peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone

Blame 0013-spice-tls-support.patch

Justin M. Forbes a81953
From e0d06d42a83e7796b2c39ad6cab3630c0a8c2845 Mon Sep 17 00:00:00 2001
Justin M. Forbes a81953
From: Gerd Hoffmann <kraxel@redhat.com>
Justin M. Forbes a81953
Date: Thu, 11 Mar 2010 11:13:32 -0300
Justin M. Forbes a81953
Subject: [PATCH 13/39] spice: tls support
Justin M. Forbes a81953
Justin M. Forbes a81953
Add options to the -spice command line switch to setup tls:
Justin M. Forbes a81953
Justin M. Forbes a81953
tls-port
Justin M. Forbes a81953
	listening port
Justin M. Forbes a81953
Justin M. Forbes a81953
x509-dir
Justin M. Forbes a81953
	x509 file directory.  Expects same filenames as
Justin M. Forbes a81953
	-vnc $display,x509=$dir
Justin M. Forbes a81953
Justin M. Forbes a81953
x509-key-file
Justin M. Forbes a81953
x509-key-password
Justin M. Forbes a81953
x509-cert-file
Justin M. Forbes a81953
x509-cacert-file
Justin M. Forbes a81953
x509-dh-key-file
Justin M. Forbes a81953
	x509 files can also be set individually.
Justin M. Forbes a81953
Justin M. Forbes a81953
tls-ciphers
Justin M. Forbes a81953
	which ciphers to use.
Justin M. Forbes a81953
---
Justin M. Forbes a81953
 qemu-config.c |   24 ++++++++++++++++++++
Justin M. Forbes a81953
 spice.c       |   66 +++++++++++++++++++++++++++++++++++++++++++++++++++++---
Justin M. Forbes a81953
 2 files changed, 86 insertions(+), 4 deletions(-)
Justin M. Forbes a81953
Justin M. Forbes a81953
diff --git a/qemu-config.c b/qemu-config.c
Justin M. Forbes a81953
index 8a894cf..74bfc62 100644
Justin M. Forbes a81953
--- a/qemu-config.c
Justin M. Forbes a81953
+++ b/qemu-config.c
Justin M. Forbes a81953
@@ -355,11 +355,35 @@ QemuOptsList qemu_spice_opts = {
Justin M. Forbes a81953
             .name = "port",
Justin M. Forbes a81953
             .type = QEMU_OPT_NUMBER,
Justin M. Forbes a81953
         },{
Justin M. Forbes a81953
+            .name = "tls-port",
Justin M. Forbes a81953
+            .type = QEMU_OPT_NUMBER,
Justin M. Forbes a81953
+        },{
Justin M. Forbes a81953
             .name = "password",
Justin M. Forbes a81953
             .type = QEMU_OPT_STRING,
Justin M. Forbes a81953
         },{
Justin M. Forbes a81953
             .name = "disable-ticketing",
Justin M. Forbes a81953
             .type = QEMU_OPT_BOOL,
Justin M. Forbes a81953
+        },{
Justin M. Forbes a81953
+            .name = "x509-dir",
Justin M. Forbes a81953
+            .type = QEMU_OPT_STRING,
Justin M. Forbes a81953
+        },{
Justin M. Forbes a81953
+            .name = "x509-key-file",
Justin M. Forbes a81953
+            .type = QEMU_OPT_STRING,
Justin M. Forbes a81953
+        },{
Justin M. Forbes a81953
+            .name = "x509-key-password",
Justin M. Forbes a81953
+            .type = QEMU_OPT_STRING,
Justin M. Forbes a81953
+        },{
Justin M. Forbes a81953
+            .name = "x509-cert-file",
Justin M. Forbes a81953
+            .type = QEMU_OPT_STRING,
Justin M. Forbes a81953
+        },{
Justin M. Forbes a81953
+            .name = "x509-cacert-file",
Justin M. Forbes a81953
+            .type = QEMU_OPT_STRING,
Justin M. Forbes a81953
+        },{
Justin M. Forbes a81953
+            .name = "x509-dh-key-file",
Justin M. Forbes a81953
+            .type = QEMU_OPT_STRING,
Justin M. Forbes a81953
+        },{
Justin M. Forbes a81953
+            .name = "tls-ciphers",
Justin M. Forbes a81953
+            .type = QEMU_OPT_STRING,
Justin M. Forbes a81953
         },
Justin M. Forbes a81953
         { /* end if list */ }
Justin M. Forbes a81953
     },
Justin M. Forbes a81953
diff --git a/spice.c b/spice.c
Justin M. Forbes a81953
index c763d52..3fe76cd 100644
Justin M. Forbes a81953
--- a/spice.c
Justin M. Forbes a81953
+++ b/spice.c
Justin M. Forbes a81953
@@ -9,6 +9,7 @@
Justin M. Forbes a81953
 #include "qemu-spice.h"
Justin M. Forbes a81953
 #include "qemu-timer.h"
Justin M. Forbes a81953
 #include "qemu-queue.h"
Justin M. Forbes a81953
+#include "qemu-x509.h"
Justin M. Forbes a81953
 #include "monitor.h"
Justin M. Forbes a81953
Justin M. Forbes a81953
 /* core bits */
Justin M. Forbes a81953
@@ -126,18 +127,71 @@ static SpiceCoreInterface core_interface = {
Justin M. Forbes a81953
 void qemu_spice_init(void)
Justin M. Forbes a81953
 {
Justin M. Forbes a81953
     QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head);
Justin M. Forbes a81953
-    const char *password;
Justin M. Forbes a81953
-    int port;
Justin M. Forbes a81953
+    const char *password, *str, *x509_dir,
Justin M. Forbes a81953
+        *x509_key_password = NULL,
Justin M. Forbes a81953
+        *x509_dh_file = NULL,
Justin M. Forbes a81953
+        *tls_ciphers = NULL;
Justin M. Forbes a81953
+    char *x509_key_file = NULL,
Justin M. Forbes a81953
+        *x509_cert_file = NULL,
Justin M. Forbes a81953
+        *x509_cacert_file = NULL;
Justin M. Forbes a81953
+    int port, tls_port, len;
Justin M. Forbes a81953
Justin M. Forbes a81953
     if (!opts)
Justin M. Forbes a81953
         return;
Justin M. Forbes a81953
     port = qemu_opt_get_number(opts, "port", 0);
Justin M. Forbes a81953
-    if (!port)
Justin M. Forbes a81953
+    tls_port = qemu_opt_get_number(opts, "tls-port", 0);
Justin M. Forbes a81953
+    if (!port && !tls_port)
Justin M. Forbes a81953
         return;
Justin M. Forbes a81953
     password = qemu_opt_get(opts, "password");
Justin M. Forbes a81953
Justin M. Forbes a81953
+    if (tls_port) {
Justin M. Forbes a81953
+        x509_dir = qemu_opt_get(opts, "x509-dir");
Justin M. Forbes a81953
+        if (NULL == x509_dir)
Justin M. Forbes a81953
+            x509_dir = ".";
Justin M. Forbes a81953
+        len = strlen(x509_dir) + 32;
Justin M. Forbes a81953
+
Justin M. Forbes a81953
+        str = qemu_opt_get(opts, "x509-key-file");
Justin M. Forbes a81953
+        if (str) {
Justin M. Forbes a81953
+            x509_key_file = qemu_strdup(str);
Justin M. Forbes a81953
+        } else {
Justin M. Forbes a81953
+            x509_key_file = qemu_malloc(len);
Justin M. Forbes a81953
+            snprintf(x509_key_file, len, "%s/%s", x509_dir, X509_SERVER_KEY_FILE);
Justin M. Forbes a81953
+        }
Justin M. Forbes a81953
+
Justin M. Forbes a81953
+        str = qemu_opt_get(opts, "x509-cert-file");
Justin M. Forbes a81953
+        if (str) {
Justin M. Forbes a81953
+            x509_cert_file = qemu_strdup(str);
Justin M. Forbes a81953
+        } else {
Justin M. Forbes a81953
+            x509_cert_file = qemu_malloc(len);
Justin M. Forbes a81953
+            snprintf(x509_cert_file, len, "%s/%s", x509_dir, X509_SERVER_CERT_FILE);
Justin M. Forbes a81953
+        }
Justin M. Forbes a81953
+
Justin M. Forbes a81953
+        str = qemu_opt_get(opts, "x509-cacert-file");
Justin M. Forbes a81953
+        if (str) {
Justin M. Forbes a81953
+            x509_cacert_file = qemu_strdup(str);
Justin M. Forbes a81953
+        } else {
Justin M. Forbes a81953
+            x509_cacert_file = qemu_malloc(len);
Justin M. Forbes a81953
+            snprintf(x509_cacert_file, len, "%s/%s", x509_dir, X509_CA_CERT_FILE);
Justin M. Forbes a81953
+        }
Justin M. Forbes a81953
+
Justin M. Forbes a81953
+        x509_key_password = qemu_opt_get(opts, "x509-key-password");
Justin M. Forbes a81953
+        x509_dh_file = qemu_opt_get(opts, "x509-dh-file");
Justin M. Forbes a81953
+        tls_ciphers = qemu_opt_get(opts, "tls-ciphers");
Justin M. Forbes a81953
+    }
Justin M. Forbes a81953
+
Justin M. Forbes a81953
     spice_server = spice_server_new();
Justin M. Forbes a81953
-    spice_server_set_port(spice_server, port);
Justin M. Forbes a81953
+    if (port) {
Justin M. Forbes a81953
+        spice_server_set_port(spice_server, port);
Justin M. Forbes a81953
+    }
Justin M. Forbes a81953
+    if (tls_port) {
Justin M. Forbes a81953
+        spice_server_set_tls(spice_server, tls_port,
Justin M. Forbes a81953
+                             x509_cacert_file,
Justin M. Forbes a81953
+                             x509_cert_file,
Justin M. Forbes a81953
+                             x509_key_file,
Justin M. Forbes a81953
+                             x509_key_password,
Justin M. Forbes a81953
+                             x509_dh_file,
Justin M. Forbes a81953
+                             tls_ciphers);
Justin M. Forbes a81953
+    }
Justin M. Forbes a81953
     if (password)
Justin M. Forbes a81953
         spice_server_set_ticket(spice_server, password, 0, 0, 0);
Justin M. Forbes a81953
     if (qemu_opt_get_bool(opts, "disable-ticketing", 0))
Justin M. Forbes a81953
@@ -150,4 +204,8 @@ void qemu_spice_init(void)
Justin M. Forbes a81953
     using_spice = 1;
Justin M. Forbes a81953
Justin M. Forbes a81953
     qemu_spice_input_init();
Justin M. Forbes a81953
+
Justin M. Forbes a81953
+    qemu_free(x509_key_file);
Justin M. Forbes a81953
+    qemu_free(x509_cert_file);
Justin M. Forbes a81953
+    qemu_free(x509_cacert_file);
Justin M. Forbes a81953
 }
Justin M. Forbes a81953
-- 
Justin M. Forbes a81953
1.7.2.3
Justin M. Forbes a81953