No need to use pthread directly, we have proper abstractions for
identity checking.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
RHBZ 737921
Spice client is required to connect to the migration target before/as migration
starts. Since after migration starts, the target qemu is blocked and cannot accept new spice client
we trigger the connection to the target upon client_migrate_info command.
client_migrate_info completion cb will be called after spice client has been
connected to the target (or a timeout). See following patches and spice patches.
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This allows to pass additional information to the notifier callback
which is useful if sender and receiver do not share any other distinct
data structure.
Will be used first for the clock reset notifier.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Make sure at least one port (port=.. or tls-port=...)
is specified. Also apply range checks to the port numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch raises the minimum required spice version to 0.6.0 and drops
a few ifdefs.
0.6.0 is the first stable release with the current libspice-server API,
there shouldn't be any 0.5.x development versions deployed any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Turn on SASL support by appending "sasl" to the spice arguments, which
requires that the client use SASL to authenticate with the spice. The
exact choice of authentication method used is controlled from the
system / user's SASL configuration file for the 'qemu' service. This
is typically found in /etc/sasl2/qemu.conf. If running QEMU as an
unprivileged user, an environment variable SASL_CONF_PATH can be used
to make it search alternate locations for the service config. While
some SASL auth methods can also provide data encryption (eg GSSAPI),
it is recommended that SASL always be combined with the 'tls' and
'x509' settings to enable use of SSL and server certificates. This
ensures a data encryption preventing compromise of authentication
credentials.
It requires support from spice 0.8.1.
[ kraxel: moved spell fix to separate commit ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Some people want to be able disable spice's guest <-> client copy paste support
because of security considerations.
[ kraxel: drop old-version error message ]
This was done with:
sed -i '/get_clock\>.*rt_clock/s/get_clock\>/get_clock_ms/' \
$(git grep -l 'get_clock\>.*rt_clock' )
sed -i '/new_timer\>.*rt_clock/s/new_timer\>/new_timer_ms/' \
$(git grep -l 'new_timer\>.*rt_clock' )
after checking that get_clock and new_timer never occur twice
on the same line. There were no missed occurrences; however, even
if there had been, they would have been caught by the compiler.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Handle spice client migration, i.e. inform a spice client connected
about the new host and connection parameters, so it can move over the
connection automatically.
The monitor command has a not-yet used protocol argument simliar to
set_password and expire_password commands. This allows to add a simliar
feature to vnc in the future. Daniel Berrange plans to work on this.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds new set_password and expire_password monitor commands
which allows to change and expire the password for spice and vnc
connections. See the doc update patch chunk for details.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The patch adds a 'query-spice' monitor command which returns
informations about the spice server configuration and also a list of
channel connections.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds support for connection events to spice. The events are
quite simliar to the vnc events. Unlike vnc spice uses multiple tcp
channels though. qemu will report every single tcp connection (aka
spice channel). If you want track spice sessions only you can filter
for the main channel (channel-type == 1).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qxl is a paravirtual graphics card. The qxl device is the bridge
between the guest and the spice server (aka libspice-server). The
spice server will send the rendering commands to the spice client, which
will actually render them.
The spice server is also able to render locally, which is done in case
the guest wants read something from video memory. Local rendering is
also used to support display over vnc and sdl.
qxl is activated using "-vga qxl". qxl supports multihead, additional
cards can be added via '-device qxl".
[ v2: add copyright to files ]
[ v2: use qemu-common.h for standard includes ]
[ v2: create separate qxl-vga device for primary ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add support for the spice audio interface. With this patch applied
audio can be forwarded over the network from/to the spice client. Both
recording and playback is supported.
The driver is first in the driver list, but the can_be_default flag is
set only in case spice is active. So if you have the spice protocol
enabled the spice audio driver is the default one, otherwise whatever
comes first after spice in the list. Overriding the default using
QEMU_AUDIO_DRV works in any case.
[ v2: audio codestyle: add spaces before open parenthesis ]
[ v2: add const to silence array ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: malc <av1474@comtv.ru>
Signed-off-by: malc <av1474@comtv.ru>
Open keyboard channel. Now you can type into the spice client and the
keyboard events are sent to your guest. You'll need some other display
like vnc to actually see the guest responding to them though.
Add -spice command line switch. Has support setting passwd and port for
now. With this patch applied the spice client can successfully connect
to qemu. You can't do anything useful yet though.