Re: [Qemu-devel] [PATCH 3/5] spice: add config options for channel security.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stefan Weil <weil@mail.berlios.de>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 3/5] spice: add config options for channel security.
Date: Thu, 07 Oct 2010 20:43:16 +0200	[thread overview]
Message-ID: <4CAE14C4.8090604@mail.berlios.de> (raw)
In-Reply-To: <1286438126-11250-4-git-send-email-kraxel@redhat.com>

Am 07.10.2010 09:55, schrieb Gerd Hoffmann:
> This allows to enforce tls or plaintext usage for certain spice
> channels.
> ---
>   qemu-config.c   |    6 ++++++
>   qemu-options.hx |    8 ++++++++
>   ui/spice-core.c |   25 +++++++++++++++++++++++++
>   3 files changed, 39 insertions(+), 0 deletions(-)
>
> diff --git a/qemu-config.c b/qemu-config.c
> index 8b545b1..f52e50c 100644
> --- a/qemu-config.c
> +++ b/qemu-config.c
> @@ -392,6 +392,12 @@ QemuOptsList qemu_spice_opts = {
>               .name = "tls-ciphers",
>               .type = QEMU_OPT_STRING,
>           },{
> +            .name = "tls-channel",
> +            .type = QEMU_OPT_STRING,
> +        },{
> +            .name = "plaintext-channel",
> +            .type = QEMU_OPT_STRING,
> +        },{
>               .name = "image-compression",
>               .type = QEMU_OPT_STRING,
>           },{
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 59db632..bb45b67 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -704,6 +704,14 @@ The x509 file names can also be configured individually.
>   @item tls-ciphers=<list>
>   Specify which ciphers to use.
>
> +@item tls-channel=[main|display|inputs|record|playback|tunnel]
> +@item plaintext-channel=[main|display|inputs|record|playback|tunnel]
> +Force specific channel to be used with or without TLS encryption.  The
> +options can be specified multiple times to configure multiple
> +channels.  The special name "default" can be used to set the default
> +mode.  For channels which are not explicitly forced into one mode the
> +spice client is allowed to pick tls/plaintext as he pleases.
> +
>   @item image-compression=[auto_glz|auto_lz|quic|glz|lz|off]
>   Configure image compression (lossless).
>   Default is auto_glz.
> diff --git a/ui/spice-core.c b/ui/spice-core.c
> index 1567046..8f73848 100644
> --- a/ui/spice-core.c
> +++ b/ui/spice-core.c
> @@ -192,6 +192,29 @@ static const char *wan_compression_names[] = {
>
>   /* functions for the rest of qemu */
>
> +static int add_channel(const char *name, const char *value, void *opaque)
> +{
> +    int security = 0;
> +    int rc;
> +
> +    if (strcmp(name, "tls-channel") == 0)
> +        security = SPICE_CHANNEL_SECURITY_SSL;
>    

CODING_STYLE (if (...) { ... })? Same in next lines.

> +    if (strcmp(name, "plaintext-channel") == 0)
> +        security = SPICE_CHANNEL_SECURITY_NONE;
> +    if (security == 0)
> +        return 0;
> +    if (strcmp(value, "default") == 0) {
> +        rc = spice_server_set_channel_security(spice_server, NULL, security);
> +    } else {
> +        rc = spice_server_set_channel_security(spice_server, value, security);
> +    }
> +    if (rc != 0) {
> +        fprintf(stderr, "spice: failed to set channel security for %s\n", value);
> +        exit(1);
> +    }
> +    return 0;
> +}
> +
>   void qemu_spice_init(void)
>   {
>       QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head);
> @@ -293,6 +316,8 @@ void qemu_spice_init(void)
>       }
>       spice_server_set_zlib_glz_compression(spice_server, wan_compr);
>
> +    qemu_opt_foreach(opts, add_channel, NULL, 0);
> +
>       spice_server_init(spice_server,&core_interface);
>       using_spice = 1;
>
>

next prev parent reply	other threads:[~2010-10-07 18:48 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-10-07  7:55 [Qemu-devel] [PATCH 0/5] spice config options Gerd Hoffmann
2010-10-07  7:55 ` [Qemu-devel] [PATCH 1/5] spice: tls support Gerd Hoffmann
2010-10-07  7:55 ` [Qemu-devel] [PATCH 2/5] spice: make compression configurable Gerd Hoffmann
2010-10-07 18:12   ` Blue Swirl
2010-10-07 19:29     ` Gerd Hoffmann
2010-10-07  7:55 ` [Qemu-devel] [PATCH 3/5] spice: add config options for channel security Gerd Hoffmann
2010-10-07 18:43   ` Stefan Weil [this message]
2010-10-07 19:26     ` Gerd Hoffmann
2010-10-07  7:55 ` [Qemu-devel] [PATCH 4/5] spice: add config options for the listening address Gerd Hoffmann
2010-10-07  7:55 ` [Qemu-devel] [PATCH 5/5] spice: add misc config options Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4CAE14C4.8090604@mail.berlios.de \
    --to=weil@mail.berlios.de \
    --cc=kraxel@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.