spice: add config options for channel security.
This allows to enforce tls or plaintext usage for certain spice channels. [ v2: code style fixup ]
This commit is contained in:
parent
9f04e09e36
commit
17b6dea08b
@ -391,6 +391,12 @@ QemuOptsList qemu_spice_opts = {
|
||||
},{
|
||||
.name = "tls-ciphers",
|
||||
.type = QEMU_OPT_STRING,
|
||||
},{
|
||||
.name = "tls-channel",
|
||||
.type = QEMU_OPT_STRING,
|
||||
},{
|
||||
.name = "plaintext-channel",
|
||||
.type = QEMU_OPT_STRING,
|
||||
},{
|
||||
.name = "image-compression",
|
||||
.type = QEMU_OPT_STRING,
|
||||
|
@ -704,6 +704,14 @@ The x509 file names can also be configured individually.
|
||||
@item tls-ciphers=<list>
|
||||
Specify which ciphers to use.
|
||||
|
||||
@item tls-channel=[main|display|inputs|record|playback|tunnel]
|
||||
@item plaintext-channel=[main|display|inputs|record|playback|tunnel]
|
||||
Force specific channel to be used with or without TLS encryption. The
|
||||
options can be specified multiple times to configure multiple
|
||||
channels. The special name "default" can be used to set the default
|
||||
mode. For channels which are not explicitly forced into one mode the
|
||||
spice client is allowed to pick tls/plaintext as he pleases.
|
||||
|
||||
@item image-compression=[auto_glz|auto_lz|quic|glz|lz|off]
|
||||
Configure image compression (lossless).
|
||||
Default is auto_glz.
|
||||
|
@ -192,6 +192,32 @@ static const char *wan_compression_names[] = {
|
||||
|
||||
/* functions for the rest of qemu */
|
||||
|
||||
static int add_channel(const char *name, const char *value, void *opaque)
|
||||
{
|
||||
int security = 0;
|
||||
int rc;
|
||||
|
||||
if (strcmp(name, "tls-channel") == 0) {
|
||||
security = SPICE_CHANNEL_SECURITY_SSL;
|
||||
}
|
||||
if (strcmp(name, "plaintext-channel") == 0) {
|
||||
security = SPICE_CHANNEL_SECURITY_NONE;
|
||||
}
|
||||
if (security == 0) {
|
||||
return 0;
|
||||
}
|
||||
if (strcmp(value, "default") == 0) {
|
||||
rc = spice_server_set_channel_security(spice_server, NULL, security);
|
||||
} else {
|
||||
rc = spice_server_set_channel_security(spice_server, value, security);
|
||||
}
|
||||
if (rc != 0) {
|
||||
fprintf(stderr, "spice: failed to set channel security for %s\n", value);
|
||||
exit(1);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void qemu_spice_init(void)
|
||||
{
|
||||
QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head);
|
||||
@ -293,6 +319,8 @@ void qemu_spice_init(void)
|
||||
}
|
||||
spice_server_set_zlib_glz_compression(spice_server, wan_compr);
|
||||
|
||||
qemu_opt_foreach(opts, add_channel, NULL, 0);
|
||||
|
||||
spice_server_init(spice_server, &core_interface);
|
||||
using_spice = 1;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user