start tls support

7 files changed, 63 insertions, 12 deletions

diff --git a/gtk/spice-channel-priv.h b/gtk/spice-channel-priv.h
index 14af264..b7b5988 100644
--- a/gtk/spice-channel-priv.h
+++ b/gtk/spice-channel-priv.h
@@ -120,6 +120,8 @@ struct spice_channel {
     spice_watch                 *watch;
 
     int                         protocol;
+    int                         tls;
+
     int                         connection_id;
     int                         channel_id;
     int                         serial;
diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index 190fb56..b78f744 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -417,8 +417,21 @@ static void spice_channel_recv_link_msg(SpiceChannel *channel)
     rc = spice_channel_recv(channel, c->peer_msg, c->peer_hdr.size);
     if (rc != c->peer_hdr.size)
         PANIC("incomplete link reply (%d/%d)", rc, c->peer_hdr.size);
-    if (c->peer_msg->error != SPICE_LINK_ERR_OK)
-        PANIC("link error %u", c->peer_msg->error);
+    switch (c->peer_msg->error) {
+    case SPICE_LINK_ERR_OK:
+        /* nothing */
+        break;
+    case SPICE_LINK_ERR_NEED_SECURED:
+        c->tls = true;
+        spice_channel_disconnect(channel, SPICE_CHANNEL_NONE);
+        spice_channel_connect(channel);
+        return;
+    default:
+        fprintf(stderr, "%s: unhandled error %d\n", __FUNCTION__,
+                c->peer_msg->error);
+        spice_channel_disconnect(channel, SPICE_CHANNEL_ERROR_LINK);
+        return;
+    }
 
     num_caps = c->peer_msg->num_channel_caps + c->peer_msg->num_common_caps;
     if (num_caps) {
@@ -611,14 +624,23 @@ gboolean spice_channel_connect(SpiceChannel *channel)
         return true;
     }
 
-    c->socket = spice_session_channel_connect(c->session);
+reconnect:
+    c->socket = spice_session_channel_connect(c->session, c->tls);
     if (c->socket == -1) {
+        if (!c->tls) {
+            c->tls = true;
+            goto reconnect;
+        }
         spice_channel_emit_event(channel, SPICE_CHANNEL_ERROR_CONNECT);
         return false;
     }
     c->watch = spice_watch_new(c->socket, SPICE_WATCH_EVENT_READ,
                                spice_channel_data, channel);
 
+    if (c->tls) {
+        PANIC("TODO: tls");
+    }
+
     c->state = SPICE_CHANNEL_STATE_LINK_HDR;
     spice_channel_send_link(channel);
     return true;
@@ -641,5 +663,7 @@ void spice_channel_disconnect(SpiceChannel *channel, enum SpiceChannelEvent reas
         c->socket = -1;
     }
     c->state = SPICE_CHANNEL_STATE_UNCONNECTED;
-    spice_channel_emit_event(channel, reason);
+    if (reason != SPICE_CHANNEL_NONE) {
+        spice_channel_emit_event(channel, reason);
+    }
 }
diff --git a/gtk/spice-channel.h b/gtk/spice-channel.h
index 0b1fb25..706061b 100644
--- a/gtk/spice-channel.h
+++ b/gtk/spice-channel.h
@@ -8,9 +8,11 @@ G_BEGIN_DECLS
 #define SPICE_CHANNEL_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), SPICE_TYPE_CHANNEL, SpiceChannelClass))
 
 enum SpiceChannelEvent {
+    SPICE_CHANNEL_NONE = 0,
     SPICE_CHANNEL_OPENED = 10,
     SPICE_CHANNEL_CLOSED,
     SPICE_CHANNEL_ERROR_CONNECT = 20,
+    SPICE_CHANNEL_ERROR_LINK,
     SPICE_CHANNEL_ERROR_AUTH,
     SPICE_CHANNEL_ERROR_IO,
 };
diff --git a/gtk/spice-session-priv.h b/gtk/spice-session-priv.h
index d5baed2..531aaa5 100644
--- a/gtk/spice-session-priv.h
+++ b/gtk/spice-session-priv.h
@@ -1,5 +1,5 @@
 void spice_session_set_connection_id(SpiceSession *session, int id);
 int spice_session_get_connection_id(SpiceSession *session);
 
-int spice_session_channel_connect(SpiceSession *session);
+int spice_session_channel_connect(SpiceSession *session, bool use_tls);
 void spice_session_channel_new(SpiceSession *session, SpiceChannel *channel);
diff --git a/gtk/spice-session.c b/gtk/spice-session.c
index 2ef2897..aadd866 100644
--- a/gtk/spice-session.c
+++ b/gtk/spice-session.c
@@ -6,6 +6,7 @@
 struct spice_session {
     char              *host;
     char              *port;
+    char              *tls_port;
     char              *password;
     struct addrinfo   ai;
 
@@ -102,6 +103,14 @@ void spice_session_set_port(SpiceSession *session, const char *port)
     s->port = strdup(port);
 }
 
+void spice_session_set_tls_port(SpiceSession *session, const char *tls_port)
+{
+    spice_session *s = SPICE_SESSION_GET_PRIVATE(session);
+
+    free(s->tls_port);
+    s->tls_port = strdup(tls_port);
+}
+
 void spice_session_set_password(SpiceSession *session, const char *password)
 {
     spice_session *s = SPICE_SESSION_GET_PRIVATE(session);
@@ -155,11 +164,15 @@ void spice_session_put(spice_session *s)
 /* ------------------------------------------------------------------ */
 /* private functions                                                  */
 
-int spice_session_channel_connect(SpiceSession *session)
+int spice_session_channel_connect(SpiceSession *session, bool use_tls)
 {
     spice_session *s = SPICE_SESSION_GET_PRIVATE(session);
+    char *port = use_tls ? s->tls_port : s->port;
 
-    return tcp_connect(&s->ai, NULL, NULL, s->host, s->port);
+    if (port == NULL) {
+        return -1;
+    }
+    return tcp_connect(&s->ai, NULL, NULL, s->host, port);
 }
 
 void spice_session_channel_new(SpiceSession *session, SpiceChannel *channel)
diff --git a/gtk/spice-session.h b/gtk/spice-session.h
index 1777624..212f3a1 100644
--- a/gtk/spice-session.h
+++ b/gtk/spice-session.h
@@ -36,6 +36,7 @@ GType spice_session_get_type(void) G_GNUC_CONST;
 SpiceSession *spice_session_new(void);
 void spice_session_set_host(SpiceSession *session, const char *host);
 void spice_session_set_port(SpiceSession *session, const char *port);
+void spice_session_set_tls_port(SpiceSession *session, const char *tls_port);
 void spice_session_set_password(SpiceSession *session, const char *password);
 const char *spice_session_get_password(SpiceSession *session);
 gboolean spice_session_connect(SpiceSession *session);
diff --git a/gtk/spicy.c b/gtk/spicy.c
index efb5f77..95a3774 100644
--- a/gtk/spicy.c
+++ b/gtk/spicy.c
@@ -13,8 +13,9 @@ struct spice_window {
 };
 
 /* config */
-static char *host = "localhost";
-static char *port = "5920";
+static char *host     = "localhost";
+static char *port     = "5920";
+static char *tls_port = "5921";
 static char *password;
 static bool fullscreen = false;
 
@@ -317,9 +318,11 @@ static void usage(FILE *fp)
             "options:\n"
             "  -h    host [ %s ]\n"
             "  -p    port [ %s ]\n"
+            "  -s    tls port [ %s ]\n"
+            "  -w    password\n"
             "  -f    fullscreen\n"
             "\n",
-            host, port);
+            host, port, tls_port);
 }
 
 int main(int argc, char *argv[])
@@ -329,7 +332,7 @@ int main(int argc, char *argv[])
     /* parse opts */
     gtk_init(&argc, &argv);
     for (;;) {
-        if (-1 == (c = getopt(argc, argv, "h:p:w:f")))
+        if (-1 == (c = getopt(argc, argv, "h:p:s:w:f")))
             break;
         switch (c) {
 	case 'h':
@@ -338,6 +341,9 @@ int main(int argc, char *argv[])
 	case 'p':
             port = optarg;
 	    break;
+	case 's':
+            tls_port = optarg;
+	    break;
 	case 'w':
             password = optarg;
 	    break;
@@ -361,7 +367,10 @@ int main(int argc, char *argv[])
                      G_CALLBACK(channel_new), NULL);
 
     spice_session_set_host(session, host);
-    spice_session_set_port(session, port);
+    if (port)
+        spice_session_set_port(session, port);
+    if (tls_port)
+        spice_session_set_tls_port(session, tls_port);
     if (password)
         spice_session_set_password(session, password);