spice: add config options for channel security.

This allows to enforce tls or plaintext usage for certain spice channels. [ v2: code style fixup ]
2010-08-27 14:09:56 +02:00 · 2010-08-27 14:09:56 +02:00 · 17b6dea08b
parent 9f04e09e36
commit 17b6dea08b
3 changed files with 42 additions and 0 deletions
--- a/qemu-config.c
+++ b/qemu-config.c
@ -391,6 +391,12 @@ QemuOptsList qemu_spice_opts = {
        },{
            .name = "tls-ciphers",
            .type = QEMU_OPT_STRING,
+        },{
+            .name = "tls-channel",
+            .type = QEMU_OPT_STRING,
+        },{
+            .name = "plaintext-channel",
+            .type = QEMU_OPT_STRING,
        },{
            .name = "image-compression",
            .type = QEMU_OPT_STRING,
--- a/qemu-options.hx
+++ b/qemu-options.hx
@ -704,6 +704,14 @@ The x509 file names can also be configured individually.
@item tls-ciphers=<list>
 Specify which ciphers to use.

+@item tls-channel=[main|display|inputs|record|playback|tunnel]
+@item plaintext-channel=[main|display|inputs|record|playback|tunnel]
+Force specific channel to be used with or without TLS encryption.  The
+options can be specified multiple times to configure multiple
+channels.  The special name "default" can be used to set the default
+mode.  For channels which are not explicitly forced into one mode the
+spice client is allowed to pick tls/plaintext as he pleases.
+
@item image-compression=[auto_glz|auto_lz|quic|glz|lz|off]
 Configure image compression (lossless).
 Default is auto_glz.
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@ -192,6 +192,32 @@ static const char *wan_compression_names[] = {

 /* functions for the rest of qemu */

+static int add_channel(const char *name, const char *value, void *opaque)
+{
+    int security = 0;
+    int rc;
+
+    if (strcmp(name, "tls-channel") == 0) {
+        security = SPICE_CHANNEL_SECURITY_SSL;
+    }
+    if (strcmp(name, "plaintext-channel") == 0) {
+        security = SPICE_CHANNEL_SECURITY_NONE;
+    }
+    if (security == 0) {
+        return 0;
+    }
+    if (strcmp(value, "default") == 0) {
+        rc = spice_server_set_channel_security(spice_server, NULL, security);
+    } else {
+        rc = spice_server_set_channel_security(spice_server, value, security);
+    }
+    if (rc != 0) {
+        fprintf(stderr, "spice: failed to set channel security for %s\n", value);
+        exit(1);
+    }
+    return 0;
+}
+
 void qemu_spice_init(void)
 {
    QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head);
@ -293,6 +319,8 @@ void qemu_spice_init(void)
    }
    spice_server_set_zlib_glz_compression(spice_server, wan_compr);

+    qemu_opt_foreach(opts, add_channel, NULL, 0);
+
    spice_server_init(spice_server, &core_interface);
    using_spice = 1;