diff options
| author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2011-01-25 14:39:49 +0100 |
|---|---|---|
| committer | Marc-André Lureau <marcandre.lureau@redhat.com> | 2011-01-25 16:53:59 +0100 |
| commit | ab516817d2586a5aa3229607096e2bed1201c617 (patch) | |
| tree | 4711db077e728a24cdeddb64f546e43a8ea69052 | |
| parent | d27f761325b356c91bda1ca60186d4613d6933d2 (diff) | |
gtk: move channel verification parameter to session
| -rw-r--r-- | doc/reference/spice-gtk-sections.txt | 4 | ||||
| -rw-r--r-- | doc/reference/spice-gtk.types | 8 | ||||
| -rw-r--r-- | gtk/channel-main.c | 2 | ||||
| -rw-r--r-- | gtk/map-file | 2 | ||||
| -rw-r--r-- | gtk/spice-channel-priv.h | 2 | ||||
| -rw-r--r-- | gtk/spice-channel.c | 25 | ||||
| -rw-r--r-- | gtk/spice-channel.h | 15 | ||||
| -rw-r--r-- | gtk/spice-client-gtk.defs | 34 | ||||
| -rw-r--r-- | gtk/spice-session-priv.h | 1 | ||||
| -rw-r--r-- | gtk/spice-session.c | 35 | ||||
| -rw-r--r-- | gtk/spice-session.h | 15 |
11 files changed, 82 insertions, 61 deletions
diff --git a/doc/reference/spice-gtk-sections.txt b/doc/reference/spice-gtk-sections.txt index 9a3cac9..8ae04ba 100644 --- a/doc/reference/spice-gtk-sections.txt +++ b/doc/reference/spice-gtk-sections.txt @@ -36,6 +36,8 @@ spice_session_get_type SPICE_SESSION_CLASS SPICE_IS_SESSION_CLASS SPICE_SESSION_GET_CLASS +SPICE_TYPE_SESSION_VERIFY +spice_session_verify_get_type </SECTION> <SECTION> @@ -76,8 +78,6 @@ spice_channel_set_capability <SUBSECTION Standard> SPICE_TYPE_CHANNEL_EVENT spice_channel_event_get_type -SPICE_TYPE_CHANNEL_VERIFY -spice_channel_verify_get_type SPICE_CHANNEL SPICE_IS_CHANNEL SPICE_TYPE_CHANNEL diff --git a/doc/reference/spice-gtk.types b/doc/reference/spice-gtk.types index 189650e..51dcef4 100644 --- a/doc/reference/spice-gtk.types +++ b/doc/reference/spice-gtk.types @@ -15,16 +15,16 @@ #include "spice-grabsequence.h" spice_audio_get_type -spice_channel_get_type spice_channel_event_get_type -spice_channel_verify_get_type +spice_channel_get_type spice_cursor_channel_get_type spice_display_channel_get_type +spice_display_get_type +spice_grab_sequence_get_type spice_inputs_channel_get_type spice_inputs_lock_get_type spice_main_channel_get_type spice_playback_channel_get_type spice_record_channel_get_type spice_session_get_type -spice_display_get_type -spice_grab_sequence_get_type +spice_session_verify_get_type diff --git a/gtk/channel-main.c b/gtk/channel-main.c index 80ac978..3e6e9fc 100644 --- a/gtk/channel-main.c +++ b/gtk/channel-main.c @@ -1188,7 +1188,7 @@ static gboolean migrate_connect(gpointer data) g_byte_array_append(pubkey, info->pub_key_data, info->pub_key_size); g_object_set(mig->session, "pubkey", pubkey, - "verify", SPICE_CHANNEL_VERIFY_PUBKEY, + "verify", SPICE_SESSION_VERIFY_PUBKEY, NULL); g_byte_array_unref(pubkey); } diff --git a/gtk/map-file b/gtk/map-file index fe07d19..18a1ffe 100644 --- a/gtk/map-file +++ b/gtk/map-file @@ -12,7 +12,6 @@ spice_channel_new; spice_channel_open_fd; spice_channel_set_capability; spice_channel_test_capability; -spice_channel_verify_get_type; spice_cursor_channel_get_type; spice_display_channel_get_type; spice_display_copy_to_guest; @@ -55,6 +54,7 @@ spice_session_disconnect; spice_session_get_channels; spice_session_new; spice_session_open_fd; +spice_session_verify_get_type; spice_util_get_debug; spice_util_get_version_string; spice_util_set_debug; diff --git a/gtk/spice-channel-priv.h b/gtk/spice-channel-priv.h index 1bd6774..7224c65 100644 --- a/gtk/spice-channel-priv.h +++ b/gtk/spice-channel-priv.h @@ -89,7 +89,6 @@ struct spice_channel { guint channel_watch; int tls; - guint verify; int connection_id; int channel_id; int channel_type; @@ -108,7 +107,6 @@ struct spice_channel { GArray *common_caps; GArray *remote_caps; GArray *remote_common_caps; - gboolean all_preverify_ok; // TODO: remove after gnutls switch }; spice_msg_in *spice_msg_in_new(SpiceChannel *channel); diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c index f0b1a91..eac2443 100644 --- a/gtk/spice-channel.c +++ b/gtk/spice-channel.c @@ -67,7 +67,6 @@ enum { PROP_SESSION, PROP_CHANNEL_TYPE, PROP_CHANNEL_ID, - PROP_VERIFY, }; /* Signals */ @@ -193,9 +192,6 @@ static void spice_channel_get_property(GObject *gobject, case PROP_CHANNEL_ID: g_value_set_int(value, c->channel_id); break; - case PROP_VERIFY: - g_value_set_flags(value, c->verify); - break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID(gobject, prop_id, pspec); break; @@ -238,9 +234,6 @@ static void spice_channel_set_property(GObject *gobject, case PROP_CHANNEL_ID: c->channel_id = g_value_get_int(value); break; - case PROP_VERIFY: - c->verify = g_value_get_flags(value); - break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID(gobject, prop_id, pspec); break; @@ -297,17 +290,6 @@ static void spice_channel_class_init(SpiceChannelClass *klass) G_PARAM_STATIC_NICK | G_PARAM_STATIC_BLURB)); - g_object_class_install_property - (gobject_class, PROP_VERIFY, - g_param_spec_flags("verify", - "Verify", - "Certificate verification parameters", - SPICE_TYPE_CHANNEL_VERIFY, - SPICE_CHANNEL_VERIFY_HOSTNAME, - G_PARAM_READWRITE | - G_PARAM_CONSTRUCT | - G_PARAM_STATIC_STRINGS)); - /** * SpiceChannel::channel-event: * @channel: the channel that emitted the signal @@ -1264,6 +1246,7 @@ static void *spice_channel_coroutine(void *data) SpiceChannel *channel = SPICE_CHANNEL(data); spice_channel *c = channel->priv; int ret; + guint verify; SPICE_DEBUG("Started background coroutine %p", &c->coroutine); @@ -1320,9 +1303,9 @@ reconnect: g_free(ca_file); if (rc != 1) { - if (c->verify & SPICE_CHANNEL_VERIFY_PUBKEY) { + if (verify & SPICE_SESSION_VERIFY_PUBKEY) { g_warning("only pubkey active"); - c->verify = SPICE_CHANNEL_VERIFY_PUBKEY; + verify = SPICE_SESSION_VERIFY_PUBKEY; } else goto cleanup; } @@ -1350,7 +1333,7 @@ reconnect: "host", &hostname, "cert-subject", &subject, NULL); spice_session_get_pubkey(c->session, &pubkey, &pubkey_len); - c->sslverify = spice_openssl_verify_new(c->ssl, c->verify, + c->sslverify = spice_openssl_verify_new(c->ssl, verify, hostname, (char*)pubkey, pubkey_len, subject); diff --git a/gtk/spice-channel.h b/gtk/spice-channel.h index 1ed1e49..9486047 100644 --- a/gtk/spice-channel.h +++ b/gtk/spice-channel.h @@ -61,21 +61,6 @@ typedef enum SPICE_CHANNEL_ERROR_IO, } SpiceChannelEvent; -/** - * SpiceChannelVerify: - * - * @SPICE_CHANNEL_VERIFY_PUBKEY: - * @SPICE_CHANNEL_VERIFY_HOSTNAME: - * @SPICE_CHANNEL_VERIFY_SUBJECT: - * - * Peer certificate verification parameters flags. - **/ -typedef enum { - SPICE_CHANNEL_VERIFY_PUBKEY = (1 << 0), - SPICE_CHANNEL_VERIFY_HOSTNAME = (1 << 1), - SPICE_CHANNEL_VERIFY_SUBJECT = (1 << 2), -} SpiceChannelVerify; - struct _SpiceChannel { GObject parent; diff --git a/gtk/spice-client-gtk.defs b/gtk/spice-client-gtk.defs index cce16de..0887f0c 100644 --- a/gtk/spice-client-gtk.defs +++ b/gtk/spice-client-gtk.defs @@ -83,6 +83,17 @@ ) ) +(define-flags SessionVerify + (in-module "Spice") + (c-name "SpiceSessionVerify") + (gtype-id "SPICE_TYPE_SESSION_VERIFY") + (values + '("pubkey" "SPICE_SESSION_VERIFY_PUBKEY") + '("hostname" "SPICE_SESSION_VERIFY_HOSTNAME") + '("subject" "SPICE_SESSION_VERIFY_SUBJECT") + ) +) + (define-enum ChannelEvent (in-module "Spice") (c-name "SpiceChannelEvent") @@ -100,17 +111,6 @@ ) ) -(define-flags ChannelVerify - (in-module "Spice") - (c-name "SpiceChannelVerify") - (gtype-id "SPICE_TYPE_CHANNEL_VERIFY") - (values - '("pubkey" "SPICE_CHANNEL_VERIFY_PUBKEY") - '("hostname" "SPICE_CHANNEL_VERIFY_HOSTNAME") - '("subject" "SPICE_CHANNEL_VERIFY_SUBJECT") - ) -) - (define-flags InputsLock (in-module "Spice") (c-name "SpiceInputsLock") @@ -386,18 +386,22 @@ ;; From spice-channel-enums.h + + +;; From spice-glib-enums.h + (define-function spice_channel_event_get_type (c-name "spice_channel_event_get_type") (return-type "GType") ) -(define-function spice_channel_verify_get_type - (c-name "spice_channel_verify_get_type") +(define-function spice_inputs_lock_get_type + (c-name "spice_inputs_lock_get_type") (return-type "GType") ) -(define-function spice_inputs_lock_get_type - (c-name "spice_inputs_lock_get_type") +(define-function spice_session_verify_get_type + (c-name "spice_session_verify_get_type") (return-type "GType") ) diff --git a/gtk/spice-session-priv.h b/gtk/spice-session-priv.h index 651d8de..1266e57 100644 --- a/gtk/spice-session-priv.h +++ b/gtk/spice-session-priv.h @@ -43,6 +43,7 @@ void spice_session_abort_migration(SpiceSession *session); void spice_session_set_port(SpiceSession *session, int port, gboolean tls); void spice_session_get_pubkey(SpiceSession *session, guint8 **pubkey, guint *size); +guint spice_session_get_verify(SpiceSession *session); G_END_DECLS diff --git a/gtk/spice-session.c b/gtk/spice-session.c index 2809104..722630f 100644 --- a/gtk/spice-session.c +++ b/gtk/spice-session.c @@ -41,6 +41,7 @@ struct spice_session { char *ca_file; GByteArray *pubkey; char *cert_subject; + guint verify; int connection_id; int protocol; @@ -108,6 +109,7 @@ enum { PROP_CLIENT_SOCKETS, PROP_PUBKEY, PROP_CERT_SUBJECT, + PROP_VERIFY, }; /* signals */ @@ -300,6 +302,9 @@ static void spice_session_get_property(GObject *gobject, case PROP_CERT_SUBJECT: g_value_set_string(value, s->cert_subject); break; + case PROP_VERIFY: + g_value_set_flags(value, s->verify); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID(gobject, prop_id, pspec); break; @@ -350,10 +355,17 @@ static void spice_session_set_property(GObject *gobject, case PROP_PUBKEY: g_byte_array_unref(s->pubkey); s->pubkey = g_value_get_boxed(value); + if (s->pubkey) + s->verify = SPICE_SESSION_VERIFY_PUBKEY; break; case PROP_CERT_SUBJECT: g_free(s->cert_subject); s->cert_subject = g_value_dup_string(value); + if (s->cert_subject) + s->verify = SPICE_SESSION_VERIFY_SUBJECT; + break; + case PROP_VERIFY: + s->verify = g_value_get_flags(value); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID(gobject, prop_id, pspec); @@ -461,6 +473,18 @@ static void spice_session_class_init(SpiceSessionClass *klass) NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)); + + g_object_class_install_property + (gobject_class, PROP_VERIFY, + g_param_spec_flags("verify", + "Verify", + "Certificate verification parameters", + SPICE_TYPE_SESSION_VERIFY, + SPICE_SESSION_VERIFY_HOSTNAME, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT | + G_PARAM_STATIC_STRINGS)); + /** * SpiceSession::channel-new: * @session: the session that emitted the signal @@ -531,6 +555,7 @@ SpiceSession *spice_session_new_from_session(SpiceSession *session) "ca-file", &c->ca_file, "cert-subject", &c->cert_subject, "pubkey", &c->pubkey, + "verify", &c->verify, NULL); c->client_provided_sockets = s->client_provided_sockets; @@ -559,6 +584,7 @@ gboolean spice_session_connect(SpiceSession *session) s->client_provided_sockets = FALSE; s->cmain = spice_channel_new(session, SPICE_CHANNEL_MAIN, 0); + return spice_channel_connect(s->cmain); } @@ -996,3 +1022,12 @@ void spice_session_get_pubkey(SpiceSession *session, guint8 **pubkey, guint *siz *pubkey = s->pubkey ? s->pubkey->data : NULL; *size = s->pubkey ? s->pubkey->len : 0; } + +G_GNUC_INTERNAL +guint spice_session_get_verify(SpiceSession *session) +{ + spice_session *s = SPICE_SESSION_GET_PRIVATE(session); + + g_return_val_if_fail(s != NULL, 0); + return s->verify; +} diff --git a/gtk/spice-session.h b/gtk/spice-session.h index 16c52d2..690dacc 100644 --- a/gtk/spice-session.h +++ b/gtk/spice-session.h @@ -32,6 +32,21 @@ G_BEGIN_DECLS #define SPICE_IS_SESSION_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), SPICE_TYPE_SESSION)) #define SPICE_SESSION_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), SPICE_TYPE_SESSION, SpiceSessionClass)) +/** + * SpiceSessionVerify: + * + * @SPICE_SESSION_VERIFY_PUBKEY: + * @SPICE_SESSION_VERIFY_HOSTNAME: + * @SPICE_SESSION_VERIFY_SUBJECT: + * + * Peer certificate verification parameters flags. + **/ +typedef enum { + SPICE_SESSION_VERIFY_PUBKEY = (1 << 0), + SPICE_SESSION_VERIFY_HOSTNAME = (1 << 1), + SPICE_SESSION_VERIFY_SUBJECT = (1 << 2), +} SpiceSessionVerify; + struct _SpiceSession { GObject parent; |