diff options
| author | Daniel P. Berrange <berrange@redhat.com> | 2017-02-03 12:06:43 +0000 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2017-02-08 14:59:37 +0100 |
| commit | 2a7e6857cd3178d705a49c4adde2f3af26ed3ae1 (patch) | |
| tree | 66ead94969bcd00145240e4262688942a5eef09d /qapi-schema.json | |
| parent | 1b1aeb5828c978af2ec4478e552884004f23c470 (diff) | |
| download | qemu-2a7e6857cd3178d705a49c4adde2f3af26ed3ae1.tar.gz | |
ui: fix reporting of VNC auth in query-vnc-servers
Currently the VNC authentication info is emitted at the
top level of the query-vnc-servers data. This is wrong
because the authentication scheme differs between plain
and websockets when TLS is enabled. We should instead
report auth against the individual servers. e.g.
(QEMU) query-vnc-servers
{
"return": [
{
"clients": [],
"id": "default",
"auth": "vencrypt",
"vencrypt": "x509-vnc",
"server": [
{
"host": "127.0.0.1"
"service": "5901",
"websocket": false,
"family": "ipv4",
"auth": "vencrypt",
"vencrypt": "x509-vnc"
},
{
"host": "127.0.0.1",
"service": "5902",
"websocket": true,
"family": "ipv4",
"auth": "vnc"
}
]
}
]
}
This also future proofs the QMP schema so that we can
cope with multiple VNC server instances, listening on
different interfaces or ports, with different auth
setup.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170203120649.15637-3-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'qapi-schema.json')
| -rw-r--r-- | qapi-schema.json | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/qapi-schema.json b/qapi-schema.json index cbdffddbc6..61151f34d0 100644 --- a/qapi-schema.json +++ b/qapi-schema.json @@ -1506,7 +1506,8 @@ # # The network connection information for server # -# @auth: #optional authentication method +# @auth: #optional authentication method used for +# the plain (non-websocket) VNC server # # Since: 2.1 ## @@ -1597,6 +1598,25 @@ 'tls-plain', 'x509-plain', 'tls-sasl', 'x509-sasl' ] } + +## +# @VncServerInfo2: +# +# The network connection information for server +# +# @auth: The current authentication type used by the servers +# +# @vencrypt: #optional The vencrypt sub authentication type used by the +# servers, only specified in case auth == vencrypt. +# +# Since: 2.9 +## +{ 'struct': 'VncServerInfo2', + 'base': 'VncBasicInfo', + 'data': { 'auth' : 'VncPrimaryAuth', + '*vencrypt' : 'VncVencryptSubAuth' } } + + ## # @VncInfo2: # @@ -1612,9 +1632,9 @@ # @clients: A list of @VncClientInfo of all currently connected clients. # The list can be empty, for obvious reasons. # -# @auth: The current authentication type used by the server +# @auth: The current authentication type used by the non-websockets servers # -# @vencrypt: #optional The vencrypt sub authentication type used by the server, +# @vencrypt: #optional The vencrypt authentication type used by the servers, # only specified in case auth == vencrypt. # # @display: #optional The display device the vnc server is linked to. @@ -1623,7 +1643,7 @@ ## { 'struct': 'VncInfo2', 'data': { 'id' : 'str', - 'server' : ['VncBasicInfo'], + 'server' : ['VncServerInfo2'], 'clients' : ['VncClientInfo'], 'auth' : 'VncPrimaryAuth', '*vencrypt' : 'VncVencryptSubAuth', |