spice: add config options for channel security.
This allows to enforce tls or plaintext usage for certain spice channels. [ v2: code style fixup ]
This commit is contained in:
Gerd Hoffmann
parent
9f04e09e36
commit
17b6dea08b
@ -391,6 +391,12 @@ QemuOptsList qemu_spice_opts = {
|
|||||||
},{
|
},{
|
||||||
.name = "tls-ciphers",
|
.name = "tls-ciphers",
|
||||||
.type = QEMU_OPT_STRING,
|
.type = QEMU_OPT_STRING,
|
||||||
|
},{
|
||||||
|
.name = "tls-channel",
|
||||||
|
.type = QEMU_OPT_STRING,
|
||||||
|
},{
|
||||||
|
.name = "plaintext-channel",
|
||||||
|
.type = QEMU_OPT_STRING,
|
||||||
},{
|
},{
|
||||||
.name = "image-compression",
|
.name = "image-compression",
|
||||||
.type = QEMU_OPT_STRING,
|
.type = QEMU_OPT_STRING,
|
||||||
|
|||||||
@ -704,6 +704,14 @@ The x509 file names can also be configured individually.
|
|||||||
@item tls-ciphers=<list>
|
@item tls-ciphers=<list>
|
||||||
Specify which ciphers to use.
|
Specify which ciphers to use.
|
||||||
|
|
||||||
|
@item tls-channel=[main|display|inputs|record|playback|tunnel]
|
||||||
|
@item plaintext-channel=[main|display|inputs|record|playback|tunnel]
|
||||||
|
Force specific channel to be used with or without TLS encryption. The
|
||||||
|
options can be specified multiple times to configure multiple
|
||||||
|
channels. The special name "default" can be used to set the default
|
||||||
|
mode. For channels which are not explicitly forced into one mode the
|
||||||
|
spice client is allowed to pick tls/plaintext as he pleases.
|
||||||
|
|
||||||
@item image-compression=[auto_glz|auto_lz|quic|glz|lz|off]
|
@item image-compression=[auto_glz|auto_lz|quic|glz|lz|off]
|
||||||
Configure image compression (lossless).
|
Configure image compression (lossless).
|
||||||
Default is auto_glz.
|
Default is auto_glz.
|
||||||
|
|||||||
@ -192,6 +192,32 @@ static const char *wan_compression_names[] = {
|
|||||||
|
|
||||||
/* functions for the rest of qemu */
|
/* functions for the rest of qemu */
|
||||||
|
|
||||||
|
static int add_channel(const char *name, const char *value, void *opaque)
|
||||||
|
{
|
||||||
|
int security = 0;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if (strcmp(name, "tls-channel") == 0) {
|
||||||
|
security = SPICE_CHANNEL_SECURITY_SSL;
|
||||||
|
}
|
||||||
|
if (strcmp(name, "plaintext-channel") == 0) {
|
||||||
|
security = SPICE_CHANNEL_SECURITY_NONE;
|
||||||
|
}
|
||||||
|
if (security == 0) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (strcmp(value, "default") == 0) {
|
||||||
|
rc = spice_server_set_channel_security(spice_server, NULL, security);
|
||||||
|
} else {
|
||||||
|
rc = spice_server_set_channel_security(spice_server, value, security);
|
||||||
|
}
|
||||||
|
if (rc != 0) {
|
||||||
|
fprintf(stderr, "spice: failed to set channel security for %s\n", value);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
void qemu_spice_init(void)
|
void qemu_spice_init(void)
|
||||||
{
|
{
|
||||||
QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head);
|
QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head);
|
||||||
@ -293,6 +319,8 @@ void qemu_spice_init(void)
|
|||||||
}
|
}
|
||||||
spice_server_set_zlib_glz_compression(spice_server, wan_compr);
|
spice_server_set_zlib_glz_compression(spice_server, wan_compr);
|
||||||
|
|
||||||
|
qemu_opt_foreach(opts, add_channel, NULL, 0);
|
||||||
|
|
||||||
spice_server_init(spice_server, &core_interface);
|
spice_server_init(spice_server, &core_interface);
|
||||||
using_spice = 1;
|
using_spice = 1;
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user