diff --git a/configure b/configure index bdacb49226..bade3e3f2a 100755 --- a/configure +++ b/configure @@ -2414,7 +2414,7 @@ int main(void) { spice_server_new(); return 0; } EOF spice_cflags=$($pkg_config --cflags spice-protocol spice-server 2>/dev/null) spice_libs=$($pkg_config --libs spice-protocol spice-server 2>/dev/null) - if $pkg_config --atleast-version=0.5.3 spice-server >/dev/null 2>&1 && \ + if $pkg_config --atleast-version=0.6.0 spice-server >/dev/null 2>&1 && \ compile_prog "$spice_cflags" "$spice_libs" ; then spice="yes" libs_softmmu="$libs_softmmu $spice_libs" diff --git a/hw/qxl.c b/hw/qxl.c index 2bb36c660f..1906e84fab 100644 --- a/hw/qxl.c +++ b/hw/qxl.c @@ -357,7 +357,9 @@ static int interface_get_command(QXLInstance *sin, struct QXLCommandExt *ext) ret = true; } qemu_mutex_unlock(&qxl->ssd.lock); - qxl_log_command(qxl, "vga", ext); + if (ret) { + qxl_log_command(qxl, "vga", ext); + } return ret; case QXL_MODE_COMPAT: case QXL_MODE_NATIVE: diff --git a/qemu-config.c b/qemu-config.c index 5d7ffa2f23..c63741c6b1 100644 --- a/qemu-config.c +++ b/qemu-config.c @@ -306,7 +306,7 @@ static QemuOptsList qemu_trace_opts = { .name = "file", .type = QEMU_OPT_STRING, }, - { /* end if list */ } + { /* end of list */ } }, }; #endif @@ -384,6 +384,12 @@ QemuOptsList qemu_spice_opts = { },{ .name = "disable-ticketing", .type = QEMU_OPT_BOOL, + },{ + .name = "disable-copy-paste", + .type = QEMU_OPT_BOOL, + },{ + .name = "sasl", + .type = QEMU_OPT_BOOL, },{ .name = "x509-dir", .type = QEMU_OPT_STRING, @@ -430,7 +436,7 @@ QemuOptsList qemu_spice_opts = { .name = "playback-compression", .type = QEMU_OPT_BOOL, }, - { /* end if list */ } + { /* end of list */ } }, }; @@ -446,7 +452,7 @@ QemuOptsList qemu_option_rom_opts = { .name = "romfile", .type = QEMU_OPT_STRING, }, - { /* end if list */ } + { /* end of list */ } }, }; diff --git a/qemu-options.hx b/qemu-options.hx index 82e085a229..d9edff7d35 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -714,9 +714,25 @@ Force using the specified IP version. @item password= Set the password you need to authenticate. +@item sasl +Require that the client use SASL to authenticate with the spice. +The exact choice of authentication method used is controlled from the +system / user's SASL configuration file for the 'qemu' service. This +is typically found in /etc/sasl2/qemu.conf. If running QEMU as an +unprivileged user, an environment variable SASL_CONF_PATH can be used +to make it search alternate locations for the service config. +While some SASL auth methods can also provide data encryption (eg GSSAPI), +it is recommended that SASL always be combined with the 'tls' and +'x509' settings to enable use of SSL and server certificates. This +ensures a data encryption preventing compromise of authentication +credentials. + @item disable-ticketing Allow client connects without authentication. +@item disable-copy-paste +Disable copy paste between the client and the guest. + @item tls-port= Set the TCP port spice is listening on for encrypted channels. diff --git a/spice-qemu-char.c b/spice-qemu-char.c index fa15a71e14..605c241239 100644 --- a/spice-qemu-char.c +++ b/spice-qemu-char.c @@ -36,14 +36,13 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len) while (len > 0) { last_out = MIN(len, VMC_MAX_HOST_WRITE); - qemu_chr_read(scd->chr, p, last_out); - if (last_out > 0) { - out += last_out; - len -= last_out; - p += last_out; - } else { + if (qemu_chr_can_read(scd->chr) < last_out) { break; } + qemu_chr_read(scd->chr, p, last_out); + out += last_out; + len -= last_out; + p += last_out; } dprintf(scd, 3, "%s: %lu/%zd\n", __func__, out, len + out); diff --git a/ui/spice-core.c b/ui/spice-core.c index ef56ed61a9..dd9905be36 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -299,8 +299,6 @@ static int parse_name(const char *string, const char *optname, exit(1); } -#if SPICE_SERVER_VERSION >= 0x000600 /* 0.6.0 */ - static const char *stream_video_names[] = { [ SPICE_STREAM_VIDEO_OFF ] = "off", [ SPICE_STREAM_VIDEO_ALL ] = "all", @@ -309,8 +307,6 @@ static const char *stream_video_names[] = { #define parse_stream_video(_name) \ name2enum(_name, stream_video_names, ARRAY_SIZE(stream_video_names)) -#endif /* >= 0.6.0 */ - static const char *compression_names[] = { [ SPICE_IMAGE_COMPRESS_OFF ] = "off", [ SPICE_IMAGE_COMPRESS_AUTO_GLZ ] = "auto_glz", @@ -549,11 +545,29 @@ void qemu_spice_init(void) if (password) { spice_server_set_ticket(spice_server, password, 0, 0, 0); } + if (qemu_opt_get_bool(opts, "sasl", 0)) { +#if SPICE_SERVER_VERSION >= 0x000900 /* 0.9.0 */ + if (spice_server_set_sasl_appname(spice_server, "qemu") == -1 || + spice_server_set_sasl(spice_server, 1) == -1) { + fprintf(stderr, "spice: failed to enable sasl\n"); + exit(1); + } +#else + fprintf(stderr, "spice: sasl is not available (spice >= 0.9 required)\n"); + exit(1); +#endif + } if (qemu_opt_get_bool(opts, "disable-ticketing", 0)) { auth = "none"; spice_server_set_noauth(spice_server); } +#if SPICE_SERVER_VERSION >= 0x000801 + if (qemu_opt_get_bool(opts, "disable-copy-paste", 0)) { + spice_server_set_agent_copypaste(spice_server, false); + } +#endif + compression = SPICE_IMAGE_COMPRESS_AUTO_GLZ; str = qemu_opt_get(opts, "image-compression"); if (str) { @@ -575,8 +589,6 @@ void qemu_spice_init(void) } spice_server_set_zlib_glz_compression(spice_server, wan_compr); -#if SPICE_SERVER_VERSION >= 0x000600 /* 0.6.0 */ - str = qemu_opt_get(opts, "streaming-video"); if (str) { int streaming_video = parse_stream_video(str); @@ -588,8 +600,6 @@ void qemu_spice_init(void) spice_server_set_playback_compression (spice_server, qemu_opt_get_bool(opts, "playback-compression", 1)); -#endif /* >= 0.6.0 */ - qemu_opt_foreach(opts, add_channel, NULL, 0); spice_server_init(spice_server, &core_interface); diff --git a/vl.c b/vl.c index 04b4a20ecc..d7f905df3a 100644 --- a/vl.c +++ b/vl.c @@ -290,6 +290,7 @@ static struct { { .driver = "cirrus-vga", .flag = &default_vga }, { .driver = "vmware-svga", .flag = &default_vga }, { .driver = "isa-vga", .flag = &default_vga }, + { .driver = "qxl-vga", .flag = &default_vga }, }; static int default_driver_check(QemuOpts *opts, void *opaque)