[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 05/18] qapi/monitor: allow VNC display id in set/expire_password
From: |
Dr. David Alan Gilbert (git) |
Subject: |
[PULL 05/18] qapi/monitor: allow VNC display id in set/expire_password |
Date: |
Wed, 2 Mar 2022 18:29:23 +0000 |
From: Stefan Reiter <s.reiter@proxmox.com>
It is possible to specify more than one VNC server on the command line,
either with an explicit ID or the auto-generated ones à la "default",
"vnc2", "vnc3", ...
It is not possible to change the password on one of these extra VNC
displays though. Fix this by adding a "display" parameter to the
"set_password" and "expire_password" QMP and HMP commands.
For HMP, the display is specified using the "-d" value flag.
For QMP, the schema is updated to explicitly express the supported
variants of the commands with protocol-discriminated unions.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
[FE: update "Since: " from 6.2 to 7.0
make @connected a common member of @SetPasswordOptions]
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
Message-Id: <20220225084949.35746-4-f.ebner@proxmox.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
hmp-commands.hx | 24 ++++++------
monitor/hmp-cmds.c | 40 +++++++++++++------
monitor/qmp-cmds.c | 34 +++++++---------
qapi/ui.json | 96 +++++++++++++++++++++++++++++++++++-----------
4 files changed, 129 insertions(+), 65 deletions(-)
diff --git a/hmp-commands.hx b/hmp-commands.hx
index 70a9136ac2..8476277aa9 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1514,33 +1514,35 @@ ERST
{
.name = "set_password",
- .args_type = "protocol:s,password:s,connected:s?",
- .params = "protocol password action-if-connected",
+ .args_type = "protocol:s,password:s,display:-ds,connected:s?",
+ .params = "protocol password [-d display] [action-if-connected]",
.help = "set spice/vnc password",
.cmd = hmp_set_password,
},
SRST
-``set_password [ vnc | spice ] password [ action-if-connected ]``
- Change spice/vnc password. *action-if-connected* specifies what
- should happen in case a connection is established: *fail* makes the
- password change fail. *disconnect* changes the password and
+``set_password [ vnc | spice ] password [ -d display ] [ action-if-connected
]``
+ Change spice/vnc password. *display* can be used with 'vnc' to specify
+ which display to set the password on. *action-if-connected* specifies
+ what should happen in case a connection is established: *fail* makes
+ the password change fail. *disconnect* changes the password and
disconnects the client. *keep* changes the password and keeps the
connection up. *keep* is the default.
ERST
{
.name = "expire_password",
- .args_type = "protocol:s,time:s",
- .params = "protocol time",
+ .args_type = "protocol:s,time:s,display:-ds",
+ .params = "protocol time [-d display]",
.help = "set spice/vnc password expire-time",
.cmd = hmp_expire_password,
},
SRST
-``expire_password [ vnc | spice ]`` *expire-time*
- Specify when a password for spice/vnc becomes
- invalid. *expire-time* accepts:
+``expire_password [ vnc | spice ] expire-time [ -d display ]``
+ Specify when a password for spice/vnc becomes invalid.
+ *display* behaves the same as in ``set_password``.
+ *expire-time* accepts:
``now``
Invalidate password instantly.
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index ff78741b75..634968498b 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -1396,24 +1396,33 @@ void hmp_set_password(Monitor *mon, const QDict *qdict)
{
const char *protocol = qdict_get_str(qdict, "protocol");
const char *password = qdict_get_str(qdict, "password");
+ const char *display = qdict_get_try_str(qdict, "display");
const char *connected = qdict_get_try_str(qdict, "connected");
Error *err = NULL;
- DisplayProtocol proto;
- SetPasswordAction conn;
- proto = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
- DISPLAY_PROTOCOL_VNC, &err);
+ SetPasswordOptions opts = {
+ .password = (char *)password,
+ .has_connected = !!connected,
+ };
+
+ opts.connected = qapi_enum_parse(&SetPasswordAction_lookup, connected,
+ SET_PASSWORD_ACTION_KEEP, &err);
if (err) {
goto out;
}
- conn = qapi_enum_parse(&SetPasswordAction_lookup, connected,
- SET_PASSWORD_ACTION_KEEP, &err);
+ opts.protocol = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
+ DISPLAY_PROTOCOL_VNC, &err);
if (err) {
goto out;
}
- qmp_set_password(proto, password, !!connected, conn, &err);
+ if (opts.protocol == DISPLAY_PROTOCOL_VNC) {
+ opts.u.vnc.has_display = !!display;
+ opts.u.vnc.display = (char *)display;
+ }
+
+ qmp_set_password(&opts, &err);
out:
hmp_handle_error(mon, err);
@@ -1423,16 +1432,25 @@ void hmp_expire_password(Monitor *mon, const QDict
*qdict)
{
const char *protocol = qdict_get_str(qdict, "protocol");
const char *whenstr = qdict_get_str(qdict, "time");
+ const char *display = qdict_get_try_str(qdict, "display");
Error *err = NULL;
- DisplayProtocol proto;
- proto = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
- DISPLAY_PROTOCOL_VNC, &err);
+ ExpirePasswordOptions opts = {
+ .time = (char *)whenstr,
+ };
+
+ opts.protocol = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
+ DISPLAY_PROTOCOL_VNC, &err);
if (err) {
goto out;
}
- qmp_expire_password(proto, whenstr, &err);
+ if (opts.protocol == DISPLAY_PROTOCOL_VNC) {
+ opts.u.vnc.has_display = !!display;
+ opts.u.vnc.display = (char *)display;
+ }
+
+ qmp_expire_password(&opts, &err);
out:
hmp_handle_error(mon, err);
diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c
index b6e8b57fcc..df97582dd4 100644
--- a/monitor/qmp-cmds.c
+++ b/monitor/qmp-cmds.c
@@ -168,35 +168,27 @@ void qmp_system_wakeup(Error **errp)
qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER, errp);
}
-void qmp_set_password(DisplayProtocol protocol, const char *password,
- bool has_connected, SetPasswordAction connected,
- Error **errp)
+void qmp_set_password(SetPasswordOptions *opts, Error **errp)
{
- int disconnect_if_connected = 0;
- int fail_if_connected = 0;
int rc;
- if (has_connected) {
- fail_if_connected = connected == SET_PASSWORD_ACTION_FAIL;
- disconnect_if_connected = connected == SET_PASSWORD_ACTION_DISCONNECT;
- }
-
- if (protocol == DISPLAY_PROTOCOL_SPICE) {
+ if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
if (!qemu_using_spice(errp)) {
return;
}
- rc = qemu_spice.set_passwd(password, fail_if_connected,
- disconnect_if_connected);
+ rc = qemu_spice.set_passwd(opts->password,
+ opts->connected == SET_PASSWORD_ACTION_FAIL,
+ opts->connected == SET_PASSWORD_ACTION_DISCONNECT);
} else {
- assert(protocol == DISPLAY_PROTOCOL_VNC);
- if (fail_if_connected || disconnect_if_connected) {
+ assert(opts->protocol == DISPLAY_PROTOCOL_VNC);
+ if (opts->connected != SET_PASSWORD_ACTION_KEEP) {
/* vnc supports "connected=keep" only */
error_setg(errp, QERR_INVALID_PARAMETER, "connected");
return;
}
/* Note that setting an empty password will not disable login through
* this interface. */
- rc = vnc_display_password(NULL, password);
+ rc = vnc_display_password(opts->u.vnc.display, opts->password);
}
if (rc != 0) {
@@ -204,11 +196,11 @@ void qmp_set_password(DisplayProtocol protocol, const
char *password,
}
}
-void qmp_expire_password(DisplayProtocol protocol, const char *whenstr,
- Error **errp)
+void qmp_expire_password(ExpirePasswordOptions *opts, Error **errp)
{
time_t when;
int rc;
+ const char *whenstr = opts->time;
if (strcmp(whenstr, "now") == 0) {
when = 0;
@@ -220,14 +212,14 @@ void qmp_expire_password(DisplayProtocol protocol, const
char *whenstr,
when = strtoull(whenstr, NULL, 10);
}
- if (protocol == DISPLAY_PROTOCOL_SPICE) {
+ if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
if (!qemu_using_spice(errp)) {
return;
}
rc = qemu_spice.set_pw_expire(when);
} else {
- assert(protocol == DISPLAY_PROTOCOL_VNC);
- rc = vnc_display_pw_expire(NULL, when);
+ assert(opts->protocol == DISPLAY_PROTOCOL_VNC);
+ rc = vnc_display_pw_expire(opts->u.vnc.display, when);
}
if (rc != 0) {
diff --git a/qapi/ui.json b/qapi/ui.json
index e112409211..4a13f883a3 100644
--- a/qapi/ui.json
+++ b/qapi/ui.json
@@ -38,20 +38,47 @@
'data': [ 'keep', 'fail', 'disconnect' ] }
##
-# @set_password:
+# @SetPasswordOptions:
#
-# Sets the password of a remote display session.
+# Options for set_password.
#
# @protocol: - 'vnc' to modify the VNC server password
# - 'spice' to modify the Spice server password
#
# @password: the new password
#
-# @connected: how to handle existing clients when changing the
-# password. If nothing is specified, defaults to 'keep'
-# 'fail' to fail the command if clients are connected
-# 'disconnect' to disconnect existing clients
-# 'keep' to maintain existing clients
+# @connected: How to handle existing clients when changing the
+# password. If nothing is specified, defaults to 'keep'.
+# For VNC, only 'keep' is currently implemented.
+#
+# Since: 7.0
+#
+##
+{ 'union': 'SetPasswordOptions',
+ 'base': { 'protocol': 'DisplayProtocol',
+ 'password': 'str',
+ '*connected': 'SetPasswordAction' },
+ 'discriminator': 'protocol',
+ 'data': { 'vnc': 'SetPasswordOptionsVnc' } }
+
+##
+# @SetPasswordOptionsVnc:
+#
+# Options for set_password specific to the VNC procotol.
+#
+# @display: The id of the display where the password should be changed.
+# Defaults to the first.
+#
+# Since: 7.0
+#
+##
+{ 'struct': 'SetPasswordOptionsVnc',
+ 'data': { '*display': 'str' } }
+
+##
+# @set_password:
+#
+# Set the password of a remote display server.
#
# Returns: - Nothing on success
# - If Spice is not enabled, DeviceNotFound
@@ -65,17 +92,15 @@
# <- { "return": {} }
#
##
-{ 'command': 'set_password',
- 'data': { 'protocol': 'DisplayProtocol',
- 'password': 'str',
- '*connected': 'SetPasswordAction' } }
+{ 'command': 'set_password', 'boxed': true, 'data': 'SetPasswordOptions' }
##
-# @expire_password:
+# @ExpirePasswordOptions:
#
-# Expire the password of a remote display server.
+# General options for expire_password.
#
-# @protocol: the name of the remote display protocol 'vnc' or 'spice'
+# @protocol: - 'vnc' to modify the VNC server expiration
+# - 'spice' to modify the Spice server expiration
#
# @time: when to expire the password.
#
@@ -84,16 +109,45 @@
# - '+INT' where INT is the number of seconds from now (integer)
# - 'INT' where INT is the absolute time in seconds
#
-# Returns: - Nothing on success
-# - If @protocol is 'spice' and Spice is not active, DeviceNotFound
-#
-# Since: 0.14
-#
# Notes: Time is relative to the server and currently there is no way to
# coordinate server time with client time. It is not recommended to
# use the absolute time version of the @time parameter unless you're
# sure you are on the same machine as the QEMU instance.
#
+# Since: 7.0
+#
+##
+{ 'union': 'ExpirePasswordOptions',
+ 'base': { 'protocol': 'DisplayProtocol',
+ 'time': 'str' },
+ 'discriminator': 'protocol',
+ 'data': { 'vnc': 'ExpirePasswordOptionsVnc' } }
+
+##
+# @ExpirePasswordOptionsVnc:
+#
+# Options for expire_password specific to the VNC procotol.
+#
+# @display: The id of the display where the expiration should be changed.
+# Defaults to the first.
+#
+# Since: 7.0
+#
+##
+
+{ 'struct': 'ExpirePasswordOptionsVnc',
+ 'data': { '*display': 'str' } }
+
+##
+# @expire_password:
+#
+# Expire the password of a remote display server.
+#
+# Returns: - Nothing on success
+# - If @protocol is 'spice' and Spice is not active, DeviceNotFound
+#
+# Since: 0.14
+#
# Example:
#
# -> { "execute": "expire_password", "arguments": { "protocol": "vnc",
@@ -101,9 +155,7 @@
# <- { "return": {} }
#
##
-{ 'command': 'expire_password',
- 'data': { 'protocol': 'DisplayProtocol',
- 'time': 'str' } }
+{ 'command': 'expire_password', 'boxed': true, 'data': 'ExpirePasswordOptions'
}
##
# @screendump:
--
2.35.1
- [PULL 00/18] migration queue, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 01/18] clock-vmstate: Add missing END_OF_LIST, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 03/18] monitor/hmp: add support for flag argument with value, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 04/18] qapi/monitor: refactor set/expire_password with enums, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 02/18] virtiofsd: Let meson check for statx.stx_mnt_id, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 08/18] migration: Finer grained tracepoints for POSTCOPY_LISTEN, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 07/18] migration: Dump sub-cmd name in loadvm_process_command tp, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 05/18] qapi/monitor: allow VNC display id in set/expire_password,
Dr. David Alan Gilbert (git) <=
- [PULL 06/18] migration/rdma: set the REUSEADDR option for destination, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 09/18] migration: Tracepoint change in postcopy-run bottom half, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 11/18] migration: Dump ramblock and offset too when non-same-page detected, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 14/18] migration: Enlarge postcopy recovery to capture !-EIO too, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 10/18] migration: Introduce postcopy channels on dest node, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 13/18] migration: Move static var in ram_block_from_stream() into global, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 12/18] migration: Add postcopy_thread_create(), Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 15/18] migration: postcopy_pause_fault_thread() never fails, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 16/18] migration: Add migration_incoming_transport_cleanup(), Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 17/18] tests: Pass in MigrateStart** into test_migrate_start(), Dr. David Alan Gilbert (git), 2022/03/02