
echo "ERROR: \"$cc\" either does not exist or does not work"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
check_define() {
|
|
|
|
cat > $TMPC <<EOF
|
|
|
|
#if !defined($1)
|
|
|
|
#error Not defined
|
|
|
|
#endif
|
|
|
|
int main(void) { return 0; }
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
compile_object
|
2008-12-29 20:14:15 +03:00
|
|
|
}
|
|
|
|
|
2009-08-03 16:45:55 +04:00
|
|
|
if test ! -z "$cpu" ; then
|
|
|
|
# command line argument
|
|
|
|
:
|
|
|
|
elif check_define __i386__ ; then
|
2008-12-29 20:14:15 +03:00
|
|
|
cpu="i386"
|
|
|
|
elif check_define __x86_64__ ; then
|
|
|
|
cpu="x86_64"
|
2008-12-31 19:55:26 +03:00
|
|
|
elif check_define __sparc__ ; then
|
|
|
|
# We can't check for 64 bit (when gcc is biarch) or V8PLUSA
|
|
|
|
# They must be specified using --sparc_cpu
|
|
|
|
if check_define __arch64__ ; then
|
|
|
|
cpu="sparc64"
|
|
|
|
else
|
|
|
|
cpu="sparc"
|
|
|
|
fi
|
2009-01-14 21:39:52 +03:00
|
|
|
elif check_define _ARCH_PPC ; then
|
|
|
|
if check_define _ARCH_PPC64 ; then
|
|
|
|
cpu="ppc64"
|
|
|
|
else
|
|
|
|
cpu="ppc"
|
|
|
|
fi
|
2008-12-29 20:14:15 +03:00
|
|
|
else
|
2009-01-14 21:39:52 +03:00
|
|
|
cpu=`uname -m`
|
2008-12-29 20:14:15 +03:00
|
|
|
fi
|
|
|
|
|
2005-01-11 02:18:50 +03:00
|
|
|
target_list=""
|
2003-03-07 02:23:54 +03:00
|
|
|
case "$cpu" in
|
2009-08-03 16:46:12 +04:00
|
|
|
alpha|cris|ia64|m68k|microblaze|mips|mips64|ppc|ppc64|sparc64)
|
|
|
|
cpu="$cpu"
|
|
|
|
;;
|
2003-03-07 02:23:54 +03:00
|
|
|
i386|i486|i586|i686|i86pc|BePC)
|
2003-08-11 01:36:04 +04:00
|
|
|
cpu="i386"
|
2003-03-07 02:23:54 +03:00
|
|
|
;;
|
2008-04-12 02:04:22 +04:00
|
|
|
x86_64|amd64)
|
|
|
|
cpu="x86_64"
|
|
|
|
;;
|
2005-03-13 12:49:52 +03:00
|
|
|
armv*b)
|
2004-12-20 02:33:47 +03:00
|
|
|
cpu="armv4b"
|
|
|
|
;;
|
2005-03-13 12:49:52 +03:00
|
|
|
armv*l)
|
2003-03-07 02:23:54 +03:00
|
|
|
cpu="armv4l"
|
|
|
|
;;
|
2008-04-13 00:14:54 +04:00
|
|
|
parisc|parisc64)
|
|
|
|
cpu="hppa"
|
|
|
|
;;
|
2007-08-01 04:09:31 +04:00
|
|
|
s390*)
|
2003-03-29 20:32:36 +03:00
|
|
|
cpu="s390"
|
|
|
|
;;
|
2007-04-16 22:27:06 +04:00
|
|
|
sparc|sun4[cdmuv])
|
2003-05-13 22:59:59 +04:00
|
|
|
cpu="sparc"
|
|
|
|
;;
|
2003-03-07 02:23:54 +03:00
|
|
|
*)
|
|
|
|
cpu="unknown"
|
|
|
|
;;
|
|
|
|
esac
|
2009-07-27 18:13:18 +04:00
|
|
|
brlapi="yes"
|
2003-03-07 02:23:54 +03:00
|
|
|
gprof="no"
|
2009-04-13 22:45:38 +04:00
|
|
|
debug_tcg="no"
|
2009-06-04 14:39:04 +04:00
|
|
|
debug="no"
|
2008-10-07 23:16:17 +04:00
|
|
|
sparse="no"
|
2009-04-05 21:41:02 +04:00
|
|
|
strip_opt="yes"
|
2003-03-07 02:23:54 +03:00
|
|
|
bigendian="no"
|
2004-04-01 03:37:16 +04:00
|
|
|
mingw32="no"
|
|
|
|
EXESUF=""
|
2004-06-04 15:13:20 +04:00
|
|
|
slirp="yes"
|
2008-07-23 22:14:33 +04:00
|
|
|
vde="yes"
|
2004-11-14 22:57:29 +03:00
|
|
|
fmod_lib=""
|
|
|
|
fmod_inc=""
|
2008-08-21 22:00:53 +04:00
|
|
|
oss_lib=""
|
2007-08-25 05:37:51 +04:00
|
|
|
vnc_tls="yes"
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
|
|
|
vnc_sasl="yes"
|
2006-04-16 17:28:56 +04:00
|
|
|
bsd="no"
|
2005-01-11 02:18:50 +03:00
|
|
|
linux="no"
|
2008-11-01 17:50:20 +03:00
|
|
|
solaris="no"
|
2005-02-11 00:55:30 +03:00
|
|
|
kqemu="no"
|
2006-02-09 01:39:17 +03:00
|
|
|
profiler="no"
|
2005-03-02 00:37:28 +03:00
|
|
|
cocoa="no"
|
2006-03-19 17:54:16 +03:00
|
|
|
softmmu="yes"
|
2007-01-18 23:06:33 +03:00
|
|
|
linux_user="no"
|
|
|
|
darwin_user="no"
|
2008-10-26 23:33:16 +03:00
|
|
|
bsd_user="no"
|
2009-07-17 15:48:08 +04:00
|
|
|
guest_base=""
|
2009-05-14 17:25:04 +04:00
|
|
|
build_docs="yes"
|
2006-05-14 15:30:38 +04:00
|
|
|
uname_release=""
|
2008-02-10 19:33:14 +03:00
|
|
|
curses="yes"
|
2009-05-11 19:41:42 +04:00
|
|
|
curl="yes"
|
2009-04-24 22:03:15 +04:00
|
|
|
pthread="yes"
|
2008-08-15 22:20:52 +04:00
|
|
|
aio="yes"
|
2009-04-24 22:03:15 +04:00
|
|
|
io_thread="no"
|
2008-05-29 18:34:11 +04:00
|
|
|
nptl="yes"
|
2008-06-23 22:33:30 +04:00
|
|
|
mixemu="no"
|
2008-09-29 03:49:55 +04:00
|
|
|
bluez="yes"
|
2009-06-14 22:05:02 +04:00
|
|
|
kvm="no"
|
2008-11-05 19:28:56 +03:00
|
|
|
kerneldir=""
|
2008-11-18 04:42:22 +03:00
|
|
|
aix="no"
|
2008-11-27 18:45:16 +03:00
|
|
|
blobs="yes"
|
2008-12-16 13:43:48 +03:00
|
|
|
fdt="yes"
|
2009-05-20 22:01:02 +04:00
|
|
|
sdl="yes"
|
2009-04-22 19:19:10 +04:00
|
|
|
xen="yes"
|
2009-04-08 03:17:49 +04:00
|
|
|
pkgversion=""
|
2003-03-07 02:23:54 +03:00
|
|
|
|
|
|
|
# OS specific
|
2008-12-29 20:14:15 +03:00
|
|
|
if check_define __linux__ ; then
|
|
|
|
targetos="Linux"
|
|
|
|
elif check_define _WIN32 ; then
|
|
|
|
targetos='MINGW32'
|
2009-04-13 21:19:26 +04:00
|
|
|
elif check_define __OpenBSD__ ; then
|
|
|
|
targetos='OpenBSD'
|
|
|
|
elif check_define __sun__ ; then
|
|
|
|
targetos='SunOS'
|
2008-12-29 20:14:15 +03:00
|
|
|
else
|
|
|
|
targetos=`uname -s`
|
|
|
|
fi
|
2009-08-03 16:46:13 +04:00
|
|
|
|
2003-03-07 02:23:54 +03:00
|
|
|
case $targetos in
|
2005-04-23 22:30:28 +04:00
|
|
|
CYGWIN*)
|
2009-08-03 16:46:13 +04:00
|
|
|
mingw32="yes"
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-mno-cygwin $QEMU_CFLAGS"
|
2009-08-03 16:46:13 +04:00
|
|
|
audio_possible_drivers="sdl"
|
2005-04-23 22:30:28 +04:00
|
|
|
;;
|
2004-04-01 03:37:16 +04:00
|
|
|
MINGW32*)
|
2009-08-03 16:46:13 +04:00
|
|
|
mingw32="yes"
|
|
|
|
audio_possible_drivers="dsound sdl fmod"
|
2004-04-01 03:37:16 +04:00
|
|
|
;;
|
2007-06-23 20:03:36 +04:00
|
|
|
GNU/kFreeBSD)
|
2009-08-03 16:46:13 +04:00
|
|
|
audio_drv_list="oss"
|
|
|
|
audio_possible_drivers="oss sdl esd pa"
|
|
|
|
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
|
2007-06-23 20:03:36 +04:00
|
|
|
kqemu="yes"
|
2009-08-03 16:46:13 +04:00
|
|
|
fi
|
2007-06-23 20:03:36 +04:00
|
|
|
;;
|
2004-05-12 23:32:15 +04:00
|
|
|
FreeBSD)
|
2009-08-03 16:46:13 +04:00
|
|
|
bsd="yes"
|
|
|
|
audio_drv_list="oss"
|
|
|
|
audio_possible_drivers="oss sdl esd pa"
|
|
|
|
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
|
2005-04-23 21:44:28 +04:00
|
|
|
kqemu="yes"
|
2009-08-03 16:46:13 +04:00
|
|
|
fi
|
2004-05-12 23:32:15 +04:00
|
|
|
;;
|
2009-03-07 23:06:23 +03:00
|
|
|
DragonFly)
|
2009-08-03 16:46:13 +04:00
|
|
|
bsd="yes"
|
|
|
|
audio_drv_list="oss"
|
|
|
|
audio_possible_drivers="oss sdl esd pa"
|
|
|
|
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
|
2009-03-07 23:06:23 +03:00
|
|
|
kqemu="yes"
|
2009-08-03 16:46:13 +04:00
|
|
|
fi
|
|
|
|
aio="no"
|
2009-03-07 23:06:23 +03:00
|
|
|
;;
|
2004-05-12 23:32:15 +04:00
|
|
|
NetBSD)
|
2009-08-03 16:46:13 +04:00
|
|
|
bsd="yes"
|
|
|
|
audio_drv_list="oss"
|
|
|
|
audio_possible_drivers="oss sdl esd"
|
|
|
|
oss_lib="-lossaudio"
|
2004-05-12 23:32:15 +04:00
|
|
|
;;
|
|
|
|
OpenBSD)
|
2009-08-03 16:46:13 +04:00
|
|
|
bsd="yes"
|
|
|
|
audio_drv_list="oss"
|
|
|
|
audio_possible_drivers="oss sdl esd"
|
|
|
|
oss_lib="-lossaudio"
|
2004-05-12 23:32:15 +04:00
|
|
|
;;
|
2004-07-06 01:25:26 +04:00
|
|
|
Darwin)
|
2009-08-03 16:46:13 +04:00
|
|
|
bsd="yes"
|
|
|
|
darwin="yes"
|
|
|
|
# on Leopard most of the system is 32-bit, so we have to ask the kernel it if we can
|
|
|
|
# run 64-bit userspace code
|
|
|
|
if [ "$cpu" = "i386" ] ; then
|
2009-02-23 17:11:10 +03:00
|
|
|
is_x86_64=`sysctl -n hw.optional.x86_64`
|
|
|
|
[ "$is_x86_64" = "1" ] && cpu=x86_64
|
2009-08-03 16:46:13 +04:00
|
|
|
fi
|
|
|
|
if [ "$cpu" = "x86_64" ] ; then
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
|
2009-08-03 16:46:01 +04:00
|
|
|
LDFLAGS="-arch x86_64 $LDFLAGS"
|
2009-08-03 16:46:13 +04:00
|
|
|
else
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-mdynamic-no-pic $QEMU_CFLAGS"
|
2009-08-03 16:46:13 +04:00
|
|
|
fi
|
|
|
|
darwin_user="yes"
|
|
|
|
cocoa="yes"
|
|
|
|
audio_drv_list="coreaudio"
|
|
|
|
audio_possible_drivers="coreaudio sdl fmod"
|
|
|
|
LDFLAGS="-framework CoreFoundation -framework IOKit $LDFLAGS"
|
2004-07-06 01:25:26 +04:00
|
|
|
;;
|
2006-04-26 02:36:06 +04:00
|
|
|
SunOS)
|
2009-08-03 16:46:13 +04:00
|
|
|
solaris="yes"
|
|
|
|
make="gmake"
|
|
|
|
install="ginstall"
|
|
|
|
needs_libsunmath="no"
|
|
|
|
solarisrev=`uname -r | cut -f2 -d.`
|
|
|
|
# have to select again, because `uname -m` returns i86pc
|
|
|
|
# even on an x86_64 box.
|
|
|
|
solariscpu=`isainfo -k`
|
|
|
|
if test "${solariscpu}" = "amd64" ; then
|
|
|
|
cpu="x86_64"
|
|
|
|
fi
|
|
|
|
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
|
|
|
|
if test "$solarisrev" -le 9 ; then
|
|
|
|
if test -f /opt/SUNWspro/prod/lib/libsunmath.so.1; then
|
|
|
|
needs_libsunmath="yes"
|
|
|
|
else
|
|
|
|
echo "QEMU will not link correctly on Solaris 8/X86 or 9/x86 without"
|
|
|
|
echo "libsunmath from the Sun Studio compilers tools, due to a lack of"
|
|
|
|
echo "C99 math features in libm.so in Solaris 8/x86 and Solaris 9/x86"
|
|
|
|
echo "Studio 11 can be downloaded from www.sun.com."
|
|
|
|
exit 1
|
|
|
|
fi
|
2007-02-11 03:31:33 +03:00
|
|
|
fi
|
2009-08-03 16:46:13 +04:00
|
|
|
if test "$solarisrev" -ge 9 ; then
|
|
|
|
kqemu="yes"
|
2007-05-13 22:02:43 +04:00
|
|
|
fi
|
2009-08-03 16:46:13 +04:00
|
|
|
fi
|
|
|
|
if test -f /usr/include/sys/soundcard.h ; then
|
|
|
|
audio_drv_list="oss"
|
|
|
|
fi
|
|
|
|
audio_possible_drivers="oss sdl"
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-std=gnu99 $QEMU_CFLAGS"
|
2009-08-03 16:46:18 +04:00
|
|
|
LIBS="-lsocket -lnsl -lresolv $LIBS"
|
2007-02-11 03:31:33 +03:00
|
|
|
;;
|
2008-11-18 04:42:22 +03:00
|
|
|
AIX)
|
2009-08-03 16:46:13 +04:00
|
|
|
aix="yes"
|
|
|
|
make="gmake"
|
2008-11-18 04:42:22 +03:00
|
|
|
;;
|
2005-10-30 21:58:22 +03:00
|
|
|
*)
|
2009-08-03 16:46:13 +04:00
|
|
|
audio_drv_list="oss"
|
|
|
|
audio_possible_drivers="oss alsa sdl esd pa"
|
|
|
|
linux="yes"
|
|
|
|
linux_user="yes"
|
|
|
|
usb="linux"
|
|
|
|
kvm="yes"
|
|
|
|
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
|
2005-02-11 00:55:30 +03:00
|
|
|
kqemu="yes"
|
2008-06-28 23:13:06 +04:00
|
|
|
audio_possible_drivers="$audio_possible_drivers fmod"
|
2009-08-03 16:46:13 +04:00
|
|
|
fi
|
2004-11-10 02:09:44 +03:00
|
|
|
;;
|
2003-03-07 02:23:54 +03:00
|
|
|
esac
|
|
|
|
|
2004-05-12 23:32:15 +04:00
|
|
|
if [ "$bsd" = "yes" ] ; then
|
2006-04-16 17:28:56 +04:00
|
|
|
if [ "$darwin" != "yes" ] ; then
|
2004-07-06 01:25:26 +04:00
|
|
|
make="gmake"
|
2008-11-23 00:03:55 +03:00
|
|
|
usb="bsd"
|
2004-07-06 01:25:26 +04:00
|
|
|
fi
|
2008-10-26 23:33:16 +03:00
|
|
|
bsd_user="yes"
|
2004-05-12 23:32:15 +04:00
|
|
|
fi
|
|
|
|
|
2009-08-03 16:46:07 +04:00
|
|
|
if test "$mingw32" = "yes" ; then
|
2009-08-03 16:46:09 +04:00
|
|
|
if [ "$cpu" = "i386" ] ; then
|
|
|
|
kqemu="yes"
|
|
|
|
fi
|
2009-08-03 16:46:07 +04:00
|
|
|
EXESUF=".exe"
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-DWIN32_LEAN_AND_MEAN -DWINVER=0x501 $QEMU_CFLAGS"
|
2009-08-03 16:46:19 +04:00
|
|
|
LIBS="-lwinmm -lws2_32 -liphlpapi $LIBS"
|
2009-08-03 16:46:07 +04:00
|
|
|
fi
|
|
|
|
|
2003-03-07 02:23:54 +03:00
|
|
|
# find source path
|
2006-04-16 16:41:07 +04:00
|
|
|
source_path=`dirname "$0"`
|
2008-02-03 07:22:24 +03:00
|
|
|
source_path_used="no"
|
|
|
|
workdir=`pwd`
|
2006-04-16 16:41:07 +04:00
|
|
|
if [ -z "$source_path" ]; then
|
2008-02-03 07:22:24 +03:00
|
|
|
source_path=$workdir
|
2006-04-16 16:41:07 +04:00
|
|
|
else
|
|
|
|
source_path=`cd "$source_path"; pwd`
|
2003-03-07 02:23:54 +03:00
|
|
|
fi
|
2008-02-03 22:20:13 +03:00
|
|
|
[ -f "$workdir/vl.c" ] || source_path_used="yes"
|
2003-03-07 02:23:54 +03:00
|
|
|
|
2009-06-11 22:28:25 +04:00
|
|
|
werror=""
|
2007-11-11 23:17:03 +03:00
|
|
|
|
2003-03-07 02:23:54 +03:00
|
|
|
for opt do
|
2006-04-30 03:05:22 +04:00
|
|
|
optarg=`expr "x$opt" : 'x[^=]*=\(.*\)'`
|
2003-03-07 02:23:54 +03:00
|
|
|
case "$opt" in
|
2005-12-18 22:14:49 +03:00
|
|
|
--help|-h) show_help=yes
|
|
|
|
;;
|
2006-04-16 17:28:56 +04:00
|
|
|
--prefix=*) prefix="$optarg"
|
2003-03-07 02:23:54 +03:00
|
|
|
;;
|
2006-04-16 17:28:56 +04:00
|
|
|
--interp-prefix=*) interp_prefix="$optarg"
|
2003-04-11 04:16:16 +04:00
|
|
|
;;
|
2006-04-16 17:28:56 +04:00
|
|
|
--source-path=*) source_path="$optarg"
|
2006-04-16 16:41:07 +04:00
|
|
|
source_path_used="yes"
|
2003-03-07 02:23:54 +03:00
|
|
|
;;
|
2008-12-29 20:14:15 +03:00
|
|
|
--cross-prefix=*)
|
2003-03-07 02:23:54 +03:00
|
|
|
;;
|
2008-12-29 20:14:15 +03:00
|
|
|
--cc=*)
|
2003-03-07 02:23:54 +03:00
|
|
|
;;
|
2006-04-16 17:28:56 +04:00
|
|
|
--host-cc=*) host_cc="$optarg"
|
2005-07-23 18:27:54 +04:00
|
|
|
;;
|
2006-04-16 17:28:56 +04:00
|
|
|
--make=*) make="$optarg"
|
2003-03-07 02:23:54 +03:00
|
|
|
;;
|
2006-04-17 17:57:12 +04:00
|
|
|
--install=*) install="$optarg"
|
|
|
|
;;
|
2009-08-03 16:46:02 +04:00
|
|
|
--extra-cflags=*)
|
2003-03-07 02:23:54 +03:00
|
|
|
;;
|
2009-08-03 16:46:02 +04:00
|
|
|
--extra-ldflags=*)
|
2003-03-07 02:23:54 +03:00
|
|
|
;;
|
2009-08-03 16:45:55 +04:00
|
|
|
--cpu=*)
|
2003-03-07 02:23:54 +03:00
|
|
|
;;
|
2006-04-16 17:28:56 +04:00
|
|
|
--target-list=*) target_list="$optarg"
|
2003-06-16 00:25:43 +04:00
|
|
|
;;
|
2003-03-07 02:23:54 +03:00
|
|
|
--enable-gprof) gprof="yes"
|
|
|
|
;;
|
2003-06-09 23:53:12 +04:00
|
|
|
--static) static="yes"
|
|
|
|
;;
|
2003-08-11 01:36:04 +04:00
|
|
|
--disable-sdl) sdl="no"
|
|
|
|
;;
|
2008-06-26 01:04:05 +04:00
|
|
|
--fmod-lib=*) fmod_lib="$optarg"
|
2005-10-30 21:58:22 +03:00
|
|
|
;;
|
2008-06-28 23:13:06 +04:00
|
|
|
--fmod-inc=*) fmod_inc="$optarg"
|
|
|
|
;;
|
2008-08-21 22:00:53 +04:00
|
|
|
--oss-lib=*) oss_lib="$optarg"
|
|
|
|
;;
|
2008-07-29 16:58:44 +04:00
|
|
|
--audio-card-list=*) audio_card_list=`echo "$optarg" | sed -e 's/,/ /g'`
|
2004-11-14 22:57:29 +03:00
|
|
|
;;
|
2008-06-26 01:04:05 +04:00
|
|
|
--audio-drv-list=*) audio_drv_list="$optarg"
|
2004-11-14 22:57:29 +03:00
|
|
|
;;
|
2009-04-13 22:45:38 +04:00
|
|
|
--enable-debug-tcg) debug_tcg="yes"
|
|
|
|
;;
|
|
|
|
--disable-debug-tcg) debug_tcg="no"
|
|
|
|
;;
|
2009-06-04 14:39:04 +04:00
|
|
|
--enable-debug)
|
|
|
|
# Enable debugging options that aren't excessively noisy
|
|
|
|
debug_tcg="yes"
|
|
|
|
debug="yes"
|
|
|
|
strip_opt="no"
|
|
|
|
;;
|
2008-10-07 23:16:17 +04:00
|
|
|
--enable-sparse) sparse="yes"
|
|
|
|
;;
|
|
|
|
--disable-sparse) sparse="no"
|
|
|
|
;;
|
2009-04-05 21:41:02 +04:00
|
|
|
--disable-strip) strip_opt="no"
|
|
|
|
;;
|
2007-08-25 05:37:51 +04:00
|
|
|
--disable-vnc-tls) vnc_tls="no"
|
|
|
|
;;
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
|
|
|
--disable-vnc-sasl) vnc_sasl="no"
|
|
|
|
;;
|
2004-06-04 15:13:20 +04:00
|
|
|
--disable-slirp) slirp="no"
|
2005-10-30 21:58:22 +03:00
|
|
|
;;
|
2008-07-23 22:14:33 +04:00
|
|
|
--disable-vde) vde="no"
|
2008-07-19 13:56:24 +04:00
|
|
|
;;
|
2005-02-11 00:55:30 +03:00
|
|
|
--disable-kqemu) kqemu="no"
|
2005-10-30 21:58:22 +03:00
|
|
|
;;
|
2009-04-22 19:19:10 +04:00
|
|
|
--disable-xen) xen="no"
|
|
|
|
;;
|
2008-04-08 10:01:02 +04:00
|
|
|
--disable-brlapi) brlapi="no"
|
|
|
|
;;
|
2008-09-29 03:49:55 +04:00
|
|
|
--disable-bluez) bluez="no"
|
|
|
|
;;
|
2008-11-05 19:04:33 +03:00
|
|
|
--disable-kvm) kvm="no"
|
|
|
|
;;
|
2006-02-09 01:39:17 +03:00
|
|
|
--enable-profiler) profiler="yes"
|
|
|
|
;;
|
2008-06-28 23:13:06 +04:00
|
|
|
--enable-cocoa)
|
|
|
|
cocoa="yes" ;
|
|
|
|
sdl="no" ;
|
|
|
|
audio_drv_list="coreaudio `echo $audio_drv_list | sed s,coreaudio,,g`"
|
2005-10-30 21:58:22 +03:00
|
|
|
;;
|
2006-03-19 19:31:11 +03:00
|
|
|
--disable-system) softmmu="no"
|
2006-03-19 17:54:16 +03:00
|
|
|
;;
|
2006-03-19 19:31:11 +03:00
|
|
|
--enable-system) softmmu="yes"
|
2006-03-19 17:54:16 +03:00
|
|
|
;;
|
2007-01-18 23:06:33 +03:00
|
|
|
--disable-linux-user) linux_user="no"
|
2006-03-19 17:54:16 +03:00
|
|
|
;;
|
2007-01-18 23:06:33 +03:00
|
|
|
--enable-linux-user) linux_user="yes"
|
|
|
|
;;
|
|
|
|
--disable-darwin-user) darwin_user="no"
|
|
|
|
;;
|
|
|
|
--enable-darwin-user) darwin_user="yes"
|
2006-03-19 17:54:16 +03:00
|
|
|
;;
|
2008-10-26 23:33:16 +03:00
|
|
|
--disable-bsd-user) bsd_user="no"
|
|
|
|
;;
|
|
|
|
--enable-bsd-user) bsd_user="yes"
|
|
|
|
;;
|
2009-07-17 15:48:08 +04:00
|
|
|
--enable-guest-base) guest_base="yes"
|
|
|
|
;;
|
|
|
|
--disable-guest-base) guest_base="no"
|
|
|
|
;;
|
2006-05-14 15:30:38 +04:00
|
|
|
--enable-uname-release=*) uname_release="$optarg"
|
|
|
|
;;
|
2007-04-16 22:27:06 +04:00
|
|
|
--sparc_cpu=*)
|
|
|
|
;;
|
2007-11-11 23:17:03 +03:00
|
|
|
--enable-werror) werror="yes"
|
|
|
|
;;
|
|
|
|
--disable-werror) werror="no"
|
|
|
|
;;
|
2008-02-10 19:33:14 +03:00
|
|
|
--disable-curses) curses="no"
|
|
|
|
;;
|
2009-05-11 19:41:42 +04:00
|
|
|
--disable-curl) curl="no"
|
|
|
|
;;
|
2008-05-29 18:34:11 +04:00
|
|
|
--disable-nptl) nptl="no"
|
|
|
|
;;
|
2008-06-23 22:33:30 +04:00
|
|
|
--enable-mixemu) mixemu="yes"
|
|
|
|
;;
|
2009-04-24 22:03:15 +04:00
|
|
|
--disable-pthread) pthread="no"
|
|
|
|
;;
|
2008-08-15 22:20:52 +04:00
|
|
|
--disable-aio) aio="no"
|
|
|
|
;;
|
2009-04-24 22:03:15 +04:00
|
|
|
--enable-io-thread) io_thread="yes"
|
|
|
|
;;
|
2008-11-27 18:45:16 +03:00
|
|
|
--disable-blobs) blobs="no"
|
|
|
|
;;
|
2008-11-05 19:28:56 +03:00
|
|
|
--kerneldir=*) kerneldir="$optarg"
|
|
|
|
;;
|
2009-04-08 03:17:49 +04:00
|
|
|
--with-pkgversion=*) pkgversion=" ($optarg)"
|
|
|
|
;;
|
2009-05-14 17:25:04 +04:00
|
|
|
--disable-docs) build_docs="no"
|
|
|
|
;;
|
2007-11-17 13:24:32 +03:00
|
|
|
*) echo "ERROR: unknown option $opt"; show_help="yes"
|
|
|
|
;;
|
2003-03-07 02:23:54 +03:00
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
2007-04-16 22:27:06 +04:00
|
|
|
#
|
|
|
|
# If cpu ~= sparc and sparc_cpu hasn't been defined, plug in the right
|
2009-08-03 16:46:21 +04:00
|
|
|
# QEMU_CFLAGS/LDFLAGS (assume sparc_v8plus for 32-bit and sparc_v9 for 64-bit)
|
2007-04-16 22:27:06 +04:00
|
|
|
#
|
2009-07-17 15:48:08 +04:00
|
|
|
host_guest_base="no"
|
2008-01-31 14:32:10 +03:00
|
|
|
case "$cpu" in
|
2009-08-03 16:46:11 +04:00
|
|
|
sparc) case $sparc_cpu in
|
|
|
|
v7|v8)
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-mcpu=${sparc_cpu} -D__sparc_${sparc_cpu}__ $QEMU_CFLAGS"
|
2009-08-03 16:46:11 +04:00
|
|
|
;;
|
|
|
|
v8plus|v8plusa)
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-mcpu=ultrasparc -D__sparc_${sparc_cpu}__ $QEMU_CFLAGS"
|
2009-08-03 16:46:11 +04:00
|
|
|
;;
|
|
|
|
*) # sparc_cpu not defined in the command line
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-mcpu=ultrasparc -D__sparc_v8plus__ $QEMU_CFLAGS"
|
2009-08-03 16:46:11 +04:00
|
|
|
esac
|
|
|
|
LDFLAGS="-m32 $LDFLAGS"
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-m32 -ffixed-g2 -ffixed-g3 $QEMU_CFLAGS"
|
2009-04-04 13:21:28 +04:00
|
|
|
if test "$solaris" = "no" ; then
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-ffixed-g1 -ffixed-g6 $QEMU_CFLAGS"
|
2009-08-03 16:46:24 +04:00
|
|
|
helper_cflags="-ffixed-i0"
|
2009-04-04 13:21:28 +04:00
|
|
|
fi
|
2007-04-16 22:27:06 +04:00
|
|
|
;;
|
2009-08-03 16:46:11 +04:00
|
|
|
sparc64)
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-m64 -mcpu=ultrasparc -D__sparc_v9__ $QEMU_CFLAGS"
|
2009-08-03 16:46:11 +04:00
|
|
|
LDFLAGS="-m64 $LDFLAGS"
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-ffixed-g5 -ffixed-g6 -ffixed-g7 $QEMU_CFLAGS"
|
2009-08-03 16:46:11 +04:00
|
|
|
if test "$solaris" != "no" ; then
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-ffixed-g1 $QEMU_CFLAGS"
|
2009-04-04 13:21:28 +04:00
|
|
|
fi
|
2007-04-16 22:27:06 +04:00
|
|
|
;;
|
2007-11-19 00:22:10 +03:00
|
|
|
s390)
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-march=z900 $QEMU_CFLAGS"
|
2007-11-19 00:22:10 +03:00
|
|
|
;;
|
2008-01-31 14:32:10 +03:00
|
|
|
i386)
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-m32 $QEMU_CFLAGS"
|
2009-08-03 16:46:01 +04:00
|
|
|
LDFLAGS="-m32 $LDFLAGS"
|
2009-08-03 16:46:24 +04:00
|
|
|
helper_cflags="-fomit-frame-pointer"
|
2009-07-17 15:48:08 +04:00
|
|
|
host_guest_base="yes"
|
2008-01-31 14:32:10 +03:00
|
|
|
;;
|
|
|
|
x86_64)
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-m64 $QEMU_CFLAGS"
|
2009-08-03 16:46:01 +04:00
|
|
|
LDFLAGS="-m64 $LDFLAGS"
|
2009-07-17 15:48:08 +04:00
|
|
|
host_guest_base="yes"
|
|
|
|
;;
|
|
|
|
arm*)
|
|
|
|
host_guest_base="yes"
|
2008-01-31 14:32:10 +03:00
|
|
|
;;
|
2009-07-18 10:08:40 +04:00
|
|
|
ppc*)
|
|
|
|
host_guest_base="yes"
|
|
|
|
;;
|
2007-04-16 22:27:06 +04:00
|
|
|
esac
|
|
|
|
|
2009-07-17 15:48:08 +04:00
|
|
|
[ -z "$guest_base" ] && guest_base="$host_guest_base"
|
|
|
|
|
2006-04-08 18:26:41 +04:00
|
|
|
if test x"$show_help" = x"yes" ; then
|
|
|
|
cat << EOF
|
|
|
|
|
|
|
|
Usage: configure [options]
|
|
|
|
Options: [defaults in brackets after descriptions]
|
|
|
|
|
|
|
|
EOF
|
|
|
|
echo "Standard options:"
|
|
|
|
echo " --help print this message"
|
|
|
|
echo " --prefix=PREFIX install in PREFIX [$prefix]"
|
|
|
|
echo " --interp-prefix=PREFIX where to find shared libraries, etc."
|
|
|
|
echo " use %M for cpu name [$interp_prefix]"
|
|
|
|
echo " --target-list=LIST set target list [$target_list]"
|
|
|
|
echo ""
|
|
|
|
echo "kqemu kernel acceleration support:"
|
|
|
|
echo " --disable-kqemu disable kqemu support"
|
|
|
|
echo ""
|
|
|
|
echo "Advanced options (experts only):"
|
|
|
|
echo " --source-path=PATH path of source code [$source_path]"
|
|
|
|
echo " --cross-prefix=PREFIX use PREFIX for compile tools [$cross_prefix]"
|
|
|
|
echo " --cc=CC use C compiler CC [$cc]"
|
|
|
|
echo " --host-cc=CC use C compiler CC [$host_cc] for dyngen etc."
|
2009-08-03 16:46:21 +04:00
|
|
|
echo " --extra-cflags=CFLAGS append extra C compiler flags QEMU_CFLAGS"
|
2009-06-30 23:29:03 +04:00
|
|
|
echo " --extra-ldflags=LDFLAGS append extra linker flags LDFLAGS"
|
2006-04-08 18:26:41 +04:00
|
|
|
echo " --make=MAKE use specified make [$make]"
|
2006-04-17 17:57:12 +04:00
|
|
|
echo " --install=INSTALL use specified install [$install]"
|
2006-04-08 18:26:41 +04:00
|
|
|
echo " --static enable static build [$static]"
|
2009-04-13 22:45:38 +04:00
|
|
|
echo " --enable-debug-tcg enable TCG debugging"
|
|
|
|
echo " --disable-debug-tcg disable TCG debugging (default)"
|
2009-06-06 18:51:30 +04:00
|
|
|
echo " --enable-debug enable common debug build options"
|
2008-10-08 01:22:41 +04:00
|
|
|
echo " --enable-sparse enable sparse checker"
|
|
|
|
echo " --disable-sparse disable sparse checker (default)"
|
2009-04-05 21:41:02 +04:00
|
|
|
echo " --disable-strip disable stripping binaries"
|
2007-11-11 23:17:03 +03:00
|
|
|
echo " --disable-werror disable compilation abort on warning"
|
2007-10-31 04:03:28 +03:00
|
|
|
echo " --disable-sdl disable SDL"
|
2006-04-08 18:26:41 +04:00
|
|
|
echo " --enable-cocoa enable COCOA (Mac OS X only)"
|
2008-06-28 23:13:06 +04:00
|
|
|
echo " --audio-drv-list=LIST set audio drivers list:"
|
|
|
|
echo " Available drivers: $audio_possible_drivers"
|
2009-01-09 13:46:34 +03:00
|
|
|
echo " --audio-card-list=LIST set list of emulated audio cards [$audio_card_list]"
|
|
|
|
echo " Available cards: $audio_possible_cards"
|
2008-06-23 22:33:30 +04:00
|
|
|
echo " --enable-mixemu enable mixer emulation"
|
2009-04-22 19:19:10 +04:00
|
|
|
echo " --disable-xen disable xen backend driver support"
|
2008-04-08 10:01:02 +04:00
|
|
|
echo " --disable-brlapi disable BrlAPI"
|
2007-08-25 05:37:51 +04:00
|
|
|
echo " --disable-vnc-tls disable TLS encryption for VNC server"
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
|
|
|
echo " --disable-vnc-sasl disable SASL encryption for VNC server"
|
2008-03-23 03:47:42 +03:00
|
|
|
echo " --disable-curses disable curses output"
|
2009-05-11 19:41:42 +04:00
|
|
|
echo " --disable-curl disable curl connectivity"
|
2008-09-29 03:49:55 +04:00
|
|
|
echo " --disable-bluez disable bluez stack connectivity"
|
2008-11-05 19:04:33 +03:00
|
|
|
echo " --disable-kvm disable KVM acceleration support"
|
2008-05-29 18:34:11 +04:00
|
|
|
echo " --disable-nptl disable usermode NPTL support"
|
2006-04-08 18:26:41 +04:00
|
|
|
echo " --enable-system enable all system emulation targets"
|
|
|
|
echo " --disable-system disable all system emulation targets"
|
2007-01-18 23:06:33 +03:00
|
|
|
echo " --enable-linux-user enable all linux usermode emulation targets"
|
|
|
|
echo " --disable-linux-user disable all linux usermode emulation targets"
|
|
|
|
echo " --enable-darwin-user enable all darwin usermode emulation targets"
|
|
|
|
echo " --disable-darwin-user disable all darwin usermode emulation targets"
|
2008-10-26 23:33:16 +03:00
|
|
|
echo " --enable-bsd-user enable all BSD usermode emulation targets"
|
|
|
|
echo " --disable-bsd-user disable all BSD usermode emulation targets"
|
2009-07-17 15:48:08 +04:00
|
|
|
echo " --enable-guest-base enable GUEST_BASE support for usermode"
|
|
|
|
echo " emulation targets"
|
|
|
|
echo " --disable-guest-base disable GUEST_BASE support"
|
2006-04-08 18:26:41 +04:00
|
|
|
echo " --fmod-lib path to FMOD library"
|
|
|
|
echo " --fmod-inc path to FMOD includes"
|
2008-08-21 22:00:53 +04:00
|
|
|
echo " --oss-lib path to OSS library"
|
2006-05-14 15:30:38 +04:00
|
|
|
echo " --enable-uname-release=R Return R for uname -r in usermode emulation"
|
2007-04-16 22:27:06 +04:00
|
|
|
echo " --sparc_cpu=V Build qemu for Sparc architecture v7, v8, v8plus, v8plusa, v9"
|
2008-07-23 22:14:33 +04:00
|
|
|
echo " --disable-vde disable support for vde network"
|
2009-04-24 22:03:15 +04:00
|
|
|
echo " --disable-pthread disable pthread support"
|
2008-08-15 22:20:52 +04:00
|
|
|
echo " --disable-aio disable AIO support"
|
2009-04-24 22:03:15 +04:00
|
|
|
echo " --enable-io-thread enable IO thread"
|
2008-11-27 18:45:16 +03:00
|
|
|
echo " --disable-blobs disable installing provided firmware blobs"
|
2008-11-05 19:28:56 +03:00
|
|
|
echo " --kerneldir=PATH look for kernel includes in PATH"
|
2006-04-08 18:26:41 +04:00
|
|
|
echo ""
|
2006-12-23 03:33:26 +03:00
|
|
|
echo "NOTE: The object files are built at the place where configure is launched"
|
2006-04-08 18:26:41 +04:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2008-10-07 23:16:17 +04:00
|
|
|
if test ! -x "$(which cgcc 2>/dev/null)"; then
|
|
|
|
sparse="no"
|
|
|
|
fi
|
|
|
|
|
2006-04-26 02:36:06 +04:00
|
|
|
#
|
|
|
|
# Solaris specific configure tool chain decisions
|
|
|
|
#
|
|
|
|
if test "$solaris" = "yes" ; then
|
|
|
|
solinst=`which $install 2> /dev/null | /usr/bin/grep -v "no $install in"`
|
|
|
|
if test -z "$solinst" ; then
|
|
|
|
echo "Solaris install program not found. Use --install=/usr/ucb/install or"
|
|
|
|
echo "install fileutils from www.blastwave.org using pkg-get -i fileutils"
|
|
|
|
echo "to get ginstall which is used by default (which lives in /opt/csw/bin)"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
if test "$solinst" = "/usr/sbin/install" ; then
|
|
|
|
echo "Error: Solaris /usr/sbin/install is not an appropriate install program."
|
|
|
|
echo "try ginstall from the GNU fileutils available from www.blastwave.org"
|
|
|
|
echo "using pkg-get -i fileutils, or use --install=/usr/ucb/install"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
sol_ar=`which ar 2> /dev/null | /usr/bin/grep -v "no ar in"`
|
|
|
|
if test -z "$sol_ar" ; then
|
|
|
|
echo "Error: No path includes ar"
|
|
|
|
if test -f /usr/ccs/bin/ar ; then
|
|
|
|
echo "Add /usr/ccs/bin to your path and rerun configure"
|
|
|
|
fi
|
|
|
|
exit 1
|
|
|
|
fi
|
2007-09-17 01:08:06 +04:00
|
|
|
fi
|
2006-04-26 02:36:06 +04:00
|
|
|
|
|
|
|
|
2005-01-11 02:18:50 +03:00
|
|
|
if test -z "$target_list" ; then
|
|
|
|
# these targets are portable
|
2006-03-19 17:54:16 +03:00
|
|
|
if [ "$softmmu" = "yes" ] ; then
|
2008-04-21 00:19:44 +04:00
|
|
|
target_list="\
|
|
|
|
i386-softmmu \
|
|
|
|
x86_64-softmmu \
|
|
|
|
arm-softmmu \
|
|
|
|
cris-softmmu \
|
|
|
|
m68k-softmmu \
|
2009-05-20 23:17:31 +04:00
|
|
|
microblaze-softmmu \
|
2008-04-21 00:19:44 +04:00
|
|
|
mips-softmmu \
|
|
|
|
mipsel-softmmu \
|
|
|
|
mips64-softmmu \
|
|
|
|
mips64el-softmmu \
|
|
|
|
ppc-softmmu \
|
|
|
|
ppcemb-softmmu \
|
|
|
|
ppc64-softmmu \
|
|
|
|
sh4-softmmu \
|
|
|
|
sh4eb-softmmu \
|
|
|
|
sparc-softmmu \
|
2009-06-23 22:04:16 +04:00
|
|
|
sparc64-softmmu \
|
2008-04-21 00:19:44 +04:00
|
|
|
"
|
2006-03-19 17:54:16 +03:00
|
|
|
fi
|
2005-01-11 02:18:50 +03:00
|
|
|
# the following are Linux specific
|
2007-01-18 23:06:33 +03:00
|
|
|
if [ "$linux_user" = "yes" ] ; then
|
2008-04-21 00:19:44 +04:00
|
|
|
target_list="${target_list}\
|
|
|
|
i386-linux-user \
|
|
|
|
x86_64-linux-user \
|
|
|
|
alpha-linux-user \
|
|
|
|
arm-linux-user \
|
|
|
|
armeb-linux-user \
|
|
|
|
cris-linux-user \
|
|
|
|
m68k-linux-user \
|
2009-05-20 23:17:31 +04:00
|
|
|
microblaze-linux-user \
|
2008-04-21 00:19:44 +04:00
|
|
|
mips-linux-user \
|
|
|
|
mipsel-linux-user \
|
|
|
|
ppc-linux-user \
|
|
|
|
ppc64-linux-user \
|
|
|
|
ppc64abi32-linux-user \
|
|
|
|
sh4-linux-user \
|
|
|
|
sh4eb-linux-user \
|
|
|
|
sparc-linux-user \
|
|
|
|
sparc64-linux-user \
|
|
|
|
sparc32plus-linux-user \
|
|
|
|
"
|
2007-01-18 23:06:33 +03:00
|
|
|
fi
|
|
|
|
# the following are Darwin specific
|
|
|
|
if [ "$darwin_user" = "yes" ] ; then
|
2009-01-06 21:57:51 +03:00
|
|
|
target_list="$target_list i386-darwin-user ppc-darwin-user "
|
2005-01-11 02:18:50 +03:00
|
|
|
fi
|
2008-10-26 23:33:16 +03:00
|
|
|
# the following are BSD specific
|
|
|
|
if [ "$bsd_user" = "yes" ] ; then
|
|
|
|
target_list="${target_list}\
|
2009-04-11 15:09:31 +04:00
|
|
|
i386-bsd-user \
|
|
|
|
x86_64-bsd-user \
|
|
|
|
sparc-bsd-user \
|
2008-10-26 23:33:16 +03:00
|
|
|
sparc64-bsd-user \
|
|
|
|
"
|
|
|
|
fi
|
2005-06-05 19:56:02 +04:00
|
|
|
else
|
2006-04-16 17:28:56 +04:00
|
|
|
target_list=`echo "$target_list" | sed -e 's/,/ /g'`
|
2005-01-11 02:18:50 +03:00
|
|
|
fi
|
2006-03-19 17:54:16 +03:00
|
|
|
if test -z "$target_list" ; then
|
|
|
|
echo "No targets enabled"
|
|
|
|
exit 1
|
|
|
|
fi
|
2005-01-11 02:18:50 +03:00
|
|
|
|
2003-03-07 02:23:54 +03:00
|
|
|
if test -z "$cross_prefix" ; then
|
|
|
|
|
|
|
|
# ---
|
|
|
|
# big/little endian test
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <inttypes.h>
|
|
|
|
int main(int argc, char ** argv){
|
2005-10-30 21:58:22 +03:00
|
|
|
volatile uint32_t i=0x01234567;
|
|
|
|
return (*((uint8_t*)(&i))) == 0x67;
|
2003-03-07 02:23:54 +03:00
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2003-03-07 02:23:54 +03:00
|
|
|
$TMPE && bigendian="yes"
|
|
|
|
else
|
|
|
|
echo big/little test failed
|
|
|
|
fi
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
# if cross compiling, cannot launch a program, so make a static guess
|
2009-08-03 16:46:12 +04:00
|
|
|
case "$cpu" in
|
|
|
|
armv4b|hppa|m68k|mips|mips64|ppc|ppc64|s390|sparc|sparc64)
|
|
|
|
bigendian=yes
|
|
|
|
;;
|
|
|
|
esac
|
2003-03-07 02:23:54 +03:00
|
|
|
|
|
|
|
fi
|
|
|
|
|
2005-06-05 21:10:39 +04:00
|
|
|
# host long bits test
|
|
|
|
hostlongbits="32"
|
2009-08-03 16:46:12 +04:00
|
|
|
case "$cpu" in
|
|
|
|
x86_64|alpha|ia64|sparc64|ppc64)
|
|
|
|
hostlongbits=64
|
|
|
|
;;
|
|
|
|
esac
|
2005-06-05 21:10:39 +04:00
|
|
|
|
2008-05-29 18:34:11 +04:00
|
|
|
# Check host NPTL support
|
|
|
|
cat > $TMPC <<EOF
|
|
|
|
#include <sched.h>
|
2008-06-02 19:45:44 +04:00
|
|
|
#include <linux/futex.h>
|
2008-05-29 18:34:11 +04:00
|
|
|
void foo()
|
|
|
|
{
|
|
|
|
#if !defined(CLONE_SETTLS) || !defined(FUTEX_WAIT)
|
|
|
|
#error bork
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_object ; then
|
2008-05-29 18:34:11 +04:00
|
|
|
:
|
|
|
|
else
|
|
|
|
nptl="no"
|
|
|
|
fi
|
|
|
|
|
2008-10-11 13:56:04 +04:00
|
|
|
##########################################
|
|
|
|
# zlib check
|
|
|
|
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <zlib.h>
|
|
|
|
int main(void) { zlibVersion(); return 0; }
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "-lz" ; then
|
2008-10-11 13:56:04 +04:00
|
|
|
:
|
|
|
|
else
|
|
|
|
echo
|
|
|
|
echo "Error: zlib check failed"
|
|
|
|
echo "Make sure to have the zlib libs and headers installed."
|
|
|
|
echo
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2009-04-22 19:19:10 +04:00
|
|
|
##########################################
|
|
|
|
# xen probe
|
|
|
|
|
|
|
|
if test "$xen" = "yes" ; then
|
2009-07-27 18:13:16 +04:00
|
|
|
xen_libs="-lxenstore -lxenctrl -lxenguest"
|
|
|
|
cat > $TMPC <<EOF
|
2009-04-22 19:19:10 +04:00
|
|
|
#include <xenctrl.h>
|
|
|
|
#include <xs.h>
|
2009-06-30 16:59:38 +04:00
|
|
|
int main(void) { xs_daemon_open(); xc_interface_open(); return 0; }
|
2009-04-22 19:19:10 +04:00
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "$xen_libs" ; then
|
2009-08-03 16:46:36 +04:00
|
|
|
libs_softmmu="$xen_libs $libs_softmmu"
|
2009-07-27 18:13:16 +04:00
|
|
|
else
|
|
|
|
xen="no"
|
|
|
|
fi
|
2009-04-22 19:19:10 +04:00
|
|
|
fi
|
|
|
|
|
2004-04-03 00:55:59 +04:00
|
|
|
##########################################
|
|
|
|
# SDL probe
|
|
|
|
|
|
|
|
sdl_too_old=no
|
|
|
|
|
2009-05-20 22:01:02 +04:00
|
|
|
if test "$sdl" = "yes" ; then
|
2009-07-27 18:13:15 +04:00
|
|
|
sdl=no
|
|
|
|
cat > $TMPC << EOF
|
2004-04-03 00:55:59 +04:00
|
|
|
#include <SDL.h>
|
|
|
|
#undef main /* We don't want SDL to override our main() */
|
|
|
|
int main( void ) { return SDL_Init (SDL_INIT_VIDEO); }
|
|
|
|
EOF
|
2009-07-27 18:13:15 +04:00
|
|
|
sdl_cflags=`sdl-config --cflags 2> /dev/null`
|
|
|
|
sdl_libs=`sdl-config --libs 2> /dev/null`
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "$sdl_cflags" "$sdl_libs" ; then
|
2009-07-27 18:13:15 +04:00
|
|
|
_sdlversion=`sdl-config --version | sed 's/[^0-9]//g'`
|
|
|
|
if test "$_sdlversion" -lt 121 ; then
|
|
|
|
sdl_too_old=yes
|
|
|
|
else
|
|
|
|
if test "$cocoa" = "no" ; then
|
|
|
|
sdl=yes
|
|
|
|
fi
|
|
|
|
fi
|
2008-08-21 23:25:45 +04:00
|
|
|
|
2009-07-27 18:13:15 +04:00
|
|
|
# static link with sdl ?
|
|
|
|
if test "$sdl" = "yes" -a "$static" = "yes" ; then
|
|
|
|
sdl_libs=`sdl-config --static-libs 2>/dev/null`
|
|
|
|
if test `sdl-config --static-libs 2>/dev/null | grep \\\-laa > /dev/null` ; then
|
|
|
|
sdl_libs="$sdl_libs `aalib-config --static-libs >2 /dev/null`"
|
|
|
|
sdl_cflags="$sd_cflags `aalib-config --cflags >2 /dev/null`"
|
|
|
|
fi
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "$sdl_cflags" "$sdl_libs" ; then
|
2009-07-27 18:13:15 +04:00
|
|
|
:
|
|
|
|
else
|
|
|
|
sdl=no
|
|
|
|
fi
|
|
|
|
fi # static link
|
|
|
|
fi # sdl compile test
|
2009-07-27 18:13:09 +04:00
|
|
|
fi
|
2004-04-03 00:55:59 +04:00
|
|
|
|
2009-03-03 20:37:21 +03:00
|
|
|
if test "$sdl" = "yes" ; then
|
2009-07-27 18:13:15 +04:00
|
|
|
cat > $TMPC <<EOF
|
2009-03-03 20:37:21 +03:00
|
|
|
#include <SDL.h>
|
|
|
|
#if defined(SDL_VIDEO_DRIVER_X11)
|
|
|
|
#include <X11/XKBlib.h>
|
|
|
|
#else
|
|
|
|
#error No x11 support
|
|
|
|
#endif
|
|
|
|
int main(void) { return 0; }
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "$sdl_cflags" "$sdl_libs" ; then
|
2009-07-27 18:13:15 +04:00
|
|
|
sdl_libs="$sdl_libs -lX11"
|
|
|
|
fi
|
2009-08-03 16:46:25 +04:00
|
|
|
if test "$mingw32" = "yes" ; then
|
|
|
|
sdl_libs="`echo $sdl_libs | sed s/-mwindows//g` -mconsole"
|
|
|
|
fi
|
2009-08-03 16:46:27 +04:00
|
|
|
libs_softmmu="$sdl_libs $libs_softmmu"
|
2009-03-03 20:37:21 +03:00
|
|
|
fi
|
|
|
|
|
2007-08-25 05:37:51 +04:00
|
|
|
##########################################
|
|
|
|
# VNC TLS detection
|
|
|
|
if test "$vnc_tls" = "yes" ; then
|
2008-08-06 20:55:50 +04:00
|
|
|
cat > $TMPC <<EOF
|
|
|
|
#include <gnutls/gnutls.h>
|
|
|
|
int main(void) { gnutls_session_t s; gnutls_init(&s, GNUTLS_SERVER); return 0; }
|
|
|
|
EOF
|
|
|
|
vnc_tls_cflags=`pkg-config --cflags gnutls 2> /dev/null`
|
|
|
|
vnc_tls_libs=`pkg-config --libs gnutls 2> /dev/null`
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "$vnc_tls_cflags" "$vnc_tls_libs" ; then
|
2009-08-03 16:46:34 +04:00
|
|
|
libs_softmmu="$vnc_tls_libs $libs_softmmu"
|
2008-08-06 20:55:50 +04:00
|
|
|
else
|
|
|
|
vnc_tls="no"
|
|
|
|
fi
|
2007-08-25 05:37:51 +04:00
|
|
|
fi
|
|
|
|
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
|
|
|
##########################################
|
|
|
|
# VNC SASL detection
|
|
|
|
if test "$vnc_sasl" = "yes" ; then
|
|
|
|
cat > $TMPC <<EOF
|
|
|
|
#include <sasl/sasl.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
int main(void) { sasl_server_init(NULL, "qemu"); return 0; }
|
|
|
|
EOF
|
|
|
|
# Assuming Cyrus-SASL installed in /usr prefix
|
|
|
|
vnc_sasl_cflags=""
|
|
|
|
vnc_sasl_libs="-lsasl2"
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "$vnc_sasl_cflags" "$vnc_sasl_libs" ; then
|
2009-08-03 16:46:35 +04:00
|
|
|
libs_softmmu="$vnc_sasl_libs $libs_softmmu"
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
|
|
|
else
|
|
|
|
vnc_sasl="no"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
Support ACLs for controlling VNC access ("Daniel P. Berrange")
This patch introduces a generic internal API for access control lists
to be used by network servers in QEMU. It adds support for checking
these ACL in the VNC server, in two places. The first ACL is for the
SASL authentication mechanism, checking the SASL username. This ACL
is called 'vnc.username'. The second is for the TLS authentication
mechanism, when x509 client certificates are turned on, checking against
the Distinguished Name of the client. This ACL is called 'vnc.x509dname'
The internal API provides for an ACL with the following characteristics
- A unique name, eg vnc.username, and vnc.x509dname.
- A default policy, allow or deny
- An ordered series of match rules, with allow or deny policy
If none of the match rules apply, then the default policy is
used.
There is a monitor API to manipulate the ACLs, which I'll describe via
examples
(qemu) acl show vnc.username
policy: allow
(qemu) acl policy vnc.username denya
acl: policy set to 'deny'
(qemu) acl allow vnc.username fred
acl: added rule at position 1
(qemu) acl allow vnc.username bob
acl: added rule at position 2
(qemu) acl allow vnc.username joe 1
acl: added rule at position 1
(qemu) acl show vnc.username
policy: deny
0: allow fred
1: allow joe
2: allow bob
(qemu) acl show vnc.x509dname
policy: allow
(qemu) acl policy vnc.x509dname deny
acl: policy set to 'deny'
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
acl: added rule at position 1
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
acl: added rule at position 2
(qemu) acl show vnc.x509dname
policy: deny
0: allow C=GB,O=ACME,L=London,CN=*
1: allow C=GB,O=ACME,L=Boston,CN=bob
By default the VNC server will not use any ACLs, allowing access to
the server if the user successfully authenticates. To enable use of
ACLs to restrict user access, the ',acl' flag should be given when
starting QEMU. The initial ACL activated will be a 'deny all' policy
and should be customized using monitor commands.
eg enable SASL auth and ACLs
qemu .... -vnc localhost:1,sasl,acl
The next patch will provide a way to load a pre-defined ACL when
starting up
Makefile | 6 +
b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
b/acl.h | 74 ++++++++++++++++++++++
configure | 18 +++++
monitor.c | 95 ++++++++++++++++++++++++++++
qemu-doc.texi | 49 ++++++++++++++
vnc-auth-sasl.c | 16 +++-
vnc-auth-sasl.h | 7 ++
vnc-tls.c | 19 +++++
vnc-tls.h | 3
vnc.c | 21 ++++++
vnc.h | 3
12 files changed, 491 insertions(+), 5 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:37 +03:00
|
|
|
##########################################
|
|
|
|
# fnmatch() probe, used for ACL routines
|
|
|
|
fnmatch="no"
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <fnmatch.h>
|
|
|
|
int main(void)
|
|
|
|
{
|
|
|
|
fnmatch("foo", "foo", 0);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
Support ACLs for controlling VNC access ("Daniel P. Berrange")
This patch introduces a generic internal API for access control lists
to be used by network servers in QEMU. It adds support for checking
these ACL in the VNC server, in two places. The first ACL is for the
SASL authentication mechanism, checking the SASL username. This ACL
is called 'vnc.username'. The second is for the TLS authentication
mechanism, when x509 client certificates are turned on, checking against
the Distinguished Name of the client. This ACL is called 'vnc.x509dname'
The internal API provides for an ACL with the following characteristics
- A unique name, eg vnc.username, and vnc.x509dname.
- A default policy, allow or deny
- An ordered series of match rules, with allow or deny policy
If none of the match rules apply, then the default policy is
used.
There is a monitor API to manipulate the ACLs, which I'll describe via
examples
(qemu) acl show vnc.username
policy: allow
(qemu) acl policy vnc.username denya
acl: policy set to 'deny'
(qemu) acl allow vnc.username fred
acl: added rule at position 1
(qemu) acl allow vnc.username bob
acl: added rule at position 2
(qemu) acl allow vnc.username joe 1
acl: added rule at position 1
(qemu) acl show vnc.username
policy: deny
0: allow fred
1: allow joe
2: allow bob
(qemu) acl show vnc.x509dname
policy: allow
(qemu) acl policy vnc.x509dname deny
acl: policy set to 'deny'
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
acl: added rule at position 1
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
acl: added rule at position 2
(qemu) acl show vnc.x509dname
policy: deny
0: allow C=GB,O=ACME,L=London,CN=*
1: allow C=GB,O=ACME,L=Boston,CN=bob
By default the VNC server will not use any ACLs, allowing access to
the server if the user successfully authenticates. To enable use of
ACLs to restrict user access, the ',acl' flag should be given when
starting QEMU. The initial ACL activated will be a 'deny all' policy
and should be customized using monitor commands.
eg enable SASL auth and ACLs
qemu .... -vnc localhost:1,sasl,acl
The next patch will provide a way to load a pre-defined ACL when
starting up
Makefile | 6 +
b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
b/acl.h | 74 ++++++++++++++++++++++
configure | 18 +++++
monitor.c | 95 ++++++++++++++++++++++++++++
qemu-doc.texi | 49 ++++++++++++++
vnc-auth-sasl.c | 16 +++-
vnc-auth-sasl.h | 7 ++
vnc-tls.c | 19 +++++
vnc-tls.h | 3
vnc.c | 21 ++++++
vnc.h | 3
12 files changed, 491 insertions(+), 5 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:37 +03:00
|
|
|
fnmatch="yes"
|
|
|
|
fi
|
|
|
|
|
2008-07-19 13:56:24 +04:00
|
|
|
##########################################
|
|
|
|
# vde libraries probe
|
|
|
|
if test "$vde" = "yes" ; then
|
2009-07-27 18:13:19 +04:00
|
|
|
vde=no
|
|
|
|
vde_libs="-lvdeplug"
|
2008-07-19 13:56:24 +04:00
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <libvdeplug.h>
|
2008-09-07 20:42:53 +04:00
|
|
|
int main(void)
|
|
|
|
{
|
|
|
|
struct vde_open_args a = {0, 0, 0};
|
|
|
|
vde_open("", "", &a);
|
|
|
|
return 0;
|
|
|
|
}
|
2008-07-19 13:56:24 +04:00
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "$vde_libs" ; then
|
2009-07-27 18:13:19 +04:00
|
|
|
vde=yes
|
|
|
|
fi
|
2008-07-19 13:56:24 +04:00
|
|
|
fi
|
|
|
|
|
2007-01-06 00:25:54 +03:00
|
|
|
##########################################
|
2008-06-28 23:13:06 +04:00
|
|
|
# Sound support libraries probe
|
2007-01-06 00:25:54 +03:00
|
|
|
|
2008-06-28 23:13:06 +04:00
|
|
|
audio_drv_probe()
|
|
|
|
{
|
|
|
|
drv=$1
|
|
|
|
hdr=$2
|
|
|
|
lib=$3
|
|
|
|
exp=$4
|
|
|
|
cfl=$5
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <$hdr>
|
|
|
|
int main(void) { $exp }
|
2007-01-06 00:25:54 +03:00
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "$cfl" "$lib" ; then
|
2008-06-28 23:13:06 +04:00
|
|
|
:
|
|
|
|
else
|
|
|
|
echo
|
|
|
|
echo "Error: $drv check failed"
|
|
|
|
echo "Make sure to have the $drv libs and headers installed."
|
|
|
|
echo
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2008-07-29 16:58:44 +04:00
|
|
|
audio_drv_list=`echo "$audio_drv_list" | sed -e 's/,/ /g'`
|
2008-06-28 23:13:06 +04:00
|
|
|
for drv in $audio_drv_list; do
|
|
|
|
case $drv in
|
|
|
|
alsa)
|
|
|
|
audio_drv_probe $drv alsa/asoundlib.h -lasound \
|
|
|
|
"snd_pcm_t **handle; return snd_pcm_close(*handle);"
|
2009-08-03 16:46:30 +04:00
|
|
|
libs_softmmu="-lasound $libs_softmmu"
|
2008-06-28 23:13:06 +04:00
|
|
|
;;
|
|
|
|
|
|
|
|
fmod)
|
|
|
|
if test -z $fmod_lib || test -z $fmod_inc; then
|
|
|
|
echo
|
|
|
|
echo "Error: You must specify path to FMOD library and headers"
|
|
|
|
echo "Example: --fmod-inc=/path/include/fmod --fmod-lib=/path/lib/libfmod-3.74.so"
|
|
|
|
echo
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
audio_drv_probe $drv fmod.h $fmod_lib "return FSOUND_GetVersion();" "-I $fmod_inc"
|
2009-08-03 16:46:30 +04:00
|
|
|
libs_softmmu="$fmod_lib $libs_softmmu"
|
2008-06-28 23:13:06 +04:00
|
|
|
;;
|
|
|
|
|
|
|
|
esd)
|
|
|
|
audio_drv_probe $drv esd.h -lesd 'return esd_play_stream(0, 0, "", 0);'
|
2009-08-03 16:46:30 +04:00
|
|
|
libs_softmmu="-lesd $libs_softmmu"
|
2008-06-28 23:13:06 +04:00
|
|
|
;;
|
2008-07-03 01:03:08 +04:00
|
|
|
|
|
|
|
pa)
|
|
|
|
audio_drv_probe $drv pulse/simple.h -lpulse-simple \
|
|
|
|
"pa_simple *s = NULL; pa_simple_free(s); return 0;"
|
2009-08-03 16:46:30 +04:00
|
|
|
libs_softmmu="-lpulse-simple $libs_softmmu"
|
2008-07-03 01:03:08 +04:00
|
|
|
;;
|
|
|
|
|
2009-08-03 16:46:29 +04:00
|
|
|
coreaudio)
|
|
|
|
libs_softmmu="-framework CoreAudio $libs_softmmu"
|
|
|
|
;;
|
|
|
|
|
2009-08-03 16:46:30 +04:00
|
|
|
dsound)
|
|
|
|
libs_softmmu="-lole32 -ldxguid $libs_softmmu"
|
|
|
|
;;
|
|
|
|
|
|
|
|
oss)
|
|
|
|
libs_softmmu="$oss_lib $libs_softmmu"
|
|
|
|
;;
|
|
|
|
|
|
|
|
sdl|wav)
|
2008-08-21 22:00:53 +04:00
|
|
|
# XXX: Probes for CoreAudio, DirectSound, SDL(?)
|
|
|
|
;;
|
|
|
|
|
2008-07-19 20:15:16 +04:00
|
|
|
*)
|
2008-07-19 20:57:30 +04:00
|
|
|
echo "$audio_possible_drivers" | grep -q "\<$drv\>" || {
|
2008-07-19 20:15:16 +04:00
|
|
|
echo
|
|
|
|
echo "Error: Unknown driver '$drv' selected"
|
|
|
|
echo "Possible drivers are: $audio_possible_drivers"
|
|
|
|
echo
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
;;
|
2008-06-28 23:13:06 +04:00
|
|
|
esac
|
|
|
|
done
|
2007-01-06 00:25:54 +03:00
|
|
|
|
2008-04-08 10:01:02 +04:00
|
|
|
##########################################
|
|
|
|
# BrlAPI probe
|
|
|
|
|
2009-07-27 18:13:18 +04:00
|
|
|
if test "$brlapi" = "yes" ; then
|
|
|
|
brlapi=no
|
|
|
|
brlapi_libs="-lbrlapi"
|
|
|
|
cat > $TMPC << EOF
|
2008-04-08 10:01:02 +04:00
|
|
|
#include <brlapi.h>
|
|
|
|
int main( void ) { return brlapi__openConnection (NULL, NULL, NULL); }
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "$brlapi_libs" ; then
|
2009-07-27 18:13:18 +04:00
|
|
|
brlapi=yes
|
|
|
|
fi
|
|
|
|
fi
|
2008-04-08 10:01:02 +04:00
|
|
|
|
2008-02-10 19:33:14 +03:00
|
|
|
##########################################
|
|
|
|
# curses probe
|
|
|
|
|
|
|
|
if test "$curses" = "yes" ; then
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <curses.h>
|
2009-04-13 20:18:34 +04:00
|
|
|
#ifdef __OpenBSD__
|
|
|
|
#define resize_term resizeterm
|
|
|
|
#endif
|
|
|
|
int main(void) { resize_term(0, 0); return curses_version(); }
|
2008-02-10 19:33:14 +03:00
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "-lncurses" ; then
|
2009-08-03 16:46:33 +04:00
|
|
|
libs_softmmu="-lncurses $libs_softmmu"
|
2009-08-03 16:46:03 +04:00
|
|
|
elif compile_prog "" "-lcurses" ; then
|
2009-08-03 16:46:33 +04:00
|
|
|
libs_softmmu="-lcurses $libs_softmmu"
|
2009-07-27 18:13:17 +04:00
|
|
|
else
|
|
|
|
curses=no
|
2008-02-10 19:33:14 +03:00
|
|
|
fi
|
|
|
|
fi # test "$curses"
|
|
|
|
|
2009-05-11 19:41:42 +04:00
|
|
|
##########################################
|
|
|
|
# curl probe
|
|
|
|
|
|
|
|
if test "$curl" = "yes" ; then
|
|
|
|
curl=no
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <curl/curl.h>
|
|
|
|
int main(void) { return curl_easy_init(); }
|
|
|
|
EOF
|
2009-08-03 16:46:05 +04:00
|
|
|
curl_cflags=`curl-config --cflags 2>/dev/null`
|
2009-05-22 20:22:38 +04:00
|
|
|
curl_libs=`curl-config --libs 2>/dev/null`
|
2009-08-03 16:46:05 +04:00
|
|
|
if compile_prog "$curl_cflags" "$curl_libs" ; then
|
2009-05-11 19:41:42 +04:00
|
|
|
curl=yes
|
|
|
|
fi
|
|
|
|
fi # test "$curl"
|
|
|
|
|
2008-09-29 03:49:55 +04:00
|
|
|
##########################################
|
|
|
|
# bluez support probe
|
|
|
|
if test "$bluez" = "yes" ; then
|
2009-04-28 21:05:24 +04:00
|
|
|
`pkg-config bluez 2> /dev/null` || bluez="no"
|
2008-09-29 03:49:55 +04:00
|
|
|
fi
|
|
|
|
if test "$bluez" = "yes" ; then
|
2008-09-30 06:27:44 +04:00
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <bluetooth/bluetooth.h>
|
|
|
|
int main(void) { return bt_error(0); }
|
|
|
|
EOF
|
2009-04-28 21:05:24 +04:00
|
|
|
bluez_cflags=`pkg-config --cflags bluez 2> /dev/null`
|
|
|
|
bluez_libs=`pkg-config --libs bluez 2> /dev/null`
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "$bluez_cflags" "$bluez_libs" ; then
|
2009-08-03 16:46:37 +04:00
|
|
|
libs_softmmu="$bluez_libs $libs_softmmu"
|
2008-09-30 06:27:44 +04:00
|
|
|
else
|
|
|
|
bluez="no"
|
|
|
|
fi
|
2008-09-29 03:49:55 +04:00
|
|
|
fi
|
|
|
|
|
2008-11-05 19:04:33 +03:00
|
|
|
##########################################
|
|
|
|
# kvm probe
|
|
|
|
if test "$kvm" = "yes" ; then
|
|
|
|
cat > $TMPC <<EOF
|
|
|
|
#include <linux/kvm.h>
|
2009-01-16 00:57:30 +03:00
|
|
|
#if !defined(KVM_API_VERSION) || KVM_API_VERSION < 12 || KVM_API_VERSION > 12
|
2008-11-05 19:04:33 +03:00
|
|
|
#error Invalid KVM version
|
|
|
|
#endif
|
2009-01-16 00:57:30 +03:00
|
|
|
#if !defined(KVM_CAP_USER_MEMORY)
|
|
|
|
#error Missing KVM capability KVM_CAP_USER_MEMORY
|
|
|
|
#endif
|
|
|
|
#if !defined(KVM_CAP_SET_TSS_ADDR)
|
|
|
|
#error Missing KVM capability KVM_CAP_SET_TSS_ADDR
|
|
|
|
#endif
|
|
|
|
#if !defined(KVM_CAP_DESTROY_MEMORY_REGION_WORKS)
|
|
|
|
#error Missing KVM capability KVM_CAP_DESTROY_MEMORY_REGION_WORKS
|
|
|
|
#endif
|
2008-11-05 19:04:33 +03:00
|
|
|
int main(void) { return 0; }
|
|
|
|
EOF
|
2008-11-05 19:28:56 +03:00
|
|
|
if test "$kerneldir" != "" ; then
|
|
|
|
kvm_cflags=-I"$kerneldir"/include
|
2009-01-09 23:05:10 +03:00
|
|
|
if test \( "$cpu" = "i386" -o "$cpu" = "x86_64" \) \
|
|
|
|
-a -d "$kerneldir/arch/x86/include" ; then
|
|
|
|
kvm_cflags="$kvm_cflags -I$kerneldir/arch/x86/include"
|
2009-01-16 00:13:33 +03:00
|
|
|
elif test "$cpu" = "ppc" -a -d "$kerneldir/arch/powerpc/include" ; then
|
|
|
|
kvm_cflags="$kvm_cflags -I$kerneldir/arch/powerpc/include"
|
2009-01-09 23:05:10 +03:00
|
|
|
elif test -d "$kerneldir/arch/$cpu/include" ; then
|
|
|
|
kvm_cflags="$kvm_cflags -I$kerneldir/arch/$cpu/include"
|
|
|
|
fi
|
2008-11-05 19:28:56 +03:00
|
|
|
else
|
|
|
|
kvm_cflags=""
|
|
|
|
fi
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "$kvm_cflags" "" ; then
|
2008-11-05 19:04:33 +03:00
|
|
|
:
|
|
|
|
else
|
2009-01-16 00:57:30 +03:00
|
|
|
kvm="no";
|
|
|
|
if [ -x "`which awk 2>/dev/null`" ] && \
|
|
|
|
[ -x "`which grep 2>/dev/null`" ]; then
|
2009-08-03 16:46:21 +04:00
|
|
|
kvmerr=`LANG=C $cc $QEMU_CFLAGS -o $TMPE $kvm_cflags $TMPC 2>&1 \
|
2009-01-16 00:57:30 +03:00
|
|
|
| grep "error: " \
|
|
|
|
| awk -F "error: " '{if (NR>1) printf(", "); printf("%s",$2);}'`
|
|
|
|
if test "$kvmerr" != "" ; then
|
2009-06-07 13:30:25 +04:00
|
|
|
kvm="no - (${kvmerr})\n\
|
|
|
|
NOTE: To enable KVM support, update your kernel to 2.6.29+ or install \
|
|
|
|
recent kvm-kmod from http://sourceforge.net/projects/kvm."
|
2009-01-16 00:57:30 +03:00
|
|
|
fi
|
|
|
|
fi
|
2008-11-05 19:04:33 +03:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2008-08-15 22:20:52 +04:00
|
|
|
##########################################
|
2009-04-24 22:03:15 +04:00
|
|
|
# pthread probe
|
2009-05-25 00:07:53 +04:00
|
|
|
PTHREADLIBS_LIST="-lpthread -lpthreadGC2"
|
2008-12-12 19:41:40 +03:00
|
|
|
|
2009-04-24 22:03:15 +04:00
|
|
|
if test "$pthread" = yes; then
|
|
|
|
pthread=no
|
|
|
|
cat > $TMPC << EOF
|
2008-12-12 19:41:40 +03:00
|
|
|
#include <pthread.h>
|
2009-05-25 00:07:53 +04:00
|
|
|
int main(void) { pthread_create(0,0,0,0); return 0; }
|
2008-08-15 22:20:52 +04:00
|
|
|
EOF
|
2009-05-25 00:07:53 +04:00
|
|
|
for pthread_lib in $PTHREADLIBS_LIST; do
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "$pthread_lib" ; then
|
2009-05-25 00:07:53 +04:00
|
|
|
pthread=yes
|
2009-08-03 16:46:16 +04:00
|
|
|
LIBS="$pthread_lib $LIBS"
|
2009-05-25 00:07:53 +04:00
|
|
|
break
|
|
|
|
fi
|
|
|
|
done
|
2008-08-15 22:20:52 +04:00
|
|
|
fi
|
|
|
|
|
2009-04-24 22:03:15 +04:00
|
|
|
if test "$pthread" = no; then
|
|
|
|
aio=no
|
|
|
|
io_thread=no
|
|
|
|
fi
|
|
|
|
|
2008-12-05 23:05:26 +03:00
|
|
|
##########################################
|
|
|
|
# iovec probe
|
|
|
|
cat > $TMPC <<EOF
|
2009-01-14 21:03:53 +03:00
|
|
|
#include <sys/types.h>
|
2008-12-05 23:05:26 +03:00
|
|
|
#include <sys/uio.h>
|
2009-01-14 21:03:53 +03:00
|
|
|
#include <unistd.h>
|
2008-12-05 23:05:26 +03:00
|
|
|
int main(void) { struct iovec iov; return 0; }
|
|
|
|
EOF
|
|
|
|
iovec=no
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2008-12-05 23:05:26 +03:00
|
|
|
iovec=yes
|
|
|
|
fi
|
|
|
|
|
2009-04-07 22:43:28 +04:00
|
|
|
##########################################
|
|
|
|
# preadv probe
|
|
|
|
cat > $TMPC <<EOF
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/uio.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
int main(void) { preadv; }
|
|
|
|
EOF
|
|
|
|
preadv=no
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2009-04-07 22:43:28 +04:00
|
|
|
preadv=yes
|
|
|
|
fi
|
|
|
|
|
2008-12-16 13:43:48 +03:00
|
|
|
##########################################
|
|
|
|
# fdt probe
|
|
|
|
if test "$fdt" = "yes" ; then
|
2009-07-27 18:13:20 +04:00
|
|
|
fdt=no
|
|
|
|
fdt_libs="-lfdt"
|
|
|
|
cat > $TMPC << EOF
|
2008-12-16 13:43:48 +03:00
|
|
|
int main(void) { return 0; }
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "$fdt_libs" ; then
|
2008-12-16 13:43:48 +03:00
|
|
|
fdt=yes
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2009-04-15 20:12:13 +04:00
|
|
|
#
|
|
|
|
# Check for xxxat() functions when we are building linux-user
|
|
|
|
# emulator. This is done because older glibc versions don't
|
|
|
|
# have syscall stubs for these implemented.
|
|
|
|
#
|
|
|
|
atfile=no
|
2009-06-29 18:26:11 +04:00
|
|
|
cat > $TMPC << EOF
|
2009-04-15 20:12:13 +04:00
|
|
|
#define _ATFILE_SOURCE
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
int
|
|
|
|
main(void)
|
|
|
|
{
|
|
|
|
/* try to unlink nonexisting file */
|
|
|
|
return (unlinkat(AT_FDCWD, "nonexistent_file", 0));
|
|
|
|
}
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2009-06-29 18:26:11 +04:00
|
|
|
atfile=yes
|
2009-04-15 20:12:13 +04:00
|
|
|
fi
|
|
|
|
|
2009-04-15 23:48:17 +04:00
|
|
|
# Check for inotify functions when we are building linux-user
|
2009-04-15 20:12:13 +04:00
|
|
|
# emulator. This is done because older glibc versions don't
|
|
|
|
# have syscall stubs for these implemented. In that case we
|
|
|
|
# don't provide them even if kernel supports them.
|
|
|
|
#
|
|
|
|
inotify=no
|
2009-06-29 18:26:11 +04:00
|
|
|
cat > $TMPC << EOF
|
2009-04-15 20:12:13 +04:00
|
|
|
#include <sys/inotify.h>
|
|
|
|
|
|
|
|
int
|
|
|
|
main(void)
|
|
|
|
{
|
|
|
|
/* try to start inotify */
|
2009-04-17 17:50:32 +04:00
|
|
|
return inotify_init();
|
2009-04-15 20:12:13 +04:00
|
|
|
}
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2009-06-29 18:26:11 +04:00
|
|
|
inotify=yes
|
2009-04-15 20:12:13 +04:00
|
|
|
fi
|
|
|
|
|
2009-04-21 16:01:51 +04:00
|
|
|
# check if utimensat and futimens are supported
|
|
|
|
utimens=no
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#define _ATFILE_SOURCE
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
|
|
|
|
int main(void)
|
|
|
|
{
|
|
|
|
utimensat(AT_FDCWD, "foo", NULL, 0);
|
|
|
|
futimens(0, NULL);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2009-04-21 16:01:51 +04:00
|
|
|
utimens=yes
|
|
|
|
fi
|
|
|
|
|
2009-05-05 13:10:04 +04:00
|
|
|
# check if pipe2 is there
|
|
|
|
pipe2=no
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
|
|
|
|
int main(void)
|
|
|
|
{
|
|
|
|
int pipefd[2];
|
|
|
|
pipe2(pipefd, O_CLOEXEC);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2009-05-05 13:10:04 +04:00
|
|
|
pipe2=yes
|
|
|
|
fi
|
|
|
|
|
2009-05-16 17:02:41 +04:00
|
|
|
# check if tee/splice is there. vmsplice was added same time.
|
|
|
|
splice=no
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <limits.h>
|
|
|
|
|
|
|
|
int main(void)
|
|
|
|
{
|
|
|
|
int len, fd;
|
|
|
|
len = tee(STDIN_FILENO, STDOUT_FILENO, INT_MAX, SPLICE_F_NONBLOCK);
|
|
|
|
splice(STDIN_FILENO, NULL, fd, NULL, len, SPLICE_F_MOVE);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2009-05-16 17:02:41 +04:00
|
|
|
splice=yes
|
|
|
|
fi
|
|
|
|
|
2006-04-23 21:57:59 +04:00
|
|
|
# Check if tools are available to build documentation.
|
2009-05-14 17:25:04 +04:00
|
|
|
if test "$build_docs" = "yes" -a \( ! -x "`which texi2html 2>/dev/null`" -o ! -x "`which pod2man 2>/dev/null`" \) ; then
|
|
|
|
build_docs="no"
|
2006-04-23 21:57:59 +04:00
|
|
|
fi
|
|
|
|
|
2009-08-03 16:45:58 +04:00
|
|
|
# Search for bsawp_32 function
|
|
|
|
byteswap_h=no
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <byteswap.h>
|
|
|
|
int main(void) { return bswap_32(0); }
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2009-08-03 16:45:58 +04:00
|
|
|
byteswap_h=yes
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Search for bsawp_32 function
|
|
|
|
bswap_h=no
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
#include <sys/endian.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <machine/bswap.h>
|
|
|
|
int main(void) { return bswap32(0); }
|
|
|
|
EOF
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2009-08-03 16:45:58 +04:00
|
|
|
bswap_h=yes
|
|
|
|
fi
|
|
|
|
|
2008-12-12 23:02:52 +03:00
|
|
|
##########################################
|
|
|
|
# Do we need librt
|
|
|
|
cat > $TMPC <<EOF
|
|
|
|
#include <signal.h>
|
|
|
|
#include <time.h>
|
|
|
|
int main(void) { clockid_t id; return clock_gettime(id, NULL); }
|
|
|
|
EOF
|
|
|
|
|
2009-08-03 16:46:03 +04:00
|
|
|
if compile_prog "" "" ; then
|
2009-08-03 16:46:17 +04:00
|
|
|
:
|
2009-08-03 16:46:03 +04:00
|
|
|
elif compile_prog "" "-lrt" ; then
|
2009-08-03 16:46:17 +04:00
|
|
|
LIBS="-lrt $LIBS"
|
2008-12-12 23:02:52 +03:00
|
|
|
fi
|
|
|
|
|
2009-08-03 16:45:56 +04:00
|
|
|
# Determine what linker flags to use to force archive inclusion
|
|
|
|
check_linker_flags()
|
|
|
|
{
|
|
|
|
w2=
|
|
|
|
if test "$2" ; then
|
|
|
|
w2=-Wl,$2
|
|
|
|
fi
|
2009-08-03 16:46:03 +04:00
|
|
|
compile_prog "" "-Wl,$1 ${w2}"
|
2009-08-03 16:45:56 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
cat > $TMPC << EOF
|
|
|
|
int main(void) { }
|
|
|
|
EOF
|
|
|
|
if check_linker_flags --whole-archive --no-whole-archive ; then
|
|
|
|
# GNU ld
|
|
|
|
arlibs_begin="-Wl,--whole-archive"
|
|
|
|
arlibs_end="-Wl,--no-whole-archive"
|
|
|
|
elif check_linker_flags -z,allextract -z,defaultextract ; then
|
|
|
|
# Solaris ld
|
|
|
|
arlibs_begin"=-Wl,-z,allextract"
|
|
|
|
arlibs_end="-Wl,-z,defaultextract"
|
|
|
|
elif check_linker_flags -all_load ; then
|
|
|
|
# Mac OS X
|
|
|
|
arlibs_begin="-all_load"
|
|
|
|
arlibs_end=""
|
|
|
|
else
|
|
|
|
echo "Error: your linker does not support --whole-archive or -z."
|
|
|
|
echo "Please report to qemu-devel@nongnu.org"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2009-08-03 16:46:32 +04:00
|
|
|
if test "$darwin" != "yes" -a "$mingw32" != "yes" -a "$solaries" != yes -a \
|
|
|
|
"$aix" != "yes" ; then
|
|
|
|
libs_softmmu="-lutil $libs_softmmu"
|
|
|
|
fi
|
|
|
|
|
2009-08-03 16:45:59 +04:00
|
|
|
# End of CC checks
|
|
|
|
# After here, no more $cc or $ld runs
|
|
|
|
|
|
|
|
# default flags for all hosts
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-fno-strict-aliasing $QEMU_CFLAGS"
|
|
|
|
CFLAGS="-g $CFLAGS"
|
2009-08-03 16:45:59 +04:00
|
|
|
if test "$debug" = "no" ; then
|
2009-08-03 16:46:00 +04:00
|
|
|
CFLAGS="-O2 $CFLAGS"
|
2009-08-03 16:45:59 +04:00
|
|
|
fi
|
2009-08-03 16:46:22 +04:00
|
|
|
QEMU_CFLAGS="-Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes $QEMU_CFLAGS"
|
|
|
|
QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS"
|
2009-08-03 16:46:23 +04:00
|
|
|
QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS"
|
|
|
|
QEMU_CFLAGS="-U_FORTIFY_SOURCE $QEMU_CFLAGS"
|
|
|
|
QEMU_CFLAGS="-I. -I\$(SRC_PATH) -MMD -MP -MT \$@ $QEMU_CFLAGS"
|
2009-08-03 16:46:00 +04:00
|
|
|
LDFLAGS="-g $LDFLAGS"
|
2009-08-03 16:45:59 +04:00
|
|
|
|
|
|
|
# Consult white-list to determine whether to enable werror
|
|
|
|
# by default. Only enable by default for git builds
|
|
|
|
if test -z "$werror" ; then
|
|
|
|
z_version=`cut -f3 -d. $source_path/VERSION`
|
|
|
|
if test "$z_version" = "50" -a \
|
|
|
|
"$linux" = "yes" ; then
|
|
|
|
werror="yes"
|
|
|
|
else
|
|
|
|
werror="no"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test "$werror" = "yes" ; then
|
2009-08-03 16:46:21 +04:00
|
|
|
QEMU_CFLAGS="-Werror $QEMU_CFLAGS"
|
2009-08-03 16:45:59 +04:00
|
|
|
fi
|
|
|
|
|
|
|
|
if test "$solaris" = "no" ; then
|
|
|
|
if $ld --version 2>/dev/null | grep "GNU ld" >/dev/null 2>/dev/null ; then
|
2009-08-03 16:46:00 +04:00
|
|
|
LDFLAGS="-Wl,--warn-common $LDFLAGS"
|
2009-08-03 16:45:59 +04:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2004-04-03 00:55:59 +04:00
|
|
|
if test "$mingw32" = "yes" ; then
|
2007-02-27 03:52:01 +03:00
|
|
|
if test -z "$prefix" ; then
|
2009-07-31 23:30:45 +04:00
|
|
|
prefix="c:/Program Files/Qemu"
|
2007-02-27 03:52:01 +03:00
|
|
|
fi
|
|
|
|
mansuffix=""
|
|
|
|
datasuffix=""
|
|
|
|
docsuffix=""
|
|
|
|
binsuffix=""
|
2004-04-03 00:55:59 +04:00
|
|
|
else
|
2007-02-27 03:52:01 +03:00
|
|
|
if test -z "$prefix" ; then
|
|
|
|
prefix="/usr/local"
|
|
|
|
fi
|
|
|
|
mansuffix="/share/man"
|
|
|
|
datasuffix="/share/qemu"
|
|
|
|
docsuffix="/share/doc/qemu"
|
|
|
|
binsuffix="/bin"
|
2004-04-03 00:55:59 +04:00
|
|
|
fi
|
2003-10-01 04:13:48 +04:00
|
|
|
|
2003-06-09 23:53:12 +04:00
|
|
|
echo "Install prefix $prefix"
|
2007-02-27 03:52:01 +03:00
|
|
|
echo "BIOS directory $prefix$datasuffix"
|
|
|
|
echo "binary directory $prefix$binsuffix"
|
2004-04-03 00:55:59 +04:00
|
|
|
if test "$mingw32" = "no" ; then
|
2007-02-27 03:52:01 +03:00
|
|
|
echo "Manual directory $prefix$mansuffix"
|
2003-06-09 23:53:12 +04:00
|
|
|
echo "ELF interp prefix $interp_prefix"
|
2004-04-03 00:55:59 +04:00
|
|
|
fi
|
2003-10-01 04:13:48 +04:00
|
|
|
echo "Source path $source_path"
|
2003-06-09 23:53:12 +04:00
|
|
|
echo "C compiler $cc"
|
2005-07-23 18:27:54 +04:00
|
|
|
echo "Host C compiler $host_cc"
|
2009-08-03 16:46:01 +04:00
|
|
|
echo "CFLAGS $CFLAGS"
|
2009-08-03 16:46:21 +04:00
|
|
|
echo "QEMU_CFLAGS $QEMU_CFLAGS"
|
2009-08-03 16:46:01 +04:00
|
|
|
echo "LDFLAGS $LDFLAGS"
|
2003-06-09 23:53:12 +04:00
|
|
|
echo "make $make"
|
2006-04-17 17:57:12 +04:00
|
|
|
echo "install $install"
|
2003-06-09 23:53:12 +04:00
|
|
|
echo "host CPU $cpu"
|
2003-06-16 00:25:43 +04:00
|
|
|
echo "host big endian $bigendian"
|
2003-08-11 01:36:04 +04:00
|
|
|
echo "target list $target_list"
|
2009-04-16 13:58:41 +04:00
|
|
|
echo "tcg debug enabled $debug_tcg"
|
2003-06-09 23:53:12 +04:00
|
|
|
echo "gprof enabled $gprof"
|
2008-10-07 23:16:17 +04:00
|
|
|
echo "sparse enabled $sparse"
|
2009-04-05 21:41:02 +04:00
|
|
|
echo "strip binaries $strip_opt"
|
2006-02-09 01:39:17 +03:00
|
|
|
echo "profiler $profiler"
|
2003-06-09 23:53:12 +04:00
|
|
|
echo "static build $static"
|
2007-11-11 23:17:03 +03:00
|
|
|
echo "-Werror enabled $werror"
|
2005-03-02 00:37:28 +03:00
|
|
|
if test "$darwin" = "yes" ; then
|
|
|
|
echo "Cocoa support $cocoa"
|
|
|
|
fi
|
2003-08-11 01:36:04 +04:00
|
|
|
echo "SDL support $sdl"
|
2008-02-10 19:33:14 +03:00
|
|
|
echo "curses support $curses"
|
2009-05-11 19:41:42 +04:00
|
|
|
echo "curl support $curl"
|
2004-04-01 03:37:16 +04:00
|
|
|
echo "mingw32 support $mingw32"
|
2008-06-26 01:04:05 +04:00
|
|
|
echo "Audio drivers $audio_drv_list"
|
|
|
|
echo "Extra audio cards $audio_card_list"
|
2008-06-23 22:33:30 +04:00
|
|
|
echo "Mixer emulation $mixemu"
|
2007-08-25 05:37:51 +04:00
|
|
|
echo "VNC TLS support $vnc_tls"
|
|
|
|
if test "$vnc_tls" = "yes" ; then
|
|
|
|
echo " TLS CFLAGS $vnc_tls_cflags"
|
|
|
|
echo " TLS LIBS $vnc_tls_libs"
|
|
|
|
fi
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
|
|
|
echo "VNC SASL support $vnc_sasl"
|
|
|
|
if test "$vnc_sasl" = "yes" ; then
|
|
|
|
echo " SASL CFLAGS $vnc_sasl_cflags"
|
|
|
|
echo " SASL LIBS $vnc_sasl_libs"
|
|
|
|
fi
|
2007-04-16 22:27:06 +04:00
|
|
|
if test -n "$sparc_cpu"; then
|
|
|
|
echo "Target Sparc Arch $sparc_cpu"
|
|
|
|
fi
|
2005-04-23 21:44:28 +04:00
|
|
|
echo "kqemu support $kqemu"
|
2009-04-22 19:19:10 +04:00
|
|
|
echo "xen support $xen"
|
2008-04-08 10:01:02 +04:00
|
|
|
echo "brlapi support $brlapi"
|
2006-04-23 21:57:59 +04:00
|
|
|
echo "Documentation $build_docs"
|
2006-05-14 15:30:38 +04:00
|
|
|
[ ! -z "$uname_release" ] && \
|
|
|
|
echo "uname -r $uname_release"
|
2008-05-29 18:34:11 +04:00
|
|
|
echo "NPTL support $nptl"
|
2009-07-17 15:48:08 +04:00
|
|
|
echo "GUEST_BASE $guest_base"
|
2008-07-19 13:56:24 +04:00
|
|
|
echo "vde support $vde"
|
2008-08-15 22:20:52 +04:00
|
|
|
echo "AIO support $aio"
|
2009-04-24 22:03:15 +04:00
|
|
|
echo "IO thread $io_thread"
|
2008-11-27 18:45:16 +03:00
|
|
|
echo "Install blobs $blobs"
|
2009-06-07 13:30:25 +04:00
|
|
|
echo -e "KVM support $kvm"
|
2008-12-16 13:43:48 +03:00
|
|
|
echo "fdt support $fdt"
|
2009-04-07 22:43:28 +04:00
|
|
|
echo "preadv support $preadv"
|
2004-04-01 03:37:16 +04:00
|
|
|
|
2003-08-11 01:36:04 +04:00
|
|
|
if test $sdl_too_old = "yes"; then
|
2005-03-02 01:30:41 +03:00
|
|
|
echo "-> Your SDL version is too old - please upgrade to have SDL support"
|
2004-04-22 04:02:08 +04:00
|
|
|
fi
|
2003-03-07 02:23:54 +03:00
|
|
|
|
2009-07-16 20:34:18 +04:00
|
|
|
config_host_mak="config-host.mak"
|
|
|
|
config_host_h="config-host.h"
|
2009-07-23 00:37:40 +04:00
|
|
|
config_host_ld="config-host.ld"
|
2009-07-16 20:34:18 +04:00
|
|
|
|
|
|
|
#echo "Creating $config_host_mak and $config_host_h"
|
|
|
|
|
|
|
|
test -f $config_host_h && mv $config_host_h ${config_host_h}~
|
|
|
|
|
|
|
|
echo "# Automatically generated by configure - do not modify" > $config_host_mak
|
|
|
|
printf "# Configured with:" >> $config_host_mak
|
|
|
|
printf " '%s'" "$0" "$@" >> $config_host_mak
|
|
|
|
echo >> $config_host_mak
|
|
|
|
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_QEMU_SHAREDIR=\"$prefix$datasuffix\"" >> $config_host_mak
|
2009-07-27 18:12:49 +04:00
|
|
|
|
2008-04-21 00:19:44 +04:00
|
|
|
case "$cpu" in
|
2009-07-18 16:32:00 +04:00
|
|
|
i386|x86_64|alpha|cris|hppa|ia64|m68k|microblaze|mips|mips64|ppc|ppc64|s390|sparc|sparc64)
|
2009-07-16 20:34:09 +04:00
|
|
|
ARCH=$cpu
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
2009-07-18 16:23:39 +04:00
|
|
|
armv4b|armv4l)
|
2009-07-16 20:34:08 +04:00
|
|
|
ARCH=arm
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo "Unsupported CPU = $cpu"
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "ARCH=$ARCH" >> $config_host_mak
|
2009-04-13 22:45:38 +04:00
|
|
|
if test "$debug_tcg" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_DEBUG_TCG=y" >> $config_host_mak
|
2009-04-13 22:45:38 +04:00
|
|
|
fi
|
2009-06-04 14:39:04 +04:00
|
|
|
if test "$debug" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_DEBUG_EXEC=y" >> $config_host_mak
|
2009-06-04 14:39:04 +04:00
|
|
|
fi
|
2009-04-05 21:41:02 +04:00
|
|
|
if test "$strip_opt" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "STRIP_OPT=-s" >> $config_host_mak
|
2009-04-05 21:41:02 +04:00
|
|
|
fi
|
2003-03-07 02:23:54 +03:00
|
|
|
if test "$bigendian" = "yes" ; then
|
2009-07-27 18:13:06 +04:00
|
|
|
echo "HOST_WORDS_BIGENDIAN=y" >> $config_host_mak
|
2003-08-11 01:36:04 +04:00
|
|
|
fi
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "HOST_LONG_BITS=$hostlongbits" >> $config_host_mak
|
2004-04-01 03:37:16 +04:00
|
|
|
if test "$mingw32" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_WIN32=y" >> $config_host_mak
|
2007-02-28 00:04:49 +03:00
|
|
|
else
|
2009-07-27 18:13:07 +04:00
|
|
|
echo "CONFIG_POSIX=y" >> $config_host_mak
|
2004-04-01 03:37:16 +04:00
|
|
|
fi
|
2008-08-15 22:33:42 +04:00
|
|
|
|
2004-07-06 01:25:26 +04:00
|
|
|
if test "$darwin" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_DARWIN=y" >> $config_host_mak
|
2004-07-06 01:25:26 +04:00
|
|
|
fi
|
2008-11-18 04:42:22 +03:00
|
|
|
|
|
|
|
if test "$aix" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_AIX=y" >> $config_host_mak
|
2008-11-18 04:42:22 +03:00
|
|
|
fi
|
|
|
|
|
2006-04-26 02:36:06 +04:00
|
|
|
if test "$solaris" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_SOLARIS=y" >> $config_host_mak
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_SOLARIS_VERSION=$solarisrev" >> $config_host_mak
|
2007-04-01 22:54:44 +04:00
|
|
|
if test "$needs_libsunmath" = "yes" ; then
|
2009-07-27 18:13:23 +04:00
|
|
|
echo "CONFIG_NEEDS_LIBSUNMATH=y" >> $config_host_mak
|
2007-04-01 22:54:44 +04:00
|
|
|
fi
|
2006-04-26 02:36:06 +04:00
|
|
|
fi
|
2003-08-11 01:36:04 +04:00
|
|
|
if test "$gprof" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "TARGET_GPROF=yes" >> $config_host_mak
|
2003-08-11 01:36:04 +04:00
|
|
|
fi
|
|
|
|
if test "$static" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_STATIC=y" >> $config_host_mak
|
2009-08-03 16:46:00 +04:00
|
|
|
LDFLAGS="-static $LDFLAGS"
|
2003-03-07 02:23:54 +03:00
|
|
|
fi
|
2006-02-09 01:39:17 +03:00
|
|
|
if test $profiler = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_PROFILER=y" >> $config_host_mak
|
2006-02-09 01:39:17 +03:00
|
|
|
fi
|
2004-04-22 03:27:19 +04:00
|
|
|
if test "$slirp" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_SLIRP=y" >> $config_host_mak
|
2004-04-22 03:27:19 +04:00
|
|
|
fi
|
2008-07-19 13:56:24 +04:00
|
|
|
if test "$vde" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_VDE=y" >> $config_host_mak
|
2009-07-27 18:13:19 +04:00
|
|
|
echo "VDE_LIBS=$vde_libs" >> $config_host_mak
|
2008-07-19 13:56:24 +04:00
|
|
|
fi
|
2008-06-26 01:04:05 +04:00
|
|
|
for card in $audio_card_list; do
|
2008-06-29 05:00:34 +04:00
|
|
|
def=CONFIG_`echo $card | tr '[:lower:]' '[:upper:]'`
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "$def=y" >> $config_host_mak
|
2008-06-26 01:04:05 +04:00
|
|
|
done
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_AUDIO_DRIVERS=$audio_drv_list" >> $config_host_mak
|
2008-06-26 01:04:05 +04:00
|
|
|
for drv in $audio_drv_list; do
|
2008-06-29 05:00:34 +04:00
|
|
|
def=CONFIG_`echo $drv | tr '[:lower:]' '[:upper:]'`
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "$def=y" >> $config_host_mak
|
2008-07-02 22:13:46 +04:00
|
|
|
if test "$drv" = "fmod"; then
|
2009-07-27 18:12:47 +04:00
|
|
|
echo "FMOD_CFLAGS=-I$fmod_inc" >> $config_host_mak
|
2008-06-26 01:04:05 +04:00
|
|
|
fi
|
|
|
|
done
|
2008-06-23 22:33:30 +04:00
|
|
|
if test "$mixemu" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_MIXEMU=y" >> $config_host_mak
|
2008-06-23 22:33:30 +04:00
|
|
|
fi
|
2007-08-25 05:37:51 +04:00
|
|
|
if test "$vnc_tls" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_VNC_TLS=y" >> $config_host_mak
|
2009-07-27 18:12:43 +04:00
|
|
|
echo "VNC_TLS_CFLAGS=$vnc_tls_cflags" >> $config_host_mak
|
2007-08-25 05:37:51 +04:00
|
|
|
fi
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
|
|
|
if test "$vnc_sasl" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_VNC_SASL=y" >> $config_host_mak
|
2009-07-27 18:12:45 +04:00
|
|
|
echo "VNC_SASL_CFLAGS=$vnc_sasl_cflags" >> $config_host_mak
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
|
|
|
fi
|
Support ACLs for controlling VNC access ("Daniel P. Berrange")
This patch introduces a generic internal API for access control lists
to be used by network servers in QEMU. It adds support for checking
these ACL in the VNC server, in two places. The first ACL is for the
SASL authentication mechanism, checking the SASL username. This ACL
is called 'vnc.username'. The second is for the TLS authentication
mechanism, when x509 client certificates are turned on, checking against
the Distinguished Name of the client. This ACL is called 'vnc.x509dname'
The internal API provides for an ACL with the following characteristics
- A unique name, eg vnc.username, and vnc.x509dname.
- A default policy, allow or deny
- An ordered series of match rules, with allow or deny policy
If none of the match rules apply, then the default policy is
used.
There is a monitor API to manipulate the ACLs, which I'll describe via
examples
(qemu) acl show vnc.username
policy: allow
(qemu) acl policy vnc.username denya
acl: policy set to 'deny'
(qemu) acl allow vnc.username fred
acl: added rule at position 1
(qemu) acl allow vnc.username bob
acl: added rule at position 2
(qemu) acl allow vnc.username joe 1
acl: added rule at position 1
(qemu) acl show vnc.username
policy: deny
0: allow fred
1: allow joe
2: allow bob
(qemu) acl show vnc.x509dname
policy: allow
(qemu) acl policy vnc.x509dname deny
acl: policy set to 'deny'
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
acl: added rule at position 1
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
acl: added rule at position 2
(qemu) acl show vnc.x509dname
policy: deny
0: allow C=GB,O=ACME,L=London,CN=*
1: allow C=GB,O=ACME,L=Boston,CN=bob
By default the VNC server will not use any ACLs, allowing access to
the server if the user successfully authenticates. To enable use of
ACLs to restrict user access, the ',acl' flag should be given when
starting QEMU. The initial ACL activated will be a 'deny all' policy
and should be customized using monitor commands.
eg enable SASL auth and ACLs
qemu .... -vnc localhost:1,sasl,acl
The next patch will provide a way to load a pre-defined ACL when
starting up
Makefile | 6 +
b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
b/acl.h | 74 ++++++++++++++++++++++
configure | 18 +++++
monitor.c | 95 ++++++++++++++++++++++++++++
qemu-doc.texi | 49 ++++++++++++++
vnc-auth-sasl.c | 16 +++-
vnc-auth-sasl.h | 7 ++
vnc-tls.c | 19 +++++
vnc-tls.h | 3
vnc.c | 21 ++++++
vnc.h | 3
12 files changed, 491 insertions(+), 5 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:37 +03:00
|
|
|
if test "$fnmatch" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_FNMATCH=y" >> $config_host_mak
|
Support ACLs for controlling VNC access ("Daniel P. Berrange")
This patch introduces a generic internal API for access control lists
to be used by network servers in QEMU. It adds support for checking
these ACL in the VNC server, in two places. The first ACL is for the
SASL authentication mechanism, checking the SASL username. This ACL
is called 'vnc.username'. The second is for the TLS authentication
mechanism, when x509 client certificates are turned on, checking against
the Distinguished Name of the client. This ACL is called 'vnc.x509dname'
The internal API provides for an ACL with the following characteristics
- A unique name, eg vnc.username, and vnc.x509dname.
- A default policy, allow or deny
- An ordered series of match rules, with allow or deny policy
If none of the match rules apply, then the default policy is
used.
There is a monitor API to manipulate the ACLs, which I'll describe via
examples
(qemu) acl show vnc.username
policy: allow
(qemu) acl policy vnc.username denya
acl: policy set to 'deny'
(qemu) acl allow vnc.username fred
acl: added rule at position 1
(qemu) acl allow vnc.username bob
acl: added rule at position 2
(qemu) acl allow vnc.username joe 1
acl: added rule at position 1
(qemu) acl show vnc.username
policy: deny
0: allow fred
1: allow joe
2: allow bob
(qemu) acl show vnc.x509dname
policy: allow
(qemu) acl policy vnc.x509dname deny
acl: policy set to 'deny'
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
acl: added rule at position 1
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
acl: added rule at position 2
(qemu) acl show vnc.x509dname
policy: deny
0: allow C=GB,O=ACME,L=London,CN=*
1: allow C=GB,O=ACME,L=Boston,CN=bob
By default the VNC server will not use any ACLs, allowing access to
the server if the user successfully authenticates. To enable use of
ACLs to restrict user access, the ',acl' flag should be given when
starting QEMU. The initial ACL activated will be a 'deny all' policy
and should be customized using monitor commands.
eg enable SASL auth and ACLs
qemu .... -vnc localhost:1,sasl,acl
The next patch will provide a way to load a pre-defined ACL when
starting up
Makefile | 6 +
b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
b/acl.h | 74 ++++++++++++++++++++++
configure | 18 +++++
monitor.c | 95 ++++++++++++++++++++++++++++
qemu-doc.texi | 49 ++++++++++++++
vnc-auth-sasl.c | 16 +++-
vnc-auth-sasl.h | 7 ++
vnc-tls.c | 19 +++++
vnc-tls.h | 3
vnc.c | 21 ++++++
vnc.h | 3
12 files changed, 491 insertions(+), 5 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:37 +03:00
|
|
|
fi
|
2006-04-16 17:28:56 +04:00
|
|
|
qemu_version=`head $source_path/VERSION`
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "VERSION=$qemu_version" >>$config_host_mak
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "PKGVERSION=$pkgversion" >>$config_host_mak
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "SRC_PATH=$source_path" >> $config_host_mak
|
2006-04-16 16:41:07 +04:00
|
|
|
if [ "$source_path_used" = "yes" ]; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "VPATH=$source_path" >> $config_host_mak
|
2006-04-16 16:41:07 +04:00
|
|
|
fi
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "TARGET_DIRS=$target_list" >> $config_host_mak
|
2006-04-23 21:57:59 +04:00
|
|
|
if [ "$build_docs" = "yes" ] ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "BUILD_DOCS=yes" >> $config_host_mak
|
2006-04-23 21:57:59 +04:00
|
|
|
fi
|
2009-07-27 18:13:14 +04:00
|
|
|
if test "$sdl" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_SDL=y" >> $config_host_mak
|
2009-07-27 18:13:14 +04:00
|
|
|
echo "SDL_CFLAGS=$sdl_cflags" >> $config_host_mak
|
2007-11-07 22:25:15 +03:00
|
|
|
fi
|
|
|
|
if test "$cocoa" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_COCOA=y" >> $config_host_mak
|
2008-02-10 19:33:14 +03:00
|
|
|
fi
|
|
|
|
if test "$curses" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_CURSES=y" >> $config_host_mak
|
2007-11-07 22:25:15 +03:00
|
|
|
fi
|
2009-04-15 20:12:13 +04:00
|
|
|
if test "$atfile" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_ATFILE=y" >> $config_host_mak
|
2009-04-15 20:12:13 +04:00
|
|
|
fi
|
2009-04-21 16:01:51 +04:00
|
|
|
if test "$utimens" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_UTIMENSAT=y" >> $config_host_mak
|
2009-04-21 16:01:51 +04:00
|
|
|
fi
|
2009-05-05 13:10:04 +04:00
|
|
|
if test "$pipe2" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_PIPE2=y" >> $config_host_mak
|
2009-05-05 13:10:04 +04:00
|
|
|
fi
|
2009-05-16 17:02:41 +04:00
|
|
|
if test "$splice" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_SPLICE=y" >> $config_host_mak
|
2009-05-16 17:02:41 +04:00
|
|
|
fi
|
2009-04-15 20:12:13 +04:00
|
|
|
if test "$inotify" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_INOTIFY=y" >> $config_host_mak
|
2009-04-15 20:12:13 +04:00
|
|
|
fi
|
2009-08-03 16:45:58 +04:00
|
|
|
if test "$byteswap_h" = "yes" ; then
|
|
|
|
echo "CONFIG_BYTESWAP_H=y" >> $config_host_mak
|
|
|
|
fi
|
|
|
|
if test "$bswap_h" = "yes" ; then
|
|
|
|
echo "CONFIG_MACHINE_BSWAP_H=y" >> $config_host_mak
|
|
|
|
fi
|
2009-05-11 19:41:42 +04:00
|
|
|
if test "$curl" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_CURL=y" >> $config_host_mak
|
2009-08-03 16:46:05 +04:00
|
|
|
echo "CURL_CFLAGS=$curl_cflags" >> $config_host_mak
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CURL_LIBS=$curl_libs" >> $config_host_mak
|
2009-05-11 19:41:42 +04:00
|
|
|
fi
|
2008-04-08 10:01:02 +04:00
|
|
|
if test "$brlapi" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_BRLAPI=y" >> $config_host_mak
|
2009-07-27 18:13:18 +04:00
|
|
|
echo "BRLAPI_LIBS=$brlapi_libs" >> $config_host_mak
|
2008-04-08 10:01:02 +04:00
|
|
|
fi
|
2008-09-29 03:49:55 +04:00
|
|
|
if test "$bluez" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_BLUEZ=y" >> $config_host_mak
|
2009-07-27 18:12:46 +04:00
|
|
|
echo "BLUEZ_CFLAGS=$bluez_cflags" >> $config_host_mak
|
2008-09-29 03:49:55 +04:00
|
|
|
fi
|
2009-04-22 19:19:10 +04:00
|
|
|
if test "$xen" = "yes" ; then
|
2009-07-27 18:13:21 +04:00
|
|
|
echo "CONFIG_XEN=y" >> $config_host_mak
|
2009-04-22 19:19:10 +04:00
|
|
|
fi
|
2008-08-15 22:20:52 +04:00
|
|
|
if test "$aio" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_AIO=y" >> $config_host_mak
|
2008-08-15 22:20:52 +04:00
|
|
|
fi
|
2009-04-24 22:03:15 +04:00
|
|
|
if test "$io_thread" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "CONFIG_IOTHREAD=y" >> $config_host_mak
|
2009-04-24 22:03:15 +04:00
|
|
|
fi
|
2008-11-27 18:45:16 +03:00
|
|
|
if test "$blobs" = "yes" ; then
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "INSTALL_BLOBS=yes" >> $config_host_mak
|
2008-11-27 18:45:16 +03:00
|
|
|
fi
|
2008-12-05 23:05:26 +03:00
|
|
|
if test "$iovec" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_IOVEC=y" >> $config_host_mak
|
2008-12-05 23:05:26 +03:00
|
|
|
fi
|
2009-04-07 22:43:28 +04:00
|
|
|
if test "$preadv" = "yes" ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_PREADV=y" >> $config_host_mak
|
2009-04-07 22:43:28 +04:00
|
|
|
fi
|
2008-12-16 13:43:48 +03:00
|
|
|
if test "$fdt" = "yes" ; then
|
2009-07-27 18:12:52 +04:00
|
|
|
echo "CONFIG_FDT=y" >> $config_host_mak
|
2009-07-27 18:13:20 +04:00
|
|
|
echo "FDT_LIBS=$fdt_libs" >> $config_host_mak
|
2008-12-16 13:43:48 +03:00
|
|
|
fi
|
2003-08-11 01:36:04 +04:00
|
|
|
|
2004-07-06 01:25:26 +04:00
|
|
|
# XXX: suppress that
|
2004-05-12 23:32:15 +04:00
|
|
|
if [ "$bsd" = "yes" ] ; then
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_BSD=y" >> $config_host_mak
|
2004-05-12 23:32:15 +04:00
|
|
|
fi
|
|
|
|
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "CONFIG_UNAME_RELEASE=\"$uname_release\"" >> $config_host_mak
|
2006-05-14 15:30:38 +04:00
|
|
|
|
2008-11-23 00:03:55 +03:00
|
|
|
# USB host support
|
|
|
|
case "$usb" in
|
|
|
|
linux)
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "HOST_USB=linux" >> $config_host_mak
|
2008-11-23 00:03:55 +03:00
|
|
|
;;
|
|
|
|
bsd)
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "HOST_USB=bsd" >> $config_host_mak
|
2008-11-23 00:03:55 +03:00
|
|
|
;;
|
|
|
|
*)
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "HOST_USB=stub" >> $config_host_mak
|
2008-11-23 00:03:55 +03:00
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
2007-09-22 20:49:14 +04:00
|
|
|
tools=
|
|
|
|
if test `expr "$target_list" : ".*softmmu.*"` != 0 ; then
|
2009-04-05 23:29:26 +04:00
|
|
|
tools="qemu-img\$(EXESUF) $tools"
|
2008-05-28 01:13:40 +04:00
|
|
|
if [ "$linux" = "yes" ] ; then
|
2009-04-05 23:29:26 +04:00
|
|
|
tools="qemu-nbd\$(EXESUF) qemu-io\$(EXESUF) $tools"
|
2008-05-28 01:13:40 +04:00
|
|
|
fi
|
2007-09-22 20:49:14 +04:00
|
|
|
fi
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "TOOLS=$tools" >> $config_host_mak
|
2007-09-22 20:49:14 +04:00
|
|
|
|
2009-07-21 16:11:22 +04:00
|
|
|
# Mac OS X ships with a broken assembler
|
2009-06-29 17:37:40 +04:00
|
|
|
roms=
|
2009-07-21 16:11:22 +04:00
|
|
|
if test \( "$cpu" = "i386" -o "$cpu" = "x86_64" \) -a \
|
|
|
|
"$targetos" != "Darwin" ; then
|
2009-07-31 16:18:32 +04:00
|
|
|
roms="optionrom"
|
2009-06-29 17:37:40 +04:00
|
|
|
fi
|
2009-07-16 20:34:18 +04:00
|
|
|
echo "ROMS=$roms" >> $config_host_mak
|
2009-06-29 17:37:40 +04:00
|
|
|
|
2009-07-27 18:12:49 +04:00
|
|
|
echo "prefix=$prefix" >> $config_host_mak
|
|
|
|
echo "bindir=\${prefix}$binsuffix" >> $config_host_mak
|
|
|
|
echo "mandir=\${prefix}$mansuffix" >> $config_host_mak
|
|
|
|
echo "datadir=\${prefix}$datasuffix" >> $config_host_mak
|
|
|
|
echo "docdir=\${prefix}$docsuffix" >> $config_host_mak
|
|
|
|
echo "MAKE=$make" >> $config_host_mak
|
|
|
|
echo "INSTALL=$install" >> $config_host_mak
|
|
|
|
echo "INSTALL_DIR=$install -d -m0755 -p" >> $config_host_mak
|
|
|
|
echo "INSTALL_DATA=$install -m0644 -p" >> $config_host_mak
|
|
|
|
echo "INSTALL_PROG=$install -m0755 -p" >> $config_host_mak
|
|
|
|
echo "CC=$cc" >> $config_host_mak
|
|
|
|
echo "HOST_CC=$host_cc" >> $config_host_mak
|
|
|
|
if test "$sparse" = "yes" ; then
|
|
|
|
echo "CC := REAL_CC=\"\$(CC)\" cgcc" >> $config_host_mak
|
|
|
|
echo "HOST_CC := REAL_CC=\"\$(HOST_CC)\" cgcc" >> $config_host_mak
|
2009-08-03 16:46:21 +04:00
|
|
|
echo "QEMU_CFLAGS += -Wbitwise -Wno-transparent-union -Wno-old-initializer -Wno-non-pointer-null" >> $config_host_mak
|
2009-07-27 18:12:49 +04:00
|
|
|
fi
|
|
|
|
echo "AR=$ar" >> $config_host_mak
|
|
|
|
echo "OBJCOPY=$objcopy" >> $config_host_mak
|
|
|
|
echo "LD=$ld" >> $config_host_mak
|
2009-08-03 16:46:02 +04:00
|
|
|
echo "CFLAGS=$CFLAGS" >> $config_host_mak
|
2009-08-03 16:46:21 +04:00
|
|
|
echo "QEMU_CFLAGS=$QEMU_CFLAGS" >> $config_host_mak
|
2009-08-03 16:46:24 +04:00
|
|
|
echo "HELPER_CFLAGS=$helper_cflags" >> $config_host_mak
|
2009-08-03 16:46:02 +04:00
|
|
|
echo "LDFLAGS=$LDFLAGS" >> $config_host_mak
|
2009-08-03 16:45:56 +04:00
|
|
|
echo "ARLIBS_BEGIN=$arlibs_begin" >> $config_host_mak
|
|
|
|
echo "ARLIBS_END=$arlibs_end" >> $config_host_mak
|
2009-08-03 16:46:26 +04:00
|
|
|
echo "LIBS+=$LIBS" >> $config_host_mak
|
2009-07-27 18:12:49 +04:00
|
|
|
echo "EXESUF=$EXESUF" >> $config_host_mak
|
|
|
|
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "/* Automatically generated by configure - do not modify */" > $config_host_h
|
|
|
|
|
2009-08-10 03:40:16 +04:00
|
|
|
$SHELL $source_path/create_config < $config_host_mak >> $config_host_h
|
2009-07-27 18:13:25 +04:00
|
|
|
|
2009-07-16 20:34:18 +04:00
|
|
|
if test -f ${config_host_h}~ ; then
|
|
|
|
if cmp -s $config_host_h ${config_host_h}~ ; then
|
|
|
|
mv ${config_host_h}~ $config_host_h
|
2009-05-26 18:07:56 +04:00
|
|
|
else
|
2009-07-16 20:34:18 +04:00
|
|
|
rm ${config_host_h}~
|
2009-05-26 18:07:56 +04:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2009-07-23 00:37:40 +04:00
|
|
|
# generate list of library paths for linker script
|
|
|
|
|
|
|
|
$ld --verbose -v 2> /dev/null | grep SEARCH_DIR > ${config_host_ld}
|
|
|
|
|
|
|
|
if test -f ${config_host_ld}~ ; then
|
|
|
|
if cmp -s $config_host_ld ${config_host_ld}~ ; then
|
|
|
|
mv ${config_host_ld}~ $config_host_ld
|
|
|
|
else
|
|
|
|
rm ${config_host_ld}~
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2005-10-30 21:58:22 +03:00
|
|
|
for target in $target_list; do
|
2003-08-11 01:36:04 +04:00
|
|
|
target_dir="$target"
|
|
|
|
config_mak=$target_dir/config.mak
|
|
|
|
config_h=$target_dir/config.h
|
2009-07-03 21:44:00 +04:00
|
|
|
target_arch2=`echo $target | cut -d '-' -f 1`
|
2003-08-11 01:36:04 +04:00
|
|
|
target_bigendian="no"
|
2009-07-16 20:34:10 +04:00
|
|
|
case "$target_arch2" in
|
|
|
|
armeb|m68k|microblaze|mips|mipsn32|mips64|ppc|ppcemb|ppc64|ppc64abi32|sh4eb|sparc|sparc64|sparc32plus)
|
|
|
|
target_bigendian=yes
|
|
|
|
;;
|
|
|
|
esac
|
2003-08-11 01:36:04 +04:00
|
|
|
target_softmmu="no"
|
2003-10-28 00:10:39 +03:00
|
|
|
target_user_only="no"
|
2007-01-18 23:06:33 +03:00
|
|
|
target_linux_user="no"
|
|
|
|
target_darwin_user="no"
|
2008-10-26 23:33:16 +03:00
|
|
|
target_bsd_user="no"
|
2007-05-26 20:38:53 +04:00
|
|
|
case "$target" in
|
2009-07-03 21:44:00 +04:00
|
|
|
${target_arch2}-softmmu)
|
2007-05-26 20:38:53 +04:00
|
|
|
target_softmmu="yes"
|
|
|
|
;;
|
2009-07-03 21:44:00 +04:00
|
|
|
${target_arch2}-linux-user)
|
2007-05-26 20:38:53 +04:00
|
|
|
target_user_only="yes"
|
|
|
|
target_linux_user="yes"
|
|
|
|
;;
|
2009-07-03 21:44:00 +04:00
|
|
|
${target_arch2}-darwin-user)
|
2007-05-26 20:38:53 +04:00
|
|
|
target_user_only="yes"
|
|
|
|
target_darwin_user="yes"
|
|
|
|
;;
|
2009-07-03 21:44:00 +04:00
|
|
|
${target_arch2}-bsd-user)
|
2008-10-26 23:33:16 +03:00
|
|
|
target_user_only="yes"
|
|
|
|
target_bsd_user="yes"
|
|
|
|
;;
|
2007-05-26 20:38:53 +04:00
|
|
|
*)
|
|
|
|
echo "ERROR: Target '$target' not recognised"
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
2007-01-18 23:06:33 +03:00
|
|
|
|
2004-04-22 04:02:08 +04:00
|
|
|
#echo "Creating $config_mak, $config_h and $target_dir/Makefile"
|
2003-08-11 01:36:04 +04:00
|
|
|
|
2007-08-01 03:07:32 +04:00
|
|
|
test -f $config_h && mv $config_h ${config_h}~
|
|
|
|
|
2003-08-11 01:36:04 +04:00
|
|
|
mkdir -p $target_dir
|
2005-03-13 19:54:06 +03:00
|
|
|
mkdir -p $target_dir/fpu
|
2008-02-01 13:50:11 +03:00
|
|
|
mkdir -p $target_dir/tcg
|
2008-10-26 23:33:16 +03:00
|
|
|
if test "$target" = "arm-linux-user" -o "$target" = "armeb-linux-user" -o "$target" = "arm-bsd-user" -o "$target" = "armeb-bsd-user" ; then
|
2004-02-17 00:40:43 +03:00
|
|
|
mkdir -p $target_dir/nwfpe
|
|
|
|
fi
|
|
|
|
|
2006-04-26 02:36:06 +04:00
|
|
|
#
|
|
|
|
# don't use ln -sf as not all "ln -sf" over write the file/link
|
|
|
|
#
|
|
|
|
rm -f $target_dir/Makefile
|
|
|
|
ln -s $source_path/Makefile.target $target_dir/Makefile
|
|
|
|
|
2003-08-11 01:36:04 +04:00
|
|
|
|
|
|
|
echo "# Automatically generated by configure - do not modify" > $config_mak
|
2003-06-16 00:25:43 +04:00
|
|
|
|
2003-08-11 01:36:04 +04:00
|
|
|
echo "include ../config-host.mak" >> $config_mak
|
2003-10-01 00:54:24 +04:00
|
|
|
|
2006-06-11 17:32:59 +04:00
|
|
|
bflt="no"
|
2007-10-09 20:34:29 +04:00
|
|
|
elfload32="no"
|
2008-05-29 18:34:11 +04:00
|
|
|
target_nptl="no"
|
2009-07-03 21:44:00 +04:00
|
|
|
interp_prefix1=`echo "$interp_prefix" | sed "s/%M/$target_arch2/g"`
|
2009-07-16 20:34:20 +04:00
|
|
|
echo "CONFIG_QEMU_PREFIX=\"$interp_prefix1\"" >> $config_mak
|
2008-10-11 21:55:29 +04:00
|
|
|
gdb_xml_files=""
|
2008-11-05 19:04:33 +03:00
|
|
|
|
2009-07-16 20:34:12 +04:00
|
|
|
TARGET_ARCH="$target_arch2"
|
2009-07-16 20:34:15 +04:00
|
|
|
TARGET_BASE_ARCH=""
|
2009-07-16 20:34:17 +04:00
|
|
|
TARGET_ABI_DIR=""
|
2009-07-16 20:34:14 +04:00
|
|
|
|
2009-07-03 21:44:00 +04:00
|
|
|
case "$target_arch2" in
|
2008-04-21 00:19:44 +04:00
|
|
|
i386)
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=32
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
x86_64)
|
2009-07-16 20:34:15 +04:00
|
|
|
TARGET_BASE_ARCH=i386
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
alpha)
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
arm|armeb)
|
2009-07-16 20:34:11 +04:00
|
|
|
TARGET_ARCH=arm
|
2008-04-21 00:19:44 +04:00
|
|
|
bflt="yes"
|
2008-05-29 18:34:11 +04:00
|
|
|
target_nptl="yes"
|
2008-10-11 21:55:29 +04:00
|
|
|
gdb_xml_files="arm-core.xml arm-vfp.xml arm-vfp3.xml arm-neon.xml"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=32
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
cris)
|
2009-01-07 23:07:09 +03:00
|
|
|
target_nptl="yes"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=32
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
m68k)
|
|
|
|
bflt="yes"
|
2008-10-11 21:55:29 +04:00
|
|
|
gdb_xml_files="cf-core.xml cf-fp.xml"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=32
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
2009-05-20 23:17:31 +04:00
|
|
|
microblaze)
|
|
|
|
bflt="yes"
|
|
|
|
target_nptl="yes"
|
|
|
|
target_phys_bits=32
|
|
|
|
;;
|
2009-07-16 20:34:16 +04:00
|
|
|
mips|mipsel)
|
2009-07-16 20:34:11 +04:00
|
|
|
TARGET_ARCH=mips
|
2009-07-16 20:34:20 +04:00
|
|
|
echo "TARGET_ABI_MIPSO32=y" >> $config_mak
|
2009-07-09 20:56:24 +04:00
|
|
|
target_nptl="yes"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
mipsn32|mipsn32el)
|
2009-07-16 20:34:11 +04:00
|
|
|
TARGET_ARCH=mipsn32
|
2009-07-16 20:34:15 +04:00
|
|
|
TARGET_BASE_ARCH=mips
|
2009-07-16 20:34:20 +04:00
|
|
|
echo "TARGET_ABI_MIPSN32=y" >> $config_mak
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
mips64|mips64el)
|
2009-07-16 20:34:11 +04:00
|
|
|
TARGET_ARCH=mips64
|
2009-07-16 20:34:15 +04:00
|
|
|
TARGET_BASE_ARCH=mips
|
2009-07-16 20:34:20 +04:00
|
|
|
echo "TARGET_ABI_MIPSN64=y" >> $config_mak
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
ppc)
|
2009-01-24 18:07:34 +03:00
|
|
|
gdb_xml_files="power-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=32
|
2009-08-03 19:43:28 +04:00
|
|
|
target_nptl="yes"
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
ppcemb)
|
2009-07-16 20:34:15 +04:00
|
|
|
TARGET_BASE_ARCH=ppc
|
2009-07-16 20:34:17 +04:00
|
|
|
TARGET_ABI_DIR=ppc
|
2009-01-24 18:07:34 +03:00
|
|
|
gdb_xml_files="power-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2009-08-03 19:43:28 +04:00
|
|
|
target_nptl="yes"
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
ppc64)
|
2009-07-16 20:34:15 +04:00
|
|
|
TARGET_BASE_ARCH=ppc
|
2009-07-16 20:34:17 +04:00
|
|
|
TARGET_ABI_DIR=ppc
|
2009-01-24 18:07:34 +03:00
|
|
|
gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
ppc64abi32)
|
2009-07-16 20:34:11 +04:00
|
|
|
TARGET_ARCH=ppc64
|
2009-07-16 20:34:15 +04:00
|
|
|
TARGET_BASE_ARCH=ppc
|
2009-07-16 20:34:17 +04:00
|
|
|
TARGET_ABI_DIR=ppc
|
2009-07-16 20:34:20 +04:00
|
|
|
echo "TARGET_ABI32=y" >> $config_mak
|
2009-01-24 18:07:34 +03:00
|
|
|
gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
sh4|sh4eb)
|
2009-07-16 20:34:11 +04:00
|
|
|
TARGET_ARCH=sh4
|
2008-04-21 00:19:44 +04:00
|
|
|
bflt="yes"
|
2008-09-15 11:43:43 +04:00
|
|
|
target_nptl="yes"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=32
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
sparc)
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
sparc64)
|
2009-07-16 20:34:15 +04:00
|
|
|
TARGET_BASE_ARCH=sparc
|
2008-04-21 00:19:44 +04:00
|
|
|
elfload32="yes"
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
sparc32plus)
|
2009-07-16 20:34:11 +04:00
|
|
|
TARGET_ARCH=sparc64
|
2009-07-16 20:34:15 +04:00
|
|
|
TARGET_BASE_ARCH=sparc
|
2009-07-16 20:34:17 +04:00
|
|
|
TARGET_ABI_DIR=sparc
|
2009-07-16 20:34:20 +04:00
|
|
|
echo "TARGET_ABI32=y" >> $config_mak
|
2009-05-19 19:17:58 +04:00
|
|
|
target_phys_bits=64
|
2008-04-21 00:19:44 +04:00
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo "Unsupported target CPU"
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
2009-07-16 20:34:11 +04:00
|
|
|
echo "TARGET_ARCH=$TARGET_ARCH" >> $config_mak
|
2009-07-16 20:34:16 +04:00
|
|
|
echo "TARGET_ARCH2=$target_arch2" >> $config_mak
|
2009-07-16 20:34:20 +04:00
|
|
|
# TARGET_BASE_ARCH needs to be defined after TARGET_ARCH
|
2009-07-16 20:34:15 +04:00
|
|
|
if [ "$TARGET_BASE_ARCH" = "" ]; then
|
|
|
|
TARGET_BASE_ARCH=$TARGET_ARCH
|
|
|
|
fi
|
|
|
|
echo "TARGET_BASE_ARCH=$TARGET_BASE_ARCH" >> $config_mak
|
2009-07-16 20:34:17 +04:00
|
|
|
if [ "$TARGET_ABI_DIR" = "" ]; then
|
|
|
|
TARGET_ABI_DIR=$TARGET_ARCH
|
|
|
|
fi
|
|
|
|
echo "TARGET_ABI_DIR=$TARGET_ABI_DIR" >> $config_mak
|
2009-05-19 19:17:58 +04:00
|
|
|
if [ $target_phys_bits -lt $hostlongbits ] ; then
|
|
|
|
target_phys_bits=$hostlongbits
|
|
|
|
fi
|
2009-07-16 20:33:59 +04:00
|
|
|
case "$target_arch2" in
|
|
|
|
i386|x86_64)
|
|
|
|
if test "$xen" = "yes" -a "$target_softmmu" = "yes" ; then
|
|
|
|
echo "CONFIG_XEN=y" >> $config_mak
|
|
|
|
fi
|
2009-07-16 20:34:01 +04:00
|
|
|
if test $kqemu = "yes" -a "$target_softmmu" = "yes"
|
|
|
|
then
|
|
|
|
echo "CONFIG_KQEMU=y" >> $config_mak
|
|
|
|
fi
|
2009-07-16 20:33:59 +04:00
|
|
|
esac
|
2009-07-16 20:34:00 +04:00
|
|
|
case "$target_arch2" in
|
2009-07-17 15:51:42 +04:00
|
|
|
i386|x86_64|ppcemb|ppc|ppc64)
|
2009-07-16 20:34:00 +04:00
|
|
|
# Make sure the target and host cpus are compatible
|
|
|
|
if test "$kvm" = "yes" -a "$target_softmmu" = "yes" -a \
|
|
|
|
\( "$target_arch2" = "$cpu" -o \
|
|
|
|
\( "$target_arch2" = "ppcemb" -a "$cpu" = "ppc" \) -o \
|
2009-07-17 15:51:42 +04:00
|
|
|
\( "$target_arch2" = "ppc64" -a "$cpu" = "ppc" \) -o \
|
2009-07-16 20:34:00 +04:00
|
|
|
\( "$target_arch2" = "x86_64" -a "$cpu" = "i386" \) -o \
|
|
|
|
\( "$target_arch2" = "i386" -a "$cpu" = "x86_64" \) \) ; then
|
|
|
|
echo "CONFIG_KVM=y" >> $config_mak
|
|
|
|
echo "KVM_CFLAGS=$kvm_cflags" >> $config_mak
|
|
|
|
fi
|
|
|
|
esac
|
2009-05-19 19:17:58 +04:00
|
|
|
echo "HWLIB=../libhw$target_phys_bits/libqemuhw$target_phys_bits.a" >> $config_mak
|
2009-07-16 20:34:20 +04:00
|
|
|
echo "TARGET_PHYS_ADDR_BITS=$target_phys_bits" >> $config_mak
|
2009-05-19 19:17:58 +04:00
|
|
|
echo "subdir-$target: subdir-libhw$target_phys_bits" >> $config_host_mak
|
2003-06-16 00:25:43 +04:00
|
|
|
if test "$target_bigendian" = "yes" ; then
|
2009-07-16 20:34:20 +04:00
|
|
|
echo "TARGET_WORDS_BIGENDIAN=y" >> $config_mak
|
2003-06-16 00:25:43 +04:00
|
|
|
fi
|
2003-08-11 01:36:04 +04:00
|
|
|
if test "$target_softmmu" = "yes" ; then
|
2009-06-25 02:08:08 +04:00
|
|
|
echo "CONFIG_SOFTMMU=y" >> $config_mak
|
2009-08-03 16:46:26 +04:00
|
|
|
echo "LIBS+=$libs_softmmu" >> $config_mak
|
2003-06-09 23:53:12 +04:00
|
|
|
fi
|
2003-10-28 00:10:39 +03:00
|
|
|
if test "$target_user_only" = "yes" ; then
|
2009-06-25 02:08:08 +04:00
|
|
|
echo "CONFIG_USER_ONLY=y" >> $config_mak
|
2003-10-28 00:10:39 +03:00
|
|
|
fi
|
2007-01-18 23:06:33 +03:00
|
|
|
if test "$target_linux_user" = "yes" ; then
|
2009-06-25 02:08:08 +04:00
|
|
|
echo "CONFIG_LINUX_USER=y" >> $config_mak
|
2007-01-18 23:06:33 +03:00
|
|
|
fi
|
|
|
|
if test "$target_darwin_user" = "yes" ; then
|
2009-06-25 02:08:08 +04:00
|
|
|
echo "CONFIG_DARWIN_USER=y" >> $config_mak
|
2007-01-18 23:06:33 +03:00
|
|
|
fi
|
2008-10-11 21:55:29 +04:00
|
|
|
list=""
|
|
|
|
if test ! -z "$gdb_xml_files" ; then
|
|
|
|
for x in $gdb_xml_files; do
|
|
|
|
list="$list $source_path/gdb-xml/$x"
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
echo "TARGET_XML_FILES=$list" >> $config_mak
|
2003-08-11 01:36:04 +04:00
|
|
|
|
2009-07-16 20:34:19 +04:00
|
|
|
case "$target_arch2" in
|
|
|
|
arm|armeb|m68k|microblaze|mips|mipsel|mipsn32|mipsn32el|mips64|mips64el|ppc|ppc64|ppc64abi32|ppcemb|sparc|sparc64|sparc32plus)
|
|
|
|
echo "CONFIG_SOFTFLOAT=y" >> $config_mak
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
2006-06-11 17:32:59 +04:00
|
|
|
if test "$target_user_only" = "yes" -a "$bflt" = "yes"; then
|
2009-06-25 02:08:08 +04:00
|
|
|
echo "TARGET_HAS_BFLT=y" >> $config_mak
|
2006-06-11 17:32:59 +04:00
|
|
|
fi
|
2008-05-29 18:34:11 +04:00
|
|
|
if test "$target_user_only" = "yes" \
|
|
|
|
-a "$nptl" = "yes" -a "$target_nptl" = "yes"; then
|
2009-07-27 18:13:24 +04:00
|
|
|
echo "CONFIG_USE_NPTL=y" >> $config_mak
|
2008-05-29 18:34:11 +04:00
|
|
|
fi
|
2007-10-09 20:34:29 +04:00
|
|
|
# 32 bit ELF loader in addition to native 64 bit loader?
|
|
|
|
if test "$target_user_only" = "yes" -a "$elfload32" = "yes"; then
|
2009-06-25 02:08:08 +04:00
|
|
|
echo "TARGET_HAS_ELFLOAD32=y" >> $config_mak
|
2007-10-09 20:34:29 +04:00
|
|
|
fi
|
2009-07-17 15:48:08 +04:00
|
|
|
if test "$target_user_only" = "yes" -a "$guest_base" = "yes"; then
|
|
|
|
echo "CONFIG_USE_GUEST_BASE=y" >> $config_mak
|
|
|
|
fi
|
2008-10-26 23:33:16 +03:00
|
|
|
if test "$target_bsd_user" = "yes" ; then
|
2009-06-25 02:08:08 +04:00
|
|
|
echo "CONFIG_BSD_USER=y" >> $config_mak
|
2008-10-26 23:33:16 +03:00
|
|
|
fi
|
2005-03-02 00:37:28 +03:00
|
|
|
|
2009-07-23 00:37:39 +04:00
|
|
|
# generate LDFLAGS for targets
|
|
|
|
|
|
|
|
ldflags=""
|
|
|
|
if test "$target_linux_user" = "yes" -o "$target_linux_user" = "yes" ; then
|
|
|
|
case "$ARCH" in
|
|
|
|
i386)
|
|
|
|
if test "$gprof" = "yes" -o "$static" = "yes" ; then
|
2009-07-23 00:37:40 +04:00
|
|
|
ldflags='-Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld'
|
2009-07-23 00:37:39 +04:00
|
|
|
else
|
|
|
|
# WARNING: this LDFLAGS is _very_ tricky : qemu is an ELF shared object
|
|
|
|
# that the kernel ELF loader considers as an executable. I think this
|
|
|
|
# is the simplest way to make it self virtualizable!
|
|
|
|
ldflags='-Wl,-shared'
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
sparc)
|
|
|
|
# -static is used to avoid g1/g3 usage by the dynamic linker
|
2009-07-23 00:37:40 +04:00
|
|
|
ldflags='-Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld -static'
|
2009-07-23 00:37:39 +04:00
|
|
|
;;
|
|
|
|
ia64)
|
2009-07-23 00:37:40 +04:00
|
|
|
ldflags='-Wl,-G0 -Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld -static'
|
2009-07-23 00:37:39 +04:00
|
|
|
;;
|
|
|
|
x86_64|ppc|ppc64|s390|sparc64|alpha|arm|m68k|mips|mips64)
|
2009-07-23 00:37:40 +04:00
|
|
|
ldflags='-Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld'
|
2009-07-23 00:37:39 +04:00
|
|
|
;;
|
|
|
|
esac
|
|
|
|
fi
|
|
|
|
if test "$target_softmmu" = "yes" ; then
|
|
|
|
case "$ARCH" in
|
|
|
|
ia64)
|
2009-07-23 00:37:40 +04:00
|
|
|
ldflags='-Wl,-G0 -Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld -static'
|
2009-07-23 00:37:39 +04:00
|
|
|
;;
|
|
|
|
esac
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test "$ldflags" != "" ; then
|
|
|
|
echo "LDFLAGS+=$ldflags" >> $config_mak
|
|
|
|
fi
|
|
|
|
|
2009-07-27 18:13:25 +04:00
|
|
|
echo "/* Automatically generated by configure - do not modify */" > $config_h
|
|
|
|
echo "#include \"../config-host.h\"" >> $config_h
|
|
|
|
|
2009-08-10 03:40:16 +04:00
|
|
|
$SHELL $source_path/create_config < $config_mak >> $config_h
|
2009-07-16 20:34:20 +04:00
|
|
|
|
2009-07-27 18:12:44 +04:00
|
|
|
if test -f ${config_h}~ ; then
|
|
|
|
if cmp -s $config_h ${config_h}~ ; then
|
|
|
|
mv ${config_h}~ $config_h
|
|
|
|
else
|
|
|
|
rm ${config_h}~
|
|
|
|
fi
|
|
|
|
fi
|
2007-08-01 03:07:32 +04:00
|
|
|
|
2003-08-11 01:36:04 +04:00
|
|
|
done # for target in $targets
|
2003-03-07 02:23:54 +03:00
|
|
|
|
|
|
|
# build tree in object directory if source path is different from current one
|
|
|
|
if test "$source_path_used" = "yes" ; then
|
2009-06-29 17:37:40 +04:00
|
|
|
DIRS="tests tests/cris slirp audio block pc-bios/optionrom"
|
2003-03-07 02:23:54 +03:00
|
|
|
FILES="Makefile tests/Makefile"
|
2007-10-08 17:38:27 +04:00
|
|
|
FILES="$FILES tests/cris/Makefile tests/cris/.gdbinit"
|
2008-03-02 01:23:17 +03:00
|
|
|
FILES="$FILES tests/test-mmap.c"
|
2009-07-17 13:20:10 +04:00
|
|
|
FILES="$FILES pc-bios/optionrom/Makefile pc-bios/keymaps pc-bios/video.x"
|
|
|
|
for bios_file in $source_path/pc-bios/*.bin $source_path/pc-bios/*.dtb $source_path/pc-bios/openbios-*; do
|
|
|
|
FILES="$FILES pc-bios/`basename $bios_file`"
|
|
|
|
done
|
2003-03-07 02:23:54 +03:00
|
|
|
for dir in $DIRS ; do
|
|
|
|
mkdir -p $dir
|
|
|
|
done
|
2006-04-26 02:36:06 +04:00
|
|
|
# remove the link and recreate it, as not all "ln -sf" overwrite the link
|
2003-03-07 02:23:54 +03:00
|
|
|
for f in $FILES ; do
|
2006-04-26 02:36:06 +04:00
|
|
|
rm -f $f
|
|
|
|
ln -s $source_path/$f $f
|
2003-03-07 02:23:54 +03:00
|
|
|
done
|
|
|
|
fi
|
2009-05-19 19:17:58 +04:00
|
|
|
|
|
|
|
for hwlib in 32 64; do
|
|
|
|
d=libhw$hwlib
|
|
|
|
mkdir -p $d
|
|
|
|
rm -f $d/Makefile
|
|
|
|
ln -s $source_path/Makefile.hw $d/Makefile
|
|
|
|
echo "HWLIB=libqemuhw$hwlib.a" > $d/config.mak
|
2009-08-03 16:46:21 +04:00
|
|
|
echo "QEMU_CFLAGS+=-DTARGET_PHYS_ADDR_BITS=$hwlib" >> $d/config.mak
|
2009-05-19 19:17:58 +04:00
|
|
|
done
|