Message ID | 1329140588-12722-1-git-send-email-berrange@redhat.com |
---|---|
State | New |
Headers | show |
On 02/13/12 14:43, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange@redhat.com> > > With the acceptance of some new APIs to libspice-server.so it > is possible to add support for SPICE to the 'add_client' > monitor command, bringing parity with VNC. Since SPICE can > use TLS or plain connections, the command also gains a new > 'tls' parameter to specify whether TLS should be attempted > on the injected client sockets. Added to spice patch queue. thanks, Gerd
On Mon, 13 Feb 2012 13:43:08 +0000 "Daniel P. Berrange" <berrange@redhat.com> wrote: > From: "Daniel P. Berrange" <berrange@redhat.com> > > With the acceptance of some new APIs to libspice-server.so it > is possible to add support for SPICE to the 'add_client' > monitor command, bringing parity with VNC. Since SPICE can > use TLS or plain connections, the command also gains a new > 'tls' parameter to specify whether TLS should be attempted > on the injected client sockets. > > This new feature is only enabled if building against a > libspice-server >= 0.10.1 > > * qmp-commands.hx: Add 'tls' parameter & missing doc for > 'skipauth' parameter > * monitor.c: Wire up SPICE for 'add_client' command > * ui/qemu-spice.h, ui/spice-core.c: Add qemu_spice_display_add_client > API to wire up from monitor > > [1] http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=d55b68b6b44f2499278fa860fb47ff22f5011faa > http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=bd07dde530d9504e1cfe7ed5837fc00c26f36716 > > Changes in v3: > - Added 'optional' flag to new parameters documented > - Added no-op impl of qemu_spice_display_add_client when > SPICE is disabled during build > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> FWIW: Acked-by: Luiz Capitulino <lcapitulino@redhat.com> > --- > monitor.c | 9 +++++++-- > qmp-commands.hx | 6 ++++-- > ui/qemu-spice.h | 6 ++++++ > ui/spice-core.c | 13 +++++++++++++ > 4 files changed, 30 insertions(+), 4 deletions(-) > > diff --git a/monitor.c b/monitor.c > index aadbdcb..0d4daad 100644 > --- a/monitor.c > +++ b/monitor.c > @@ -823,13 +823,18 @@ static int add_graphics_client(Monitor *mon, const QDict *qdict, QObject **ret_d > CharDriverState *s; > > if (strcmp(protocol, "spice") == 0) { > + int fd = monitor_get_fd(mon, fdname); > + int skipauth = qdict_get_try_bool(qdict, "skipauth", 0); > + int tls = qdict_get_try_bool(qdict, "tls", 0); > if (!using_spice) { > /* correct one? spice isn't a device ,,, */ > qerror_report(QERR_DEVICE_NOT_ACTIVE, "spice"); > return -1; > } > - qerror_report(QERR_ADD_CLIENT_FAILED); > - return -1; > + if (qemu_spice_display_add_client(fd, skipauth, tls) < 0) { > + close(fd); > + } > + return 0; > #ifdef CONFIG_VNC > } else if (strcmp(protocol, "vnc") == 0) { > int fd = monitor_get_fd(mon, fdname); > diff --git a/qmp-commands.hx b/qmp-commands.hx > index b5e2ab8..dee95f1 100644 > --- a/qmp-commands.hx > +++ b/qmp-commands.hx > @@ -910,8 +910,8 @@ EQMP > > { > .name = "add_client", > - .args_type = "protocol:s,fdname:s,skipauth:b?", > - .params = "protocol fdname skipauth", > + .args_type = "protocol:s,fdname:s,skipauth:b?,tls:b?", > + .params = "protocol fdname skipauth tls", > .help = "add a graphics client", > .user_print = monitor_user_noop, > .mhandler.cmd_new = add_graphics_client, > @@ -927,6 +927,8 @@ Arguments: > > - "protocol": protocol name (json-string) > - "fdname": file descriptor name (json-string) > +- "skipauth": whether to skip authentication (json-bool, optional) > +- "tls": whether to perform TLS (json-bool, optional) > > Example: > > diff --git a/ui/qemu-spice.h b/ui/qemu-spice.h > index c35b29c..3ce57b2 100644 > --- a/ui/qemu-spice.h > +++ b/ui/qemu-spice.h > @@ -33,6 +33,7 @@ void qemu_spice_init(void); > void qemu_spice_input_init(void); > void qemu_spice_audio_init(void); > void qemu_spice_display_init(DisplayState *ds); > +int qemu_spice_display_add_client(int csock, int skipauth, int tls); > int qemu_spice_add_interface(SpiceBaseInstance *sin); > int qemu_spice_set_passwd(const char *passwd, > bool fail_if_connected, bool disconnect_if_connected); > @@ -68,6 +69,11 @@ static inline int qemu_spice_migrate_info(const char *h, int p, int t, > return -1; > } > > +static inline int qemu_spice_display_add_client(int csock, int skipauth, int tls) > +{ > + return -1; > +} > + > #endif /* CONFIG_SPICE */ > > #endif /* QEMU_SPICE_H */ > diff --git a/ui/spice-core.c b/ui/spice-core.c > index 5639c6f..d98863e 100644 > --- a/ui/spice-core.c > +++ b/ui/spice-core.c > @@ -747,6 +747,19 @@ int qemu_spice_set_pw_expire(time_t expires) > return qemu_spice_set_ticket(false, false); > } > > +int qemu_spice_display_add_client(int csock, int skipauth, int tls) > +{ > +#if SPICE_SERVER_VERSION >= 0x000a01 > + if (tls) { > + return spice_server_add_ssl_client(spice_server, csock, skipauth); > + } else { > + return spice_server_add_client(spice_server, csock, skipauth); > + } > +#else > + return -1; > +#endif > +} > + > static void spice_register_config(void) > { > qemu_add_opts(&qemu_spice_opts);
diff --git a/monitor.c b/monitor.c index aadbdcb..0d4daad 100644 --- a/monitor.c +++ b/monitor.c @@ -823,13 +823,18 @@ static int add_graphics_client(Monitor *mon, const QDict *qdict, QObject **ret_d CharDriverState *s; if (strcmp(protocol, "spice") == 0) { + int fd = monitor_get_fd(mon, fdname); + int skipauth = qdict_get_try_bool(qdict, "skipauth", 0); + int tls = qdict_get_try_bool(qdict, "tls", 0); if (!using_spice) { /* correct one? spice isn't a device ,,, */ qerror_report(QERR_DEVICE_NOT_ACTIVE, "spice"); return -1; } - qerror_report(QERR_ADD_CLIENT_FAILED); - return -1; + if (qemu_spice_display_add_client(fd, skipauth, tls) < 0) { + close(fd); + } + return 0; #ifdef CONFIG_VNC } else if (strcmp(protocol, "vnc") == 0) { int fd = monitor_get_fd(mon, fdname); diff --git a/qmp-commands.hx b/qmp-commands.hx index b5e2ab8..dee95f1 100644 --- a/qmp-commands.hx +++ b/qmp-commands.hx @@ -910,8 +910,8 @@ EQMP { .name = "add_client", - .args_type = "protocol:s,fdname:s,skipauth:b?", - .params = "protocol fdname skipauth", + .args_type = "protocol:s,fdname:s,skipauth:b?,tls:b?", + .params = "protocol fdname skipauth tls", .help = "add a graphics client", .user_print = monitor_user_noop, .mhandler.cmd_new = add_graphics_client, @@ -927,6 +927,8 @@ Arguments: - "protocol": protocol name (json-string) - "fdname": file descriptor name (json-string) +- "skipauth": whether to skip authentication (json-bool, optional) +- "tls": whether to perform TLS (json-bool, optional) Example: diff --git a/ui/qemu-spice.h b/ui/qemu-spice.h index c35b29c..3ce57b2 100644 --- a/ui/qemu-spice.h +++ b/ui/qemu-spice.h @@ -33,6 +33,7 @@ void qemu_spice_init(void); void qemu_spice_input_init(void); void qemu_spice_audio_init(void); void qemu_spice_display_init(DisplayState *ds); +int qemu_spice_display_add_client(int csock, int skipauth, int tls); int qemu_spice_add_interface(SpiceBaseInstance *sin); int qemu_spice_set_passwd(const char *passwd, bool fail_if_connected, bool disconnect_if_connected); @@ -68,6 +69,11 @@ static inline int qemu_spice_migrate_info(const char *h, int p, int t, return -1; } +static inline int qemu_spice_display_add_client(int csock, int skipauth, int tls) +{ + return -1; +} + #endif /* CONFIG_SPICE */ #endif /* QEMU_SPICE_H */ diff --git a/ui/spice-core.c b/ui/spice-core.c index 5639c6f..d98863e 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -747,6 +747,19 @@ int qemu_spice_set_pw_expire(time_t expires) return qemu_spice_set_ticket(false, false); } +int qemu_spice_display_add_client(int csock, int skipauth, int tls) +{ +#if SPICE_SERVER_VERSION >= 0x000a01 + if (tls) { + return spice_server_add_ssl_client(spice_server, csock, skipauth); + } else { + return spice_server_add_client(spice_server, csock, skipauth); + } +#else + return -1; +#endif +} + static void spice_register_config(void) { qemu_add_opts(&qemu_spice_opts);