xemu/configure

2163 lines
53 KiB
Plaintext
Raw Normal View History

#!/bin/sh
#
# qemu configure script (c) 2003 Fabrice Bellard
#
# set temporary file name
if test ! -z "$TMPDIR" ; then
TMPDIR1="${TMPDIR}"
elif test ! -z "$TEMPDIR" ; then
TMPDIR1="${TEMPDIR}"
else
TMPDIR1="/tmp"
fi
TMPC="${TMPDIR1}/qemu-conf-${RANDOM}-$$-${RANDOM}.c"
TMPO="${TMPDIR1}/qemu-conf-${RANDOM}-$$-${RANDOM}.o"
TMPE="${TMPDIR1}/qemu-conf-${RANDOM}-$$-${RANDOM}"
trap "rm -f $TMPC $TMPO $TMPE ; exit" 0 2 3 15
compile_object() {
$cc $CFLAGS -c -o $TMPO $TMPC > /dev/null 2> /dev/null
}
compile_prog() {
local_cflags="$1"
local_ldflags="$2"
$cc $CFLAGS $local_cflags -o $TMPE $TMPC $LDFLAGS $local_ldflags > /dev/null 2> /dev/null
}
# default parameters
cpu=""
prefix=""
interp_prefix="/usr/gnemul/qemu-%M"
static="no"
cross_prefix=""
cc="gcc"
audio_drv_list=""
audio_card_list="ac97 es1370 sb16"
audio_possible_cards="ac97 es1370 sb16 cs4231a adlib gus"
host_cc="gcc"
ar="ar"
make="make"
install="install"
objcopy="objcopy"
ld="ld"
# parse CC options first
for opt do
optarg=`expr "x$opt" : 'x[^=]*=\(.*\)'`
case "$opt" in
--cross-prefix=*) cross_prefix="$optarg"
;;
--cc=*) cc="$optarg"
;;
--cpu=*) cpu="$optarg"
;;
--extra-cflags=*) CFLAGS="$optarg $CFLAGS"
;;
--extra-ldflags=*) LDFLAGS="$optarg $LDFLAGS"
;;
esac
done
# OS specific
# Using uname is really, really broken. Once we have the right set of checks
# we can eliminate it's usage altogether
cc="${cross_prefix}${cc}"
ar="${cross_prefix}${ar}"
objcopy="${cross_prefix}${objcopy}"
ld="${cross_prefix}${ld}"
# check that the C compiler works.
cat > $TMPC <<EOF
int main(void) {}
EOF
if compile_object ; then
: C compiler works ok
else
echo "ERROR: \"$cc\" either does not exist or does not work"
exit 1
fi
check_define() {
cat > $TMPC <<EOF
#if !defined($1)
#error Not defined
#endif
int main(void) { return 0; }
EOF
compile_object
}
if test ! -z "$cpu" ; then
# command line argument
:
elif check_define __i386__ ; then
cpu="i386"
elif check_define __x86_64__ ; then
cpu="x86_64"
elif check_define __sparc__ ; then
# We can't check for 64 bit (when gcc is biarch) or V8PLUSA
# They must be specified using --sparc_cpu
if check_define __arch64__ ; then
cpu="sparc64"
else
cpu="sparc"
fi
elif check_define _ARCH_PPC ; then
if check_define _ARCH_PPC64 ; then
cpu="ppc64"
else
cpu="ppc"
fi
else
cpu=`uname -m`
fi
target_list=""
case "$cpu" in
i386|i486|i586|i686|i86pc|BePC)
cpu="i386"
;;
x86_64|amd64)
cpu="x86_64"
;;
alpha)
cpu="alpha"
;;
armv*b)
cpu="armv4b"
;;
armv*l)
cpu="armv4l"
;;
cris)
cpu="cris"
;;
parisc|parisc64)
cpu="hppa"
;;
ia64)
cpu="ia64"
;;
m68k)
cpu="m68k"
;;
microblaze)
cpu="microblaze"
;;
mips)
cpu="mips"
;;
mips64)
cpu="mips64"
;;
ppc)
cpu="ppc"
;;
ppc64)
cpu="ppc64"
;;
s390*)
cpu="s390"
;;
sparc|sun4[cdmuv])
cpu="sparc"
;;
sparc64)
cpu="sparc64"
;;
*)
cpu="unknown"
;;
esac
brlapi="yes"
gprof="no"
debug_tcg="no"
debug="no"
sparse="no"
strip_opt="yes"
bigendian="no"
mingw32="no"
EXESUF=""
slirp="yes"
vde="yes"
fmod_lib=""
fmod_inc=""
oss_lib=""
vnc_tls="yes"
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
vnc_sasl="yes"
bsd="no"
linux="no"
solaris="no"
kqemu="no"
profiler="no"
cocoa="no"
softmmu="yes"
linux_user="no"
darwin_user="no"
bsd_user="no"
guest_base=""
build_docs="yes"
uname_release=""
curses="yes"
curl="yes"
pthread="yes"
aio="yes"
io_thread="no"
nptl="yes"
mixemu="no"
bluez="yes"
kvm="no"
kerneldir=""
aix="no"
blobs="yes"
fdt="yes"
sdl="yes"
xen="yes"
pkgversion=""
# OS specific
if check_define __linux__ ; then
targetos="Linux"
elif check_define _WIN32 ; then
targetos='MINGW32'
elif check_define __OpenBSD__ ; then
targetos='OpenBSD'
elif check_define __sun__ ; then
targetos='SunOS'
else
targetos=`uname -s`
fi
case $targetos in
CYGWIN*)
mingw32="yes"
CFLAGS="-mno-cygwin $CFLAGS"
if [ "$cpu" = "i386" ] ; then
kqemu="yes"
fi
audio_possible_drivers="sdl"
;;
MINGW32*)
mingw32="yes"
if [ "$cpu" = "i386" ] ; then
kqemu="yes"
fi
audio_possible_drivers="dsound sdl fmod"
;;
GNU/kFreeBSD)
audio_drv_list="oss"
audio_possible_drivers="oss sdl esd pa"
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
kqemu="yes"
fi
;;
FreeBSD)
bsd="yes"
audio_drv_list="oss"
audio_possible_drivers="oss sdl esd pa"
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
kqemu="yes"
fi
;;
DragonFly)
bsd="yes"
audio_drv_list="oss"
audio_possible_drivers="oss sdl esd pa"
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
kqemu="yes"
fi
aio="no"
;;
NetBSD)
bsd="yes"
audio_drv_list="oss"
audio_possible_drivers="oss sdl esd"
oss_lib="-lossaudio"
;;
OpenBSD)
bsd="yes"
audio_drv_list="oss"
audio_possible_drivers="oss sdl esd"
oss_lib="-lossaudio"
;;
Darwin)
bsd="yes"
darwin="yes"
# on Leopard most of the system is 32-bit, so we have to ask the kernel it if we can run 64-bit userspace code
if [ "$cpu" = "i386" ] ; then
is_x86_64=`sysctl -n hw.optional.x86_64`
[ "$is_x86_64" = "1" ] && cpu=x86_64
fi
if [ "$cpu" = "x86_64" ] ; then
CFLAGS="-arch x86_64 $CFLAGS"
LDFLAGS="-arch x86_64 $LDFLAGS"
else
CFLAGS="-mdynamic-no-pic $CFLAGS"
fi
darwin_user="yes"
cocoa="yes"
audio_drv_list="coreaudio"
audio_possible_drivers="coreaudio sdl fmod"
LDFLAGS="-framework CoreFoundation -framework IOKit $LDFLAGS"
;;
SunOS)
solaris="yes"
make="gmake"
install="ginstall"
needs_libsunmath="no"
solarisrev=`uname -r | cut -f2 -d.`
# have to select again, because `uname -m` returns i86pc
# even on an x86_64 box.
solariscpu=`isainfo -k`
if test "${solariscpu}" = "amd64" ; then
cpu="x86_64"
fi
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
if test "$solarisrev" -le 9 ; then
if test -f /opt/SUNWspro/prod/lib/libsunmath.so.1; then
needs_libsunmath="yes"
else
echo "QEMU will not link correctly on Solaris 8/X86 or 9/x86 without"
echo "libsunmath from the Sun Studio compilers tools, due to a lack of"
echo "C99 math features in libm.so in Solaris 8/x86 and Solaris 9/x86"
echo "Studio 11 can be downloaded from www.sun.com."
exit 1
fi
fi
if test "$solarisrev" -ge 9 ; then
kqemu="yes"
fi
fi
if test -f /usr/include/sys/soundcard.h ; then
audio_drv_list="oss"
fi
audio_possible_drivers="oss sdl"
CFLAGS="-std=gnu99 $CFLAGS"
;;
AIX)
aix="yes"
make="gmake"
;;
*)
audio_drv_list="oss"
audio_possible_drivers="oss alsa sdl esd pa"
linux="yes"
linux_user="yes"
usb="linux"
kvm="yes"
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
kqemu="yes"
audio_possible_drivers="$audio_possible_drivers fmod"
fi
;;
esac
if [ "$bsd" = "yes" ] ; then
if [ "$darwin" != "yes" ] ; then
make="gmake"
usb="bsd"
fi
bsd_user="yes"
fi
# find source path
source_path=`dirname "$0"`
source_path_used="no"
workdir=`pwd`
if [ -z "$source_path" ]; then
source_path=$workdir
else
source_path=`cd "$source_path"; pwd`
fi
[ -f "$workdir/vl.c" ] || source_path_used="yes"
werror=""
for opt do
optarg=`expr "x$opt" : 'x[^=]*=\(.*\)'`
case "$opt" in
--help|-h) show_help=yes
;;
--prefix=*) prefix="$optarg"
;;
--interp-prefix=*) interp_prefix="$optarg"
;;
--source-path=*) source_path="$optarg"
source_path_used="yes"
;;
--cross-prefix=*)
;;
--cc=*)
;;
--host-cc=*) host_cc="$optarg"
;;
--make=*) make="$optarg"
;;
--install=*) install="$optarg"
;;
--extra-cflags=*)
;;
--extra-ldflags=*)
;;
--cpu=*)
;;
--target-list=*) target_list="$optarg"
;;
--enable-gprof) gprof="yes"
;;
--static) static="yes"
;;
--disable-sdl) sdl="no"
;;
--fmod-lib=*) fmod_lib="$optarg"
;;
--fmod-inc=*) fmod_inc="$optarg"
;;
--oss-lib=*) oss_lib="$optarg"
;;
--audio-card-list=*) audio_card_list=`echo "$optarg" | sed -e 's/,/ /g'`
;;
--audio-drv-list=*) audio_drv_list="$optarg"
;;
--enable-debug-tcg) debug_tcg="yes"
;;
--disable-debug-tcg) debug_tcg="no"
;;
--enable-debug)
# Enable debugging options that aren't excessively noisy
debug_tcg="yes"
debug="yes"
strip_opt="no"
;;
--enable-sparse) sparse="yes"
;;
--disable-sparse) sparse="no"
;;
--disable-strip) strip_opt="no"
;;
--disable-vnc-tls) vnc_tls="no"
;;
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
--disable-vnc-sasl) vnc_sasl="no"
;;
--disable-slirp) slirp="no"
;;
--disable-vde) vde="no"
;;
--disable-kqemu) kqemu="no"
;;
--disable-xen) xen="no"
;;
--disable-brlapi) brlapi="no"
;;
--disable-bluez) bluez="no"
;;
--disable-kvm) kvm="no"
;;
--enable-profiler) profiler="yes"
;;
--enable-cocoa)
cocoa="yes" ;
sdl="no" ;
audio_drv_list="coreaudio `echo $audio_drv_list | sed s,coreaudio,,g`"
;;
--disable-system) softmmu="no"
;;
--enable-system) softmmu="yes"
;;
--disable-linux-user) linux_user="no"
;;
--enable-linux-user) linux_user="yes"
;;
--disable-darwin-user) darwin_user="no"
;;
--enable-darwin-user) darwin_user="yes"
;;
--disable-bsd-user) bsd_user="no"
;;
--enable-bsd-user) bsd_user="yes"
;;
--enable-guest-base) guest_base="yes"
;;
--disable-guest-base) guest_base="no"
;;
--enable-uname-release=*) uname_release="$optarg"
;;
--sparc_cpu=*)
sparc_cpu="$optarg"
case $sparc_cpu in
v7|v8)
CFLAGS="-m32 -mcpu=${sparc_cpu} -D__sparc_${sparc_cpu}__ $CFLAGS"
LDFLAGS="-m32 $LDFLAGS"
cpu="sparc"
;;
v8plus|v8plusa)
CFLAGS="-m32 -mcpu=ultrasparc -D__sparc_${sparc_cpu}__ $CFLAGS"
LDFLAGS="-m32 $LDFLAGS"
cpu="sparc"
;;
v9)
CFLAGS="-m64 -mcpu=ultrasparc -D__sparc_${sparc_cpu}__ $CFLAGS"
LDFLAGS="-m64 $LDFLAGS"
cpu="sparc64"
;;
*)
echo "undefined SPARC architecture. Exiting";
exit 1
;;
esac
;;
--enable-werror) werror="yes"
;;
--disable-werror) werror="no"
;;
--disable-curses) curses="no"
;;
--disable-curl) curl="no"
;;
--disable-nptl) nptl="no"
;;
--enable-mixemu) mixemu="yes"
;;
--disable-pthread) pthread="no"
;;
--disable-aio) aio="no"
;;
--enable-io-thread) io_thread="yes"
;;
--disable-blobs) blobs="no"
;;
--kerneldir=*) kerneldir="$optarg"
;;
--with-pkgversion=*) pkgversion=" ($optarg)"
;;
--disable-docs) build_docs="no"
;;
*) echo "ERROR: unknown option $opt"; show_help="yes"
;;
esac
done
#
# If cpu ~= sparc and sparc_cpu hasn't been defined, plug in the right
# CFLAGS/LDFLAGS (assume sparc_v8plus for 32-bit and sparc_v9 for 64-bit)
#
host_guest_base="no"
case "$cpu" in
sparc) if test -z "$sparc_cpu" ; then
CFLAGS="-m32 -mcpu=ultrasparc -D__sparc_v8plus__ $CFLAGS"
LDFLAGS="-m32 $LDFLAGS"
fi
CFLAGS="-ffixed-g2 -ffixed-g3 $CFLAGS"
if test "$solaris" = "no" ; then
CFLAGS="-ffixed-g1 -ffixed-g6 $CFLAGS"
fi
;;
sparc64) if test -z "$sparc_cpu" ; then
CFLAGS="-m64 -mcpu=ultrasparc -D__sparc_v9__ $CFLAGS"
LDFLAGS="-m64 $LDFLAGS"
fi
if test "$solaris" = "no" ; then
CFLAGS="-ffixed-g5 -ffixed-g6 -ffixed-g7 $CFLAGS"
else
CFLAGS="-ffixed-g1 -ffixed-g5 -ffixed-g6 -ffixed-g7 $CFLAGS"
fi
;;
s390)
CFLAGS="-march=z900 $CFLAGS"
;;
i386)
CFLAGS="-m32 $CFLAGS"
LDFLAGS="-m32 $LDFLAGS"
host_guest_base="yes"
;;
x86_64)
CFLAGS="-m64 $CFLAGS"
LDFLAGS="-m64 $LDFLAGS"
host_guest_base="yes"
;;
arm*)
host_guest_base="yes"
;;
ppc*)
host_guest_base="yes"
;;
esac
[ -z "$guest_base" ] && guest_base="$host_guest_base"
if test x"$show_help" = x"yes" ; then
cat << EOF
Usage: configure [options]
Options: [defaults in brackets after descriptions]
EOF
echo "Standard options:"
echo " --help print this message"
echo " --prefix=PREFIX install in PREFIX [$prefix]"
echo " --interp-prefix=PREFIX where to find shared libraries, etc."
echo " use %M for cpu name [$interp_prefix]"
echo " --target-list=LIST set target list [$target_list]"
echo ""
echo "kqemu kernel acceleration support:"
echo " --disable-kqemu disable kqemu support"
echo ""
echo "Advanced options (experts only):"
echo " --source-path=PATH path of source code [$source_path]"
echo " --cross-prefix=PREFIX use PREFIX for compile tools [$cross_prefix]"
echo " --cc=CC use C compiler CC [$cc]"
echo " --host-cc=CC use C compiler CC [$host_cc] for dyngen etc."
echo " --extra-cflags=CFLAGS append extra C compiler flags CFLAGS"
echo " --extra-ldflags=LDFLAGS append extra linker flags LDFLAGS"
echo " --make=MAKE use specified make [$make]"
echo " --install=INSTALL use specified install [$install]"
echo " --static enable static build [$static]"
echo " --enable-debug-tcg enable TCG debugging"
echo " --disable-debug-tcg disable TCG debugging (default)"
echo " --enable-debug enable common debug build options"
echo " --enable-sparse enable sparse checker"
echo " --disable-sparse disable sparse checker (default)"
echo " --disable-strip disable stripping binaries"
echo " --disable-werror disable compilation abort on warning"
echo " --disable-sdl disable SDL"
echo " --enable-cocoa enable COCOA (Mac OS X only)"
echo " --audio-drv-list=LIST set audio drivers list:"
echo " Available drivers: $audio_possible_drivers"
echo " --audio-card-list=LIST set list of emulated audio cards [$audio_card_list]"
echo " Available cards: $audio_possible_cards"
echo " --enable-mixemu enable mixer emulation"
echo " --disable-xen disable xen backend driver support"
echo " --disable-brlapi disable BrlAPI"
echo " --disable-vnc-tls disable TLS encryption for VNC server"
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
echo " --disable-vnc-sasl disable SASL encryption for VNC server"
echo " --disable-curses disable curses output"
echo " --disable-curl disable curl connectivity"
echo " --disable-bluez disable bluez stack connectivity"
echo " --disable-kvm disable KVM acceleration support"
echo " --disable-nptl disable usermode NPTL support"
echo " --enable-system enable all system emulation targets"
echo " --disable-system disable all system emulation targets"
echo " --enable-linux-user enable all linux usermode emulation targets"
echo " --disable-linux-user disable all linux usermode emulation targets"
echo " --enable-darwin-user enable all darwin usermode emulation targets"
echo " --disable-darwin-user disable all darwin usermode emulation targets"
echo " --enable-bsd-user enable all BSD usermode emulation targets"
echo " --disable-bsd-user disable all BSD usermode emulation targets"
echo " --enable-guest-base enable GUEST_BASE support for usermode"
echo " emulation targets"
echo " --disable-guest-base disable GUEST_BASE support"
echo " --fmod-lib path to FMOD library"
echo " --fmod-inc path to FMOD includes"
echo " --oss-lib path to OSS library"
echo " --enable-uname-release=R Return R for uname -r in usermode emulation"
echo " --sparc_cpu=V Build qemu for Sparc architecture v7, v8, v8plus, v8plusa, v9"
echo " --disable-vde disable support for vde network"
echo " --disable-pthread disable pthread support"
echo " --disable-aio disable AIO support"
echo " --enable-io-thread enable IO thread"
echo " --disable-blobs disable installing provided firmware blobs"
echo " --kerneldir=PATH look for kernel includes in PATH"
echo ""
echo "NOTE: The object files are built at the place where configure is launched"
exit 1
fi
if test "$mingw32" = "yes" ; then
linux="no"
EXESUF=".exe"
linux_user="no"
bsd_user="no"
CFLAGS="-DWIN32_LEAN_AND_MEAN -DWINVER=0x501 $CFLAGS"
fi
if test ! -x "$(which cgcc 2>/dev/null)"; then
sparse="no"
fi
#
# Solaris specific configure tool chain decisions
#
if test "$solaris" = "yes" ; then
solinst=`which $install 2> /dev/null | /usr/bin/grep -v "no $install in"`
if test -z "$solinst" ; then
echo "Solaris install program not found. Use --install=/usr/ucb/install or"
echo "install fileutils from www.blastwave.org using pkg-get -i fileutils"
echo "to get ginstall which is used by default (which lives in /opt/csw/bin)"
exit 1
fi
if test "$solinst" = "/usr/sbin/install" ; then
echo "Error: Solaris /usr/sbin/install is not an appropriate install program."
echo "try ginstall from the GNU fileutils available from www.blastwave.org"
echo "using pkg-get -i fileutils, or use --install=/usr/ucb/install"
exit 1
fi
sol_ar=`which ar 2> /dev/null | /usr/bin/grep -v "no ar in"`
if test -z "$sol_ar" ; then
echo "Error: No path includes ar"
if test -f /usr/ccs/bin/ar ; then
echo "Add /usr/ccs/bin to your path and rerun configure"
fi
exit 1
fi
fi
if test -z "$target_list" ; then
# these targets are portable
if [ "$softmmu" = "yes" ] ; then
target_list="\
i386-softmmu \
x86_64-softmmu \
arm-softmmu \
cris-softmmu \
m68k-softmmu \
microblaze-softmmu \
mips-softmmu \
mipsel-softmmu \
mips64-softmmu \
mips64el-softmmu \
ppc-softmmu \
ppcemb-softmmu \
ppc64-softmmu \
sh4-softmmu \
sh4eb-softmmu \
sparc-softmmu \
sparc64-softmmu \
"
fi
# the following are Linux specific
if [ "$linux_user" = "yes" ] ; then
target_list="${target_list}\
i386-linux-user \
x86_64-linux-user \
alpha-linux-user \
arm-linux-user \
armeb-linux-user \
cris-linux-user \
m68k-linux-user \
microblaze-linux-user \
mips-linux-user \
mipsel-linux-user \
ppc-linux-user \
ppc64-linux-user \
ppc64abi32-linux-user \
sh4-linux-user \
sh4eb-linux-user \
sparc-linux-user \
sparc64-linux-user \
sparc32plus-linux-user \
"
fi
# the following are Darwin specific
if [ "$darwin_user" = "yes" ] ; then
target_list="$target_list i386-darwin-user ppc-darwin-user "
fi
# the following are BSD specific
if [ "$bsd_user" = "yes" ] ; then
target_list="${target_list}\
i386-bsd-user \
x86_64-bsd-user \
sparc-bsd-user \
sparc64-bsd-user \
"
fi
else
target_list=`echo "$target_list" | sed -e 's/,/ /g'`
fi
if test -z "$target_list" ; then
echo "No targets enabled"
exit 1
fi
if test -z "$cross_prefix" ; then
# ---
# big/little endian test
cat > $TMPC << EOF
#include <inttypes.h>
int main(int argc, char ** argv){
volatile uint32_t i=0x01234567;
return (*((uint8_t*)(&i))) == 0x67;
}
EOF
if compile_prog "" "" ; then
$TMPE && bigendian="yes"
else
echo big/little test failed
fi
else
# if cross compiling, cannot launch a program, so make a static guess
if test "$cpu" = "armv4b" \
-o "$cpu" = "hppa" \
-o "$cpu" = "m68k" \
-o "$cpu" = "mips" \
-o "$cpu" = "mips64" \
-o "$cpu" = "ppc" \
-o "$cpu" = "ppc64" \
-o "$cpu" = "s390" \
-o "$cpu" = "sparc" \
-o "$cpu" = "sparc64"; then
bigendian="yes"
fi
fi
# host long bits test
hostlongbits="32"
if test "$cpu" = "x86_64" \
-o "$cpu" = "alpha" \
-o "$cpu" = "ia64" \
-o "$cpu" = "sparc64" \
-o "$cpu" = "ppc64"; then
hostlongbits="64"
fi
# Check host NPTL support
cat > $TMPC <<EOF
#include <sched.h>
#include <linux/futex.h>
void foo()
{
#if !defined(CLONE_SETTLS) || !defined(FUTEX_WAIT)
#error bork
#endif
}
EOF
if compile_object ; then
:
else
nptl="no"
fi
##########################################
# zlib check
cat > $TMPC << EOF
#include <zlib.h>
int main(void) { zlibVersion(); return 0; }
EOF
if compile_prog "" "-lz" ; then
:
else
echo
echo "Error: zlib check failed"
echo "Make sure to have the zlib libs and headers installed."
echo
exit 1
fi
##########################################
# xen probe
if test "$xen" = "yes" ; then
xen_libs="-lxenstore -lxenctrl -lxenguest"
cat > $TMPC <<EOF
#include <xenctrl.h>
#include <xs.h>
int main(void) { xs_daemon_open(); xc_interface_open(); return 0; }
EOF
if compile_prog "" "$xen_libs" ; then
:
else
xen="no"
fi
fi
##########################################
# SDL probe
sdl_too_old=no
if test "$sdl" = "yes" ; then
sdl=no
cat > $TMPC << EOF
#include <SDL.h>
#undef main /* We don't want SDL to override our main() */
int main( void ) { return SDL_Init (SDL_INIT_VIDEO); }
EOF
sdl_cflags=`sdl-config --cflags 2> /dev/null`
sdl_libs=`sdl-config --libs 2> /dev/null`
if compile_prog "$sdl_cflags" "$sdl_libs" ; then
_sdlversion=`sdl-config --version | sed 's/[^0-9]//g'`
if test "$_sdlversion" -lt 121 ; then
sdl_too_old=yes
else
if test "$cocoa" = "no" ; then
sdl=yes
fi
fi
# static link with sdl ?
if test "$sdl" = "yes" -a "$static" = "yes" ; then
sdl_libs=`sdl-config --static-libs 2>/dev/null`
if test `sdl-config --static-libs 2>/dev/null | grep \\\-laa > /dev/null` ; then
sdl_libs="$sdl_libs `aalib-config --static-libs >2 /dev/null`"
sdl_cflags="$sd_cflags `aalib-config --cflags >2 /dev/null`"
fi
if compile_prog "$sdl_cflags" "$sdl_libs" ; then
:
else
sdl=no
fi
fi # static link
fi # sdl compile test
fi
if test "$sdl" = "yes" ; then
cat > $TMPC <<EOF
#include <SDL.h>
#if defined(SDL_VIDEO_DRIVER_X11)
#include <X11/XKBlib.h>
#else
#error No x11 support
#endif
int main(void) { return 0; }
EOF
if compile_prog "$sdl_cflags" "$sdl_libs" ; then
sdl_libs="$sdl_libs -lX11"
fi
fi
##########################################
# VNC TLS detection
if test "$vnc_tls" = "yes" ; then
cat > $TMPC <<EOF
#include <gnutls/gnutls.h>
int main(void) { gnutls_session_t s; gnutls_init(&s, GNUTLS_SERVER); return 0; }
EOF
vnc_tls_cflags=`pkg-config --cflags gnutls 2> /dev/null`
vnc_tls_libs=`pkg-config --libs gnutls 2> /dev/null`
if compile_prog "$vnc_tls_cflags" "$vnc_tls_libs" ; then
:
else
vnc_tls="no"
fi
fi
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
##########################################
# VNC SASL detection
if test "$vnc_sasl" = "yes" ; then
cat > $TMPC <<EOF
#include <sasl/sasl.h>
#include <stdio.h>
int main(void) { sasl_server_init(NULL, "qemu"); return 0; }
EOF
# Assuming Cyrus-SASL installed in /usr prefix
vnc_sasl_cflags=""
vnc_sasl_libs="-lsasl2"
if compile_prog "$vnc_sasl_cflags" "$vnc_sasl_libs" ; then
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
:
else
vnc_sasl="no"
fi
fi
Support ACLs for controlling VNC access ("Daniel P. Berrange") This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
##########################################
# fnmatch() probe, used for ACL routines
fnmatch="no"
cat > $TMPC << EOF
#include <fnmatch.h>
int main(void)
{
fnmatch("foo", "foo", 0);
return 0;
}
EOF
if compile_prog "" "" ; then
Support ACLs for controlling VNC access ("Daniel P. Berrange") This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
fnmatch="yes"
fi
##########################################
# vde libraries probe
if test "$vde" = "yes" ; then
vde=no
vde_libs="-lvdeplug"
cat > $TMPC << EOF
#include <libvdeplug.h>
int main(void)
{
struct vde_open_args a = {0, 0, 0};
vde_open("", "", &a);
return 0;
}
EOF
if compile_prog "" "$vde_libs" ; then
vde=yes
fi
fi
##########################################
# Sound support libraries probe
audio_drv_probe()
{
drv=$1
hdr=$2
lib=$3
exp=$4
cfl=$5
cat > $TMPC << EOF
#include <$hdr>
int main(void) { $exp }
EOF
if compile_prog "$cfl" "$lib" ; then
:
else
echo
echo "Error: $drv check failed"
echo "Make sure to have the $drv libs and headers installed."
echo
exit 1
fi
}
audio_drv_list=`echo "$audio_drv_list" | sed -e 's/,/ /g'`
for drv in $audio_drv_list; do
case $drv in
alsa)
audio_drv_probe $drv alsa/asoundlib.h -lasound \
"snd_pcm_t **handle; return snd_pcm_close(*handle);"
;;
fmod)
if test -z $fmod_lib || test -z $fmod_inc; then
echo
echo "Error: You must specify path to FMOD library and headers"
echo "Example: --fmod-inc=/path/include/fmod --fmod-lib=/path/lib/libfmod-3.74.so"
echo
exit 1
fi
audio_drv_probe $drv fmod.h $fmod_lib "return FSOUND_GetVersion();" "-I $fmod_inc"
;;
esd)
audio_drv_probe $drv esd.h -lesd 'return esd_play_stream(0, 0, "", 0);'
;;
pa)
audio_drv_probe $drv pulse/simple.h -lpulse-simple \
"pa_simple *s = NULL; pa_simple_free(s); return 0;"
;;
oss|sdl|core|wav|dsound)
# XXX: Probes for CoreAudio, DirectSound, SDL(?)
;;
*)
echo "$audio_possible_drivers" | grep -q "\<$drv\>" || {
echo
echo "Error: Unknown driver '$drv' selected"
echo "Possible drivers are: $audio_possible_drivers"
echo
exit 1
}
;;
esac
done
##########################################
# BrlAPI probe
if test "$brlapi" = "yes" ; then
brlapi=no
brlapi_libs="-lbrlapi"
cat > $TMPC << EOF
#include <brlapi.h>
int main( void ) { return brlapi__openConnection (NULL, NULL, NULL); }
EOF
if compile_prog "" "$brlapi_libs" ; then
brlapi=yes
fi
fi
##########################################
# curses probe
if test "$curses" = "yes" ; then
cat > $TMPC << EOF
#include <curses.h>
#ifdef __OpenBSD__
#define resize_term resizeterm
#endif
int main(void) { resize_term(0, 0); return curses_version(); }
EOF
if compile_prog "" "-lncurses" ; then
curses_libs="-lncurses"
elif compile_prog "" "-lcurses" ; then
curses_libs="-lcurses"
else
curses=no
fi
fi # test "$curses"
##########################################
# curl probe
if test "$curl" = "yes" ; then
curl=no
cat > $TMPC << EOF
#include <curl/curl.h>
int main(void) { return curl_easy_init(); }
EOF
curl_cflags=`curl-config --cflags 2>/dev/null`
curl_libs=`curl-config --libs 2>/dev/null`
if compile_prog "$curl_cflags" "$curl_libs" ; then
curl=yes
fi
fi # test "$curl"
##########################################
# bluez support probe
if test "$bluez" = "yes" ; then
`pkg-config bluez 2> /dev/null` || bluez="no"
fi
if test "$bluez" = "yes" ; then
cat > $TMPC << EOF
#include <bluetooth/bluetooth.h>
int main(void) { return bt_error(0); }
EOF
bluez_cflags=`pkg-config --cflags bluez 2> /dev/null`
bluez_libs=`pkg-config --libs bluez 2> /dev/null`
if compile_prog "$bluez_cflags" "$bluez_libs" ; then
:
else
bluez="no"
fi
fi
##########################################
# kvm probe
if test "$kvm" = "yes" ; then
cat > $TMPC <<EOF
#include <linux/kvm.h>
report issues causing the kvm probe to fail (Christian Ehrhardt) The patch applies to upstream qemu as well as kvm-userspace, but since it is the qemu configure script I think it should go to upstream qemu (Anthony) first and with the next merge to kvm-userspace. On the other hand it is the kvm probe so an ack from Avi in case v3 is ok would be reasonable. *updates* v2 - it also reports other errors than just #error preprocessor statements (requested by Avi) v3 - In case awk or grep is not installed it now gracfully (silently) fails still disabling kvm (requested by Anthony) This patch is about reporting more details of the issue if configuring kvm fails. Therefore this patch keeps the qemu style configure output which is a list of "$Feature $Status", but extend the "no" result like "KVM Support no" with some more information. There might be a lot of things going wrong with that probe and I don't want to handle all of them, but if it is one of the known checks e.g. for KVM_API_VERSION then we could grep/awk that out and report it. The patch reports in case of a known case in the style "KVM support no - (Missing KVM capability KVM_CAP_DESTROY_MEMORY_REGION_WORKS)" In case more than one #error is triggered it creates a comma separated list in those brackets and in case it is something else than an #error it just reports plain old "no". Signed-off-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6334 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15 21:57:30 +00:00
#if !defined(KVM_API_VERSION) || KVM_API_VERSION < 12 || KVM_API_VERSION > 12
#error Invalid KVM version
#endif
report issues causing the kvm probe to fail (Christian Ehrhardt) The patch applies to upstream qemu as well as kvm-userspace, but since it is the qemu configure script I think it should go to upstream qemu (Anthony) first and with the next merge to kvm-userspace. On the other hand it is the kvm probe so an ack from Avi in case v3 is ok would be reasonable. *updates* v2 - it also reports other errors than just #error preprocessor statements (requested by Avi) v3 - In case awk or grep is not installed it now gracfully (silently) fails still disabling kvm (requested by Anthony) This patch is about reporting more details of the issue if configuring kvm fails. Therefore this patch keeps the qemu style configure output which is a list of "$Feature $Status", but extend the "no" result like "KVM Support no" with some more information. There might be a lot of things going wrong with that probe and I don't want to handle all of them, but if it is one of the known checks e.g. for KVM_API_VERSION then we could grep/awk that out and report it. The patch reports in case of a known case in the style "KVM support no - (Missing KVM capability KVM_CAP_DESTROY_MEMORY_REGION_WORKS)" In case more than one #error is triggered it creates a comma separated list in those brackets and in case it is something else than an #error it just reports plain old "no". Signed-off-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6334 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15 21:57:30 +00:00
#if !defined(KVM_CAP_USER_MEMORY)
#error Missing KVM capability KVM_CAP_USER_MEMORY
#endif
#if !defined(KVM_CAP_SET_TSS_ADDR)
#error Missing KVM capability KVM_CAP_SET_TSS_ADDR
#endif
#if !defined(KVM_CAP_DESTROY_MEMORY_REGION_WORKS)
#error Missing KVM capability KVM_CAP_DESTROY_MEMORY_REGION_WORKS
#endif
int main(void) { return 0; }
EOF
if test "$kerneldir" != "" ; then
kvm_cflags=-I"$kerneldir"/include
if test \( "$cpu" = "i386" -o "$cpu" = "x86_64" \) \
-a -d "$kerneldir/arch/x86/include" ; then
kvm_cflags="$kvm_cflags -I$kerneldir/arch/x86/include"
elif test "$cpu" = "ppc" -a -d "$kerneldir/arch/powerpc/include" ; then
kvm_cflags="$kvm_cflags -I$kerneldir/arch/powerpc/include"
elif test -d "$kerneldir/arch/$cpu/include" ; then
kvm_cflags="$kvm_cflags -I$kerneldir/arch/$cpu/include"
fi
else
kvm_cflags=""
fi
if compile_prog "$kvm_cflags" "" ; then
:
else
report issues causing the kvm probe to fail (Christian Ehrhardt) The patch applies to upstream qemu as well as kvm-userspace, but since it is the qemu configure script I think it should go to upstream qemu (Anthony) first and with the next merge to kvm-userspace. On the other hand it is the kvm probe so an ack from Avi in case v3 is ok would be reasonable. *updates* v2 - it also reports other errors than just #error preprocessor statements (requested by Avi) v3 - In case awk or grep is not installed it now gracfully (silently) fails still disabling kvm (requested by Anthony) This patch is about reporting more details of the issue if configuring kvm fails. Therefore this patch keeps the qemu style configure output which is a list of "$Feature $Status", but extend the "no" result like "KVM Support no" with some more information. There might be a lot of things going wrong with that probe and I don't want to handle all of them, but if it is one of the known checks e.g. for KVM_API_VERSION then we could grep/awk that out and report it. The patch reports in case of a known case in the style "KVM support no - (Missing KVM capability KVM_CAP_DESTROY_MEMORY_REGION_WORKS)" In case more than one #error is triggered it creates a comma separated list in those brackets and in case it is something else than an #error it just reports plain old "no". Signed-off-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6334 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15 21:57:30 +00:00
kvm="no";
if [ -x "`which awk 2>/dev/null`" ] && \
[ -x "`which grep 2>/dev/null`" ]; then
kvmerr=`LANG=C $cc $CFLAGS -o $TMPE $kvm_cflags $TMPC 2>&1 \
report issues causing the kvm probe to fail (Christian Ehrhardt) The patch applies to upstream qemu as well as kvm-userspace, but since it is the qemu configure script I think it should go to upstream qemu (Anthony) first and with the next merge to kvm-userspace. On the other hand it is the kvm probe so an ack from Avi in case v3 is ok would be reasonable. *updates* v2 - it also reports other errors than just #error preprocessor statements (requested by Avi) v3 - In case awk or grep is not installed it now gracfully (silently) fails still disabling kvm (requested by Anthony) This patch is about reporting more details of the issue if configuring kvm fails. Therefore this patch keeps the qemu style configure output which is a list of "$Feature $Status", but extend the "no" result like "KVM Support no" with some more information. There might be a lot of things going wrong with that probe and I don't want to handle all of them, but if it is one of the known checks e.g. for KVM_API_VERSION then we could grep/awk that out and report it. The patch reports in case of a known case in the style "KVM support no - (Missing KVM capability KVM_CAP_DESTROY_MEMORY_REGION_WORKS)" In case more than one #error is triggered it creates a comma separated list in those brackets and in case it is something else than an #error it just reports plain old "no". Signed-off-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6334 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15 21:57:30 +00:00
| grep "error: " \
| awk -F "error: " '{if (NR>1) printf(", "); printf("%s",$2);}'`
if test "$kvmerr" != "" ; then
kvm="no - (${kvmerr})\n\
NOTE: To enable KVM support, update your kernel to 2.6.29+ or install \
recent kvm-kmod from http://sourceforge.net/projects/kvm."
report issues causing the kvm probe to fail (Christian Ehrhardt) The patch applies to upstream qemu as well as kvm-userspace, but since it is the qemu configure script I think it should go to upstream qemu (Anthony) first and with the next merge to kvm-userspace. On the other hand it is the kvm probe so an ack from Avi in case v3 is ok would be reasonable. *updates* v2 - it also reports other errors than just #error preprocessor statements (requested by Avi) v3 - In case awk or grep is not installed it now gracfully (silently) fails still disabling kvm (requested by Anthony) This patch is about reporting more details of the issue if configuring kvm fails. Therefore this patch keeps the qemu style configure output which is a list of "$Feature $Status", but extend the "no" result like "KVM Support no" with some more information. There might be a lot of things going wrong with that probe and I don't want to handle all of them, but if it is one of the known checks e.g. for KVM_API_VERSION then we could grep/awk that out and report it. The patch reports in case of a known case in the style "KVM support no - (Missing KVM capability KVM_CAP_DESTROY_MEMORY_REGION_WORKS)" In case more than one #error is triggered it creates a comma separated list in those brackets and in case it is something else than an #error it just reports plain old "no". Signed-off-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6334 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15 21:57:30 +00:00
fi
fi
fi
fi
##########################################
# pthread probe
PTHREADLIBS_LIST="-lpthread -lpthreadGC2"
PTHREADLIBS=""
if test "$pthread" = yes; then
pthread=no
cat > $TMPC << EOF
#include <pthread.h>
int main(void) { pthread_create(0,0,0,0); return 0; }
EOF
for pthread_lib in $PTHREADLIBS_LIST; do
if compile_prog "" "$pthread_lib" ; then
pthread=yes
PTHREADLIBS="$pthread_lib"
break
fi
done
fi
if test "$pthread" = no; then
aio=no
io_thread=no
fi
##########################################
# iovec probe
cat > $TMPC <<EOF
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
int main(void) { struct iovec iov; return 0; }
EOF
iovec=no
if compile_prog "" "" ; then
iovec=yes
fi
##########################################
# preadv probe
cat > $TMPC <<EOF
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
int main(void) { preadv; }
EOF
preadv=no
if compile_prog "" "" ; then
preadv=yes
fi
##########################################
# fdt probe
if test "$fdt" = "yes" ; then
fdt=no
fdt_libs="-lfdt"
cat > $TMPC << EOF
int main(void) { return 0; }
EOF
if compile_prog "" "$fdt_libs" ; then
fdt=yes
fi
fi
#
# Check for xxxat() functions when we are building linux-user
# emulator. This is done because older glibc versions don't
# have syscall stubs for these implemented.
#
atfile=no
cat > $TMPC << EOF
#define _ATFILE_SOURCE
#include <sys/types.h>
#include <fcntl.h>
#include <unistd.h>
int
main(void)
{
/* try to unlink nonexisting file */
return (unlinkat(AT_FDCWD, "nonexistent_file", 0));
}
EOF
if compile_prog "" "" ; then
atfile=yes
fi
# Check for inotify functions when we are building linux-user
# emulator. This is done because older glibc versions don't
# have syscall stubs for these implemented. In that case we
# don't provide them even if kernel supports them.
#
inotify=no
cat > $TMPC << EOF
#include <sys/inotify.h>
int
main(void)
{
/* try to start inotify */
return inotify_init();
}
EOF
if compile_prog "" "" ; then
inotify=yes
fi
# check if utimensat and futimens are supported
utimens=no
cat > $TMPC << EOF
#define _ATFILE_SOURCE
#define _GNU_SOURCE
#include <stddef.h>
#include <fcntl.h>
int main(void)
{
utimensat(AT_FDCWD, "foo", NULL, 0);
futimens(0, NULL);
return 0;
}
EOF
if compile_prog "" "" ; then
utimens=yes
fi
# check if pipe2 is there
pipe2=no
cat > $TMPC << EOF
#define _GNU_SOURCE
#include <unistd.h>
#include <fcntl.h>
int main(void)
{
int pipefd[2];
pipe2(pipefd, O_CLOEXEC);
return 0;
}
EOF
if compile_prog "" "" ; then
pipe2=yes
fi
# check if tee/splice is there. vmsplice was added same time.
splice=no
cat > $TMPC << EOF
#define _GNU_SOURCE
#include <unistd.h>
#include <fcntl.h>
#include <limits.h>
int main(void)
{
int len, fd;
len = tee(STDIN_FILENO, STDOUT_FILENO, INT_MAX, SPLICE_F_NONBLOCK);
splice(STDIN_FILENO, NULL, fd, NULL, len, SPLICE_F_MOVE);
return 0;
}
EOF
if compile_prog "" "" ; then
splice=yes
fi
# Check if tools are available to build documentation.
if test "$build_docs" = "yes" -a \( ! -x "`which texi2html 2>/dev/null`" -o ! -x "`which pod2man 2>/dev/null`" \) ; then
build_docs="no"
fi
# Search for bsawp_32 function
byteswap_h=no
cat > $TMPC << EOF
#include <byteswap.h>
int main(void) { return bswap_32(0); }
EOF
if compile_prog "" "" ; then
byteswap_h=yes
fi
# Search for bsawp_32 function
bswap_h=no
cat > $TMPC << EOF
#include <sys/endian.h>
#include <sys/types.h>
#include <machine/bswap.h>
int main(void) { return bswap32(0); }
EOF
if compile_prog "" "" ; then
bswap_h=yes
fi
##########################################
# Do we need librt
cat > $TMPC <<EOF
#include <signal.h>
#include <time.h>
int main(void) { clockid_t id; return clock_gettime(id, NULL); }
EOF
if compile_prog "" "" ; then
CLOCKLIBS=""
elif compile_prog "" "-lrt" ; then
CLOCKLIBS="-lrt"
fi
# Determine what linker flags to use to force archive inclusion
check_linker_flags()
{
w2=
if test "$2" ; then
w2=-Wl,$2
fi
compile_prog "" "-Wl,$1 ${w2}"
}
cat > $TMPC << EOF
int main(void) { }
EOF
if check_linker_flags --whole-archive --no-whole-archive ; then
# GNU ld
arlibs_begin="-Wl,--whole-archive"
arlibs_end="-Wl,--no-whole-archive"
elif check_linker_flags -z,allextract -z,defaultextract ; then
# Solaris ld
arlibs_begin"=-Wl,-z,allextract"
arlibs_end="-Wl,-z,defaultextract"
elif check_linker_flags -all_load ; then
# Mac OS X
arlibs_begin="-all_load"
arlibs_end=""
else
echo "Error: your linker does not support --whole-archive or -z."
echo "Please report to qemu-devel@nongnu.org"
exit 1
fi
# End of CC checks
# After here, no more $cc or $ld runs
# default flags for all hosts
CFLAGS="-g -fno-strict-aliasing $CFLAGS"
if test "$debug" = "no" ; then
CFLAGS="-O2 $CFLAGS"
fi
CFLAGS="-Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls $CFLAGS"
LDFLAGS="-g $LDFLAGS"
# Consult white-list to determine whether to enable werror
# by default. Only enable by default for git builds
if test -z "$werror" ; then
z_version=`cut -f3 -d. $source_path/VERSION`
if test "$z_version" = "50" -a \
"$linux" = "yes" ; then
werror="yes"
else
werror="no"
fi
fi
if test "$werror" = "yes" ; then
CFLAGS="-Werror $CFLAGS"
fi
if test "$solaris" = "no" ; then
if $ld --version 2>/dev/null | grep "GNU ld" >/dev/null 2>/dev/null ; then
LDFLAGS="-Wl,--warn-common $LDFLAGS"
fi
fi
if test "$mingw32" = "yes" ; then
if test -z "$prefix" ; then
prefix="c:/Program Files/Qemu"
fi
mansuffix=""
datasuffix=""
docsuffix=""
binsuffix=""
else
if test -z "$prefix" ; then
prefix="/usr/local"
fi
mansuffix="/share/man"
datasuffix="/share/qemu"
docsuffix="/share/doc/qemu"
binsuffix="/bin"
fi
echo "Install prefix $prefix"
echo "BIOS directory $prefix$datasuffix"
echo "binary directory $prefix$binsuffix"
if test "$mingw32" = "no" ; then
echo "Manual directory $prefix$mansuffix"
echo "ELF interp prefix $interp_prefix"
fi
echo "Source path $source_path"
echo "C compiler $cc"
echo "Host C compiler $host_cc"
echo "CFLAGS $CFLAGS"
echo "LDFLAGS $LDFLAGS"
echo "make $make"
echo "install $install"
echo "host CPU $cpu"
echo "host big endian $bigendian"
echo "target list $target_list"
echo "tcg debug enabled $debug_tcg"
echo "gprof enabled $gprof"
echo "sparse enabled $sparse"
echo "strip binaries $strip_opt"
echo "profiler $profiler"
echo "static build $static"
echo "-Werror enabled $werror"
if test "$darwin" = "yes" ; then
echo "Cocoa support $cocoa"
fi
echo "SDL support $sdl"
echo "curses support $curses"
echo "curl support $curl"
echo "mingw32 support $mingw32"
echo "Audio drivers $audio_drv_list"
echo "Extra audio cards $audio_card_list"
echo "Mixer emulation $mixemu"
echo "VNC TLS support $vnc_tls"
if test "$vnc_tls" = "yes" ; then
echo " TLS CFLAGS $vnc_tls_cflags"
echo " TLS LIBS $vnc_tls_libs"
fi
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
echo "VNC SASL support $vnc_sasl"
if test "$vnc_sasl" = "yes" ; then
echo " SASL CFLAGS $vnc_sasl_cflags"
echo " SASL LIBS $vnc_sasl_libs"
fi
if test -n "$sparc_cpu"; then
echo "Target Sparc Arch $sparc_cpu"
fi
echo "kqemu support $kqemu"
echo "xen support $xen"
echo "brlapi support $brlapi"
echo "Documentation $build_docs"
[ ! -z "$uname_release" ] && \
echo "uname -r $uname_release"
echo "NPTL support $nptl"
echo "GUEST_BASE $guest_base"
echo "vde support $vde"
echo "AIO support $aio"
echo "IO thread $io_thread"
echo "Install blobs $blobs"
echo -e "KVM support $kvm"
echo "fdt support $fdt"
echo "preadv support $preadv"
if test $sdl_too_old = "yes"; then
echo "-> Your SDL version is too old - please upgrade to have SDL support"
fi
config_host_mak="config-host.mak"
config_host_h="config-host.h"
config_host_ld="config-host.ld"
#echo "Creating $config_host_mak and $config_host_h"
test -f $config_host_h && mv $config_host_h ${config_host_h}~
echo "# Automatically generated by configure - do not modify" > $config_host_mak
printf "# Configured with:" >> $config_host_mak
printf " '%s'" "$0" "$@" >> $config_host_mak
echo >> $config_host_mak
echo "CONFIG_QEMU_SHAREDIR=\"$prefix$datasuffix\"" >> $config_host_mak
case "$cpu" in
i386|x86_64|alpha|cris|hppa|ia64|m68k|microblaze|mips|mips64|ppc|ppc64|s390|sparc|sparc64)
ARCH=$cpu
;;
armv4b|armv4l)
ARCH=arm
;;
*)
echo "Unsupported CPU = $cpu"
exit 1
;;
esac
echo "ARCH=$ARCH" >> $config_host_mak
if test "$debug_tcg" = "yes" ; then
echo "CONFIG_DEBUG_TCG=y" >> $config_host_mak
fi
if test "$debug" = "yes" ; then
echo "CONFIG_DEBUG_EXEC=y" >> $config_host_mak
fi
if test "$strip_opt" = "yes" ; then
echo "STRIP_OPT=-s" >> $config_host_mak
fi
if test "$bigendian" = "yes" ; then
echo "HOST_WORDS_BIGENDIAN=y" >> $config_host_mak
fi
echo "HOST_LONG_BITS=$hostlongbits" >> $config_host_mak
if test "$mingw32" = "yes" ; then
echo "CONFIG_WIN32=y" >> $config_host_mak
else
echo "CONFIG_POSIX=y" >> $config_host_mak
fi
if test "$darwin" = "yes" ; then
echo "CONFIG_DARWIN=y" >> $config_host_mak
fi
if test "$aix" = "yes" ; then
echo "CONFIG_AIX=y" >> $config_host_mak
fi
if test "$solaris" = "yes" ; then
echo "CONFIG_SOLARIS=y" >> $config_host_mak
echo "CONFIG_SOLARIS_VERSION=$solarisrev" >> $config_host_mak
if test "$needs_libsunmath" = "yes" ; then
echo "CONFIG_NEEDS_LIBSUNMATH=y" >> $config_host_mak
fi
fi
if test "$gprof" = "yes" ; then
echo "TARGET_GPROF=yes" >> $config_host_mak
fi
if test "$static" = "yes" ; then
echo "CONFIG_STATIC=y" >> $config_host_mak
LDFLAGS="-static $LDFLAGS"
fi
if test $profiler = "yes" ; then
echo "CONFIG_PROFILER=y" >> $config_host_mak
fi
if test "$slirp" = "yes" ; then
echo "CONFIG_SLIRP=y" >> $config_host_mak
fi
if test "$vde" = "yes" ; then
echo "CONFIG_VDE=y" >> $config_host_mak
echo "VDE_LIBS=$vde_libs" >> $config_host_mak
fi
for card in $audio_card_list; do
def=CONFIG_`echo $card | tr '[:lower:]' '[:upper:]'`
echo "$def=y" >> $config_host_mak
done
echo "CONFIG_AUDIO_DRIVERS=$audio_drv_list" >> $config_host_mak
for drv in $audio_drv_list; do
def=CONFIG_`echo $drv | tr '[:lower:]' '[:upper:]'`
echo "$def=y" >> $config_host_mak
if test "$drv" = "fmod"; then
echo "FMOD_LIBS=$fmod_lib" >> $config_host_mak
echo "FMOD_CFLAGS=-I$fmod_inc" >> $config_host_mak
elif test "$drv" = "oss"; then
echo "OSS_LIBS=$oss_lib" >> $config_host_mak
fi
done
if test "$mixemu" = "yes" ; then
echo "CONFIG_MIXEMU=y" >> $config_host_mak
fi
if test "$vnc_tls" = "yes" ; then
echo "CONFIG_VNC_TLS=y" >> $config_host_mak
echo "VNC_TLS_CFLAGS=$vnc_tls_cflags" >> $config_host_mak
echo "VNC_TLS_LIBS=$vnc_tls_libs" >> $config_host_mak
fi
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
if test "$vnc_sasl" = "yes" ; then
echo "CONFIG_VNC_SASL=y" >> $config_host_mak
echo "VNC_SASL_CFLAGS=$vnc_sasl_cflags" >> $config_host_mak
echo "VNC_SASL_LIBS=$vnc_sasl_libs" >> $config_host_mak
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
fi
Support ACLs for controlling VNC access ("Daniel P. Berrange") This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
if test "$fnmatch" = "yes" ; then
echo "CONFIG_FNMATCH=y" >> $config_host_mak
Support ACLs for controlling VNC access ("Daniel P. Berrange") This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
fi
qemu_version=`head $source_path/VERSION`
echo "VERSION=$qemu_version" >>$config_host_mak
echo "PKGVERSION=$pkgversion" >>$config_host_mak
echo "SRC_PATH=$source_path" >> $config_host_mak
if [ "$source_path_used" = "yes" ]; then
echo "VPATH=$source_path" >> $config_host_mak
fi
echo "TARGET_DIRS=$target_list" >> $config_host_mak
if [ "$build_docs" = "yes" ] ; then
echo "BUILD_DOCS=yes" >> $config_host_mak
fi
if test "$sdl" = "yes" ; then
echo "CONFIG_SDL=y" >> $config_host_mak
echo "SDL_LIBS=$sdl_libs" >> $config_host_mak
echo "SDL_CFLAGS=$sdl_cflags" >> $config_host_mak
fi
if test "$cocoa" = "yes" ; then
echo "CONFIG_COCOA=y" >> $config_host_mak
fi
if test "$curses" = "yes" ; then
echo "CONFIG_CURSES=y" >> $config_host_mak
echo "CURSES_LIBS=$curses_libs" >> $config_host_mak
fi
if test "$atfile" = "yes" ; then
echo "CONFIG_ATFILE=y" >> $config_host_mak
fi
if test "$utimens" = "yes" ; then
echo "CONFIG_UTIMENSAT=y" >> $config_host_mak
fi
if test "$pipe2" = "yes" ; then
echo "CONFIG_PIPE2=y" >> $config_host_mak
fi
if test "$splice" = "yes" ; then
echo "CONFIG_SPLICE=y" >> $config_host_mak
fi
if test "$inotify" = "yes" ; then
echo "CONFIG_INOTIFY=y" >> $config_host_mak
fi
if test "$byteswap_h" = "yes" ; then
echo "CONFIG_BYTESWAP_H=y" >> $config_host_mak
fi
if test "$bswap_h" = "yes" ; then
echo "CONFIG_MACHINE_BSWAP_H=y" >> $config_host_mak
fi
if test "$curl" = "yes" ; then
echo "CONFIG_CURL=y" >> $config_host_mak
echo "CURL_CFLAGS=$curl_cflags" >> $config_host_mak
echo "CURL_LIBS=$curl_libs" >> $config_host_mak
fi
if test "$brlapi" = "yes" ; then
echo "CONFIG_BRLAPI=y" >> $config_host_mak
echo "BRLAPI_LIBS=$brlapi_libs" >> $config_host_mak
fi
if test "$bluez" = "yes" ; then
echo "CONFIG_BLUEZ=y" >> $config_host_mak
echo "BLUEZ_CFLAGS=$bluez_cflags" >> $config_host_mak
echo "BLUEZ_LIBS=$bluez_libs" >> $config_host_mak
fi
if test "$xen" = "yes" ; then
echo "CONFIG_XEN=y" >> $config_host_mak
echo "XEN_LIBS=$xen_libs" >> $config_host_mak
fi
if test "$aio" = "yes" ; then
echo "CONFIG_AIO=y" >> $config_host_mak
fi
if test "$io_thread" = "yes" ; then
echo "CONFIG_IOTHREAD=y" >> $config_host_mak
fi
if test "$blobs" = "yes" ; then
echo "INSTALL_BLOBS=yes" >> $config_host_mak
fi
if test "$iovec" = "yes" ; then
echo "CONFIG_IOVEC=y" >> $config_host_mak
fi
if test "$preadv" = "yes" ; then
echo "CONFIG_PREADV=y" >> $config_host_mak
fi
if test "$fdt" = "yes" ; then
echo "CONFIG_FDT=y" >> $config_host_mak
echo "FDT_LIBS=$fdt_libs" >> $config_host_mak
fi
# XXX: suppress that
if [ "$bsd" = "yes" ] ; then
echo "CONFIG_BSD=y" >> $config_host_mak
fi
echo "CONFIG_UNAME_RELEASE=\"$uname_release\"" >> $config_host_mak
# USB host support
case "$usb" in
linux)
echo "HOST_USB=linux" >> $config_host_mak
;;
bsd)
echo "HOST_USB=bsd" >> $config_host_mak
;;
*)
echo "HOST_USB=stub" >> $config_host_mak
;;
esac
tools=
if test `expr "$target_list" : ".*softmmu.*"` != 0 ; then
tools="qemu-img\$(EXESUF) $tools"
if [ "$linux" = "yes" ] ; then
tools="qemu-nbd\$(EXESUF) qemu-io\$(EXESUF) $tools"
fi
fi
echo "TOOLS=$tools" >> $config_host_mak
# Mac OS X ships with a broken assembler
roms=
if test \( "$cpu" = "i386" -o "$cpu" = "x86_64" \) -a \
"$targetos" != "Darwin" ; then
roms="optionrom"
fi
echo "ROMS=$roms" >> $config_host_mak
echo "prefix=$prefix" >> $config_host_mak
echo "bindir=\${prefix}$binsuffix" >> $config_host_mak
echo "mandir=\${prefix}$mansuffix" >> $config_host_mak
echo "datadir=\${prefix}$datasuffix" >> $config_host_mak
echo "docdir=\${prefix}$docsuffix" >> $config_host_mak
echo "MAKE=$make" >> $config_host_mak
echo "INSTALL=$install" >> $config_host_mak
echo "INSTALL_DIR=$install -d -m0755 -p" >> $config_host_mak
echo "INSTALL_DATA=$install -m0644 -p" >> $config_host_mak
echo "INSTALL_PROG=$install -m0755 -p" >> $config_host_mak
echo "CC=$cc" >> $config_host_mak
echo "HOST_CC=$host_cc" >> $config_host_mak
if test "$sparse" = "yes" ; then
echo "CC := REAL_CC=\"\$(CC)\" cgcc" >> $config_host_mak
echo "HOST_CC := REAL_CC=\"\$(HOST_CC)\" cgcc" >> $config_host_mak
echo "CFLAGS += -Wbitwise -Wno-transparent-union -Wno-old-initializer -Wno-non-pointer-null" >> $config_host_mak
fi
echo "AR=$ar" >> $config_host_mak
echo "OBJCOPY=$objcopy" >> $config_host_mak
echo "LD=$ld" >> $config_host_mak
echo "CFLAGS=$CFLAGS" >> $config_host_mak
echo "LDFLAGS=$LDFLAGS" >> $config_host_mak
echo "ARLIBS_BEGIN=$arlibs_begin" >> $config_host_mak
echo "ARLIBS_END=$arlibs_end" >> $config_host_mak
echo "EXESUF=$EXESUF" >> $config_host_mak
echo "PTHREADLIBS=$PTHREADLIBS" >> $config_host_mak
echo "CLOCKLIBS=$CLOCKLIBS" >> $config_host_mak
echo "/* Automatically generated by configure - do not modify */" > $config_host_h
$SHELL $source_path/create_config < $config_host_mak >> $config_host_h
if test -f ${config_host_h}~ ; then
if cmp -s $config_host_h ${config_host_h}~ ; then
mv ${config_host_h}~ $config_host_h
else
rm ${config_host_h}~
fi
fi
# generate list of library paths for linker script
$ld --verbose -v 2> /dev/null | grep SEARCH_DIR > ${config_host_ld}
if test -f ${config_host_ld}~ ; then
if cmp -s $config_host_ld ${config_host_ld}~ ; then
mv ${config_host_ld}~ $config_host_ld
else
rm ${config_host_ld}~
fi
fi
for target in $target_list; do
target_dir="$target"
config_mak=$target_dir/config.mak
config_h=$target_dir/config.h
target_arch2=`echo $target | cut -d '-' -f 1`
target_bigendian="no"
case "$target_arch2" in
armeb|m68k|microblaze|mips|mipsn32|mips64|ppc|ppcemb|ppc64|ppc64abi32|sh4eb|sparc|sparc64|sparc32plus)
target_bigendian=yes
;;
esac
target_softmmu="no"
target_user_only="no"
target_linux_user="no"
target_darwin_user="no"
target_bsd_user="no"
case "$target" in
${target_arch2}-softmmu)
target_softmmu="yes"
;;
${target_arch2}-linux-user)
target_user_only="yes"
target_linux_user="yes"
;;
${target_arch2}-darwin-user)
target_user_only="yes"
target_darwin_user="yes"
;;
${target_arch2}-bsd-user)
target_user_only="yes"
target_bsd_user="yes"
;;
*)
echo "ERROR: Target '$target' not recognised"
exit 1
;;
esac
#echo "Creating $config_mak, $config_h and $target_dir/Makefile"
test -f $config_h && mv $config_h ${config_h}~
mkdir -p $target_dir
mkdir -p $target_dir/fpu
mkdir -p $target_dir/tcg
if test "$target" = "arm-linux-user" -o "$target" = "armeb-linux-user" -o "$target" = "arm-bsd-user" -o "$target" = "armeb-bsd-user" ; then
mkdir -p $target_dir/nwfpe
fi
#
# don't use ln -sf as not all "ln -sf" over write the file/link
#
rm -f $target_dir/Makefile
ln -s $source_path/Makefile.target $target_dir/Makefile
echo "# Automatically generated by configure - do not modify" > $config_mak
echo "include ../config-host.mak" >> $config_mak
bflt="no"
elfload32="no"
target_nptl="no"
interp_prefix1=`echo "$interp_prefix" | sed "s/%M/$target_arch2/g"`
echo "CONFIG_QEMU_PREFIX=\"$interp_prefix1\"" >> $config_mak
gdb_xml_files=""
TARGET_ARCH="$target_arch2"
TARGET_BASE_ARCH=""
TARGET_ABI_DIR=""
case "$target_arch2" in
i386)
target_phys_bits=32
;;
x86_64)
TARGET_BASE_ARCH=i386
target_phys_bits=64
;;
alpha)
target_phys_bits=64
;;
arm|armeb)
TARGET_ARCH=arm
bflt="yes"
target_nptl="yes"
gdb_xml_files="arm-core.xml arm-vfp.xml arm-vfp3.xml arm-neon.xml"
target_phys_bits=32
;;
cris)
target_nptl="yes"
target_phys_bits=32
;;
m68k)
bflt="yes"
gdb_xml_files="cf-core.xml cf-fp.xml"
target_phys_bits=32
;;
microblaze)
bflt="yes"
target_nptl="yes"
target_phys_bits=32
;;
mips|mipsel)
TARGET_ARCH=mips
echo "TARGET_ABI_MIPSO32=y" >> $config_mak
target_nptl="yes"
target_phys_bits=64
;;
mipsn32|mipsn32el)
TARGET_ARCH=mipsn32
TARGET_BASE_ARCH=mips
echo "TARGET_ABI_MIPSN32=y" >> $config_mak
target_phys_bits=64
;;
mips64|mips64el)
TARGET_ARCH=mips64
TARGET_BASE_ARCH=mips
echo "TARGET_ABI_MIPSN64=y" >> $config_mak
target_phys_bits=64
;;
ppc)
gdb_xml_files="power-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
target_phys_bits=32
target_nptl="yes"
;;
ppcemb)
TARGET_BASE_ARCH=ppc
TARGET_ABI_DIR=ppc
gdb_xml_files="power-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
target_phys_bits=64
target_nptl="yes"
;;
ppc64)
TARGET_BASE_ARCH=ppc
TARGET_ABI_DIR=ppc
gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
target_phys_bits=64
;;
ppc64abi32)
TARGET_ARCH=ppc64
TARGET_BASE_ARCH=ppc
TARGET_ABI_DIR=ppc
echo "TARGET_ABI32=y" >> $config_mak
gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
target_phys_bits=64
;;
sh4|sh4eb)
TARGET_ARCH=sh4
bflt="yes"
target_nptl="yes"
target_phys_bits=32
;;
sparc)
target_phys_bits=64
;;
sparc64)
TARGET_BASE_ARCH=sparc
elfload32="yes"
target_phys_bits=64
;;
sparc32plus)
TARGET_ARCH=sparc64
TARGET_BASE_ARCH=sparc
TARGET_ABI_DIR=sparc
echo "TARGET_ABI32=y" >> $config_mak
target_phys_bits=64
;;
*)
echo "Unsupported target CPU"
exit 1
;;
esac
echo "TARGET_ARCH=$TARGET_ARCH" >> $config_mak
echo "TARGET_ARCH2=$target_arch2" >> $config_mak
# TARGET_BASE_ARCH needs to be defined after TARGET_ARCH
if [ "$TARGET_BASE_ARCH" = "" ]; then
TARGET_BASE_ARCH=$TARGET_ARCH
fi
echo "TARGET_BASE_ARCH=$TARGET_BASE_ARCH" >> $config_mak
if [ "$TARGET_ABI_DIR" = "" ]; then
TARGET_ABI_DIR=$TARGET_ARCH
fi
echo "TARGET_ABI_DIR=$TARGET_ABI_DIR" >> $config_mak
if [ $target_phys_bits -lt $hostlongbits ] ; then
target_phys_bits=$hostlongbits
fi
case "$target_arch2" in
i386|x86_64)
if test "$xen" = "yes" -a "$target_softmmu" = "yes" ; then
echo "CONFIG_XEN=y" >> $config_mak
fi
if test $kqemu = "yes" -a "$target_softmmu" = "yes"
then
echo "CONFIG_KQEMU=y" >> $config_mak
fi
esac
case "$target_arch2" in
i386|x86_64|ppcemb|ppc|ppc64)
# Make sure the target and host cpus are compatible
if test "$kvm" = "yes" -a "$target_softmmu" = "yes" -a \
\( "$target_arch2" = "$cpu" -o \
\( "$target_arch2" = "ppcemb" -a "$cpu" = "ppc" \) -o \
\( "$target_arch2" = "ppc64" -a "$cpu" = "ppc" \) -o \
\( "$target_arch2" = "x86_64" -a "$cpu" = "i386" \) -o \
\( "$target_arch2" = "i386" -a "$cpu" = "x86_64" \) \) ; then
echo "CONFIG_KVM=y" >> $config_mak
echo "KVM_CFLAGS=$kvm_cflags" >> $config_mak
fi
esac
echo "HWLIB=../libhw$target_phys_bits/libqemuhw$target_phys_bits.a" >> $config_mak
echo "TARGET_PHYS_ADDR_BITS=$target_phys_bits" >> $config_mak
echo "subdir-$target: subdir-libhw$target_phys_bits" >> $config_host_mak
if test "$target_bigendian" = "yes" ; then
echo "TARGET_WORDS_BIGENDIAN=y" >> $config_mak
fi
if test "$target_softmmu" = "yes" ; then
echo "CONFIG_SOFTMMU=y" >> $config_mak
fi
if test "$target_user_only" = "yes" ; then
echo "CONFIG_USER_ONLY=y" >> $config_mak
fi
if test "$target_linux_user" = "yes" ; then
echo "CONFIG_LINUX_USER=y" >> $config_mak
fi
if test "$target_darwin_user" = "yes" ; then
echo "CONFIG_DARWIN_USER=y" >> $config_mak
fi
list=""
if test ! -z "$gdb_xml_files" ; then
for x in $gdb_xml_files; do
list="$list $source_path/gdb-xml/$x"
done
fi
echo "TARGET_XML_FILES=$list" >> $config_mak
case "$target_arch2" in
arm|armeb|m68k|microblaze|mips|mipsel|mipsn32|mipsn32el|mips64|mips64el|ppc|ppc64|ppc64abi32|ppcemb|sparc|sparc64|sparc32plus)
echo "CONFIG_SOFTFLOAT=y" >> $config_mak
;;
esac
if test "$target_user_only" = "yes" -a "$bflt" = "yes"; then
echo "TARGET_HAS_BFLT=y" >> $config_mak
fi
if test "$target_user_only" = "yes" \
-a "$nptl" = "yes" -a "$target_nptl" = "yes"; then
echo "CONFIG_USE_NPTL=y" >> $config_mak
fi
# 32 bit ELF loader in addition to native 64 bit loader?
if test "$target_user_only" = "yes" -a "$elfload32" = "yes"; then
echo "TARGET_HAS_ELFLOAD32=y" >> $config_mak
fi
if test "$target_user_only" = "yes" -a "$guest_base" = "yes"; then
echo "CONFIG_USE_GUEST_BASE=y" >> $config_mak
fi
if test "$target_bsd_user" = "yes" ; then
echo "CONFIG_BSD_USER=y" >> $config_mak
fi
# generate LDFLAGS for targets
ldflags=""
if test "$target_linux_user" = "yes" -o "$target_linux_user" = "yes" ; then
case "$ARCH" in
i386)
if test "$gprof" = "yes" -o "$static" = "yes" ; then
ldflags='-Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld'
else
# WARNING: this LDFLAGS is _very_ tricky : qemu is an ELF shared object
# that the kernel ELF loader considers as an executable. I think this
# is the simplest way to make it self virtualizable!
ldflags='-Wl,-shared'
fi
;;
sparc)
# -static is used to avoid g1/g3 usage by the dynamic linker
ldflags='-Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld -static'
;;
ia64)
ldflags='-Wl,-G0 -Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld -static'
;;
x86_64|ppc|ppc64|s390|sparc64|alpha|arm|m68k|mips|mips64)
ldflags='-Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld'
;;
esac
fi
if test "$target_softmmu" = "yes" ; then
case "$ARCH" in
ia64)
ldflags='-Wl,-G0 -Wl,-T../config-host.ld -Wl,-T,$(SRC_PATH)/$(ARCH).ld -static'
;;
esac
fi
if test "$ldflags" != "" ; then
echo "LDFLAGS+=$ldflags" >> $config_mak
fi
echo "/* Automatically generated by configure - do not modify */" > $config_h
echo "#include \"../config-host.h\"" >> $config_h
$SHELL $source_path/create_config < $config_mak >> $config_h
if test -f ${config_h}~ ; then
if cmp -s $config_h ${config_h}~ ; then
mv ${config_h}~ $config_h
else
rm ${config_h}~
fi
fi
done # for target in $targets
# build tree in object directory if source path is different from current one
if test "$source_path_used" = "yes" ; then
DIRS="tests tests/cris slirp audio block pc-bios/optionrom"
FILES="Makefile tests/Makefile"
FILES="$FILES tests/cris/Makefile tests/cris/.gdbinit"
FILES="$FILES tests/test-mmap.c"
FILES="$FILES pc-bios/optionrom/Makefile pc-bios/keymaps pc-bios/video.x"
for bios_file in $source_path/pc-bios/*.bin $source_path/pc-bios/*.dtb $source_path/pc-bios/openbios-*; do
FILES="$FILES pc-bios/`basename $bios_file`"
done
for dir in $DIRS ; do
mkdir -p $dir
done
# remove the link and recreate it, as not all "ln -sf" overwrite the link
for f in $FILES ; do
rm -f $f
ln -s $source_path/$f $f
done
fi
for hwlib in 32 64; do
d=libhw$hwlib
mkdir -p $d
rm -f $d/Makefile
ln -s $source_path/Makefile.hw $d/Makefile
echo "HWLIB=libqemuhw$hwlib.a" > $d/config.mak
echo "CPPFLAGS=-DTARGET_PHYS_ADDR_BITS=$hwlib" >> $d/config.mak
done