[Spice-devel] [PATCH spice-gtk 6/6] session: enforce secure channels

Marc-André Lureau marcandre.lureau at gmail.com
Thu Apr 11 06:10:00 PDT 2013 

---
 gtk/spice-channel.c      |  2 +-
 gtk/spice-session-priv.h |  2 +-
 gtk/spice-session.c      | 11 +++++++++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index b9ce899..0a32d6c 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -2231,7 +2231,7 @@ static void *spice_channel_coroutine(void *data)
     }
 
 reconnect:
-    c->conn = spice_session_channel_open_host(c->session, channel, c->tls);
+    c->conn = spice_session_channel_open_host(c->session, channel, &c->tls);
     if (c->conn == NULL) {
         if (!c->tls) {
             CHANNEL_DEBUG(channel, "trying with TLS port");
diff --git a/gtk/spice-session-priv.h b/gtk/spice-session-priv.h
index ee90615..de4e40c 100644
--- a/gtk/spice-session-priv.h
+++ b/gtk/spice-session-priv.h
@@ -116,7 +116,7 @@ int spice_session_get_connection_id(SpiceSession *session);
 gboolean spice_session_get_client_provided_socket(SpiceSession *session);
 
 GSocketConnection* spice_session_channel_open_host(SpiceSession *session, SpiceChannel *channel,
-                                                   gboolean use_tls);
+                                                   gboolean *use_tls);
 void spice_session_channel_new(SpiceSession *session, SpiceChannel *channel);
 void spice_session_channel_destroy(SpiceSession *session, SpiceChannel *channel);
 void spice_session_channel_migrate(SpiceSession *session, SpiceChannel *channel);
diff --git a/gtk/spice-session.c b/gtk/spice-session.c
index 448ef15..e60e904 100644
--- a/gtk/spice-session.c
+++ b/gtk/spice-session.c
@@ -1760,9 +1760,10 @@ static gboolean open_host_idle_cb(gpointer data)
 /* coroutine context */
 G_GNUC_INTERNAL
 GSocketConnection* spice_session_channel_open_host(SpiceSession *session, SpiceChannel *channel,
-                                                   gboolean use_tls)
+                                                   gboolean *use_tls)
 {
     SpiceSessionPrivate *s = SPICE_SESSION_GET_PRIVATE(session);
+    SpiceChannelPrivate *c = channel->priv;
     spice_open_host open_host = { 0, };
     gchar *port, *endptr;
 
@@ -1770,7 +1771,13 @@ GSocketConnection* spice_session_channel_open_host(SpiceSession *session, SpiceC
     open_host.from = coroutine_self();
     open_host.session = session;
     open_host.channel = channel;
-    port = use_tls ? s->tls_port : s->port;
+
+    const char *name = spice_channel_type_to_string(c->channel_type);
+    if (spice_strv_contains(s->secure_channels, "all") ||
+        spice_strv_contains(s->secure_channels, name))
+        *use_tls = TRUE;
+
+    port = *use_tls ? s->tls_port : s->port;
     if (port == NULL)
         return NULL;
 
-- 
1.8.2.1.342.gfa7285d

More information about the Spice-devel mailing list