[Spice-devel] [RFC PATCH] usbclerk: remove device from devs list upon driver removal
---
This implements comment 1.
Maybe better to remove it from the list only if driver uninstall was successful
(check reply->status)
---
usbclerk.cpp | 11 +++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/usbclerk.cpp b/usbclerk.cpp
index b5771b7..c95766f 100644
--- a/usbclerk.cpp
+++ b/usbclerk.cpp
@@ -34,6 +34,16 @@ typedef struct USBDev {
typedef std::list USBDevs;
+// compare two USBDevs
+class USBDevCompare
+{
+public:
+ USBDevCompare(USBDev &ud) : d(ud) {}
+ bool operator() (const USBDev& o) { return (d.vid == o.vid && d.pid ==
o.pid); }
+private:
+ const UsbDev& d;
+};
+
class USBClerk {
public:
static USBClerk* get();
@@ -398,6 +408,7 @@ bool USBClerk::dispatch_message(CHAR *buffer, DWORD bytes,
USBClerkReply *reply,
case USB_CLERK_DRIVER_REMOVE:
vd_printf("Removing winusb driver for %04x:%04x", dev.vid, dev.pid);
reply->status = remove_winusb_driver(dev.vid, dev.pid);
+devs->remove_if((USBDevCompare(dev)));
break;
default:
vd_printf("Unknown message received, type %u", hdr->type);
--
1.7.1
___
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
[Spice-devel] configure: error: Package requirements (libcacard >= 0.1.2) were not met:
Hi, everyone! I am working on the spice with xen-4.2.0. My host OS is Fedora 14. While installing spice server(spice-0.12.0.tar.bz2), there is a confusing error as below message shows. I spent a few days in the configure process and I am sure the libcacard has been installed, because I can install it by "yum install libcacard" or manually compile the source file libcacard-0.1.2.tar.bz2. I know the question was proposed before but no answer was given. I am exhausted and I don't know how to resolve it. Thanks! --error message-- # ./configure --prefix=/usr --libdir=/usr/lib ... ...(other compile messages) checking for SMARTCARD... no configure: error: Package requirements (libcacard >= 0.1.2) were not met: No package 'libcacard' found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables SMARTCARD_CFLAGS and SMARTCARD_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. configure: error: ./configure failed for spice-common ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] configure: error: Package requirements (libcacard >= 0.1.2) were not met:
> > Hi, everyone! > > > I am working on the spice with xen-4.2.0. My host OS is Fedora 14. > While installing spice server(spice-0.12.0.tar.bz2), there is a > confusing error > > > as below message shows. > > > I spent a few days in the configure process and I am sure the > libcacard has been installed, because I can install it by "yum > install libcacard" or You are missing the package config file, libcacard.pc, provided by libcacard-devel: yum provides */libcacard.pc Additionally, if you want to build from source, you need to enable pkg-config to find your libcacard.pc file, so if you installed in a non standard location, like /usr/local, then you would need to export an environment variable before running configure: export PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:/usr/local/share/pkgconfig > > > manually compile the source file libcacard-0.1.2.tar.bz2. > > > I know the question was proposed before but no answer was given. > > > I am exhausted and I don't know how to resolve it. > > > Thanks! > > > --error message-- > # ./configure --prefix=/usr --libdir=/usr/lib > ... > ...(other compile messages) > > > > checking for SMARTCARD... no > configure: error: Package requirements (libcacard >= 0.1.2) were not > met: > > > No package 'libcacard' found > > > Consider adjusting the PKG_CONFIG_PATH environment variable if you > installed software in a non-standard prefix. > > > Alternatively, you may set the environment variables SMARTCARD_CFLAGS > and SMARTCARD_LIBS to avoid the need to call pkg-config. > See the pkg-config man page for more details. > configure: error: ./configure failed for spice-common > ___ > Spice-devel mailing list > Spice-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/spice-devel > ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
[Spice-devel] [PATCH v2] usbclerk: add temporary driver install per session
-add message type USB_CLERK_DRIVER_SESSION_INSTALL, bump version to 3
-handle multiple pipe connections concurrently with thread for each one
-keep pipe open, and on pipe close - cleanup the session-specific devices
-add test for temporary driver install and multiple devices
v2: fixed most of Uri's comments:
-remove the device from the list upon USB_CLERK_DRIVER_REMOVE
e.g. prevent the following scenario:
client1 install+uninstall, client2 install, client1 disconnect
-limit the number of concurrent connected clients to 32
-according to the request type, set device auto_remove flag
for driver uninstall upon disconnect
FIXME: prevent uninstall for a device used by other clients
rhbz#845216
---
usbclerk.cpp | 113 -
usbclerk.h |3 +-
usbclerktest.cpp | 79 +
3 files changed, 132 insertions(+), 63 deletions(-)
diff --git a/usbclerk.cpp b/usbclerk.cpp
index 9ce12b8..f03dd7d 100644
--- a/usbclerk.cpp
+++ b/usbclerk.cpp
@@ -4,6 +4,7 @@
#include
#include
#include
+#include
#include "usbclerk.h"
#include "usbredirfilter.h"
#include "libwdi.h"
@@ -18,6 +19,7 @@
#define USB_CLERK_LOG_PATH TEXT("%susbclerk.log")
#define USB_CLERK_PIPE_TIMEOUT 1
#define USB_CLERK_PIPE_BUF_SIZE 1024
+#define USB_CLERK_PIPE_MAX_CLIENTS 32
#define USB_DRIVER_PATH "%S\\wdi_usb_driver"
#define USB_DRIVER_INFNAME_LEN 64
#define USB_DRIVER_INSTALL_RETRIES 10
@@ -26,6 +28,14 @@
#define MAX_DEVICE_HCID_LEN 1024
#define MAX_DEVICE_FILTER_LEN 1024
+typedef struct USBDev {
+UINT16 vid;
+UINT16 pid;
+bool auto_remove;
+} USBDev;
+
+typedef std::list USBDevs;
+
class USBClerk {
public:
static USBClerk* get();
@@ -37,7 +47,7 @@ public:
private:
USBClerk();
bool execute();
-bool dispatch_message(CHAR *buffer, DWORD bytes, USBClerkReply *reply);
+bool dispatch_message(CHAR *buffer, DWORD bytes, USBClerkReply *reply,
USBDevs *devs);
bool install_winusb_driver(int vid, int pid);
bool remove_winusb_driver(int vid, int pid);
bool uninstall_inf(HDEVINFO devs, PSP_DEVINFO_DATA dev_info);
@@ -51,6 +61,7 @@ private:
bool dev_filter_check(int vid, int pid, bool *has_winusb);
static DWORD WINAPI control_handler(DWORD control, DWORD event_type,
LPVOID event_data, LPVOID context);
+static DWORD WINAPI pipe_thread(LPVOID param);
static VOID WINAPI main(DWORD argc, TCHAR * argv[]);
private:
@@ -60,7 +71,6 @@ private:
struct usbredirfilter_rule *_filter_rules;
int _filter_count;
char _wdi_path[MAX_PATH];
-HANDLE _pipe;
bool _running;
VDLog* _log;
};
@@ -276,11 +286,9 @@ bool USBClerk::execute()
{
SECURITY_ATTRIBUTES sec_attr;
SECURITY_DESCRIPTOR* sec_desr;
-USBClerkReply reply = {{USB_CLERK_MAGIC, USB_CLERK_VERSION,
-USB_CLERK_REPLY, sizeof(USBClerkReply)}};
CHAR filter_str[MAX_DEVICE_FILTER_LEN];
-CHAR buffer[USB_CLERK_PIPE_BUF_SIZE];
-DWORD bytes;
+HANDLE pipe, thread;
+DWORD tid;
HKEY hkey;
LONG ret;
@@ -296,14 +304,6 @@ bool USBClerk::execute()
sec_attr.nLength = sizeof(sec_attr);
sec_attr.bInheritHandle = TRUE;
sec_attr.lpSecurityDescriptor = sec_desr;
-_pipe = CreateNamedPipe(USB_CLERK_PIPE_NAME, PIPE_ACCESS_DUPLEX |
-FILE_FLAG_FIRST_PIPE_INSTANCE,
-PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE |
PIPE_WAIT, 1,
-USB_CLERK_PIPE_BUF_SIZE, USB_CLERK_PIPE_BUF_SIZE,
0, &sec_attr);
-if (_pipe == INVALID_HANDLE_VALUE) {
-vd_printf("CreatePipe() failed: %u", GetLastError());
-return false;
-}
/* Read filter rules from registry */
ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"Software\\USBClerk", 0, KEY_READ,
&hkey);
@@ -323,34 +323,62 @@ bool USBClerk::execute()
RegCloseKey(hkey);
}
while (_running) {
-if (!ConnectNamedPipe(_pipe, NULL) && GetLastError() !=
ERROR_PIPE_CONNECTED) {
-vd_printf("ConnectNamedPipe() failed: %u", GetLastError());
+pipe = CreateNamedPipe(USB_CLERK_PIPE_NAME, PIPE_ACCESS_DUPLEX,
+ PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE |
PIPE_WAIT,
+ USB_CLERK_PIPE_MAX_CLIENTS,
USB_CLERK_PIPE_BUF_SIZE,
+ USB_CLERK_PIPE_BUF_SIZE, 0, &sec_attr);
+if (pipe == INVALID_HANDLE_VALUE) {
+vd_printf("CreatePipe() failed: %u", GetLastError());
break;
}
-if (!ReadFile(_pipe, &buffer, sizeof(buffer), &bytes, NULL)) {
-vd_printf("ReadFile() failed: %d", GetLastError());
-goto disconnect;
-}
-if (!dispatch_message(buffer, bytes, &reply)) {
-goto disconnect;
+if (!ConnectNamedPipe(pipe, NULL) && GetLastError() !=
Re: [Spice-devel] [RFC PATCH] usbclerk: remove device from devs list upon driver removal
nice, but too many lines for a single remove() in the code :)
fixed by naive iterator in patch v2.
Uri Lublin wrote:
---
This implements comment 1.
Maybe better to remove it from the list only if driver uninstall was successful
(check reply->status)
---
usbclerk.cpp | 11 +++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/usbclerk.cpp b/usbclerk.cpp
index b5771b7..c95766f 100644
--- a/usbclerk.cpp
+++ b/usbclerk.cpp
@@ -34,6 +34,16 @@ typedef struct USBDev {
typedef std::list USBDevs;
+// compare two USBDevs
+class USBDevCompare
+{
+public:
+ USBDevCompare(USBDev &ud) : d(ud) {}
+ bool operator() (const USBDev& o) { return (d.vid == o.vid && d.pid ==
o.pid); }
+private:
+ const UsbDev& d;
+};
+
class USBClerk {
public:
static USBClerk* get();
@@ -398,6 +408,7 @@ bool USBClerk::dispatch_message(CHAR *buffer, DWORD bytes,
USBClerkReply *reply,
case USB_CLERK_DRIVER_REMOVE:
vd_printf("Removing winusb driver for %04x:%04x", dev.vid, dev.pid);
reply->status = remove_winusb_driver(dev.vid, dev.pid);
+devs->remove_if((USBDevCompare(dev)));
break;
default:
vd_printf("Unknown message received, type %u", hdr->type);
___
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
[Spice-devel] [PATCH] win-usb-driver: use usbclerk new message: USB_CLERK_DRIVER_SESSION_INSTALL
With this message usbclerk keeps a list of devices for which
a libusb driver was installed (per connection).
When a spice-gtk client exits, the connection is closed, and
usbclerk uninstalls the driver for all devices in the list.
That means we need to keep the connection open, so added
the win-usb driver installer to usb-device-manager's priv.
This prevents the case were the user exits the client, while a usb
device is connected to the guest, and can not use the device from
the client machine.
rhbz#869542
---
gtk/usb-device-manager.c | 19 --
gtk/win-usb-clerk.h |3 +-
gtk/win-usb-driver-install.c | 56 -
3 files changed, 51 insertions(+), 27 deletions(-)
diff --git a/gtk/usb-device-manager.c b/gtk/usb-device-manager.c
index 3684485..3f4c272 100644
--- a/gtk/usb-device-manager.c
+++ b/gtk/usb-device-manager.c
@@ -109,6 +109,9 @@ struct _SpiceUsbDeviceManagerPrivate {
struct usbredirfilter_rule *redirect_on_connect_rules;
int auto_conn_filter_rules_count;
int redirect_on_connect_rules_count;
+#ifdef G_OS_WIN32
+SpiceWinUsbDriver *installer;
+#endif
#endif
GPtrArray *devices;
GPtrArray *channels;
@@ -302,6 +305,10 @@ static void spice_usb_device_manager_finalize(GObject
*gobject)
if (priv->event_thread)
g_thread_join(priv->event_thread);
free(priv->auto_conn_filter_rules);
+#ifdef G_OS_WIN32
+if (priv->installer)
+g_object_unref(priv->installer);
+#endif
#endif
g_free(priv->auto_connect_filter);
@@ -876,7 +883,6 @@ static void spice_usb_device_manager_drv_install_cb(GObject
*gobject,
status = spice_win_usb_driver_install_finish(installer, res, &err);
-g_object_unref(installer);
spice_usb_device_unref(device);
spice_usb_device_set_state(device, SPICE_USB_DEVICE_STATE_NONE);
@@ -1209,7 +1215,10 @@ void
spice_usb_device_manager_connect_device_async(SpiceUsbDeviceManager *self,
UsbInstallCbInfo *cbinfo;
spice_usb_device_set_state(device, SPICE_USB_DEVICE_STATE_INSTALLING);
-installer = spice_win_usb_driver_new();
+if (! self->priv->installer) {
+self->priv->installer = spice_win_usb_driver_new();
+}
+installer = self->priv->installer;
cbinfo = g_new0(UsbInstallCbInfo, 1);
cbinfo->manager = self;
cbinfo->device = spice_usb_device_ref(device);
@@ -1273,9 +1282,13 @@ void
spice_usb_device_manager_disconnect_device(SpiceUsbDeviceManager *self,
UsbInstallCbInfo *cbinfo;
g_warn_if_fail(device != NULL);
+g_warn_if_fail(self->priv->installer != NULL);
spice_usb_device_set_state(device, SPICE_USB_DEVICE_STATE_UNINSTALLING);
-installer = spice_win_usb_driver_new();
+if (! self->priv->installer) {
+self->priv->installer = spice_win_usb_driver_new();
+}
+installer = self->priv->installer;
cbinfo = g_new0(UsbInstallCbInfo, 1);
cbinfo->manager = self;
cbinfo->device = spice_usb_device_ref(device);
diff --git a/gtk/win-usb-clerk.h b/gtk/win-usb-clerk.h
index 5b1e3cf..24da3b4 100644
--- a/gtk/win-usb-clerk.h
+++ b/gtk/win-usb-clerk.h
@@ -5,7 +5,7 @@
#define USB_CLERK_PIPE_NAME TEXT(".\\pipe\\usbclerkpipe")
#define USB_CLERK_MAGIC 0xDADA
-#define USB_CLERK_VERSION 0x0002
+#define USB_CLERK_VERSION 0x0003
typedef struct USBClerkHeader {
UINT16 magic;
@@ -18,6 +18,7 @@ enum {
USB_CLERK_DRIVER_INSTALL = 1,
USB_CLERK_DRIVER_REMOVE,
USB_CLERK_REPLY,
+USB_CLERK_DRIVER_SESSION_INSTALL,
USB_CLERK_END_MESSAGE,
};
diff --git a/gtk/win-usb-driver-install.c b/gtk/win-usb-driver-install.c
index 02d20d6..1d68296 100644
--- a/gtk/win-usb-driver-install.c
+++ b/gtk/win-usb-driver-install.c
@@ -113,7 +113,6 @@ void win_usb_driver_handle_reply_cb(GObject *gobject,
g_warn_if_fail(g_input_stream_close(istream, NULL, NULL));
g_clear_object(&istream);
-spice_win_usb_driver_close(self);
if (err) {
g_warning("failed to read reply from usbclerk (%s)", err->message);
@@ -149,7 +148,10 @@ void win_usb_driver_handle_reply_cb(GObject *gobject,
if (priv->reply.hdr.version != USB_CLERK_VERSION) {
g_warning("usbclerk version mismatch: mine=0x%04x server=0x%04x",
USB_CLERK_VERSION, priv->reply.hdr.version);
-/* For now just warn, do not fail */
+g_simple_async_result_set_error(priv->result,
+SPICE_WIN_USB_DRIVER_ERROR,
+SPICE_WIN_USB_DRIVER_ERROR_MESSAGE,
+"usbclerk version mismatch");
}
if (priv->reply.hdr.type != USB_CLERK_REPLY) {
@@ -265,30 +267,39 @@ void spice_win_usb_driver_op(SpiceWinUsbDriver *self,
priv = self->priv;
-g_return_if_fail(priv->result == NULL);
-
result = g_simple_async_result_new(G_OBJECT(self), callback, user_data,
Re: [Spice-devel] [PATCH v2] usbclerk: add temporary driver install per session
On 10/24/2012 02:00 PM, Arnon Gilboa wrote:
-add message type USB_CLERK_DRIVER_SESSION_INSTALL, bump version to 3
-handle multiple pipe connections concurrently with thread for each one
-keep pipe open, and on pipe close - cleanup the session-specific devices
-add test for temporary driver install and multiple devices
v2: fixed most of Uri's comments:
-remove the device from the list upon USB_CLERK_DRIVER_REMOVE
e.g. prevent the following scenario:
client1 install+uninstall, client2 install, client1 disconnect
-limit the number of concurrent connected clients to 32
-according to the request type, set device auto_remove flag
for driver uninstall upon disconnect
FIXME: prevent uninstall for a device used by other clients
rhbz#845216
---
usbclerk.cpp | 113 -
usbclerk.h |3 +-
usbclerktest.cpp | 79 +
3 files changed, 132 insertions(+), 63 deletions(-)
diff --git a/usbclerk.cpp b/usbclerk.cpp
index 9ce12b8..f03dd7d 100644
--- a/usbclerk.cpp
+++ b/usbclerk.cpp
@@ -4,6 +4,7 @@
#include
#include
#include
+#include
#include "usbclerk.h"
#include "usbredirfilter.h"
#include "libwdi.h"
@@ -18,6 +19,7 @@
#define USB_CLERK_LOG_PATH TEXT("%susbclerk.log")
#define USB_CLERK_PIPE_TIMEOUT 1
#define USB_CLERK_PIPE_BUF_SIZE 1024
+#define USB_CLERK_PIPE_MAX_CLIENTS 32
#define USB_DRIVER_PATH "%S\\wdi_usb_driver"
#define USB_DRIVER_INFNAME_LEN 64
#define USB_DRIVER_INSTALL_RETRIES 10
@@ -26,6 +28,14 @@
#define MAX_DEVICE_HCID_LEN 1024
#define MAX_DEVICE_FILTER_LEN 1024
+typedef struct USBDev {
+UINT16 vid;
+UINT16 pid;
+bool auto_remove;
+} USBDev;
+
+typedef std::list USBDevs;
+
class USBClerk {
public:
static USBClerk* get();
@@ -37,7 +47,7 @@ public:
private:
USBClerk();
bool execute();
-bool dispatch_message(CHAR *buffer, DWORD bytes, USBClerkReply *reply);
+bool dispatch_message(CHAR *buffer, DWORD bytes, USBClerkReply *reply,
USBDevs *devs);
bool install_winusb_driver(int vid, int pid);
bool remove_winusb_driver(int vid, int pid);
bool uninstall_inf(HDEVINFO devs, PSP_DEVINFO_DATA dev_info);
@@ -51,6 +61,7 @@ private:
bool dev_filter_check(int vid, int pid, bool *has_winusb);
static DWORD WINAPI control_handler(DWORD control, DWORD event_type,
LPVOID event_data, LPVOID context);
+static DWORD WINAPI pipe_thread(LPVOID param);
static VOID WINAPI main(DWORD argc, TCHAR * argv[]);
private:
@@ -60,7 +71,6 @@ private:
struct usbredirfilter_rule *_filter_rules;
int _filter_count;
char _wdi_path[MAX_PATH];
-HANDLE _pipe;
bool _running;
VDLog* _log;
};
@@ -276,11 +286,9 @@ bool USBClerk::execute()
{
SECURITY_ATTRIBUTES sec_attr;
SECURITY_DESCRIPTOR* sec_desr;
-USBClerkReply reply = {{USB_CLERK_MAGIC, USB_CLERK_VERSION,
-USB_CLERK_REPLY, sizeof(USBClerkReply)}};
CHAR filter_str[MAX_DEVICE_FILTER_LEN];
-CHAR buffer[USB_CLERK_PIPE_BUF_SIZE];
-DWORD bytes;
+HANDLE pipe, thread;
+DWORD tid;
HKEY hkey;
LONG ret;
@@ -296,14 +304,6 @@ bool USBClerk::execute()
sec_attr.nLength = sizeof(sec_attr);
sec_attr.bInheritHandle = TRUE;
sec_attr.lpSecurityDescriptor = sec_desr;
-_pipe = CreateNamedPipe(USB_CLERK_PIPE_NAME, PIPE_ACCESS_DUPLEX |
-FILE_FLAG_FIRST_PIPE_INSTANCE,
-PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE |
PIPE_WAIT, 1,
-USB_CLERK_PIPE_BUF_SIZE, USB_CLERK_PIPE_BUF_SIZE,
0,&sec_attr);
-if (_pipe == INVALID_HANDLE_VALUE) {
-vd_printf("CreatePipe() failed: %u", GetLastError());
-return false;
-}
/* Read filter rules from registry */
ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"Software\\USBClerk", 0,
KEY_READ,&hkey);
@@ -323,34 +323,62 @@ bool USBClerk::execute()
RegCloseKey(hkey);
}
while (_running) {
-if (!ConnectNamedPipe(_pipe, NULL)&& GetLastError() !=
ERROR_PIPE_CONNECTED) {
-vd_printf("ConnectNamedPipe() failed: %u", GetLastError());
+pipe = CreateNamedPipe(USB_CLERK_PIPE_NAME, PIPE_ACCESS_DUPLEX,
+ PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE |
PIPE_WAIT,
+ USB_CLERK_PIPE_MAX_CLIENTS,
USB_CLERK_PIPE_BUF_SIZE,
+ USB_CLERK_PIPE_BUF_SIZE, 0,&sec_attr);
+if (pipe == INVALID_HANDLE_VALUE) {
+vd_printf("CreatePipe() failed: %u", GetLastError());
break;
}
-if (!ReadFile(_pipe,&buffer, sizeof(buffer),&bytes, NULL)) {
-vd_printf("ReadFile() failed: %d", GetLastError());
-goto disconnect;
-}
-if (!dispatch_message(buffer, bytes,&reply)) {
-
[Spice-devel] [PATCH spice-gtk 1/2] controller/win32: allow ActiveX connection on untrusted website
Set low integrity on named-pipes.
This bug was originally resolved as:
https://bugzilla.redhat.com/show_bug.cgi?id=668980
Fixes regression:
https://bugzilla.redhat.com/show_bug.cgi?id=844461
---
gtk/controller/Makefile.am | 2 +
gtk/controller/spice-controller-listener.c | 3 +-
gtk/controller/spice-foreign-menu-listener.c | 3 +-
gtk/controller/win32-util.c | 111 +++
gtk/controller/win32-util.h | 30
5 files changed, 147 insertions(+), 2 deletions(-)
create mode 100644 gtk/controller/win32-util.c
create mode 100644 gtk/controller/win32-util.h
diff --git a/gtk/controller/Makefile.am b/gtk/controller/Makefile.am
index 7bfa51b..f2abf93 100644
--- a/gtk/controller/Makefile.am
+++ b/gtk/controller/Makefile.am
@@ -56,6 +56,8 @@ libspice_controller_la_SOURCES += \
namedpipeconnection.h \
namedpipelistener.c \
namedpipelistener.h \
+ win32-util.c\
+ win32-util.h\
$(NULL)
endif
libspice_controller_la_LDFLAGS = \
diff --git a/gtk/controller/spice-controller-listener.c
b/gtk/controller/spice-controller-listener.c
index da1121e..0189848 100644
--- a/gtk/controller/spice-controller-listener.c
+++ b/gtk/controller/spice-controller-listener.c
@@ -25,6 +25,7 @@
#include
#include "namedpipe.h"
#include "namedpipelistener.h"
+#include "win32-util.h"
#endif
#ifdef G_OS_UNIX
@@ -89,7 +90,7 @@ spice_controller_listener_new (const gchar *address, GError
**error)
listener = G_OBJECT (spice_named_pipe_listener_new ());
-np = spice_named_pipe_new (addr, error);
+np = spice_win32_user_pipe_new (addr, error);
if (!np) {
g_object_unref (listener);
listener = NULL;
diff --git a/gtk/controller/spice-foreign-menu-listener.c
b/gtk/controller/spice-foreign-menu-listener.c
index 8322a13..6693e21 100644
--- a/gtk/controller/spice-foreign-menu-listener.c
+++ b/gtk/controller/spice-foreign-menu-listener.c
@@ -25,6 +25,7 @@
#include
#include "namedpipe.h"
#include "namedpipelistener.h"
+#include "win32-util.h"
#endif
#ifdef G_OS_UNIX
@@ -91,7 +92,7 @@ spice_foreign_menu_listener_new (const gchar *address, GError
**error)
listener = G_OBJECT (spice_named_pipe_listener_new ());
-np = spice_named_pipe_new (addr, error);
+np = spice_win32_user_pipe_new (addr, error);
if (!np) {
g_object_unref (listener);
listener = NULL;
diff --git a/gtk/controller/win32-util.c b/gtk/controller/win32-util.c
new file mode 100644
index 000..4e3ec4c
--- /dev/null
+++ b/gtk/controller/win32-util.c
@@ -0,0 +1,111 @@
+/*
+ Copyright (C) 2012 Red Hat, Inc.
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, see
[Spice-devel] [PATCH spice-gtk 2/2] controller/win32: limit access to current user only
Based on RHEV spicec-win only code.
---
gtk/controller/win32-util.c | 50 -
1 file changed, 49 insertions(+), 1 deletion(-)
diff --git a/gtk/controller/win32-util.c b/gtk/controller/win32-util.c
index 4e3ec4c..1268b2a 100644
--- a/gtk/controller/win32-util.c
+++ b/gtk/controller/win32-util.c
@@ -64,17 +64,63 @@ end:
return success;
}
+
+static gboolean
+get_user_security_attributes (SECURITY_ATTRIBUTES* psa, SECURITY_DESCRIPTOR*
psd, PACL* ppdacl)
+{
+EXPLICIT_ACCESS ea;
+TRUSTEE trst;
+DWORD ret = 0;
+
+ZeroMemory (psa, sizeof (*psa));
+ZeroMemory (psd, sizeof (*psd));
+psa->nLength = sizeof (*psa);
+psa->bInheritHandle = FALSE;
+psa->lpSecurityDescriptor = psd;
+
+ZeroMemory (&trst, sizeof (trst));
+trst.pMultipleTrustee = NULL;
+trst.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+trst.TrusteeForm = TRUSTEE_IS_NAME;
+trst.TrusteeType = TRUSTEE_IS_USER;
+trst.ptstrName = "CURRENT_USER";
+
+ZeroMemory (&ea, sizeof (ea));
+ea.grfAccessPermissions = GENERIC_WRITE | GENERIC_READ;
+ea.grfAccessMode = SET_ACCESS;
+ea.grfInheritance = NO_INHERITANCE;
+ea.Trustee = trst;
+
+ret = SetEntriesInAcl (1, &ea, NULL, ppdacl);
+if (ret != ERROR_SUCCESS)
+return FALSE;
+
+ if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))
+ return FALSE;
+
+ if (!SetSecurityDescriptorDacl (psd, TRUE, *ppdacl, FALSE))
+ return FALSE;
+
+ return TRUE;
+}
+
#define DEFAULT_PIPE_BUF_SIZE 4096
SpiceNamedPipe*
spice_win32_user_pipe_new (gchar *name, GError **error)
{
+SECURITY_ATTRIBUTES sa;
+SECURITY_DESCRIPTOR sd;
+PACL dacl = NULL;
HANDLE pipe;
SpiceNamedPipe *np = NULL;
g_return_val_if_fail (name != NULL, NULL);
g_return_val_if_fail (error != NULL, NULL);
+if (!get_user_security_attributes (&sa, &sd, &dacl))
+return NULL;
+
pipe = CreateNamedPipe (name,
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED |
/* FIXME: why is FILE_FLAG_FIRST_PIPE_INSTANCE needed for WRITE_DAC
@@ -84,7 +130,7 @@ spice_win32_user_pipe_new (gchar *name, GError **error)
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
PIPE_UNLIMITED_INSTANCES,
DEFAULT_PIPE_BUF_SIZE, DEFAULT_PIPE_BUF_SIZE,
-0, NULL);
+0, &sa);
if (pipe == INVALID_HANDLE_VALUE) {
int errsv = GetLastError ();
@@ -107,5 +153,7 @@ spice_win32_user_pipe_new (gchar *name, GError **error)
NULL, error, "handle", pipe, NULL));
end:
+LocalFree (dacl);
+
return np;
}
--
1.7.11.7
___
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
