These changes the protocol the following way:
When the client announces it has SPICE_PLAYBACK_CAP_VOLUME, the server
can send PlaybackChannel.{volume,mute} messages to notify of volume
changes (respectively for RECORD).
If the client doesn't implement SPICE_PLAYBACK_CAP_VOLUME, the server can
handle the volume changes the way it prefers, for example, ignoring them or
applying volume effect on the server side etc..
Current version 2.0 of the SPICE protocol describes how the client
reply to the server SpiceLinkReply message with a RSA_public_encrypt()
of the password.
Instead of using the current Spice AUTH mechanism, we would like to
offer different AUTH mechanisms, in particular SASL, which is a
framework allowing different underlying mechanisms such as
GSSAPI/Kerberos v5 (and optionally adding a data security layer).
We could bump the protocol version, but that would make this feature
mandatory for the implementer of the protocol. By using the channel
caps, the client and server are left to negotiate and alter the AUTH
part of the protocol as follows:
- SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION, if set, the authentication
mechanism can be chosen during link phase. If both client and server
have this cap, the client MUST reply to SpiceLinkReply with a
SpiceLinkAuthMechanism message, with the value of the CAP_AUTH
mechanism choosen (a uint32 auth_mechanism). The following
authentication steps are described by the selected authentication
mechanism.
The differents mechanisms selectable via
SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION are also specified as part of
the common channel caps. They can be used only if both client and
server offer them.
Ex: no AUTH selection
C: SpiceLinkMess
S: SpiceLinkReply, CAP_PROTOCOL_AUTH_SELECTION not in common caps
- The client can't choose AUTH, and fallback on Spice RSA mechanism
Ex: AUTH selection
C: SpiceLinkMess, CAP_PROTOCOL_AUTH_SELECTION in common caps
S: SpiceLinkReply, CAP_PROTOCOL_AUTH_SELECTION in common caps
- The client MUST reply with SpiceLinkAuthMechanism
C: SpiceLinkAuthMechanism (with a matching CAP_AUTH)
- SPICE_COMMON_CAP_AUTH_SPICE, the following steps and authentication
mechanism are the same as with version 2.0: a RSA_public_encrypt()
of the password is sent.
This mechanism MUST be implemented in both client and server to
comply with the SPICE protocol.
- SPICE_COMMON_CAP_AUTH_SASL, the authentication exchange follows
SASL protocol has defined in RFC 2222.
This mechanism is OPTIONAL in both client and servers.
Ex: AUTH selection, followed by SASL authentication
AUTH Selection:
C: SpiceLinkMess, CAP_PROTOCOL_AUTH_SELECTION + CAP_AUTH_SASL in common caps
S: SpiceLinkReply, CAP_PROTOCOL_AUTH_SELECTION + CAP_AUTH_SASL in common caps
- The client MUST reply with SpiceLinkAuthMechanism
C: SpiceLinkAuthMechanism CAP_AUTH_SASL
Init:
S: u32 mechlist-length
u8-array mechlist-string
Start:
C: u32 mechname-length
u8-array mechname-string
u32 clientout-length
u8-array clientout-string
S: u32 serverin-length
u8-array serverin-string
u8 continue
Step: (while continue)
C: u32 clientout-length
u8-array clientout-string
S: u32 serverin-length
u8-array serverin-string
u8 continue
See also VNC SASL protocol description, which uses the same protocol:
http://sourceforge.net/mailarchive/forum.php?thread_name=20100719125155.GA14166%40evileye.atkac.brq.redhat.com&forum_name=tigervnc-rfbproto
Updated since v1 of this commit:
- renamed s/SPICE_CHANNEL_CAP/SPICE_COMMON_CAP
- added some note about mandatory vs optional mechanisms.
We want to make these structures internal so we're free to change them.
The actual on-network ABI is now defined by the spice protocol
description rather than the c structures anyway.
protocol commands to create/destroy surface on the client.
i removed spice_msg_display_mode as it now not needed
Signed-off-by: Izik Eidus <ieidus@redhat.com>
There is some confusion in the different branches on what the minors
mean. We expect minor == 2 to mean support for
SPICE_MSG_MAIN_MIGRATE_SWITCH_HOST and SpiceMsgMainMigrationBegin
with added public key info. All other additions like tunneling are
for minor 3 (although we might not do a release with minor 3, but
rather the bump major).
