Revision c448e855
| b/qemu-config.c | ||
|---|---|---|
| 362 | 362 |
.name = "port", |
| 363 | 363 |
.type = QEMU_OPT_NUMBER, |
| 364 | 364 |
},{
|
| 365 |
.name = "tls-port", |
|
| 366 |
.type = QEMU_OPT_NUMBER, |
|
| 367 |
},{
|
|
| 365 | 368 |
.name = "password", |
| 366 | 369 |
.type = QEMU_OPT_STRING, |
| 367 | 370 |
},{
|
| 368 | 371 |
.name = "disable-ticketing", |
| 369 | 372 |
.type = QEMU_OPT_BOOL, |
| 373 |
},{
|
|
| 374 |
.name = "x509-dir", |
|
| 375 |
.type = QEMU_OPT_STRING, |
|
| 376 |
},{
|
|
| 377 |
.name = "x509-key-file", |
|
| 378 |
.type = QEMU_OPT_STRING, |
|
| 379 |
},{
|
|
| 380 |
.name = "x509-key-password", |
|
| 381 |
.type = QEMU_OPT_STRING, |
|
| 382 |
},{
|
|
| 383 |
.name = "x509-cert-file", |
|
| 384 |
.type = QEMU_OPT_STRING, |
|
| 385 |
},{
|
|
| 386 |
.name = "x509-cacert-file", |
|
| 387 |
.type = QEMU_OPT_STRING, |
|
| 388 |
},{
|
|
| 389 |
.name = "x509-dh-key-file", |
|
| 390 |
.type = QEMU_OPT_STRING, |
|
| 391 |
},{
|
|
| 392 |
.name = "tls-ciphers", |
|
| 393 |
.type = QEMU_OPT_STRING, |
|
| 370 | 394 |
}, |
| 371 | 395 |
{ /* end if list */ }
|
| 372 | 396 |
}, |
| b/qemu-options.hx | ||
|---|---|---|
| 680 | 680 |
@table @option |
| 681 | 681 |
|
| 682 | 682 |
@item port=<nr> |
| 683 |
Set the TCP port spice is listening on. |
|
| 683 |
Set the TCP port spice is listening on for plaintext channels.
|
|
| 684 | 684 |
|
| 685 | 685 |
@item password=<secret> |
| 686 | 686 |
Set the password you need to authenticate. |
| ... | ... | |
| 688 | 688 |
@item disable-ticketing |
| 689 | 689 |
Allow client connects without authentication. |
| 690 | 690 |
|
| 691 |
@item tls-port=<nr> |
|
| 692 |
Set the TCP port spice is listening on for encrypted channels. |
|
| 693 |
|
|
| 694 |
@item x509-dir=<dir> |
|
| 695 |
Set the x509 file directory. Expects same filenames as -vnc $display,x509=$dir |
|
| 696 |
|
|
| 697 |
@item x509-key-file=<file> |
|
| 698 |
@item x509-key-password=<file> |
|
| 699 |
@item x509-cert-file=<file> |
|
| 700 |
@item x509-cacert-file=<file> |
|
| 701 |
@item x509-dh-key-file=<file> |
|
| 702 |
The x509 file names can also be configured individually. |
|
| 703 |
|
|
| 704 |
@item tls-ciphers=<list> |
|
| 705 |
Specify which ciphers to use. |
|
| 706 |
|
|
| 691 | 707 |
@end table |
| 692 | 708 |
ETEXI |
| 693 | 709 |
|
| b/ui/spice-core.c | ||
|---|---|---|
| 22 | 22 |
#include "qemu-spice.h" |
| 23 | 23 |
#include "qemu-timer.h" |
| 24 | 24 |
#include "qemu-queue.h" |
| 25 |
#include "qemu-x509.h" |
|
| 25 | 26 |
#include "monitor.h" |
| 26 | 27 |
|
| 27 | 28 |
/* core bits */ |
| ... | ... | |
| 141 | 142 |
void qemu_spice_init(void) |
| 142 | 143 |
{
|
| 143 | 144 |
QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head); |
| 144 |
const char *password; |
|
| 145 |
int port; |
|
| 145 |
const char *password, *str, *x509_dir, |
|
| 146 |
*x509_key_password = NULL, |
|
| 147 |
*x509_dh_file = NULL, |
|
| 148 |
*tls_ciphers = NULL; |
|
| 149 |
char *x509_key_file = NULL, |
|
| 150 |
*x509_cert_file = NULL, |
|
| 151 |
*x509_cacert_file = NULL; |
|
| 152 |
int port, tls_port, len; |
|
| 146 | 153 |
|
| 147 | 154 |
if (!opts) {
|
| 148 | 155 |
return; |
| 149 | 156 |
} |
| 150 | 157 |
port = qemu_opt_get_number(opts, "port", 0); |
| 151 |
if (!port) {
|
|
| 158 |
tls_port = qemu_opt_get_number(opts, "tls-port", 0); |
|
| 159 |
if (!port && !tls_port) {
|
|
| 152 | 160 |
return; |
| 153 | 161 |
} |
| 154 | 162 |
password = qemu_opt_get(opts, "password"); |
| 155 | 163 |
|
| 164 |
if (tls_port) {
|
|
| 165 |
x509_dir = qemu_opt_get(opts, "x509-dir"); |
|
| 166 |
if (NULL == x509_dir) {
|
|
| 167 |
x509_dir = "."; |
|
| 168 |
} |
|
| 169 |
len = strlen(x509_dir) + 32; |
|
| 170 |
|
|
| 171 |
str = qemu_opt_get(opts, "x509-key-file"); |
|
| 172 |
if (str) {
|
|
| 173 |
x509_key_file = qemu_strdup(str); |
|
| 174 |
} else {
|
|
| 175 |
x509_key_file = qemu_malloc(len); |
|
| 176 |
snprintf(x509_key_file, len, "%s/%s", x509_dir, X509_SERVER_KEY_FILE); |
|
| 177 |
} |
|
| 178 |
|
|
| 179 |
str = qemu_opt_get(opts, "x509-cert-file"); |
|
| 180 |
if (str) {
|
|
| 181 |
x509_cert_file = qemu_strdup(str); |
|
| 182 |
} else {
|
|
| 183 |
x509_cert_file = qemu_malloc(len); |
|
| 184 |
snprintf(x509_cert_file, len, "%s/%s", x509_dir, X509_SERVER_CERT_FILE); |
|
| 185 |
} |
|
| 186 |
|
|
| 187 |
str = qemu_opt_get(opts, "x509-cacert-file"); |
|
| 188 |
if (str) {
|
|
| 189 |
x509_cacert_file = qemu_strdup(str); |
|
| 190 |
} else {
|
|
| 191 |
x509_cacert_file = qemu_malloc(len); |
|
| 192 |
snprintf(x509_cacert_file, len, "%s/%s", x509_dir, X509_CA_CERT_FILE); |
|
| 193 |
} |
|
| 194 |
|
|
| 195 |
x509_key_password = qemu_opt_get(opts, "x509-key-password"); |
|
| 196 |
x509_dh_file = qemu_opt_get(opts, "x509-dh-file"); |
|
| 197 |
tls_ciphers = qemu_opt_get(opts, "tls-ciphers"); |
|
| 198 |
} |
|
| 199 |
|
|
| 156 | 200 |
spice_server = spice_server_new(); |
| 157 |
spice_server_set_port(spice_server, port); |
|
| 201 |
if (port) {
|
|
| 202 |
spice_server_set_port(spice_server, port); |
|
| 203 |
} |
|
| 204 |
if (tls_port) {
|
|
| 205 |
spice_server_set_tls(spice_server, tls_port, |
|
| 206 |
x509_cacert_file, |
|
| 207 |
x509_cert_file, |
|
| 208 |
x509_key_file, |
|
| 209 |
x509_key_password, |
|
| 210 |
x509_dh_file, |
|
| 211 |
tls_ciphers); |
|
| 212 |
} |
|
| 158 | 213 |
if (password) {
|
| 159 | 214 |
spice_server_set_ticket(spice_server, password, 0, 0, 0); |
| 160 | 215 |
} |
| ... | ... | |
| 169 | 224 |
using_spice = 1; |
| 170 | 225 |
|
| 171 | 226 |
qemu_spice_input_init(); |
| 227 |
|
|
| 228 |
qemu_free(x509_key_file); |
|
| 229 |
qemu_free(x509_cert_file); |
|
| 230 |
qemu_free(x509_cacert_file); |
|
| 172 | 231 |
} |
| 173 | 232 |
|
| 174 | 233 |
int qemu_spice_add_interface(SpiceBaseInstance *sin) |
Also available in: Unified diff