[Spice-devel] Usbredirection problem with digital signature pendrive

[Hans de Goede]

Hi,

On 02/21/2013 04:18 PM, Fabio Fantoni wrote:
> I have a problem with usb digital signature device with usbredirection.
> I have enabled on spicy Options->Auto redirect newly plugged in USB devices.
> The devices that I'm trying to redirect contains 2 components:
>
> Bus 002 Device 014: ID 1307:0163 Transcend Information, Inc. 256MB/512MB/1GB Flash Drive
> Bus 002 Device 015: ID 072f:100d Advanced Card Systems, Ltd
>
> If I insert the device after launch spicy session, I got only the flash drive automatic redirect but not the virtual smart card reader (072f:100d).
> To have digital signing working with Dike I need to select manually the redirection of such smartcard reader component.
> Why not automatically redirect also this one?
>
> Below some details, if you need more tell me and I'll post them.
> Thanks for any reply.

Ah, interesting device, I guess it also contains a build-in hub, and then the
2 separate devices. Not that that should be an issue, it is just interesting :)

The problem why the crypto part of it is not being redirected is because it
is (ab)using the hid interface class, and we don't auto-redirect those, because
of someone for example inserts a mouse into his laptop, that someone usually
prefers for the mouse to also work outside of the virt-viewer window.

The filtering of which devices to redirect is controlled by the
--spice-usbredir-filter cmdline option
The default value is:
0x03,-1,-1,-1,0|-1,-1,-1,-1,1

Which means do not auto-redirect class 3 devices (so hid) and do auto-redir
everything else.
spice-usbredir-filter
A simple workaround should be passing the following on the cmdline:
--spice-usbredir-filter='-1,-1,-1,-1,1'

A better solution would be to pass:
--spice-usbredir-filter='-1,0x072f,0x100d,-1,1|0x03,-1,-1,-1,0|-1,-1,-1,-1,1'

Which will explicitly allow the Advanced Card Systems device, while
still disallowing auto-redir for other hid devices. Here is the gtk-doc
blurb on the filter format:

      * SpiceUsbDeviceManager:auto-connect-filter:
      *
      * Set a string specifying a filter to use to determine which USB devices
      * to autoconnect when plugged in, a filter consists of one or more rules.
      * Where each rule has the form of:
      *
      * @class, at vendor, at product, at version, at allow
      *
      * Use -1 for @class/@vendor/@product/@version to accept any value.
      *
      * And the rules are themselves are concatonated like this:
      *
      * @rule1|@rule2|@rule3
      *
      * The default setting filters out HID (class 0x03) USB devices from auto
      * connect and auto connects anything else. Note the explicit allow rule at
      * the end, this is necessary since by default all devices without a
      * matching filter rule will not auto-connect.

Regards,

Hans