[Spice-commits] 3 commits - spice/qxl_dev.h

Alon Levy alon at kemper.freedesktop.org
Tue Mar 8 10:16:50 PST 2011

 spice/qxl_dev.h |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

New commits:
commit 1a69e2bd757a41212166f748dcd4851265a27c0d
Author: Alon Levy <alevy at redhat.com>
Date:   Mon Mar 7 20:46:58 2011 +0200

    qxl_dev: introduce defines for rings sizes

diff --git a/spice/qxl_dev.h b/spice/qxl_dev.h
index 7219bfc..e3e0696 100644
--- a/spice/qxl_dev.h
+++ b/spice/qxl_dev.h
@@ -200,10 +200,14 @@ typedef struct SPICE_ATTR_PACKED QXLSurfaceCreate {
 } QXLSurfaceCreate;
-SPICE_RING_DECLARE(QXLCommandRing, QXLCommand, 32);
-SPICE_RING_DECLARE(QXLCursorRing, QXLCommand, 32);
-SPICE_RING_DECLARE(QXLReleaseRing, uint64_t, 8);
 #define QXL_LOG_BUF_SIZE 4096
commit a3b37c6a02ef9415350a796a5956ff229df3818b
Merge: 7300282... 6eabd3f...
Author: Alon Levy <alevy at redhat.com>
Date:   Thu Mar 3 11:42:03 2011 +0200

    Merge branch 'master' of git://git.freedesktop.org/git/spice/spice-protocol

commit 7300282977953ec91558be867935b74d8671058a
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date:   Tue Feb 22 16:37:26 2011 +0100

    protocol: add common channel caps for AUTH mechanism selection
    Current version 2.0 of the SPICE protocol describes how the client
    reply to the server SpiceLinkReply message with a RSA_public_encrypt()
    of the password.
    Instead of using the current Spice AUTH mechanism, we would like to
    offer different AUTH mechanisms, in particular SASL, which is a
    framework allowing different underlying mechanisms such as
    GSSAPI/Kerberos v5 (and optionally adding a data security layer).
    We could bump the protocol version, but that would make this feature
    mandatory for the implementer of the protocol. By using the channel
    caps, the client and server are left to negotiate and alter the AUTH
    part of the protocol as follows:
    - SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION, if set, the authentication
      mechanism can be chosen during link phase. If both client and server
      have this cap, the client MUST reply to SpiceLinkReply with a
      SpiceLinkAuthMechanism message, with the value of the CAP_AUTH
      mechanism choosen (a uint32 auth_mechanism). The following
      authentication steps are described by the selected authentication
    The differents mechanisms selectable via
    SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION are also specified as part of
    the common channel caps. They can be used only if both client and
    server offer them.
    Ex: no AUTH selection
    C: SpiceLinkMess
    S: SpiceLinkReply, CAP_PROTOCOL_AUTH_SELECTION not in common caps
    - The client can't choose AUTH, and fallback on Spice RSA mechanism
    Ex: AUTH selection
    C: SpiceLinkMess, CAP_PROTOCOL_AUTH_SELECTION in common caps
    S: SpiceLinkReply, CAP_PROTOCOL_AUTH_SELECTION in common caps
    - The client MUST reply with SpiceLinkAuthMechanism
    C: SpiceLinkAuthMechanism (with a matching CAP_AUTH)
    - SPICE_COMMON_CAP_AUTH_SPICE, the following steps and authentication
      mechanism are the same as with version 2.0: a RSA_public_encrypt()
      of the password is sent.
      This mechanism MUST be implemented in both client and server to
      comply with the SPICE protocol.
    - SPICE_COMMON_CAP_AUTH_SASL, the authentication exchange follows
      SASL protocol has defined in RFC 2222.
      This mechanism is OPTIONAL in both client and servers.
    Ex: AUTH selection, followed by SASL authentication
    AUTH Selection:
    C: SpiceLinkMess, CAP_PROTOCOL_AUTH_SELECTION + CAP_AUTH_SASL in common caps
    S: SpiceLinkReply, CAP_PROTOCOL_AUTH_SELECTION + CAP_AUTH_SASL in common caps
    - The client MUST reply with SpiceLinkAuthMechanism
    C: SpiceLinkAuthMechanism CAP_AUTH_SASL
    S:  u32 mechlist-length
        u8-array mechlist-string
    C:  u32 mechname-length
        u8-array mechname-string
        u32 clientout-length
        u8-array clientout-string
    S:  u32 serverin-length
        u8-array serverin-string
        u8 continue
    Step: (while continue)
    C:  u32 clientout-length
        u8-array clientout-string
    S:  u32 serverin-length
        u8-array serverin-string
        u8 continue
    See also VNC SASL protocol description, which uses the same protocol:
    Updated since v1 of this commit:
     - added some note about mandatory vs optional mechanisms.

diff --git a/spice/protocol.h b/spice/protocol.h
index d6a2041..26d964b 100644
--- a/spice/protocol.h
+++ b/spice/protocol.h
@@ -51,6 +51,12 @@ typedef struct SPICE_ATTR_PACKED SpiceLinkHeader {
     uint32_t size;
 } SpiceLinkHeader;
+enum {
 typedef struct SPICE_ATTR_PACKED SpiceLinkMess {
     uint32_t connection_id;
     uint8_t channel_type;
@@ -72,6 +78,10 @@ typedef struct SPICE_ATTR_PACKED SpiceLinkEncryptedTicket {
     uint8_t encrypted_data[SPICE_TICKET_KEY_PAIR_LENGTH / 8];
 } SpiceLinkEncryptedTicket;
+typedef struct SPICE_ATTR_PACKED SpiceLinkAuthMechanism {
+    uint32_t auth_mechanism;
+} SpiceLinkAuthMechanism;
 typedef struct SPICE_ATTR_PACKED SpiceDataHeader {
     uint64_t serial;
     uint16_t type;

More information about the Spice-commits mailing list