Revision 7572150c
b/hmp-commands.hx | ||
---|---|---|
1135 | 1135 |
ETEXI |
1136 | 1136 |
|
1137 | 1137 |
{ |
1138 |
.name = "set_password", |
|
1139 |
.args_type = "protocol:s,password:s,connected:s?", |
|
1140 |
.params = "protocol password action-if-connected", |
|
1141 |
.help = "set spice/vnc password", |
|
1142 |
.user_print = monitor_user_noop, |
|
1143 |
.mhandler.cmd_new = set_password, |
|
1144 |
}, |
|
1145 |
|
|
1146 |
STEXI |
|
1147 |
@item set_password [ vnc | spice ] password [ action-if-connected ] |
|
1148 |
@findex set_password |
|
1149 |
|
|
1150 |
Change spice/vnc password. Use zero to make the password stay valid |
|
1151 |
forever. @var{action-if-connected} specifies what should happen in |
|
1152 |
case a connection is established: @var{fail} makes the password change |
|
1153 |
fail. @var{disconnect} changes the password and disconnects the |
|
1154 |
client. @var{keep} changes the password and keeps the connection up. |
|
1155 |
@var{keep} is the default. |
|
1156 |
ETEXI |
|
1157 |
|
|
1158 |
{ |
|
1159 |
.name = "expire_password", |
|
1160 |
.args_type = "protocol:s,time:s", |
|
1161 |
.params = "protocol time", |
|
1162 |
.help = "set spice/vnc password expire-time", |
|
1163 |
.user_print = monitor_user_noop, |
|
1164 |
.mhandler.cmd_new = expire_password, |
|
1165 |
}, |
|
1166 |
|
|
1167 |
STEXI |
|
1168 |
@item expire_password [ vnc | spice ] expire-time |
|
1169 |
@findex expire_password |
|
1170 |
|
|
1171 |
Specify when a password for spice/vnc becomes |
|
1172 |
invalid. @var{expire-time} accepts: |
|
1173 |
|
|
1174 |
@table @var |
|
1175 |
@item now |
|
1176 |
Invalidate password instantly. |
|
1177 |
|
|
1178 |
@item never |
|
1179 |
Password stays valid forever. |
|
1180 |
|
|
1181 |
@item +nsec |
|
1182 |
Password stays valid for @var{nsec} seconds starting now. |
|
1183 |
|
|
1184 |
@item nsec |
|
1185 |
Password is invalidated at the given time. @var{nsec} are the seconds |
|
1186 |
passed since 1970, i.e. unix epoch. |
|
1187 |
|
|
1188 |
@end table |
|
1189 |
ETEXI |
|
1190 |
|
|
1191 |
{ |
|
1138 | 1192 |
.name = "info", |
1139 | 1193 |
.args_type = "item:s?", |
1140 | 1194 |
.params = "[subcommand]", |
b/monitor.c | ||
---|---|---|
34 | 34 |
#include "net.h" |
35 | 35 |
#include "net/slirp.h" |
36 | 36 |
#include "qemu-char.h" |
37 |
#include "ui/qemu-spice.h" |
|
37 | 38 |
#include "sysemu.h" |
38 | 39 |
#include "monitor.h" |
39 | 40 |
#include "readline.h" |
... | ... | |
1075 | 1076 |
return ret; |
1076 | 1077 |
} |
1077 | 1078 |
|
1079 |
static int set_password(Monitor *mon, const QDict *qdict, QObject **ret_data) |
|
1080 |
{ |
|
1081 |
const char *protocol = qdict_get_str(qdict, "protocol"); |
|
1082 |
const char *password = qdict_get_str(qdict, "password"); |
|
1083 |
const char *connected = qdict_get_try_str(qdict, "connected"); |
|
1084 |
int disconnect_if_connected = 0; |
|
1085 |
int fail_if_connected = 0; |
|
1086 |
int rc; |
|
1087 |
|
|
1088 |
if (connected) { |
|
1089 |
if (strcmp(connected, "fail") == 0) { |
|
1090 |
fail_if_connected = 1; |
|
1091 |
} else if (strcmp(connected, "disconnect") == 0) { |
|
1092 |
disconnect_if_connected = 1; |
|
1093 |
} else if (strcmp(connected, "keep") == 0) { |
|
1094 |
/* nothing */ |
|
1095 |
} else { |
|
1096 |
qerror_report(QERR_INVALID_PARAMETER, "connected"); |
|
1097 |
return -1; |
|
1098 |
} |
|
1099 |
} |
|
1100 |
|
|
1101 |
if (strcmp(protocol, "spice") == 0) { |
|
1102 |
if (!using_spice) { |
|
1103 |
/* correct one? spice isn't a device ,,, */ |
|
1104 |
qerror_report(QERR_DEVICE_NOT_ACTIVE, "spice"); |
|
1105 |
return -1; |
|
1106 |
} |
|
1107 |
rc = qemu_spice_set_passwd(password, fail_if_connected, |
|
1108 |
disconnect_if_connected); |
|
1109 |
if (rc != 0) { |
|
1110 |
qerror_report(QERR_SET_PASSWD_FAILED); |
|
1111 |
return -1; |
|
1112 |
} |
|
1113 |
return 0; |
|
1114 |
} |
|
1115 |
|
|
1116 |
if (strcmp(protocol, "vnc") == 0) { |
|
1117 |
if (fail_if_connected || disconnect_if_connected) { |
|
1118 |
/* vnc supports "connected=keep" only */ |
|
1119 |
qerror_report(QERR_INVALID_PARAMETER, "connected"); |
|
1120 |
return -1; |
|
1121 |
} |
|
1122 |
rc = vnc_display_password(NULL, password); |
|
1123 |
if (rc != 0) { |
|
1124 |
qerror_report(QERR_SET_PASSWD_FAILED); |
|
1125 |
return -1; |
|
1126 |
} |
|
1127 |
return 0; |
|
1128 |
} |
|
1129 |
|
|
1130 |
qerror_report(QERR_INVALID_PARAMETER, "protocol"); |
|
1131 |
return -1; |
|
1132 |
} |
|
1133 |
|
|
1134 |
static int expire_password(Monitor *mon, const QDict *qdict, QObject **ret_data) |
|
1135 |
{ |
|
1136 |
const char *protocol = qdict_get_str(qdict, "protocol"); |
|
1137 |
const char *whenstr = qdict_get_str(qdict, "time"); |
|
1138 |
time_t when; |
|
1139 |
int rc; |
|
1140 |
|
|
1141 |
if (strcmp(whenstr, "now")) { |
|
1142 |
when = 0; |
|
1143 |
} else if (strcmp(whenstr, "never")) { |
|
1144 |
when = TIME_MAX; |
|
1145 |
} else if (whenstr[0] == '+') { |
|
1146 |
when = time(NULL) + strtoull(whenstr+1, NULL, 10); |
|
1147 |
} else { |
|
1148 |
when = strtoull(whenstr, NULL, 10); |
|
1149 |
} |
|
1150 |
|
|
1151 |
if (strcmp(protocol, "spice") == 0) { |
|
1152 |
if (!using_spice) { |
|
1153 |
/* correct one? spice isn't a device ,,, */ |
|
1154 |
qerror_report(QERR_DEVICE_NOT_ACTIVE, "spice"); |
|
1155 |
return -1; |
|
1156 |
} |
|
1157 |
rc = qemu_spice_set_pw_expire(when); |
|
1158 |
if (rc != 0) { |
|
1159 |
qerror_report(QERR_SET_PASSWD_FAILED); |
|
1160 |
return -1; |
|
1161 |
} |
|
1162 |
return 0; |
|
1163 |
} |
|
1164 |
|
|
1165 |
if (strcmp(protocol, "vnc") == 0) { |
|
1166 |
rc = vnc_display_pw_expire(NULL, when); |
|
1167 |
if (rc != 0) { |
|
1168 |
qerror_report(QERR_SET_PASSWD_FAILED); |
|
1169 |
return -1; |
|
1170 |
} |
|
1171 |
return 0; |
|
1172 |
} |
|
1173 |
|
|
1174 |
qerror_report(QERR_INVALID_PARAMETER, "protocol"); |
|
1175 |
return -1; |
|
1176 |
} |
|
1177 |
|
|
1078 | 1178 |
static int do_screen_dump(Monitor *mon, const QDict *qdict, QObject **ret_data) |
1079 | 1179 |
{ |
1080 | 1180 |
vga_hw_screen_dump(qdict_get_str(qdict, "filename")); |
b/qmp-commands.hx | ||
---|---|---|
738 | 738 |
EQMP |
739 | 739 |
|
740 | 740 |
{ |
741 |
.name = "set_password", |
|
742 |
.args_type = "protocol:s,password:s,connected:s?", |
|
743 |
.params = "protocol password action-if-connected", |
|
744 |
.help = "set spice/vnc password", |
|
745 |
.user_print = monitor_user_noop, |
|
746 |
.mhandler.cmd_new = set_password, |
|
747 |
}, |
|
748 |
|
|
749 |
SQMP |
|
750 |
set_password |
|
751 |
------------ |
|
752 |
|
|
753 |
Set the password for vnc/spice protocols. |
|
754 |
|
|
755 |
Arguments: |
|
756 |
|
|
757 |
- "protocol": protocol name (json-string) |
|
758 |
- "password": password (json-string) |
|
759 |
- "connected": [ keep | disconnect | fail ] (josn-string, optional) |
|
760 |
|
|
761 |
Example: |
|
762 |
|
|
763 |
-> { "execute": "set_password", "arguments": { "protocol": "vnc", |
|
764 |
"password": "secret" } } |
|
765 |
<- { "return": {} } |
|
766 |
|
|
767 |
EQMP |
|
768 |
|
|
769 |
{ |
|
770 |
.name = "expire_password", |
|
771 |
.args_type = "protocol:s,time:s", |
|
772 |
.params = "protocol time", |
|
773 |
.help = "set spice/vnc password expire-time", |
|
774 |
.user_print = monitor_user_noop, |
|
775 |
.mhandler.cmd_new = expire_password, |
|
776 |
}, |
|
777 |
|
|
778 |
SQMP |
|
779 |
expire_password |
|
780 |
--------------- |
|
781 |
|
|
782 |
Set the password expire time for vnc/spice protocols. |
|
783 |
|
|
784 |
Arguments: |
|
785 |
|
|
786 |
- "protocol": protocol name (json-string) |
|
787 |
- "time": [ now | never | +secs | secs ] (json-string) |
|
788 |
|
|
789 |
Example: |
|
790 |
|
|
791 |
-> { "execute": "expire_password", "arguments": { "protocol": "vnc", |
|
792 |
"time": "+60" } } |
|
793 |
<- { "return": {} } |
|
794 |
|
|
795 |
EQMP |
|
796 |
|
|
797 |
{ |
|
741 | 798 |
.name = "qmp_capabilities", |
742 | 799 |
.args_type = "", |
743 | 800 |
.params = "", |
b/ui/qemu-spice.h | ||
---|---|---|
32 | 32 |
void qemu_spice_audio_init(void); |
33 | 33 |
void qemu_spice_display_init(DisplayState *ds); |
34 | 34 |
int qemu_spice_add_interface(SpiceBaseInstance *sin); |
35 |
int qemu_spice_set_passwd(const char *passwd, |
|
36 |
bool fail_if_connected, bool disconnect_if_connected); |
|
37 |
int qemu_spice_set_pw_expire(time_t expires); |
|
35 | 38 |
|
36 | 39 |
void do_info_spice_print(Monitor *mon, const QObject *data); |
37 | 40 |
void do_info_spice(Monitor *mon, QObject **ret_data); |
... | ... | |
39 | 42 |
#else /* CONFIG_SPICE */ |
40 | 43 |
|
41 | 44 |
#define using_spice 0 |
45 |
#define qemu_spice_set_passwd(_p, _f1, _f2) (-1) |
|
46 |
#define qemu_spice_set_pw_expire(_e) (-1) |
|
42 | 47 |
|
43 | 48 |
#endif /* CONFIG_SPICE */ |
44 | 49 |
|
b/ui/spice-core.c | ||
---|---|---|
36 | 36 |
|
37 | 37 |
static SpiceServer *spice_server; |
38 | 38 |
static const char *auth = "spice"; |
39 |
static char *auth_passwd; |
|
40 |
static time_t auth_expires = TIME_MAX; |
|
39 | 41 |
int using_spice = 0; |
40 | 42 |
|
41 | 43 |
struct SpiceTimer { |
... | ... | |
599 | 601 |
return spice_server_add_interface(spice_server, sin); |
600 | 602 |
} |
601 | 603 |
|
604 |
static int qemu_spice_set_ticket(bool fail_if_conn, bool disconnect_if_conn) |
|
605 |
{ |
|
606 |
time_t lifetime, now = time(NULL); |
|
607 |
char *passwd; |
|
608 |
|
|
609 |
if (now < auth_expires) { |
|
610 |
passwd = auth_passwd; |
|
611 |
lifetime = (auth_expires - now); |
|
612 |
if (lifetime > INT_MAX) { |
|
613 |
lifetime = INT_MAX; |
|
614 |
} |
|
615 |
} else { |
|
616 |
passwd = NULL; |
|
617 |
lifetime = 1; |
|
618 |
} |
|
619 |
return spice_server_set_ticket(spice_server, passwd, lifetime, |
|
620 |
fail_if_conn, disconnect_if_conn); |
|
621 |
} |
|
622 |
|
|
623 |
int qemu_spice_set_passwd(const char *passwd, |
|
624 |
bool fail_if_conn, bool disconnect_if_conn) |
|
625 |
{ |
|
626 |
free(auth_passwd); |
|
627 |
auth_passwd = strdup(passwd); |
|
628 |
return qemu_spice_set_ticket(fail_if_conn, disconnect_if_conn); |
|
629 |
} |
|
630 |
|
|
631 |
int qemu_spice_set_pw_expire(time_t expires) |
|
632 |
{ |
|
633 |
auth_expires = expires; |
|
634 |
return qemu_spice_set_ticket(false, false); |
|
635 |
} |
|
636 |
|
|
602 | 637 |
static void spice_register_config(void) |
603 | 638 |
{ |
604 | 639 |
qemu_add_opts(&qemu_spice_opts); |
Also available in: Unified diff