[Spice-commits] 3 commits - man/spice-client.pod src/spice-session.c tests/session.c
Frediano Ziglio
fziglio at kemper.freedesktop.org
Fri Mar 2 17:17:06 UTC 2018
man/spice-client.pod | 29 +++++++++++++++++------------
src/spice-session.c | 46 +++++++++++++++++++++++++++++++++-------------
tests/session.c | 44 +++++++++++++++++++++++++++++++++-----------
3 files changed, 83 insertions(+), 36 deletions(-)
New commits:
commit d2700d3524e1ed4bbf4b725472854cb50f130d3a
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Fri Feb 16 11:13:08 2018 +0100
tests: add spice+tls:// tests
They couldn't not be introduced before, because the test needs both
parsing and generation.
Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
Acked-by: Frediano Ziglio <fziglio at redhat.com>
diff --git a/tests/session.c b/tests/session.c
index fc874fc..f0ecda2 100644
--- a/tests/session.c
+++ b/tests/session.c
@@ -21,7 +21,7 @@ static void test_session_uri_bad(void)
struct {
const GLogLevelFlags log_level;
const gchar *message;
- } messages[2];
+ } messages[4];
} uris[] = {
{
"scheme://host?port",
@@ -111,6 +111,25 @@ static void test_session_uri_bad(void)
"*assertion 's->port != NULL || s->tls_port != NULL' failed",
},
}
+ },{
+ "spice+tls://hostname?tls-port=1234&port=3456",
+ {
+ {
+ G_LOG_LEVEL_WARNING,
+ "spice+tls:// scheme doesn't accept 'tls-port'",
+ },
+ {
+ G_LOG_LEVEL_WARNING,
+ "spice+tls:// scheme doesn't accept 'port'",
+ },
+ {
+ G_LOG_LEVEL_WARNING,
+ "Missing port or tls-port in spice URI *",
+ },{
+ G_LOG_LEVEL_CRITICAL,
+ "*assertion 's->port != NULL || s->tls_port != NULL' failed",
+ },
+ }
},
};
@@ -233,6 +252,9 @@ static void test_session_uri_ipv4_good(void)
NULL, NULL,
"spice://127.0.0.1:42?tls-port=5930",
"spice://127.0.0.1?port=42&tls-port=5930" },
+ { .uri_input = "spice+tls://hostname:39",
+ .host = "hostname",
+ .tls_port = "39" }
};
test_session_uri_good(tests, G_N_ELEMENTS(tests));
commit 4e63a1339b58879d1c4b31e4ed7b05aa91c5a9c2
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Fri Feb 16 11:13:07 2018 +0100
uri: generate spice://host:port or spice+tls://host:port
Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
Acked-by: Frediano Ziglio <fziglio at redhat.com>
diff --git a/src/spice-session.c b/src/spice-session.c
index d2aa5e7..57acc63 100644
--- a/src/spice-session.c
+++ b/src/spice-session.c
@@ -400,19 +400,24 @@ static gchar* spice_uri_create(SpiceSession *session)
if (s->unix_path != NULL) {
return g_strdup_printf(URI_SCHEME_SPICE_UNIX "%s", s->unix_path);
} else if (s->host != NULL) {
+ const char *port, *scheme;
g_return_val_if_fail(s->port != NULL || s->tls_port != NULL, NULL);
- GString *str = g_string_new(URI_SCHEME_SPICE);
-
- g_string_append(str, s->host);
- g_string_append(str, "?");
- if (s->port != NULL) {
- g_string_append_printf(str, "port=%s&", s->port);
+ if (s->tls_port && s->port) {
+ /* both set, use spice://foo?port=4390&tls-port= form */
+ return g_strdup_printf(URI_SCHEME_SPICE "%s?port=%s&tls-port=%s",
+ s->host, s->port, s->tls_port);
}
- if (s->tls_port != NULL) {
- g_string_append_printf(str, "tls-port=%s", s->tls_port);
+
+ /* one set, use spice://foo:4390 or spice+tls://.. form */
+ if (s->tls_port) {
+ scheme = URI_SCHEME_SPICE_TLS;
+ port = s->tls_port;
+ } else {
+ scheme = URI_SCHEME_SPICE;
+ port = s->port;
}
- return g_string_free(str, FALSE);
+ return g_strdup_printf("%s%s:%s", scheme, s->host, port);
}
g_return_val_if_reached(NULL);
diff --git a/tests/session.c b/tests/session.c
index 413d812..fc874fc 100644
--- a/tests/session.c
+++ b/tests/session.c
@@ -201,28 +201,28 @@ static void test_session_uri_ipv4_good(void)
"localhost",
NULL, NULL,
"spice://localhost?port=5900&tls-port=",
- "spice://localhost?port=5900&" },
+ "spice://localhost:5900" },
{ "5910", NULL,
"localhost",
"user", NULL,
"spice://user@localhost?tls-port=&port=5910",
- "spice://localhost?port=5910&" },
+ "spice://localhost:5910" },
{ NULL, "5920",
"localhost",
"user", "password",
"spice://user@localhost?tls-port=5920&port=&password=password",
- "spice://localhost?tls-port=5920",
+ "spice+tls://localhost:5920",
"password may be visible in process listings"},
{ NULL, "5930",
"localhost",
NULL, NULL,
"spice://localhost?port=&tls-port=5930",
- "spice://localhost?tls-port=5930" },
+ "spice+tls://localhost:5930" },
{ "42", NULL,
"localhost",
NULL, NULL,
"spice://localhost:42",
- "spice://localhost?port=42&" },
+ "spice://localhost:42" },
{ "42", "5930",
"localhost",
NULL, NULL,
@@ -246,28 +246,28 @@ static void test_session_uri_ipv6_good(void)
"[2010:836B:4179::836B:4179]",
NULL, NULL,
"spice://[2010:836B:4179::836B:4179]?port=5900&tls-port=",
- "spice://[2010:836B:4179::836B:4179]?port=5900&" },
+ "spice://[2010:836B:4179::836B:4179]:5900" },
{ "5910", NULL,
"[::192.9.5.5]",
"user", NULL,
"spice://user@[::192.9.5.5]?tls-port=&port=5910",
- "spice://[::192.9.5.5]?port=5910&" },
+ "spice://[::192.9.5.5]:5910" },
{ NULL, "5920",
"[3ffe:2a00:100:7031::1]",
"user", "password",
"spice://user@[3ffe:2a00:100:7031::1]?tls-port=5920&port=&password=password",
- "spice://[3ffe:2a00:100:7031::1]?tls-port=5920",
+ "spice+tls://[3ffe:2a00:100:7031::1]:5920",
"password may be visible in process listings"},
{ NULL, "5930",
"[1080:0:0:0:8:800:200C:417A]",
NULL, NULL,
"spice://[1080:0:0:0:8:800:200C:417A]?port=&tls-port=5930",
- "spice://[1080:0:0:0:8:800:200C:417A]?tls-port=5930" },
+ "spice+tls://[1080:0:0:0:8:800:200C:417A]:5930" },
{ "42", NULL,
"[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]",
NULL, NULL,
"spice://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]:42",
- "spice://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]?port=42&" },
+ "spice://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]:42" },
{ "42", "5930",
"[::192.9.5.5]",
NULL, NULL,
commit cd026fe1acec109498deb36c71284962d1b095bf
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Fri Feb 16 11:13:06 2018 +0100
uri: learn to parse spice+tls:// form
spice:// has a weird scheme encoding, where it can accept both plain
and tls ports with URI query parameters. However, it's not very
convenient nor very common to use (who really want to mix plain & tls
channels?).
Instead, let's introduce the more readable form spice+tls://host:port
This form will not accept 'port' or 'tls-port' query string parameter.
Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
Acked-by: Frediano Ziglio <fziglio at redhat.com>
diff --git a/man/spice-client.pod b/man/spice-client.pod
index 7288b84..459e5f1 100644
--- a/man/spice-client.pod
+++ b/man/spice-client.pod
@@ -12,23 +12,24 @@ can be used to tweak some SPICE-specific option.
=head1 URI
-The most basic SPICE URI which can be used is in the form
+To initiate a plain SPICE connection (the connection will be
+unencrypted) to hostname.example.com and port 5900, use the following
+URI:
+
spice://hostname.example.com:5900
-This will try to initiate a SPICE connection to hostname.example.com
-to port 5900. This connection will be unencrypted. This URI is
-equivalent to
- spice://hostname.example.com?port=5900
+In order to start a TLS connection, one would use:
-In order to start a TLS connection, one would use
- spice://hostname.example.com?tls-port=5900
+ spice+tls://hostname.example.com:5900
-Other valid URI parameters are 'username' and 'password'. Be careful that
-passing a password through a SPICE URI might cause the password to be
-visible by any local user through 'ps'.
+Note: 'spice+tls' is available since v0.35, you have to use the
+spice:// query string with the 'tls-port' parameter before that.
+
+=head1 URI query string
+
+spice URI accepts query string. Several parameters can be specified at
+once if they are separated by & or ;
-Several parameters can be specified at once if they are separated
-by & or ;
spice://hostname.example.com?port=5900;tls-port=5901
When using 'tls-port', it's recommended to not specify any non-TLS port.
@@ -39,6 +40,10 @@ then try to use the TLS port. This means a man-in-the-middle could force
the whole SPICE session to go in clear text regardless of the TLS settings
of the SPICE server.
+Other valid URI parameters are 'username' and 'password'. Be careful that
+passing a password through a SPICE URI might cause the password to be
+visible by any local user through 'ps'.
+
=head1 OPTIONS
The following options are accepted when running a SPICE client which
diff --git a/src/spice-session.c b/src/spice-session.c
index e6db424..d2aa5e7 100644
--- a/src/spice-session.c
+++ b/src/spice-session.c
@@ -389,6 +389,7 @@ spice_session_finalize(GObject *gobject)
#define URI_SCHEME_SPICE "spice://"
#define URI_SCHEME_SPICE_UNIX "spice+unix://"
+#define URI_SCHEME_SPICE_TLS "spice+tls://"
#define URI_QUERY_START ";?"
#define URI_QUERY_SEP ";&"
@@ -425,6 +426,7 @@ static int spice_parse_uri(SpiceSession *session, const char *original_uri)
gchar *authority = NULL;
gchar *query = NULL;
gchar *tmp = NULL;
+ bool tls_scheme = false;
g_return_val_if_fail(original_uri != NULL, -1);
@@ -438,12 +440,16 @@ static int spice_parse_uri(SpiceSession *session, const char *original_uri)
/* Break up the URI into its various parts, scheme, authority,
* path (ignored) and query
*/
- if (!g_str_has_prefix(uri, URI_SCHEME_SPICE)) {
+ if (g_str_has_prefix(uri, URI_SCHEME_SPICE)) {
+ authority = uri + strlen(URI_SCHEME_SPICE);
+ } else if (g_str_has_prefix(uri, URI_SCHEME_SPICE_TLS)) {
+ authority = uri + strlen(URI_SCHEME_SPICE_TLS);
+ tls_scheme = true;
+ } else {
g_warning("Expected a URI scheme of '%s' in URI '%s'",
URI_SCHEME_SPICE, uri);
goto fail;
}
- authority = uri + strlen(URI_SCHEME_SPICE);
tmp = strchr(authority, '@');
if (tmp) {
@@ -531,6 +537,11 @@ static int spice_parse_uri(SpiceSession *session, const char *original_uri)
if (*query)
query++;
+ if (tls_scheme && (g_str_equal(key, "port") || g_str_equal(key, "tls-port"))) {
+ g_warning(URI_SCHEME_SPICE_TLS " scheme doesn't accept '%s'", key);
+ continue;
+ }
+
target_key = NULL;
if (g_str_equal(key, "port")) {
target_key = &port;
@@ -568,8 +579,12 @@ end:
s->unix_path = g_strdup(path);
g_free(uri);
s->host = host;
- s->port = port;
- s->tls_port = tls_port;
+ if (tls_scheme) {
+ s->tls_port = port;
+ } else {
+ s->port = port;
+ s->tls_port = tls_port;
+ }
s->username = username;
s->password = password;
return 0;
More information about the Spice-commits
mailing list