From nobody Tue Sep 9 23:54:03 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1738158257735983.3075142511876; Wed, 29 Jan 2025 05:44:17 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 2A4221638; Wed, 29 Jan 2025 08:44:17 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id E406814D4; Wed, 29 Jan 2025 08:41:49 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 85CD41706; Wed, 29 Jan 2025 08:41:44 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id C92491616 for ; Wed, 29 Jan 2025 08:41:31 -0500 (EST) Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-442-vUwneGJkOBy5gsIXHgl-XA-1; Wed, 29 Jan 2025 08:41:30 -0500 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2E7281800374 for ; Wed, 29 Jan 2025 13:41:29 +0000 (UTC) Received: from localhost (unknown [10.39.208.35]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id E65E219560A3; Wed, 29 Jan 2025 13:41:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1738158091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Si+F/JnsEdtl9nbYvbW4u0/RY1c5SYrXogIMzOyAQho=; b=DXW6wnMRm16IJaFuPKbBQiFqH4lhU+MmAvRgWsWy7gnogCOq+hpLgV/dPotymzlP6plQqO pq9/K6o0FGd4H1LqV3oPv76osuB8fOIFz8d7vgYVp4taX2H9y40hcnXD9XoqRyyors9Ouq 410HpaBgpuQpNXMAJtGiI69QZElEHL4= X-MC-Unique: vUwneGJkOBy5gsIXHgl-XA-1 X-Mimecast-MFC-AGG-ID: vUwneGJkOBy5gsIXHgl-XA From: marcandre.lureau@redhat.com To: devel@lists.libvirt.org Subject: [PATCH 07/19] qemu: add qemu RDP configuration Date: Wed, 29 Jan 2025 17:40:29 +0400 Message-ID: <20250129134042.1282472-8-marcandre.lureau@redhat.com> In-Reply-To: <20250129134042.1282472-1-marcandre.lureau@redhat.com> References: <20250129134042.1282472-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: WjqgV6ETH40_5sflZT7rt5jy5uzAKvjSuwtiChAwnK4_1738158089 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 7A336CYLX5TE4XHYTBKKOEBASRQMKRLU X-Message-ID-Hash: 7A336CYLX5TE4XHYTBKKOEBASRQMKRLU X-MailFrom: marcandre.lureau@redhat.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1738158258504019000 Content-Type: text/plain; charset="utf-8" From: Marc-Andr=C3=A9 Lureau Signed-off-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Daniel P. Berrang=C3=A9 --- src/qemu/libvirtd_qemu.aug | 7 ++++++ src/qemu/qemu.conf.in | 31 ++++++++++++++++++++++++ src/qemu/qemu_conf.c | 39 ++++++++++++++++++++++++++++++ src/qemu/qemu_conf.h | 6 +++++ src/qemu/test_libvirtd_qemu.aug.in | 5 ++++ tests/testutilsqemu.c | 2 ++ 6 files changed, 90 insertions(+) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 1377fd89cc..9fcdec29d1 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -50,6 +50,11 @@ module Libvirtd_qemu =3D | bool_entry "spice_sasl" | str_entry "spice_sasl_dir" =20 + let rdp_entry =3D str_entry "rdp_listen" + | str_entry "rdp_tls_x509_cert_dir" + | str_entry "rdp_username" + | str_entry "rdp_password" + let chardev_entry =3D bool_entry "chardev_tls" | str_entry "chardev_tls_x509_cert_dir" | bool_entry "chardev_tls_x509_verify" @@ -102,6 +107,7 @@ module Libvirtd_qemu =3D | str_entry "bridge_helper" | str_entry "pr_helper" | str_entry "slirp_helper" + | str_entry "qemu_rdp" | str_entry "dbus_daemon" | bool_entry "set_process_name" | int_entry "max_processes" @@ -155,6 +161,7 @@ module Libvirtd_qemu =3D let entry =3D default_tls_entry | vnc_entry | spice_entry + | rdp_entry | chardev_entry | migrate_entry | backup_entry diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in index d853136f10..a623b12195 100644 --- a/src/qemu/qemu.conf.in +++ b/src/qemu/qemu.conf.in @@ -229,6 +229,31 @@ # #spice_sasl_dir =3D "/some/directory/sasl2" =20 +# RDP is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +#rdp_listen =3D "0.0.0.0" + +# In order to override the default TLS certificate location for +# RDP certificates, supply a valid path to the certificate directory. +# If the path is not provided, then the default_tls_x509_cert_dir path +# will be used. +# +#rdp_tls_x509_cert_dir =3D "/etc/pki/libvirt-rdp" + +# The default RDP username. This parameter is only used if the +# per-domain XML config does not already provide a username. +# +#rdp_username =3D "user" + +# The default RDP password. This parameter is only used if the +# per-domain XML config does not already provide a password. +# By default, RDP server will not allow password-less connections. +# Obviously change this example here before you set this. +# +#rdp_password =3D "RDP12345" + # Enable use of TLS encryption on the chardev TCP transports. # # It is necessary to setup CA and issue a server certificate @@ -918,6 +943,12 @@ # Path to the SLIRP networking helper. #slirp_helper =3D "/usr/bin/slirp-helper" =20 + +# Path to qemu-rdp +# If this is not an absolute path, the program will be searched for +# in $PATH. +#qemu_rdp =3D "qemu-rdp" + # Path to the dbus-daemon # If this is not an absolute path, the program will be searched for # in $PATH. diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 3c0bde1284..4c8bfb97a9 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -103,6 +103,7 @@ VIR_ONCE_GLOBAL_INIT(virQEMUConfig); =20 #define QEMU_BRIDGE_HELPER "qemu-bridge-helper" #define QEMU_PR_HELPER "qemu-pr-helper" +#define QEMU_RDP "qemu-rdp" #define QEMU_DBUS_DAEMON "dbus-daemon" =20 =20 @@ -240,6 +241,7 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privil= eged, } =20 cfg->vncListen =3D g_strdup(VIR_LOOPBACK_IPV4_ADDR); + cfg->rdpListen =3D g_strdup(VIR_LOOPBACK_IPV4_ADDR); cfg->spiceListen =3D g_strdup(VIR_LOOPBACK_IPV4_ADDR); =20 cfg->remotePortMin =3D QEMU_REMOTE_PORT_MIN; @@ -265,6 +267,7 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privil= eged, cfg->prHelperName =3D g_strdup(QEMU_PR_HELPER); cfg->slirpHelperName =3D g_strdup(QEMU_SLIRP_HELPER); cfg->dbusDaemonName =3D g_strdup(QEMU_DBUS_DAEMON); + cfg->qemuRdpName =3D g_strdup(QEMU_RDP); =20 cfg->securityDefaultConfined =3D true; cfg->securityRequireConfined =3D false; @@ -351,6 +354,11 @@ static void virQEMUDriverConfigDispose(void *obj) g_free(cfg->spicePassword); g_free(cfg->spiceSASLdir); =20 + g_free(cfg->rdpTLSx509certdir); + g_free(cfg->rdpListen); + g_free(cfg->rdpUsername); + g_free(cfg->rdpPassword); + g_free(cfg->chardevTLSx509certdir); g_free(cfg->chardevTLSx509secretUUID); =20 @@ -375,6 +383,7 @@ static void virQEMUDriverConfigDispose(void *obj) g_free(cfg->prHelperName); g_free(cfg->slirpHelperName); g_free(cfg->dbusDaemonName); + g_free(cfg->qemuRdpName); =20 g_free(cfg->saveImageFormat); g_free(cfg->dumpImageFormat); @@ -502,6 +511,21 @@ virQEMUDriverConfigLoadSPICEEntry(virQEMUDriverConfig = *cfg, return 0; } =20 +static int +virQEMUDriverConfigLoadRDPEntry(virQEMUDriverConfig *cfg, + virConf *conf) +{ + if (virConfGetValueString(conf, "rdp_tls_x509_cert_dir", &cfg->rdpTLSx= 509certdir) < 0) + return -1; + if (virConfGetValueString(conf, "rdp_listen", &cfg->rdpListen) < 0) + return -1; + if (virConfGetValueString(conf, "rdp_username", &cfg->rdpUsername) < 0) + return -1; + if (virConfGetValueString(conf, "rdp_password", &cfg->rdpPassword) < 0) + return -1; + + return 0; +} =20 static int virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverConfig *cfg, @@ -689,6 +713,9 @@ virQEMUDriverConfigLoadProcessEntry(virQEMUDriverConfig= *cfg, if (virConfGetValueString(conf, "dbus_daemon", &cfg->dbusDaemonName) <= 0) return -1; =20 + if (virConfGetValueString(conf, "qemu_rdp", &cfg->qemuRdpName) < 0) + return -1; + if (virConfGetValueBool(conf, "set_process_name", &cfg->setProcessName= ) < 0) return -1; if (virConfGetValueUInt(conf, "max_processes", &cfg->maxProcesses) < 0) @@ -1159,6 +1186,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfig *= cfg, if (virQEMUDriverConfigLoadSPICEEntry(cfg, conf) < 0) return -1; =20 + if (virQEMUDriverConfigLoadRDPEntry(cfg, conf) < 0) + return -1; + if (virQEMUDriverConfigLoadSpecificTLSEntry(cfg, conf) < 0) return -1; =20 @@ -1246,6 +1276,14 @@ virQEMUDriverConfigValidate(virQEMUDriverConfig *cfg) return -1; } =20 + if (cfg->rdpTLSx509certdir && + !virFileExists(cfg->rdpTLSx509certdir)) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("rdp_tls_x509_cert_dir directory '%1$s' does not = exist"), + cfg->rdpTLSx509certdir); + return -1; + } + if (cfg->chardevTLSx509certdir && !virFileExists(cfg->chardevTLSx509certdir)) { virReportError(VIR_ERR_CONF_SYNTAX, @@ -1331,6 +1369,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfig *c= fg) =20 SET_TLS_X509_CERT_DEFAULT(vnc); SET_TLS_X509_CERT_DEFAULT(spice); + SET_TLS_X509_CERT_DEFAULT(rdp); SET_TLS_X509_CERT_DEFAULT(chardev); SET_TLS_X509_CERT_DEFAULT(migrate); SET_TLS_X509_CERT_DEFAULT(backup); diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 8ded2b597c..3ab1c19e57 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -136,6 +136,11 @@ struct _virQEMUDriverConfig { char *spicePassword; bool spiceAutoUnixSocket; =20 + char *rdpTLSx509certdir; + char *rdpListen; + char *rdpUsername; + char *rdpPassword; + bool chardevTLS; char *chardevTLSx509certdir; bool chardevTLSx509verify; @@ -174,6 +179,7 @@ struct _virQEMUDriverConfig { char *prHelperName; char *slirpHelperName; char *dbusDaemonName; + char *qemuRdpName; =20 bool macFilter; =20 diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index 69fdae215a..9760976a22 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -22,6 +22,10 @@ module Test_libvirtd_qemu =3D { "spice_password" =3D "XYZ12345" } { "spice_sasl" =3D "1" } { "spice_sasl_dir" =3D "/some/directory/sasl2" } +{ "rdp_listen" =3D "0.0.0.0" } +{ "rdp_tls_x509_cert_dir" =3D "/etc/pki/libvirt-rdp" } +{ "rdp_username" =3D "user" } +{ "rdp_password" =3D "RDP12345" } { "chardev_tls" =3D "1" } { "chardev_tls_x509_cert_dir" =3D "/etc/pki/libvirt-chardev" } { "chardev_tls_x509_verify" =3D "1" } @@ -110,6 +114,7 @@ module Test_libvirtd_qemu =3D { "memory_backing_dir" =3D "/var/lib/libvirt/qemu/ram" } { "pr_helper" =3D "qemu-pr-helper" } { "slirp_helper" =3D "/usr/bin/slirp-helper" } +{ "qemu_rdp" =3D "qemu-rdp" } { "dbus_daemon" =3D "dbus-daemon" } { "swtpm_user" =3D "tss" } { "swtpm_group" =3D "tss" } diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index 6635e5e0cd..c6bea72783 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -382,6 +382,8 @@ int qemuTestDriverInit(virQEMUDriver *driver) cfg->vncTLSx509certdir =3D g_strdup("/etc/pki/libvirt-vnc"); VIR_FREE(cfg->spiceTLSx509certdir); cfg->spiceTLSx509certdir =3D g_strdup("/etc/pki/libvirt-spice"); + VIR_FREE(cfg->rdpTLSx509certdir); + cfg->rdpTLSx509certdir =3D g_strdup("/etc/pki/libvirt-rdp"); VIR_FREE(cfg->chardevTLSx509certdir); cfg->chardevTLSx509certdir =3D g_strdup("/etc/pki/libvirt-chardev"); VIR_FREE(cfg->vxhsTLSx509certdir); --=20 2.47.0