The <code>listen</code> attribute is an IP address for the server to
listen on. The <code>passwd</code> attribute provides a VNC password
in clear text. The <code>keymap</code> attribute specifies the keymap
- to use.
+ to use. It is possible to set a limit on the validity of the password
+ be giving an timestamp <code>passwdValidTo='2010-04-09T15:51:00'</code>
+ assumed to be in UTC. NB, this may not be supported by all hypervisors.
</dd>
<dt><code>"spice"</code></dt>
<dd>
The <code>listen</code> attribute is an IP address for the server to
listen on. The <code>passwd</code> attribute provides a SPICE password
in clear text. The <code>keymap</code> attribute specifies the keymap
- to use.
+ to use. It is possible to set a limit on the validity of the password
+ be giving an timestamp <code>passwdValidTo='2010-04-09T15:51:00'</code>
+ assumed to be in UTC. NB, this may not be supported by all hypervisors.
</dd>
<dt><code>"rdp"</code></dt>
<dd>
return obj;
}
+static void
+virDomainGraphicsAuthDefClear(virDomainGraphicsAuthDefPtr def)
+{
+ if (!def)
+ return;
+
+ VIR_FREE(def->passwd);
+
+ /* Don't free def */
+}
+
void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def)
{
if (!def)
case VIR_DOMAIN_GRAPHICS_TYPE_VNC:
VIR_FREE(def->data.vnc.listenAddr);
VIR_FREE(def->data.vnc.keymap);
- VIR_FREE(def->data.vnc.passwd);
+ virDomainGraphicsAuthDefClear(&def->data.vnc.auth);
break;
case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
VIR_FREE(def->data.spice.listenAddr);
VIR_FREE(def->data.spice.keymap);
- VIR_FREE(def->data.spice.passwd);
+ virDomainGraphicsAuthDefClear(&def->data.spice.auth);
break;
}
goto cleanup;
}
+
+static int
+virDomainGraphicsAuthDefParseXML(xmlNodePtr node, virDomainGraphicsAuthDefPtr def)
+{
+ char *validTo = NULL;
+
+ def->passwd = virXMLPropString(node, "passwd");
+
+ if (!def->passwd)
+ return 0;
+
+ validTo = virXMLPropString(node, "passwdValidTo");
+ if (validTo) {
+ char *tmp;
+ struct tm tm;
+ memset(&tm, 0, sizeof(tm));
+ /* Expect: YYYY-MM-DDTHH:MM:SS (%d-%d-%dT%d:%d:%d) eg 2010-11-28T14:29:01 */
+ if (/* year */
+ virStrToLong_i(validTo, &tmp, 10, &tm.tm_year) < 0 || *tmp != '-' ||
+ /* month */
+ virStrToLong_i(tmp+1, &tmp, 10, &tm.tm_mon) < 0 || *tmp != '-' ||
+ /* day */
+ virStrToLong_i(tmp+1, &tmp, 10, &tm.tm_mday) < 0 || *tmp != 'T' ||
+ /* hour */
+ virStrToLong_i(tmp+1, &tmp, 10, &tm.tm_hour) < 0 || *tmp != ':' ||
+ /* minute */
+ virStrToLong_i(tmp+1, &tmp, 10, &tm.tm_min) < 0 || *tmp != ':' ||
+ /* second */
+ virStrToLong_i(tmp+1, &tmp, 10, &tm.tm_sec) < 0 || *tmp != '\0') {
+ virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot parse password validity time '%s', expect YYYY-MM-DDTHH:MM:SS"),
+ validTo);
+ VIR_FREE(validTo);
+ VIR_FREE(def->passwd);
+ return -1;
+ }
+ VIR_FREE(validTo);
+
+ tm.tm_year -= 1900; /* Human epoch starts at 0 BC, not 1900BC */
+ tm.tm_mon--; /* Humans start months at 1, computers at 0 */
+
+ def->validTo = timegm(&tm);
+ def->expires = 1;
+ }
+
+ return 0;
+}
+
+
/* Parse the XML definition for a graphics device */
static virDomainGraphicsDefPtr
virDomainGraphicsDefParseXML(xmlNodePtr node, int flags) {
}
def->data.vnc.listenAddr = virXMLPropString(node, "listen");
- def->data.vnc.passwd = virXMLPropString(node, "passwd");
def->data.vnc.keymap = virXMLPropString(node, "keymap");
+
+ if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth) < 0)
+ goto error;
} else if (def->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL) {
char *fullscreen = virXMLPropString(node, "fullscreen");
}
def->data.spice.listenAddr = virXMLPropString(node, "listen");
- def->data.spice.passwd = virXMLPropString(node, "passwd");
def->data.spice.keymap = virXMLPropString(node, "keymap");
+ if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth) < 0)
+ goto error;
}
cleanup:
return 0;
}
+static void
+virDomainGraphicsAuthDefFormatAttr(virBufferPtr buf,
+ virDomainGraphicsAuthDefPtr def,
+ unsigned int flags)
+{
+ if (!def->passwd)
+ return;
+
+ if (flags & VIR_DOMAIN_XML_SECURE)
+ virBufferEscapeString(buf, " passwd='%s'",
+ def->passwd);
+
+ if (def->expires) {
+ char strbuf[100];
+ struct tm tmbuf, *tm;
+ tm = gmtime_r(&def->validTo, &tmbuf);
+ strftime(strbuf, sizeof(strbuf), "%Y-%m-%dT%H:%M:%S", tm);
+ virBufferVSprintf(buf, " passwdValidTo='%s'", strbuf);
+ }
+}
+
static int
virDomainGraphicsDefFormat(virBufferPtr buf,
virDomainGraphicsDefPtr def,
virBufferEscapeString(buf, " keymap='%s'",
def->data.vnc.keymap);
- if (def->data.vnc.passwd &&
- (flags & VIR_DOMAIN_XML_SECURE))
- virBufferEscapeString(buf, " passwd='%s'",
- def->data.vnc.passwd);
-
+ virDomainGraphicsAuthDefFormatAttr(buf, &def->data.vnc.auth, flags);
break;
case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
virBufferEscapeString(buf, " keymap='%s'",
def->data.spice.keymap);
- if (def->data.spice.passwd &&
- (flags & VIR_DOMAIN_XML_SECURE))
- virBufferEscapeString(buf, " passwd='%s'",
- def->data.spice.passwd);
-
+ virDomainGraphicsAuthDefFormatAttr(buf, &def->data.spice.auth, flags);
break;
}
VIR_DOMAIN_GRAPHICS_TYPE_LAST,
};
+typedef struct _virDomainGraphicsAuthDef virDomainGraphicsAuthDef;
+typedef virDomainGraphicsAuthDef *virDomainGraphicsAuthDefPtr;
+struct _virDomainGraphicsAuthDef {
+ char *passwd;
+ unsigned int expires: 1; /* Whether there is an expiry time set */
+ time_t validTo; /* seconds since epoch */
+};
+
+
typedef struct _virDomainGraphicsDef virDomainGraphicsDef;
typedef virDomainGraphicsDef *virDomainGraphicsDefPtr;
struct _virDomainGraphicsDef {
unsigned int autoport :1;
char *listenAddr;
char *keymap;
- char *passwd;
+ virDomainGraphicsAuthDef auth;
} vnc;
struct {
char *display;
int tlsPort;
char *listenAddr;
char *keymap;
- char *passwd;
+ virDomainGraphicsAuthDef auth;
unsigned int autoport :1;
} spice;
} data;
esxUtil_GetConfigString(conf, "RemoteDisplay.vnc.keymap",
&(*def)->data.vnc.keymap, true) < 0 ||
esxUtil_GetConfigString(conf, "RemoteDisplay.vnc.password",
- &(*def)->data.vnc.passwd, true) < 0) {
+ &(*def)->data.vnc.auth.passwd, true) < 0) {
goto failure;
}
def->data.vnc.keymap);
}
- if (def->data.vnc.passwd != NULL) {
+ if (def->data.vnc.auth.passwd != NULL) {
virBufferVSprintf(buffer, "RemoteDisplay.vnc.password = \"%s\"\n",
- def->data.vnc.passwd);
+ def->data.vnc.auth.passwd);
}
return 0;
virBufferVSprintf(&buf,",\n port = \"%d\"",
def->graphics[i]->data.vnc.port);
- if (def->graphics[i]->data.vnc.passwd != NULL)
+ if (def->graphics[i]->data.vnc.auth.passwd != NULL)
virBufferVSprintf(&buf,",\n passwd = \"%s\"",
- def->graphics[i]->data.vnc.passwd);
+ def->graphics[i]->data.vnc.auth.passwd);
virBufferAddLit(&buf," ]\n");
virBufferVSprintf(&opt, ":%d",
def->graphics[0]->data.vnc.port - 5900);
- if (def->graphics[0]->data.vnc.passwd ||
+ if (def->graphics[0]->data.vnc.auth.passwd ||
driver->vncPassword)
virBufferAddLit(&opt, ",password");
/* In the password case we set it via monitor command, to avoid
* making it visible on CLI, so there's no use of password=XXX
* in this bit of the code */
- if (!def->graphics[0]->data.spice.passwd &&
+ if (!def->graphics[0]->data.spice.auth.passwd &&
!driver->spicePassword)
virBufferAddLit(&opt, ",disable-ticketing");
if ((vm->def->ngraphics == 1) &&
vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
- (vm->def->graphics[0]->data.vnc.passwd || driver->vncPassword)) {
+ (vm->def->graphics[0]->data.vnc.auth.passwd || driver->vncPassword)) {
qemuDomainObjEnterMonitorWithDriver(driver, vm);
ret = qemuMonitorSetVNCPassword(priv->mon,
- vm->def->graphics[0]->data.vnc.passwd ?
- vm->def->graphics[0]->data.vnc.passwd :
+ vm->def->graphics[0]->data.vnc.auth.passwd ?
+ vm->def->graphics[0]->data.vnc.auth.passwd :
driver->vncPassword);
qemuDomainObjExitMonitorWithDriver(driver, vm);
}
return -1;
}
- if (STRNEQ_NULLABLE(olddev->data.vnc.passwd, dev->data.vnc.passwd)) {
- VIR_DEBUG("Updating password on VNC server %p %p", dev->data.vnc.passwd, driver->vncPassword);
+ if (STRNEQ_NULLABLE(olddev->data.vnc.auth.passwd, dev->data.vnc.auth.passwd)) {
+ VIR_DEBUG("Updating password on VNC server %p %p", dev->data.vnc.auth.passwd, driver->vncPassword);
qemuDomainObjEnterMonitorWithDriver(driver, vm);
ret = qemuMonitorSetVNCPassword(priv->mon,
- dev->data.vnc.passwd ?
- dev->data.vnc.passwd :
+ dev->data.vnc.auth.passwd ?
+ dev->data.vnc.auth.passwd :
driver->vncPassword);
qemuDomainObjExitMonitorWithDriver(driver, vm);
/* Steal the new dev's char * reference */
- VIR_FREE(olddev->data.vnc.passwd);
- olddev->data.vnc.passwd = dev->data.vnc.passwd;
- dev->data.vnc.passwd = NULL;
+ VIR_FREE(olddev->data.vnc.auth.passwd);
+ olddev->data.vnc.auth.passwd = dev->data.vnc.auth.passwd;
+ dev->data.vnc.auth.passwd = NULL;
} else {
ret = 0;
}
goto no_memory;
if (vncPasswd &&
- !(graphics->data.vnc.passwd = strdup(vncPasswd)))
+ !(graphics->data.vnc.auth.passwd = strdup(vncPasswd)))
goto no_memory;
if (keymap &&
goto no_memory;
if (vncPasswd &&
- !(graphics->data.vnc.passwd = strdup(vncPasswd)))
+ !(graphics->data.vnc.auth.passwd = strdup(vncPasswd)))
goto no_memory;
if (keymap &&
if (def->data.vnc.listenAddr)
virBufferVSprintf(buf, "(vnclisten '%s')", def->data.vnc.listenAddr);
- if (def->data.vnc.passwd)
- virBufferVSprintf(buf, "(vncpasswd '%s')", def->data.vnc.passwd);
+ if (def->data.vnc.auth.passwd)
+ virBufferVSprintf(buf, "(vncpasswd '%s')", def->data.vnc.auth.passwd);
if (def->data.vnc.keymap)
virBufferVSprintf(buf, "(keymap '%s')", def->data.vnc.keymap);
}
if (def->data.vnc.listenAddr)
virBufferVSprintf(buf, "(vnclisten '%s')", def->data.vnc.listenAddr);
- if (def->data.vnc.passwd)
- virBufferVSprintf(buf, "(vncpasswd '%s')", def->data.vnc.passwd);
+ if (def->data.vnc.auth.passwd)
+ virBufferVSprintf(buf, "(vncpasswd '%s')", def->data.vnc.auth.passwd);
if (def->data.vnc.keymap)
virBufferVSprintf(buf, "(keymap '%s')", def->data.vnc.keymap);
}
if (xenXMConfigCopyStringOpt(conf, "vnclisten", &graphics->data.vnc.listenAddr) < 0)
goto cleanup;
- if (xenXMConfigCopyStringOpt(conf, "vncpasswd", &graphics->data.vnc.passwd) < 0)
+ if (xenXMConfigCopyStringOpt(conf, "vncpasswd", &graphics->data.vnc.auth.passwd) < 0)
goto cleanup;
if (xenXMConfigCopyStringOpt(conf, "keymap", &graphics->data.vnc.keymap) < 0)
goto cleanup;
if (!(graphics->data.vnc.listenAddr = strdup(key + 10)))
goto no_memory;
} else if (STRPREFIX(key, "vncpasswd=")) {
- if (!(graphics->data.vnc.passwd = strdup(key + 10)))
+ if (!(graphics->data.vnc.auth.passwd = strdup(key + 10)))
goto no_memory;
} else if (STRPREFIX(key, "keymap=")) {
if (!(graphics->data.vnc.keymap = strdup(key + 7)))
xenXMConfigSetString(conf, "vnclisten",
def->graphics[0]->data.vnc.listenAddr) < 0)
goto no_memory;
- if (def->graphics[0]->data.vnc.passwd &&
+ if (def->graphics[0]->data.vnc.auth.passwd &&
xenXMConfigSetString(conf, "vncpasswd",
- def->graphics[0]->data.vnc.passwd) < 0)
+ def->graphics[0]->data.vnc.auth.passwd) < 0)
goto no_memory;
if (def->graphics[0]->data.vnc.keymap &&
xenXMConfigSetString(conf, "keymap",
if (def->graphics[0]->data.vnc.listenAddr)
virBufferVSprintf(&buf, ",vnclisten=%s",
def->graphics[0]->data.vnc.listenAddr);
- if (def->graphics[0]->data.vnc.passwd)
+ if (def->graphics[0]->data.vnc.auth.passwd)
virBufferVSprintf(&buf, ",vncpasswd=%s",
- def->graphics[0]->data.vnc.passwd);
+ def->graphics[0]->data.vnc.auth.passwd);
if (def->graphics[0]->data.vnc.keymap)
virBufferVSprintf(&buf, ",keymap=%s",
def->graphics[0]->data.vnc.keymap);
projects / libvirt.git / commitdiff