External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-30 21:47:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

domain_conf: add "default" to list of valid spice channels

Browse Source 
qemu's behavior in this case is to change the spice server behavior to
require secure connection to any channel not otherwise specified as
being in plaintext mode. libvirt doesn't currently allow requesting this
(via plaintext-channel=<channel name>).

RHBZ: 819499

Signed-off-by: Alon Levy <alevy@redhat.com>
This commit is contained in:
Alon Levy 2012-05-08 20:42:44 +03:00 committed by Eric Blake
parent 4e78ffb634
commit ba97e4edc6
7 changed files with 52 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/formatdomain.html.in
View File

@ -2929,6 +2929,13 @@ qemu-kvm -net nic,model=? /dev/null
<span class="since">Since 0.9.3</span>
NB, this may not be supported by all hypervisors.
<span class="since">"spice" since 0.8.6</span>.
The <code>defaultMode</code> attribute sets the default channel
security policy, valid values are <code>secure</code>,
<code>insecure</code> and the default <code>any</code>
(which is secure if possible, but falls back to insecure
rather than erroring out if no secure path is
available). <span class="since">"defaultMode" since
0.9.12</span>.
</p>
<p>
When SPICE has both a normal and TLS secured TCP port

9
docs/schemas/domaincommon.rng
View File

@ -1774,6 +1774,15 @@
</choice>
</attribute>
</optional>
<optional>
<attribute name="defaultMode">
<choice>
<value>any</value>
<value>secure</value>
<value>insecure</value>
</choice>
</attribute>
</optional>
<interleave>
<ref name="listenElements"/>
<zeroOrMore>

20
src/conf/domain_conf.c
View File

@ -6071,6 +6071,8 @@ virDomainGraphicsDefParseXML(xmlNodePtr node,
char *port = virXMLPropString(node, "port");
char *tlsPort;
char *autoport;
char *defaultMode;
int defaultModeVal;
if (port) {
if (virStrToLong_i(port, NULL, 10, &def->data.spice.port) < 0) {
@ -6103,6 +6105,20 @@ virDomainGraphicsDefParseXML(xmlNodePtr node,
VIR_FREE(autoport);
}
def->data.spice.defaultMode = VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY;
if ((defaultMode = virXMLPropString(node, "defaultMode")) != NULL) {
if ((defaultModeVal = virDomainGraphicsSpiceChannelModeTypeFromString(defaultMode)) < 0) {
virDomainReportError(VIR_ERR_INTERNAL_ERROR,
_("unknown default spice channel mode %s"),
defaultMode);
VIR_FREE(defaultMode);
goto error;
}
def->data.spice.defaultMode = defaultModeVal;
VIR_FREE(defaultMode);
}
if (def->data.spice.port == -1 && def->data.spice.tlsPort == -1) {
/* Legacy compat syntax, used -1 for auto-port */
def->data.spice.autoport = 1;
@ -12124,6 +12140,10 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
virBufferEscapeString(buf, " keymap='%s'",
def->data.spice.keymap);
if (def->data.spice.defaultMode != VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY)
virBufferAsprintf(buf, " defaultMode='%s'",
virDomainGraphicsSpiceChannelModeTypeToString(def->data.spice.defaultMode));
virDomainGraphicsAuthDefFormatAttr(buf, &def->data.spice.auth, flags);
break;

1
src/conf/domain_conf.h
View File

@ -1233,6 +1233,7 @@ struct _virDomainGraphicsDef {
virDomainGraphicsAuthDef auth;
unsigned int autoport :1;
int channels[VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST];
int defaultMode; /* enum virDomainGraphicsSpiceChannelMode */
int image;
int jpeg;
int zlib;

13
src/qemu/qemu_command.c
View File

@ -5463,6 +5463,7 @@ qemuBuildCommandLine(virConnectPtr conn,
const char *listenAddr = NULL;
char *netAddr = NULL;
int ret;
int defaultMode = def->graphics[0]->data.spice.defaultMode;
if (!qemuCapsGet(qemuCaps, QEMU_CAPS_SPICE)) {
qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@ -5546,6 +5547,18 @@ qemuBuildCommandLine(virConnectPtr conn,
virBufferAsprintf(&opt, ",x509-dir=%s",
driver->spiceTLSx509certdir);
switch (defaultMode) {
case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
virBufferAsprintf(&opt, ",tls-channel=default");
break;
case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_INSECURE:
virBufferAsprintf(&opt, ",plaintext-channel=default");
break;
case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY:
/* nothing */
break;
}
for (i = 0 ; i < VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST ; i++) {
int mode = def->graphics[0]->data.spice.channels[i];
switch (mode) {

2
tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
View File

@ -2,7 +2,7 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=spice \
/usr/bin/qemu -S -M pc -m 214 -smp 1 -nodefaults -monitor \
unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
/dev/HostVG/QEMUGuest1 -usb -spice port=5903,tls-port=5904,addr=127.0.0.1,\
x509-dir=/etc/pki/libvirt-spice,tls-channel=main,plaintext-channel=inputs,\
x509-dir=/etc/pki/libvirt-spice,tls-channel=default,tls-channel=main,plaintext-channel=inputs,\
image-compression=auto_glz,jpeg-wan-compression=auto,zlib-glz-wan-compression=auto,\
playback-compression=on,streaming-video=filter,disable-copy-paste -vga \
qxl -global qxl.vram_size=18874368 -device qxl,id=video1,vram_size=33554432,bus=pci.0,addr=0x4 \

2
tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
View File

@ -22,7 +22,7 @@
<controller type='usb' index='0'/>
<controller type='ide' index='0'/>
<input type='mouse' bus='ps2'/>
<graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1'>
<graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1' defaultMode='secure'>
<listen type='address' address='127.0.0.1'/>
<channel name='main' mode='secure'/>
<channel name='inputs' mode='insecure'/>