From d4970b071f698a4f3984487bbb97d1ecc36f5950 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Sun, 27 Mar 2011 16:43:54 +0200
Subject: spice: add option for disabling copy paste support

Some people want to be able disable spice's guest <-> client copy paste support
because of security considerations.

[ kraxel: drop old-version error message ]
---
 ui/spice-core.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ui')

diff --git a/ui/spice-core.c b/ui/spice-core.c
index ef56ed6..a3351f3 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -554,6 +554,12 @@ void qemu_spice_init(void)
         spice_server_set_noauth(spice_server);
     }
 
+#if SPICE_SERVER_VERSION >= 0x000801
+    if (qemu_opt_get_bool(opts, "disable-copy-paste", 0)) {
+        spice_server_set_agent_copypaste(spice_server, false);
+    }
+#endif
+
     compression = SPICE_IMAGE_COMPRESS_AUTO_GLZ;
     str = qemu_opt_get(opts, "image-compression");
     if (str) {
-- 
cgit v1.1


From 48b3ed0a68b8c1b288b4e15743ea39b7b5b318c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
Date: Tue, 17 May 2011 10:40:33 +0200
Subject: spice: add SASL support

Turn on SASL support by appending "sasl" to the spice arguments, which
requires that the client use SASL to authenticate with the spice.  The
exact choice of authentication method used is controlled from the
system / user's SASL configuration file for the 'qemu' service. This
is typically found in /etc/sasl2/qemu.conf. If running QEMU as an
unprivileged user, an environment variable SASL_CONF_PATH can be used
to make it search alternate locations for the service config.  While
some SASL auth methods can also provide data encryption (eg GSSAPI),
it is recommended that SASL always be combined with the 'tls' and
'x509' settings to enable use of SSL and server certificates. This
ensures a data encryption preventing compromise of authentication
credentials.

It requires support from spice 0.8.1.

[ kraxel: moved spell fix to separate commit ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/spice-core.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'ui')

diff --git a/ui/spice-core.c b/ui/spice-core.c
index a3351f3..457d34d 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -549,6 +549,18 @@ void qemu_spice_init(void)
     if (password) {
         spice_server_set_ticket(spice_server, password, 0, 0, 0);
     }
+    if (qemu_opt_get_bool(opts, "sasl", 0)) {
+#if SPICE_SERVER_VERSION >= 0x000900 /* 0.9.0 */
+        if (spice_server_set_sasl_appname(spice_server, "qemu") == -1 ||
+            spice_server_set_sasl(spice_server, 1) == -1) {
+            fprintf(stderr, "spice: failed to enable sasl\n");
+            exit(1);
+        }
+#else
+        fprintf(stderr, "spice: sasl is not available (spice >= 0.9 required)\n");
+        exit(1);
+#endif
+    }
     if (qemu_opt_get_bool(opts, "disable-ticketing", 0)) {
         auth = "none";
         spice_server_set_noauth(spice_server);
-- 
cgit v1.1


From 012b80d3f904c9a4d4ea85036ba8d4d1acf12e7d Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 17 May 2011 10:48:14 +0200
Subject: spice: require spice 0.6.0 or newer.

This patch raises the minimum required spice version to 0.6.0 and drops
a few ifdefs.

0.6.0 is the first stable release with the current libspice-server API,
there shouldn't be any 0.5.x development versions deployed any more.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/spice-core.c | 8 --------
 1 file changed, 8 deletions(-)

(limited to 'ui')

diff --git a/ui/spice-core.c b/ui/spice-core.c
index 457d34d..dd9905b 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -299,8 +299,6 @@ static int parse_name(const char *string, const char *optname,
     exit(1);
 }
 
-#if SPICE_SERVER_VERSION >= 0x000600 /* 0.6.0 */
-
 static const char *stream_video_names[] = {
     [ SPICE_STREAM_VIDEO_OFF ]    = "off",
     [ SPICE_STREAM_VIDEO_ALL ]    = "all",
@@ -309,8 +307,6 @@ static const char *stream_video_names[] = {
 #define parse_stream_video(_name) \
     name2enum(_name, stream_video_names, ARRAY_SIZE(stream_video_names))
 
-#endif /* >= 0.6.0 */
-
 static const char *compression_names[] = {
     [ SPICE_IMAGE_COMPRESS_OFF ]      = "off",
     [ SPICE_IMAGE_COMPRESS_AUTO_GLZ ] = "auto_glz",
@@ -593,8 +589,6 @@ void qemu_spice_init(void)
     }
     spice_server_set_zlib_glz_compression(spice_server, wan_compr);
 
-#if SPICE_SERVER_VERSION >= 0x000600 /* 0.6.0 */
-
     str = qemu_opt_get(opts, "streaming-video");
     if (str) {
         int streaming_video = parse_stream_video(str);
@@ -606,8 +600,6 @@ void qemu_spice_init(void)
     spice_server_set_playback_compression
         (spice_server, qemu_opt_get_bool(opts, "playback-compression", 1));
 
-#endif /* >= 0.6.0 */
-
     qemu_opt_foreach(opts, add_channel, NULL, 0);
 
     spice_server_init(spice_server, &core_interface);
-- 
cgit v1.1