* [Qemu-devel] [PULL] spice patch queue
@ 2011-05-18 15:08 Gerd Hoffmann
2011-05-18 15:08 ` [Qemu-devel] [PATCH 1/6] spice-qemu-char: Fix flow control in client -> guest direction Gerd Hoffmann
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Gerd Hoffmann @ 2011-05-18 15:08 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
Hi,
Here is the spice patch queue, bringing SASL support for spice (by
Marc-André Lureau) and a few bug fixes.
please pull,
Gerd
The following changes since commit 96d19bcbf5f679bbaaeab001b572c367fbfb2b03:
ahci: Unbreak bar registration (2011-05-16 10:15:47 -0500)
are available in the git repository at:
git://anongit.freedesktop.org/spice/qemu spice.v36
Gerd Hoffmann (3):
qxl: add to the list of devices which disable the default vga
qemu-config: comment spell fix
spice: require spice 0.6.0 or newer.
Hans de Goede (2):
spice-qemu-char: Fix flow control in client -> guest direction
spice: add option for disabling copy paste support
Marc-André Lureau (1):
spice: add SASL support
configure | 2 +-
qemu-config.c | 12 +++++++++---
qemu-options.hx | 16 ++++++++++++++++
spice-qemu-char.c | 11 +++++------
ui/spice-core.c | 26 ++++++++++++++++++--------
vl.c | 1 +
6 files changed, 50 insertions(+), 18 deletions(-)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH 1/6] spice-qemu-char: Fix flow control in client -> guest direction
2011-05-18 15:08 [Qemu-devel] [PULL] spice patch queue Gerd Hoffmann
@ 2011-05-18 15:08 ` Gerd Hoffmann
2011-05-18 15:08 ` [Qemu-devel] [PATCH 2/6] spice: add option for disabling copy paste support Gerd Hoffmann
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Gerd Hoffmann @ 2011-05-18 15:08 UTC (permalink / raw)
To: qemu-devel; +Cc: Hans de Goede
From: Hans de Goede <hdegoede@redhat.com>
In the old spice-vmc device we used to have:
last_out = virtio_serial_write(&svc->port, p, MIN(len, VMC_MAX_HOST_WRITE));
if (last_out > 0)
...
Now in the chardev backend we have:
last_out = MIN(len, VMC_MAX_HOST_WRITE);
qemu_chr_read(scd->chr, p, last_out);
if (last_out > 0) {
...
Which causes us to no longer detect if the virtio port is not ready
to receive data from us. chardev actually has a mechanism to detect this,
but it requires a separate call to qemu_chr_can_read, before calling
qemu_chr_read (which return void).
This patch uses qemu_chr_can_read to fix the flow control from client to
guest.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
spice-qemu-char.c | 11 +++++------
1 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/spice-qemu-char.c b/spice-qemu-char.c
index fa15a71..605c241 100644
--- a/spice-qemu-char.c
+++ b/spice-qemu-char.c
@@ -36,14 +36,13 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
while (len > 0) {
last_out = MIN(len, VMC_MAX_HOST_WRITE);
- qemu_chr_read(scd->chr, p, last_out);
- if (last_out > 0) {
- out += last_out;
- len -= last_out;
- p += last_out;
- } else {
+ if (qemu_chr_can_read(scd->chr) < last_out) {
break;
}
+ qemu_chr_read(scd->chr, p, last_out);
+ out += last_out;
+ len -= last_out;
+ p += last_out;
}
dprintf(scd, 3, "%s: %lu/%zd\n", __func__, out, len + out);
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH 2/6] spice: add option for disabling copy paste support
2011-05-18 15:08 [Qemu-devel] [PULL] spice patch queue Gerd Hoffmann
2011-05-18 15:08 ` [Qemu-devel] [PATCH 1/6] spice-qemu-char: Fix flow control in client -> guest direction Gerd Hoffmann
@ 2011-05-18 15:08 ` Gerd Hoffmann
2011-05-18 15:09 ` [Qemu-devel] [PATCH 3/6] qxl: add to the list of devices which disable the default vga Gerd Hoffmann
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Gerd Hoffmann @ 2011-05-18 15:08 UTC (permalink / raw)
To: qemu-devel; +Cc: Hans de Goede
From: Hans de Goede <hdegoede@redhat.com>
Some people want to be able disable spice's guest <-> client copy paste support
because of security considerations.
[ kraxel: drop old-version error message ]
---
qemu-config.c | 3 +++
qemu-options.hx | 3 +++
ui/spice-core.c | 6 ++++++
3 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/qemu-config.c b/qemu-config.c
index 5d7ffa2..04c97e5 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -385,6 +385,9 @@ QemuOptsList qemu_spice_opts = {
.name = "disable-ticketing",
.type = QEMU_OPT_BOOL,
},{
+ .name = "disable-copy-paste",
+ .type = QEMU_OPT_BOOL,
+ },{
.name = "x509-dir",
.type = QEMU_OPT_STRING,
},{
diff --git a/qemu-options.hx b/qemu-options.hx
index 82e085a..63e8cb0 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -717,6 +717,9 @@ Set the password you need to authenticate.
@item disable-ticketing
Allow client connects without authentication.
+@item disable-copy-paste
+Disable copy paste between the client and the guest.
+
@item tls-port=<nr>
Set the TCP port spice is listening on for encrypted channels.
diff --git a/ui/spice-core.c b/ui/spice-core.c
index ef56ed6..a3351f3 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -554,6 +554,12 @@ void qemu_spice_init(void)
spice_server_set_noauth(spice_server);
}
+#if SPICE_SERVER_VERSION >= 0x000801
+ if (qemu_opt_get_bool(opts, "disable-copy-paste", 0)) {
+ spice_server_set_agent_copypaste(spice_server, false);
+ }
+#endif
+
compression = SPICE_IMAGE_COMPRESS_AUTO_GLZ;
str = qemu_opt_get(opts, "image-compression");
if (str) {
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH 3/6] qxl: add to the list of devices which disable the default vga
2011-05-18 15:08 [Qemu-devel] [PULL] spice patch queue Gerd Hoffmann
2011-05-18 15:08 ` [Qemu-devel] [PATCH 1/6] spice-qemu-char: Fix flow control in client -> guest direction Gerd Hoffmann
2011-05-18 15:08 ` [Qemu-devel] [PATCH 2/6] spice: add option for disabling copy paste support Gerd Hoffmann
@ 2011-05-18 15:09 ` Gerd Hoffmann
2011-05-18 15:09 ` [Qemu-devel] [PATCH 4/6] spice: add SASL support Gerd Hoffmann
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Gerd Hoffmann @ 2011-05-18 15:09 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
vl.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/vl.c b/vl.c
index bffba69..a280974 100644
--- a/vl.c
+++ b/vl.c
@@ -286,6 +286,7 @@ static struct {
{ .driver = "VGA", .flag = &default_vga },
{ .driver = "cirrus-vga", .flag = &default_vga },
{ .driver = "vmware-svga", .flag = &default_vga },
+ { .driver = "qxl-vga", .flag = &default_vga },
};
static int default_driver_check(QemuOpts *opts, void *opaque)
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH 4/6] spice: add SASL support
2011-05-18 15:08 [Qemu-devel] [PULL] spice patch queue Gerd Hoffmann
` (2 preceding siblings ...)
2011-05-18 15:09 ` [Qemu-devel] [PATCH 3/6] qxl: add to the list of devices which disable the default vga Gerd Hoffmann
@ 2011-05-18 15:09 ` Gerd Hoffmann
2011-05-18 15:09 ` [Qemu-devel] [PATCH 5/6] qemu-config: comment spell fix Gerd Hoffmann
2011-05-18 15:09 ` [Qemu-devel] [PATCH 6/6] spice: require spice 0.6.0 or newer Gerd Hoffmann
5 siblings, 0 replies; 7+ messages in thread
From: Gerd Hoffmann @ 2011-05-18 15:09 UTC (permalink / raw)
To: qemu-devel; +Cc: Marc-André Lureau, Gerd Hoffmann
From: Marc-André Lureau <marcandre.lureau@gmail.com>
Turn on SASL support by appending "sasl" to the spice arguments, which
requires that the client use SASL to authenticate with the spice. The
exact choice of authentication method used is controlled from the
system / user's SASL configuration file for the 'qemu' service. This
is typically found in /etc/sasl2/qemu.conf. If running QEMU as an
unprivileged user, an environment variable SASL_CONF_PATH can be used
to make it search alternate locations for the service config. While
some SASL auth methods can also provide data encryption (eg GSSAPI),
it is recommended that SASL always be combined with the 'tls' and
'x509' settings to enable use of SSL and server certificates. This
ensures a data encryption preventing compromise of authentication
credentials.
It requires support from spice 0.8.1.
[ kraxel: moved spell fix to separate commit ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
qemu-config.c | 3 +++
qemu-options.hx | 13 +++++++++++++
ui/spice-core.c | 12 ++++++++++++
3 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/qemu-config.c b/qemu-config.c
index 04c97e5..b00aa3a 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -388,6 +388,9 @@ QemuOptsList qemu_spice_opts = {
.name = "disable-copy-paste",
.type = QEMU_OPT_BOOL,
},{
+ .name = "sasl",
+ .type = QEMU_OPT_BOOL,
+ },{
.name = "x509-dir",
.type = QEMU_OPT_STRING,
},{
diff --git a/qemu-options.hx b/qemu-options.hx
index 63e8cb0..d9edff7 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -714,6 +714,19 @@ Force using the specified IP version.
@item password=<secret>
Set the password you need to authenticate.
+@item sasl
+Require that the client use SASL to authenticate with the spice.
+The exact choice of authentication method used is controlled from the
+system / user's SASL configuration file for the 'qemu' service. This
+is typically found in /etc/sasl2/qemu.conf. If running QEMU as an
+unprivileged user, an environment variable SASL_CONF_PATH can be used
+to make it search alternate locations for the service config.
+While some SASL auth methods can also provide data encryption (eg GSSAPI),
+it is recommended that SASL always be combined with the 'tls' and
+'x509' settings to enable use of SSL and server certificates. This
+ensures a data encryption preventing compromise of authentication
+credentials.
+
@item disable-ticketing
Allow client connects without authentication.
diff --git a/ui/spice-core.c b/ui/spice-core.c
index a3351f3..457d34d 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -549,6 +549,18 @@ void qemu_spice_init(void)
if (password) {
spice_server_set_ticket(spice_server, password, 0, 0, 0);
}
+ if (qemu_opt_get_bool(opts, "sasl", 0)) {
+#if SPICE_SERVER_VERSION >= 0x000900 /* 0.9.0 */
+ if (spice_server_set_sasl_appname(spice_server, "qemu") == -1 ||
+ spice_server_set_sasl(spice_server, 1) == -1) {
+ fprintf(stderr, "spice: failed to enable sasl\n");
+ exit(1);
+ }
+#else
+ fprintf(stderr, "spice: sasl is not available (spice >= 0.9 required)\n");
+ exit(1);
+#endif
+ }
if (qemu_opt_get_bool(opts, "disable-ticketing", 0)) {
auth = "none";
spice_server_set_noauth(spice_server);
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH 5/6] qemu-config: comment spell fix
2011-05-18 15:08 [Qemu-devel] [PULL] spice patch queue Gerd Hoffmann
` (3 preceding siblings ...)
2011-05-18 15:09 ` [Qemu-devel] [PATCH 4/6] spice: add SASL support Gerd Hoffmann
@ 2011-05-18 15:09 ` Gerd Hoffmann
2011-05-18 15:09 ` [Qemu-devel] [PATCH 6/6] spice: require spice 0.6.0 or newer Gerd Hoffmann
5 siblings, 0 replies; 7+ messages in thread
From: Gerd Hoffmann @ 2011-05-18 15:09 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
qemu-config.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/qemu-config.c b/qemu-config.c
index b00aa3a..c63741c 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -306,7 +306,7 @@ static QemuOptsList qemu_trace_opts = {
.name = "file",
.type = QEMU_OPT_STRING,
},
- { /* end if list */ }
+ { /* end of list */ }
},
};
#endif
@@ -436,7 +436,7 @@ QemuOptsList qemu_spice_opts = {
.name = "playback-compression",
.type = QEMU_OPT_BOOL,
},
- { /* end if list */ }
+ { /* end of list */ }
},
};
@@ -452,7 +452,7 @@ QemuOptsList qemu_option_rom_opts = {
.name = "romfile",
.type = QEMU_OPT_STRING,
},
- { /* end if list */ }
+ { /* end of list */ }
},
};
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Qemu-devel] [PATCH 6/6] spice: require spice 0.6.0 or newer.
2011-05-18 15:08 [Qemu-devel] [PULL] spice patch queue Gerd Hoffmann
` (4 preceding siblings ...)
2011-05-18 15:09 ` [Qemu-devel] [PATCH 5/6] qemu-config: comment spell fix Gerd Hoffmann
@ 2011-05-18 15:09 ` Gerd Hoffmann
5 siblings, 0 replies; 7+ messages in thread
From: Gerd Hoffmann @ 2011-05-18 15:09 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
This patch raises the minimum required spice version to 0.6.0 and drops
a few ifdefs.
0.6.0 is the first stable release with the current libspice-server API,
there shouldn't be any 0.5.x development versions deployed any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
configure | 2 +-
ui/spice-core.c | 8 --------
2 files changed, 1 insertions(+), 9 deletions(-)
diff --git a/configure b/configure
index d7dba5d..6a95292 100755
--- a/configure
+++ b/configure
@@ -2428,7 +2428,7 @@ int main(void) { spice_server_new(); return 0; }
EOF
spice_cflags=$($pkg_config --cflags spice-protocol spice-server 2>/dev/null)
spice_libs=$($pkg_config --libs spice-protocol spice-server 2>/dev/null)
- if $pkg_config --atleast-version=0.5.3 spice-server >/dev/null 2>&1 && \
+ if $pkg_config --atleast-version=0.6.0 spice-server >/dev/null 2>&1 && \
compile_prog "$spice_cflags" "$spice_libs" ; then
spice="yes"
libs_softmmu="$libs_softmmu $spice_libs"
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 457d34d..dd9905b 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -299,8 +299,6 @@ static int parse_name(const char *string, const char *optname,
exit(1);
}
-#if SPICE_SERVER_VERSION >= 0x000600 /* 0.6.0 */
-
static const char *stream_video_names[] = {
[ SPICE_STREAM_VIDEO_OFF ] = "off",
[ SPICE_STREAM_VIDEO_ALL ] = "all",
@@ -309,8 +307,6 @@ static const char *stream_video_names[] = {
#define parse_stream_video(_name) \
name2enum(_name, stream_video_names, ARRAY_SIZE(stream_video_names))
-#endif /* >= 0.6.0 */
-
static const char *compression_names[] = {
[ SPICE_IMAGE_COMPRESS_OFF ] = "off",
[ SPICE_IMAGE_COMPRESS_AUTO_GLZ ] = "auto_glz",
@@ -593,8 +589,6 @@ void qemu_spice_init(void)
}
spice_server_set_zlib_glz_compression(spice_server, wan_compr);
-#if SPICE_SERVER_VERSION >= 0x000600 /* 0.6.0 */
-
str = qemu_opt_get(opts, "streaming-video");
if (str) {
int streaming_video = parse_stream_video(str);
@@ -606,8 +600,6 @@ void qemu_spice_init(void)
spice_server_set_playback_compression
(spice_server, qemu_opt_get_bool(opts, "playback-compression", 1));
-#endif /* >= 0.6.0 */
-
qemu_opt_foreach(opts, add_channel, NULL, 0);
spice_server_init(spice_server, &core_interface);
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2011-05-18 15:09 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-18 15:08 [Qemu-devel] [PULL] spice patch queue Gerd Hoffmann
2011-05-18 15:08 ` [Qemu-devel] [PATCH 1/6] spice-qemu-char: Fix flow control in client -> guest direction Gerd Hoffmann
2011-05-18 15:08 ` [Qemu-devel] [PATCH 2/6] spice: add option for disabling copy paste support Gerd Hoffmann
2011-05-18 15:09 ` [Qemu-devel] [PATCH 3/6] qxl: add to the list of devices which disable the default vga Gerd Hoffmann
2011-05-18 15:09 ` [Qemu-devel] [PATCH 4/6] spice: add SASL support Gerd Hoffmann
2011-05-18 15:09 ` [Qemu-devel] [PATCH 5/6] qemu-config: comment spell fix Gerd Hoffmann
2011-05-18 15:09 ` [Qemu-devel] [PATCH 6/6] spice: require spice 0.6.0 or newer Gerd Hoffmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.