From 3dd7b1766b346e6edee8b6590c03e0b075975c35 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Thu, 18 Mar 2010 17:25:32 -0300 Subject: [PATCH 06/14] spice/vnc: add __com.redhat_set_password monitor command RH-Author: Gerd Hoffmann Message-id: <1268933140-655-7-git-send-email-kraxel@redhat.com> Patchwork-id: 7902 O-Subject: [RHEL-6 kvm PATCH v3 06/14] spice/vnc: add __com.redhat_set_password monitor command Bugzilla: 525935 RH-Acked-by: Markus Armbruster RH-Acked-by: Luiz Capitulino RH-Acked-by: Yonit Halperin Add monitor command to change the password/ticket for vnc and spice. Syntax: __com.redhat_set_password [ vnc | spice ] lifetime [ keep | fail | disconnect ] First parameter specifies the protocol affected by this command. Second parameter is the actual secret. Third parameter is the time (in seconds) this password is valid. Forth (optional) parameter specifies what should happen in case a connection exists: "fail" == make password change fail. "disconnect" == disconnect current connection. "keep" == do nothing. Default is keep. Only spice implements this. [ v2: accept only connected=keep for vnc which matches actual behavior ] [ v3: add .user_print = monitor_user_noop ] bugzilla: #525935 -- RFE: expire vnc password Signed-off-by: Gerd Hoffmann --- monitor.c | 1 + qemu-monitor.hx | 16 ++++++++++++++++ qemu-spice.h | 3 +++ spice.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 0 deletions(-) Signed-off-by: Eduardo Habkost --- monitor.c | 1 + qemu-monitor.hx | 16 ++++++++++++++++ qemu-spice.h | 3 +++ spice.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 0 deletions(-) diff --git a/monitor.c b/monitor.c index ec6a1a3..6a46906 100644 --- a/monitor.c +++ b/monitor.c @@ -34,6 +34,7 @@ #include "net.h" #include "net/slirp.h" #include "qemu-char.h" +#include "qemu-spice.h" #include "sysemu.h" #include "monitor.h" #include "readline.h" diff --git a/qemu-monitor.hx b/qemu-monitor.hx index 3fea9b1..0f9ab86 100644 --- a/qemu-monitor.hx +++ b/qemu-monitor.hx @@ -1089,6 +1089,22 @@ STEXI Enable the specified QMP capabilities ETEXI +#if defined(CONFIG_SPICE) + { + .name = "__com.redhat_set_password", + .args_type = "protocol:s,password:s,expiration:i,connected:s?", + .params = "protocol password expiration action-if-connected", + .help = "set spice/vnc password", + .user_print = monitor_user_noop, + .mhandler.cmd_new = mon_set_password, + }, +#endif + +STEXI +@item __com.redhat_set_password [ vnc | spice ] password expiration [ action-if-connected ] +change spice/vnc ticket +ETEXI + STEXI @end table ETEXI diff --git a/qemu-spice.h b/qemu-spice.h index 4d3e837..a49af38 100644 --- a/qemu-spice.h +++ b/qemu-spice.h @@ -7,6 +7,7 @@ #include "qemu-option.h" #include "qemu-config.h" +#include "qdict.h" struct VDInterface; extern int using_spice; @@ -22,6 +23,8 @@ void qxl_dev_init(PCIBus *bus); void qemu_spice_add_interface(struct VDInterface *interface); void qemu_spice_remove_interface(struct VDInterface *interface); +void mon_set_password(Monitor *mon, const QDict *qdict, QObject **ret_data); + #else /* CONFIG_SPICE */ #define using_spice 0 diff --git a/spice.c b/spice.c index dab6460..e374b63 100644 --- a/spice.c +++ b/spice.c @@ -10,6 +10,9 @@ #include "qemu-queue.h" #include "qemu-x509.h" #include "monitor.h" +#include "qerror.h" +#include "sysemu.h" +#include "vnc.h" /* core bits */ @@ -138,6 +141,57 @@ QemuOptsList qemu_spice_opts = { }, }; +void mon_set_password(Monitor *mon, const QDict *qdict, QObject **ret_data) +{ + const char *protocol = qdict_get_str(qdict, "protocol"); + const char *password = qdict_get_str(qdict, "password"); + const char *connected = qdict_get_try_str(qdict, "connected"); + int lifetime = qdict_get_int(qdict, "expiration"); + int disconnect_if_connected = 0; + int fail_if_connected = 0; + int rc; + + if (connected) { + if (strcmp(connected, "fail") == 0) { + fail_if_connected = 1; + } else if (strcmp(connected, "disconnect") == 0) { + disconnect_if_connected = 1; + } else if (strcmp(connected, "keep") == 0) { + /* nothing */ + } else { + qemu_error_new(QERR_INVALID_PARAMETER, "connected"); + return; + } + } + + if (strcmp(protocol, "spice") == 0) { + if (!s) { + /* correct one? spice isn't a device ,,, */ + qemu_error_new(QERR_DEVICE_NOT_ACTIVE, "spice"); + return; + } + rc = spice_server_set_ticket(s, password, lifetime, + fail_if_connected, + disconnect_if_connected); + if (rc != 0) { + qemu_error_new(QERR_SET_PASSWD_FAILED); + return; + } + + } else if (strcmp(protocol, "vnc") == 0) { + if (fail_if_connected || disconnect_if_connected) { + /* vnc supports "connected=keep" only */ + qemu_error_new(QERR_INVALID_PARAMETER, "connected"); + return; + } + if (vnc_display_password(NULL, password, lifetime) < 0) + qemu_error_new(QERR_SET_PASSWD_FAILED); + + } else { + qemu_error_new(QERR_INVALID_PARAMETER, "protocol"); + } +} + void qemu_spice_init(void) { QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head); -- 1.6.3.rc4.29.g8146