From 20cb7f3a41daf8252d9a2109112fb59e0d42356d Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 23 Apr 2013 14:23:30 +0200
Subject: [PATCH] qemu: Improve handling of channels when generating SPICE
 command line

Improve error reporting and generating of SPICE command line arguments
according to the need to enable TLS. If TLS is disabled, there's no need
to pass the certificate dir to qemu.

This patch resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=953126
---
 src/qemu/qemu_command.c                       | 45 ++++++++++++++++---
 .../qemuxml2argv-controller-order.args        |  2 +-
 .../qemuxml2argv-graphics-spice-timeout.args  |  2 +-
 3 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 741fa82dd1..1e2be0d2be 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5718,9 +5718,8 @@ qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,
         !cfg->spicePassword)
         virBufferAddLit(&opt, ",disable-ticketing");
 
-    if (cfg->spiceTLS)
-        virBufferAsprintf(&opt, ",x509-dir=%s",
-                          cfg->spiceTLSx509certdir);
+    if (tlsPort > 0)
+        virBufferAsprintf(&opt, ",x509-dir=%s", cfg->spiceTLSx509certdir);
 
     switch (defaultMode) {
     case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
@@ -5735,24 +5734,56 @@ qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,
     }
 
     for (i = 0 ; i < VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST ; i++) {
-        int mode = graphics->data.spice.channels[i];
-        switch (mode) {
+        switch (graphics->data.spice.channels[i]) {
         case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
-            if (!cfg->spiceTLS) {
+            if (tlsPort <= 0) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                                _("spice secure channels set in XML configuration, "
-                                 "but TLS is disabled in qemu.conf"));
+                                 "but TLS port is not provided"));
                 goto error;
             }
             virBufferAsprintf(&opt, ",tls-channel=%s",
                               virDomainGraphicsSpiceChannelNameTypeToString(i));
             break;
+
         case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_INSECURE:
+            if (port <= 0) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("spice insecure channels set in XML "
+                                 "configuration, but plain port is not provided"));
+                goto error;
+            }
             virBufferAsprintf(&opt, ",plaintext-channel=%s",
                               virDomainGraphicsSpiceChannelNameTypeToString(i));
             break;
+
+        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY:
+            switch (defaultMode) {
+            case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
+                if (tlsPort <= 0) {
+                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                   _("spice defaultMode secure requested in XML "
+                                     "configuration but TLS port not provided"));
+                    goto error;
+                }
+                break;
+
+            case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_INSECURE:
+                if (port <= 0) {
+                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                   _("spice defaultMode insecure requested in XML "
+                                     "configuration but plain port not provided"));
+                    goto error;
+                }
+                break;
+
+            case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY:
+                /* don't care */
+            break;
+            }
         }
     }
+
     if (graphics->data.spice.image)
         virBufferAsprintf(&opt, ",image-compression=%s",
                           virDomainGraphicsSpiceImageCompressionTypeToString(graphics->data.spice.image));
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-controller-order.args b/tests/qemuxml2argvdata/qemuxml2argv-controller-order.args
index ec70c8782d..e6ed47f60a 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-controller-order.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-controller-order.args
@@ -21,7 +21,7 @@ isa-serial,chardev=charserial0,id=serial0 -chardev \
 spicevmc,id=charchannel0,name=vdagent -device \
 virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 \
 -device usb-tablet,id=input0 -spice \
-port=0,addr=0.0.0.0,x509-dir=/etc/pki/libvirt-spice -device \
+port=0,addr=0.0.0.0 -device \
 intel-hda,id=sound0,bus=pci.0,addr=0x4 -device \
 hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device \
 usb-host,hostbus=14,hostaddr=6,id=hostdev0 -device \
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-timeout.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-timeout.args
index 397ee4d72f..9df0eb178c 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-timeout.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-timeout.args
@@ -10,6 +10,6 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=spice \
 -device rtl8139,vlan=0,id=net0,mac=52:54:00:71:70:89,bus=pci.0,addr=0x7 \
 -net tap,script=/etc/qemu-ifup,vlan=0,name=hostnet0 -serial pty \
 -device usb-tablet,id=input0 \
--spice port=5900,x509-dir=/etc/pki/libvirt-spice -vga std \
+-spice port=5900 -vga std \
 -device AC97,id=sound0,bus=pci.0,addr=0x3 \
 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
-- 
2.39.5