[Spice-commits] 7 commits - gtk/spice-channel.c gtk/spice-channel.h gtk/spice-channel-priv.h gtk/spice-option.c gtk/spice-session.c gtk/spice-session-priv.h
Marc-André Lureau
elmarco at kemper.freedesktop.org
Thu Apr 11 08:02:30 PDT 2013
gtk/spice-channel-priv.h | 2 +
gtk/spice-channel.c | 64 +++++++++++++++++++++++++++++++++++------------
gtk/spice-channel.h | 1
gtk/spice-option.c | 57 ++++++++++++++++++++++++++++++++++++-----
gtk/spice-session-priv.h | 3 +-
gtk/spice-session.c | 56 +++++++++++++++++++++++++++--------------
6 files changed, 142 insertions(+), 41 deletions(-)
New commits:
commit 26fc5d9f611ac0839eec2fd4242a446d8e96ce8c
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Thu Apr 11 14:21:15 2013 +0200
session: enforce secure channels
diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index b9ce899..0a32d6c 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -2231,7 +2231,7 @@ static void *spice_channel_coroutine(void *data)
}
reconnect:
- c->conn = spice_session_channel_open_host(c->session, channel, c->tls);
+ c->conn = spice_session_channel_open_host(c->session, channel, &c->tls);
if (c->conn == NULL) {
if (!c->tls) {
CHANNEL_DEBUG(channel, "trying with TLS port");
diff --git a/gtk/spice-session-priv.h b/gtk/spice-session-priv.h
index ee90615..de4e40c 100644
--- a/gtk/spice-session-priv.h
+++ b/gtk/spice-session-priv.h
@@ -116,7 +116,7 @@ int spice_session_get_connection_id(SpiceSession *session);
gboolean spice_session_get_client_provided_socket(SpiceSession *session);
GSocketConnection* spice_session_channel_open_host(SpiceSession *session, SpiceChannel *channel,
- gboolean use_tls);
+ gboolean *use_tls);
void spice_session_channel_new(SpiceSession *session, SpiceChannel *channel);
void spice_session_channel_destroy(SpiceSession *session, SpiceChannel *channel);
void spice_session_channel_migrate(SpiceSession *session, SpiceChannel *channel);
diff --git a/gtk/spice-session.c b/gtk/spice-session.c
index 448ef15..e60e904 100644
--- a/gtk/spice-session.c
+++ b/gtk/spice-session.c
@@ -1760,9 +1760,10 @@ static gboolean open_host_idle_cb(gpointer data)
/* coroutine context */
G_GNUC_INTERNAL
GSocketConnection* spice_session_channel_open_host(SpiceSession *session, SpiceChannel *channel,
- gboolean use_tls)
+ gboolean *use_tls)
{
SpiceSessionPrivate *s = SPICE_SESSION_GET_PRIVATE(session);
+ SpiceChannelPrivate *c = channel->priv;
spice_open_host open_host = { 0, };
gchar *port, *endptr;
@@ -1770,7 +1771,13 @@ GSocketConnection* spice_session_channel_open_host(SpiceSession *session, SpiceC
open_host.from = coroutine_self();
open_host.session = session;
open_host.channel = channel;
- port = use_tls ? s->tls_port : s->port;
+
+ const char *name = spice_channel_type_to_string(c->channel_type);
+ if (spice_strv_contains(s->secure_channels, "all") ||
+ spice_strv_contains(s->secure_channels, name))
+ *use_tls = TRUE;
+
+ port = *use_tls ? s->tls_port : s->port;
if (port == NULL)
return NULL;
commit 07c3309890400b30ed27dc1d331fe3a2f027fe69
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Thu Apr 11 14:58:44 2013 +0200
option: add --spice-secure-channels
diff --git a/gtk/spice-option.c b/gtk/spice-option.c
index 8248544..4bda520 100644
--- a/gtk/spice-option.c
+++ b/gtk/spice-option.c
@@ -24,6 +24,7 @@
#include <glib/gi18n.h>
#include "spice-session.h"
#include "spice-util.h"
+#include "spice-channel-priv.h"
#include "usb-device-manager.h"
static gchar *disable_effects = NULL;
@@ -39,6 +40,7 @@ static gboolean disable_audio = FALSE;
static gboolean disable_usbredir = FALSE;
static gint cache_size = 0;
static gint glz_window_size = 0;
+static gchar *secure_channels = NULL;
G_GNUC_NORETURN
static void option_version(void)
@@ -102,6 +104,36 @@ static gboolean parse_disable_effects(const gchar *option_name, const gchar *val
return TRUE;
}
+static gboolean parse_secure_channels(const gchar *option_name, const gchar *value,
+ gpointer data, GError **error)
+{
+ gint i;
+ gchar **channels = g_strsplit(value, ",", -1);
+
+ g_return_val_if_fail(channels != NULL, FALSE);
+
+ for (i = 0; channels[i]; i++) {
+ if (g_strcmp0(channels[i], "all") == 0)
+ continue;
+
+ if (spice_channel_string_to_type(channels[i]) == -1) {
+ gchar *supported = spice_channel_supported_string();
+ g_set_error(error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
+ _("invalid channel name (%s), valid names: all, %s"),
+ channels[i], supported);
+ g_free(supported);
+ return FALSE;
+ }
+ }
+
+ g_strfreev(channels);
+
+ secure_channels = g_strdup(value);
+
+ return TRUE;
+}
+
+
static gboolean parse_usbredir_filter(const gchar *option_name,
const gchar *value,
gpointer data, GError **error)
@@ -125,10 +157,12 @@ static gboolean parse_usbredir_filter(const gchar *option_name,
GOptionGroup* spice_get_option_group(void)
{
const GOptionEntry entries[] = {
+ { "spice-secure-channels", '\0', 0, G_OPTION_ARG_CALLBACK, parse_secure_channels,
+ N_("Force the specified channels to be secured"), "<main,display,inputs,...,all>" },
{ "spice-disable-effects", '\0', 0, G_OPTION_ARG_CALLBACK, parse_disable_effects,
- N_("Disable guest display effects"), N_("<wallpaper,font-smooth,animation,all>") },
+ N_("Disable guest display effects"), "<wallpaper,font-smooth,animation,all>" },
{ "spice-color-depth", '\0', 0, G_OPTION_ARG_CALLBACK, parse_color_depth,
- N_("Guest display color depth"), N_("<16,32>") },
+ N_("Guest display color depth"), "<16,32>" },
{ "spice-ca-file", '\0', 0, G_OPTION_ARG_FILENAME, &ca_file,
N_("Truststore file for secure connections"), N_("<file>") },
{ "spice-host-subject", '\0', 0, G_OPTION_ARG_STRING, &host_subject,
@@ -194,6 +228,15 @@ void spice_set_session_option(SpiceSession *session)
g_object_set(session, "disable-effects", effects, NULL);
g_strfreev(effects);
}
+
+ if (secure_channels) {
+ GStrv channels;
+ channels = g_strsplit(secure_channels, ",", -1);
+ if (channels)
+ g_object_set(session, "secure-channels", channels, NULL);
+ g_strfreev(channels);
+ }
+
if (color_depth)
g_object_set(session, "color-depth", color_depth, NULL);
if (ca_file)
commit b1fcae0a0f2df3603f10f8b71e8d5cad954a1d0c
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Thu Apr 11 14:58:03 2013 +0200
Add function to return Spice channel type from string
diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index 10ed892..b9ce899 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -1870,21 +1870,22 @@ end:
spice_msg_in_unref(in);
}
+static const char *to_string[] = {
+ NULL,
+ [ SPICE_CHANNEL_MAIN ] = "main",
+ [ SPICE_CHANNEL_DISPLAY ] = "display",
+ [ SPICE_CHANNEL_INPUTS ] = "inputs",
+ [ SPICE_CHANNEL_CURSOR ] = "cursor",
+ [ SPICE_CHANNEL_PLAYBACK ] = "playback",
+ [ SPICE_CHANNEL_RECORD ] = "record",
+ [ SPICE_CHANNEL_TUNNEL ] = "tunnel",
+ [ SPICE_CHANNEL_SMARTCARD ] = "smartcard",
+ [ SPICE_CHANNEL_USBREDIR ] = "usbredir",
+ [ SPICE_CHANNEL_PORT ] = "port",
+};
+
const gchar* spice_channel_type_to_string(gint type)
{
- static const char *to_string[] = {
- NULL,
- [ SPICE_CHANNEL_MAIN ] = "main",
- [ SPICE_CHANNEL_DISPLAY ] = "display",
- [ SPICE_CHANNEL_INPUTS ] = "inputs",
- [ SPICE_CHANNEL_CURSOR ] = "cursor",
- [ SPICE_CHANNEL_PLAYBACK ] = "playback",
- [ SPICE_CHANNEL_RECORD ] = "record",
- [ SPICE_CHANNEL_TUNNEL ] = "tunnel",
- [ SPICE_CHANNEL_SMARTCARD ] = "smartcard",
- [ SPICE_CHANNEL_USBREDIR ] = "usbredir",
- [ SPICE_CHANNEL_PORT ] = "port",
- };
const char *str = NULL;
if (type >= 0 && type < G_N_ELEMENTS(to_string)) {
@@ -1894,6 +1895,19 @@ const gchar* spice_channel_type_to_string(gint type)
return str ? str : "unknown channel type";
}
+gint spice_channel_string_to_type(const gchar *str)
+{
+ int i;
+
+ g_return_val_if_fail(str != NULL, -1);
+
+ for (i = 0; i < G_N_ELEMENTS(to_string); i++)
+ if (g_strcmp0(str, to_string[i]) == 0)
+ return i;
+
+ return -1;
+}
+
G_GNUC_INTERNAL
gchar *spice_channel_supported_string(void)
{
diff --git a/gtk/spice-channel.h b/gtk/spice-channel.h
index 4b2af33..0507b68 100644
--- a/gtk/spice-channel.h
+++ b/gtk/spice-channel.h
@@ -120,6 +120,7 @@ void spice_channel_set_capability(SpiceChannel *channel, guint32 cap);
#endif
const gchar* spice_channel_type_to_string(gint type);
+gint spice_channel_string_to_type(const gchar *str);
G_END_DECLS
commit 5bda83f9505aa2f9f063206c9a813b1285203a73
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Thu Apr 11 14:57:36 2013 +0200
Add function to return list of supported channels
diff --git a/gtk/spice-channel-priv.h b/gtk/spice-channel-priv.h
index b2d8a14..5584662 100644
--- a/gtk/spice-channel-priv.h
+++ b/gtk/spice-channel-priv.h
@@ -29,6 +29,7 @@
#include <sasl/sasl.h>
#endif
+#include "spice-channel.h"
#include "spice-util-priv.h"
#include "coroutine.h"
#include "gio-coroutine.h"
@@ -193,6 +194,7 @@ void spice_caps_set(GArray *caps, guint32 cap, const gchar *desc);
event, &((struct event) { args }), G_STRLOC); \
} G_STMT_END
+gchar *spice_channel_supported_string(void);
G_END_DECLS
diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index 333dcf3..10ed892 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -1894,6 +1894,26 @@ const gchar* spice_channel_type_to_string(gint type)
return str ? str : "unknown channel type";
}
+G_GNUC_INTERNAL
+gchar *spice_channel_supported_string(void)
+{
+ return g_strjoin(", ",
+ spice_channel_type_to_string(SPICE_CHANNEL_MAIN),
+ spice_channel_type_to_string(SPICE_CHANNEL_DISPLAY),
+ spice_channel_type_to_string(SPICE_CHANNEL_INPUTS),
+ spice_channel_type_to_string(SPICE_CHANNEL_CURSOR),
+ spice_channel_type_to_string(SPICE_CHANNEL_PLAYBACK),
+ spice_channel_type_to_string(SPICE_CHANNEL_RECORD),
+#ifdef USE_SMARTCARD
+ spice_channel_type_to_string(SPICE_CHANNEL_SMARTCARD),
+#endif
+#ifdef USE_USBREDIR
+ spice_channel_type_to_string(SPICE_CHANNEL_USBREDIR),
+#endif
+ NULL);
+}
+
+
/**
* spice_channel_new:
* @s: the @SpiceSession the channel is linked to
diff --git a/gtk/spice-session.c b/gtk/spice-session.c
index 2deb86a..448ef15 100644
--- a/gtk/spice-session.c
+++ b/gtk/spice-session.c
@@ -155,20 +155,7 @@ static void spice_session_init(SpiceSession *session)
SPICE_DEBUG("New session (compiled from package " PACKAGE_STRING ")");
s = session->priv = SPICE_SESSION_GET_PRIVATE(session);
- channels = g_strjoin(", ",
- spice_channel_type_to_string(SPICE_CHANNEL_MAIN),
- spice_channel_type_to_string(SPICE_CHANNEL_DISPLAY),
- spice_channel_type_to_string(SPICE_CHANNEL_INPUTS),
- spice_channel_type_to_string(SPICE_CHANNEL_CURSOR),
- spice_channel_type_to_string(SPICE_CHANNEL_PLAYBACK),
- spice_channel_type_to_string(SPICE_CHANNEL_RECORD),
-#ifdef USE_SMARTCARD
- spice_channel_type_to_string(SPICE_CHANNEL_SMARTCARD),
-#endif
-#ifdef USE_USBREDIR
- spice_channel_type_to_string(SPICE_CHANNEL_USBREDIR),
-#endif
- NULL);
+ channels = spice_channel_supported_string();
SPICE_DEBUG("Supported channels: %s", channels);
g_free(channels);
commit 00ef4fc3ab22a8350f09330a058d69f18617fb50
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Thu Apr 11 14:18:57 2013 +0200
session: add secure-channels property
diff --git a/gtk/spice-session-priv.h b/gtk/spice-session-priv.h
index d5df378..ee90615 100644
--- a/gtk/spice-session-priv.h
+++ b/gtk/spice-session-priv.h
@@ -73,6 +73,7 @@ struct _SpiceSessionPrivate {
gboolean inhibit_keyboard_grab;
GStrv disable_effects;
+ GStrv secure_channels;
gint color_depth;
int connection_id;
diff --git a/gtk/spice-session.c b/gtk/spice-session.c
index 3cbfd29..2deb86a 100644
--- a/gtk/spice-session.c
+++ b/gtk/spice-session.c
@@ -106,7 +106,8 @@ enum {
PROP_UUID,
PROP_NAME,
PROP_CA,
- PROP_PROXY
+ PROP_PROXY,
+ PROP_SECURE_CHANNELS
};
/* signals */
@@ -261,6 +262,7 @@ spice_session_finalize(GObject *gobject)
g_strfreev(s->smartcard_certificates);
g_free(s->smartcard_db);
g_strfreev(s->disable_effects);
+ g_strfreev(s->secure_channels);
spice_session_palettes_clear(session);
spice_session_images_clear(session);
@@ -500,6 +502,9 @@ static void spice_session_get_property(GObject *gobject,
case PROP_DISABLE_EFFECTS:
g_value_set_boxed(value, s->disable_effects);
break;
+ case PROP_SECURE_CHANNELS:
+ g_value_set_boxed(value, s->secure_channels);
+ break;
case PROP_COLOR_DEPTH:
g_value_set_int(value, s->color_depth);
break;
@@ -619,6 +624,10 @@ static void spice_session_set_property(GObject *gobject,
g_strfreev(s->disable_effects);
s->disable_effects = g_value_dup_boxed(value);
break;
+ case PROP_SECURE_CHANNELS:
+ g_strfreev(s->secure_channels);
+ s->secure_channels = g_value_dup_boxed(value);
+ break;
case PROP_COLOR_DEPTH:
s->color_depth = g_value_get_int(value);
break;
@@ -1021,6 +1030,23 @@ static void spice_session_class_init(SpiceSessionClass *klass)
G_PARAM_STATIC_STRINGS));
/**
+ * SpiceSession:secure-channels:
+ *
+ * A string array of channel types to be secured.
+ *
+ * Since: 0.20
+ **/
+ g_object_class_install_property
+ (gobject_class, PROP_SECURE_CHANNELS,
+ g_param_spec_boxed ("secure-channels",
+ "Secure channels",
+ "Array of channel type to secure",
+ G_TYPE_STRV,
+ G_PARAM_READWRITE |
+ G_PARAM_STATIC_STRINGS));
+
+
+ /**
* SpiceSession::channel-new:
* @session: the session that emitted the signal
* @channel: the new #SpiceChannel
commit 4b8a283c7d598ccef8311ada7519e850b65e1e5c
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Thu Apr 11 14:18:04 2013 +0200
channel: try TLS only once
A broken server may reply to switch to TLS again and again. spice-gtk
should only try once.
diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index 7061229..333dcf3 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -2312,7 +2312,7 @@ cleanup:
SPICE_CHANNEL_GET_CLASS(channel)->channel_disconnect(channel);
- if (switch_tls) {
+ if (switch_tls && !c->tls) {
c->tls = true;
spice_channel_connect(channel);
g_object_unref(channel);
commit cc638033a635cd228063855cb866cd791cb59214
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Thu Apr 11 14:16:59 2013 +0200
cosmetic: fix indentation and comment
diff --git a/gtk/spice-option.c b/gtk/spice-option.c
index 9ae1381..8248544 100644
--- a/gtk/spice-option.c
+++ b/gtk/spice-option.c
@@ -188,11 +188,11 @@ void spice_set_session_option(SpiceSession *session)
}
if (disable_effects) {
- GStrv effects;
- effects = g_strsplit(disable_effects, ",", -1);
- if (effects)
- g_object_set(session, "disable-effects", effects, NULL);
- g_strfreev(effects);
+ GStrv effects;
+ effects = g_strsplit(disable_effects, ",", -1);
+ if (effects)
+ g_object_set(session, "disable-effects", effects, NULL);
+ g_strfreev(effects);
}
if (color_depth)
g_object_set(session, "color-depth", color_depth, NULL);
diff --git a/gtk/spice-session.c b/gtk/spice-session.c
index 82beb5e..3cbfd29 100644
--- a/gtk/spice-session.c
+++ b/gtk/spice-session.c
@@ -859,7 +859,7 @@ static void spice_session_class_init(SpiceSessionClass *klass)
/**
* SpiceSession:disable-effects:
*
- * A comma-separated list of effects to disable. The settings will
+ * A string array of effects to disable. The settings will
* be applied on new display channels. The following effets can be
* disabled "wallpaper", "font-smooth", "animation", and "all",
* which will disable all the effects. If NULL, don't apply changes.
More information about the Spice-commits
mailing list