[Spice-commits] 6 commits - server/inputs_channel.c server/reds.c server/spice.h server/spice-server.syms
Marc-André Lureau
elmarco at kemper.freedesktop.org
Mon Jan 9 10:13:56 PST 2012
server/inputs_channel.c | 6 +-
server/reds.c | 114 ++++++++++++++++++++++++++++++-----------------
server/spice-server.syms | 5 ++
server/spice.h | 3 +
4 files changed, 85 insertions(+), 43 deletions(-)
New commits:
commit 492ddb5d1d595e2d12208f4602b18e4432f4e6b4
Author: Daniel P. Berrange <berrange at redhat.com>
Date: Mon Dec 12 16:52:33 2011 +0000
Do not assume that SPICE is using a TCP socket
If setting the TCP_NODELAY socket option fails with ENOTSUP,
then don't treat this is a fatal error. SPICE is likely just
running over a UNIX socket instead.
* server/inputs_channel.c: Ignore TCP_NODELAY socket opt fails
Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
diff --git a/server/inputs_channel.c b/server/inputs_channel.c
index c8b42e3..0fa4162 100644
--- a/server/inputs_channel.c
+++ b/server/inputs_channel.c
@@ -466,8 +466,10 @@ static int inputs_channel_config_socket(RedChannelClient *rcc)
if (setsockopt(stream->socket, IPPROTO_TCP, TCP_NODELAY,
&delay_val, sizeof(delay_val)) == -1) {
- red_printf("setsockopt failed, %s", strerror(errno));
- return FALSE;
+ if (errno != ENOTSUP) {
+ red_printf("setsockopt failed, %s", strerror(errno));
+ return FALSE;
+ }
}
if ((flags = fcntl(stream->socket, F_GETFL)) == -1 ||
commit bd07dde530d9504e1cfe7ed5837fc00c26f36716
Author: Daniel P. Berrange <berrange at redhat.com>
Date: Mon Dec 12 16:52:32 2011 +0000
Allow auth to be skipped when attaching to pre-accepted clients
When an applications passes in a pre-accepted socket for a
client, they may well have already performed suitable authentication
out of band. They should thus have the option to request that any
spice authentication is skipped.
* server/reds.c, spice.h: Add flag for skipping auth
Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
diff --git a/server/reds.c b/server/reds.c
index a8c23d3..b97a061 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -263,6 +263,7 @@ typedef struct RedLinkInfo {
int mess_pos;
TicketInfo tiTicketing;
SpiceLinkAuthMechanism auth_mechanism;
+ int skip_auth;
} RedLinkInfo;
typedef struct VDIPortBuf VDIPortBuf;
@@ -1387,9 +1388,9 @@ static int sync_write(RedsStream *stream, const void *in_buf, size_t n)
return TRUE;
}
-static void reds_channel_init_auth_caps(RedChannel *channel)
+static void reds_channel_init_auth_caps(RedLinkInfo *link, RedChannel *channel)
{
- if (sasl_enabled) {
+ if (sasl_enabled && !link->skip_auth) {
red_channel_set_common_cap(channel, SPICE_COMMON_CAP_AUTH_SASL);
} else {
red_channel_set_common_cap(channel, SPICE_COMMON_CAP_AUTH_SPICE);
@@ -1421,7 +1422,7 @@ static int reds_send_link_ack(RedLinkInfo *link)
channel = &reds->main_channel->base;
}
- reds_channel_init_auth_caps(channel); /* make sure common caps are set */
+ reds_channel_init_auth_caps(link, channel); /* make sure common caps are set */
channel_caps = &channel->local_caps;
ack.num_common_caps = channel_caps->num_common_caps;
@@ -1822,7 +1823,7 @@ static void reds_handle_ticket(void *opaque)
link->tiTicketing.encrypted_ticket.encrypted_data,
(unsigned char *)password, link->tiTicketing.rsa, RSA_PKCS1_OAEP_PADDING);
- if (ticketing_enabled) {
+ if (ticketing_enabled && !link->skip_auth) {
int expired = taTicket.expiration_time < ltime;
if (strlen(taTicket.password) == 0) {
@@ -2584,7 +2585,7 @@ static void reds_handle_read_link_done(void *opaque)
}
if (!auth_selection) {
- if (sasl_enabled) {
+ if (sasl_enabled && !link->skip_auth) {
red_printf("SASL enabled, but peer supports only spice authentication");
reds_send_link_error(link, SPICE_LINK_ERR_VERSION_MISMATCH);
return;
@@ -2812,12 +2813,12 @@ static void reds_accept(int fd, int event, void *data)
return;
}
- if (spice_server_add_client(reds, socket) < 0)
+ if (spice_server_add_client(reds, socket, 0) < 0)
close(socket);
}
-SPICE_GNUC_VISIBLE int spice_server_add_client(SpiceServer *s, int socket)
+SPICE_GNUC_VISIBLE int spice_server_add_client(SpiceServer *s, int socket, int skip_auth)
{
RedLinkInfo *link;
RedsStream *stream;
@@ -2828,6 +2829,8 @@ SPICE_GNUC_VISIBLE int spice_server_add_client(SpiceServer *s, int socket)
return -1;
}
+ link->skip_auth = skip_auth;
+
stream = link->stream;
stream->read = stream_read_cb;
stream->write = stream_write_cb;
@@ -2838,7 +2841,7 @@ SPICE_GNUC_VISIBLE int spice_server_add_client(SpiceServer *s, int socket)
}
-SPICE_GNUC_VISIBLE int spice_server_add_ssl_client(SpiceServer *s, int socket)
+SPICE_GNUC_VISIBLE int spice_server_add_ssl_client(SpiceServer *s, int socket, int skip_auth)
{
RedLinkInfo *link;
@@ -2846,6 +2849,8 @@ SPICE_GNUC_VISIBLE int spice_server_add_ssl_client(SpiceServer *s, int socket)
if (!(link = reds_init_client_ssl_connection(socket))) {
return -1;
}
+
+ link->skip_auth = skip_auth;
return 0;
}
diff --git a/server/spice.h b/server/spice.h
index fbd409a..6233a6c 100644
--- a/server/spice.h
+++ b/server/spice.h
@@ -425,8 +425,8 @@ int spice_server_set_tls(SpiceServer *s, int port,
const char *private_key_file, const char *key_passwd,
const char *dh_key_file, const char *ciphersuite);
-int spice_server_add_client(SpiceServer *s, int socket);
-int spice_server_add_ssl_client(SpiceServer *s, int socket);
+int spice_server_add_client(SpiceServer *s, int socket, int skip_auth);
+int spice_server_add_ssl_client(SpiceServer *s, int socket, int skip_auth);
int spice_server_add_interface(SpiceServer *s,
SpiceBaseInstance *sin);
commit d55b68b6b44f2499278fa860fb47ff22f5011faa
Author: Daniel P. Berrange <berrange at redhat.com>
Date: Mon Dec 12 16:52:31 2011 +0000
Add APIs for injecting a client connection socket
Allow applications to pass a pre-accepted client socket file
descriptor in. The new APIs are spice_server_add_ssl_client
and spice_server_add_client
* server/reds.c: Implement new APIs
* server/spice.h: Define new APIs
Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
diff --git a/server/reds.c b/server/reds.c
index 3ba55c1..a8c23d3 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -2805,8 +2805,6 @@ static void reds_accept_ssl_connection(int fd, int event, void *data)
static void reds_accept(int fd, int event, void *data)
{
- RedLinkInfo *link;
- RedsStream *stream;
int socket;
if ((socket = accept(reds->listen_socket, NULL, 0)) == -1) {
@@ -2814,11 +2812,20 @@ static void reds_accept(int fd, int event, void *data)
return;
}
+ if (spice_server_add_client(reds, socket) < 0)
+ close(socket);
+}
+
+SPICE_GNUC_VISIBLE int spice_server_add_client(SpiceServer *s, int socket)
+{
+ RedLinkInfo *link;
+ RedsStream *stream;
+
+ ASSERT(reds == s);
if (!(link = reds_init_client_connection(socket))) {
red_printf("accept failed");
- close(socket);
- return;
+ return -1;
}
stream = link->stream;
@@ -2827,8 +2834,22 @@ static void reds_accept(int fd, int event, void *data)
stream->writev = stream_writev_cb;
reds_handle_new_link(link);
+ return 0;
}
+
+SPICE_GNUC_VISIBLE int spice_server_add_ssl_client(SpiceServer *s, int socket)
+{
+ RedLinkInfo *link;
+
+ ASSERT(reds == s);
+ if (!(link = reds_init_client_ssl_connection(socket))) {
+ return -1;
+ }
+ return 0;
+}
+
+
static int reds_init_socket(const char *addr, int portnr, int family)
{
static const int on=1, off=0;
diff --git a/server/spice-server.syms b/server/spice-server.syms
index 3f93888..d9beec3 100644
--- a/server/spice-server.syms
+++ b/server/spice-server.syms
@@ -96,3 +96,8 @@ global:
spice_server_get_num_clients;
} SPICE_SERVER_0.8.3;
+SPICE_SERVER_0.10.1 {
+global:
+ spice_server_add_client;
+ spice_server_add_ssl_client;
+} SPICE_SERVER_0.10.0;
diff --git a/server/spice.h b/server/spice.h
index 974975a..fbd409a 100644
--- a/server/spice.h
+++ b/server/spice.h
@@ -425,6 +425,9 @@ int spice_server_set_tls(SpiceServer *s, int port,
const char *private_key_file, const char *key_passwd,
const char *dh_key_file, const char *ciphersuite);
+int spice_server_add_client(SpiceServer *s, int socket);
+int spice_server_add_ssl_client(SpiceServer *s, int socket);
+
int spice_server_add_interface(SpiceServer *s,
SpiceBaseInstance *sin);
int spice_server_remove_interface(SpiceBaseInstance *sin);
commit 803be1bea790381e30ef0eb0752992736441b4ff
Author: Daniel P. Berrange <berrange at redhat.com>
Date: Mon Dec 12 16:52:30 2011 +0000
Move SSL setup out of reds_accept_ssl_connection
To allow setup of an SSL client, from a passed in client
socket, move all the SSL client initialization code out
of reds_accept_ssl_connection and into a new method called
reds_init_client_ssl_connection
* server/reds.c: Introduce reds_init_client_ssl_connection
Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
diff --git a/server/reds.c b/server/reds.c
index fea09ad..3ba55c1 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -2729,18 +2729,12 @@ error:
}
-static void reds_accept_ssl_connection(int fd, int event, void *data)
+static RedLinkInfo *reds_init_client_ssl_connection(int socket)
{
RedLinkInfo *link;
int return_code;
int ssl_error;
BIO *sbio;
- int socket;
-
- if ((socket = accept(reds->secure_listen_socket, NULL, 0)) == -1) {
- red_printf("accept failed, %s", strerror(errno));
- return;
- }
link = reds_init_client_connection(socket);
if (link == NULL)
@@ -2768,7 +2762,7 @@ static void reds_accept_ssl_connection(int fd, int event, void *data)
return_code = SSL_accept(link->stream->ssl);
if (return_code == 1) {
reds_handle_new_link(link);
- return;
+ return link;
}
ssl_error = SSL_get_error(link->stream->ssl, return_code);
@@ -2778,7 +2772,7 @@ static void reds_accept_ssl_connection(int fd, int event, void *data)
SPICE_WATCH_EVENT_READ : SPICE_WATCH_EVENT_WRITE;
link->stream->watch = core->watch_add(link->stream->socket, eventmask,
reds_handle_ssl_accept, link);
- return;
+ return link;
}
ERR_print_errors_fp(stderr);
@@ -2786,12 +2780,29 @@ static void reds_accept_ssl_connection(int fd, int event, void *data)
SSL_free(link->stream->ssl);
error:
- close(socket);
free(link->stream);
BN_free(link->tiTicketing.bn);
free(link);
+ return NULL;
+}
+
+static void reds_accept_ssl_connection(int fd, int event, void *data)
+{
+ RedLinkInfo *link;
+ int socket;
+
+ if ((socket = accept(reds->secure_listen_socket, NULL, 0)) == -1) {
+ red_printf("accept failed, %s", strerror(errno));
+ return;
+ }
+
+ if (!(link = reds_init_client_ssl_connection(socket))) {
+ close(socket);
+ return;
+ }
}
+
static void reds_accept(int fd, int event, void *data)
{
RedLinkInfo *link;
commit 3a3a32ebbc3dbb644bdf53394ce5f925a7398f3a
Author: Daniel P. Berrange <berrange at redhat.com>
Date: Mon Dec 12 16:52:29 2011 +0000
Rename __reds_accept_connection into reds_init_client_connection
Remove the accept() call from __reds_accept_connection and
rename it to reds_init_client_connection. The caller is now
responsible for accepting the new socket. The method
reds_init_client_connection merely initializes it for
usage.
* server/reds.c: Add reds_init_client_connection
Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
diff --git a/server/reds.c b/server/reds.c
index 10ebf19..fea09ad 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -2687,18 +2687,12 @@ static void reds_handle_ssl_accept(int fd, int event, void *data)
reds_handle_new_link(link);
}
-static RedLinkInfo *__reds_accept_connection(int listen_socket)
+static RedLinkInfo *reds_init_client_connection(int socket)
{
RedLinkInfo *link;
RedsStream *stream;
int delay_val = 1;
int flags;
- int socket;
-
- if ((socket = accept(listen_socket, NULL, 0)) == -1) {
- red_printf("accept failed, %s", strerror(errno));
- return NULL;
- }
if ((flags = fcntl(socket, F_GETFL)) == -1) {
red_printf("accept failed, %s", strerror(errno));
@@ -2731,8 +2725,6 @@ static RedLinkInfo *__reds_accept_connection(int listen_socket)
return link;
error:
- close(socket);
-
return NULL;
}
@@ -2743,12 +2735,17 @@ static void reds_accept_ssl_connection(int fd, int event, void *data)
int return_code;
int ssl_error;
BIO *sbio;
+ int socket;
- link = __reds_accept_connection(reds->secure_listen_socket);
- if (link == NULL) {
+ if ((socket = accept(reds->secure_listen_socket, NULL, 0)) == -1) {
+ red_printf("accept failed, %s", strerror(errno));
return;
}
+ link = reds_init_client_connection(socket);
+ if (link == NULL)
+ goto error;
+
// Handle SSL handshaking
if (!(sbio = BIO_new_socket(link->stream->socket, BIO_NOCLOSE))) {
red_printf("could not allocate ssl bio socket");
@@ -2789,7 +2786,7 @@ static void reds_accept_ssl_connection(int fd, int event, void *data)
SSL_free(link->stream->ssl);
error:
- close(link->stream->socket);
+ close(socket);
free(link->stream);
BN_free(link->tiTicketing.bn);
free(link);
@@ -2799,9 +2796,17 @@ static void reds_accept(int fd, int event, void *data)
{
RedLinkInfo *link;
RedsStream *stream;
+ int socket;
+
+ if ((socket = accept(reds->listen_socket, NULL, 0)) == -1) {
+ red_printf("accept failed, %s", strerror(errno));
+ return;
+ }
+
- if (!(link = __reds_accept_connection(reds->listen_socket))) {
+ if (!(link = reds_init_client_connection(socket))) {
red_printf("accept failed");
+ close(socket);
return;
}
commit 4eb78d39c5acd33e419a6d9203557d309e3d7873
Author: Daniel P. Berrange <berrange at redhat.com>
Date: Mon Dec 12 16:52:28 2011 +0000
Merge reds_accept_connection into reds_accept
Neither reds_accept_connection or reds_accept are very long,
so the split is pointless & increases code size for no gain.
Merge them together to reduce code size
* server/reds.c: Merge reds_accept_connection into reds_accept
Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
diff --git a/server/reds.c b/server/reds.c
index acd8495..10ebf19 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -2736,22 +2736,6 @@ error:
return NULL;
}
-static RedLinkInfo *reds_accept_connection(int listen_socket)
-{
- RedLinkInfo *link;
- RedsStream *stream;
-
- if (!(link = __reds_accept_connection(listen_socket))) {
- return NULL;
- }
-
- stream = link->stream;
- stream->read = stream_read_cb;
- stream->write = stream_write_cb;
- stream->writev = stream_writev_cb;
-
- return link;
-}
static void reds_accept_ssl_connection(int fd, int event, void *data)
{
@@ -2814,12 +2798,18 @@ error:
static void reds_accept(int fd, int event, void *data)
{
RedLinkInfo *link;
+ RedsStream *stream;
- link = reds_accept_connection(reds->listen_socket);
- if (link == NULL) {
+ if (!(link = __reds_accept_connection(reds->listen_socket))) {
red_printf("accept failed");
return;
}
+
+ stream = link->stream;
+ stream->read = stream_read_cb;
+ stream->write = stream_write_cb;
+ stream->writev = stream_writev_cb;
+
reds_handle_new_link(link);
}
More information about the Spice-commits
mailing list