summaryrefslogtreecommitdiffstats
path: root/ui/vnc-auth-sasl.c
Commit message (Collapse)AuthorAgeFilesLines
* ui: add tracing of VNC authentication processDaniel P. Berrange2017-09-291-63/+50Star
| | | | | | | | | Trace anything related to authentication in the VNC protocol handshake Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170921121528.23935-3-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* sockets: Limit SocketAddressLegacy to external interfacesMarkus Armbruster2017-05-091-5/+4Star
| | | | | | | | | | | | | | | | | SocketAddressLegacy is a simple union, and simple unions are awkward: they have their variant members wrapped in a "data" object on the wire, and require additional indirections in C. SocketAddress is the equivalent flat union. Convert all users of SocketAddressLegacy to SocketAddress, except for existing external interfaces. See also commit fce5d53..9445673 and 85a82e8..c5f1ae3. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1493192202-3184-7-git-send-email-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> [Minor editing accident fixed, commit message and a comment tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
* sockets: Rename SocketAddress to SocketAddressLegacyMarkus Armbruster2017-05-091-3/+3
| | | | | | | | | | | | | | | The next commit will rename SocketAddressFlat to SocketAddress, and the commit after that will replace most uses of SocketAddressLegacy by SocketAddress, replacing most of this commit's renames right back. Note that checkpatch emits a few "line over 80 characters" warnings. The long lines are all temporary; the SocketAddressLegacy replacement will shorten them again. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1493192202-3184-5-git-send-email-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* include/qemu/osdep.h: Don't include qapi/error.hMarkus Armbruster2016-03-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the Error typedef. Since then, we've moved to include qemu/osdep.h everywhere. Its file comment explains: "To avoid getting into possible circular include dependencies, this file should not include any other QEMU headers, with the exceptions of config-host.h, compiler.h, os-posix.h and os-win32.h, all of which are doing a similar job to this file and are under similar constraints." qapi/error.h doesn't do a similar job, and it doesn't adhere to similar constraints: it includes qapi-types.h. That's in excess of 100KiB of crap most .c files don't actually need. Add the typedef to qemu/typedefs.h, and include that instead of qapi/error.h. Include qapi/error.h in .c files that need it and don't get it now. Include qapi-types.h in qom/object.h for uint16List. Update scripts/clean-includes accordingly. Update it further to match reality: replace config.h by config-target.h, add sysemu/os-posix.h, sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h comment quoted above similarly. This reduces the number of objects depending on qapi/error.h from "all of them" to less than a third. Unfortunately, the number depending on qapi-types.h shrinks only a little. More work is needed for that one. Signed-off-by: Markus Armbruster <armbru@redhat.com> [Fix compilation without the spice devel packages. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* qapi: Don't special-case simple union wrappersEric Blake2016-03-181-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Simple unions were carrying a special case that hid their 'data' QMP member from the resulting C struct, via the hack method QAPISchemaObjectTypeVariant.simple_union_type(). But by using the work we started by unboxing flat union and alternate branches, coupled with the ability to visit the members of an implicit type, we can now expose the simple union's implicit type in qapi-types.h: | struct q_obj_ImageInfoSpecificQCow2_wrapper { | ImageInfoSpecificQCow2 *data; | }; | | struct q_obj_ImageInfoSpecificVmdk_wrapper { | ImageInfoSpecificVmdk *data; | }; ... | struct ImageInfoSpecific { | ImageInfoSpecificKind type; | union { /* union tag is @type */ | void *data; |- ImageInfoSpecificQCow2 *qcow2; |- ImageInfoSpecificVmdk *vmdk; |+ q_obj_ImageInfoSpecificQCow2_wrapper qcow2; |+ q_obj_ImageInfoSpecificVmdk_wrapper vmdk; | } u; | }; Doing this removes asymmetry between QAPI's QMP side and its C side (both sides now expose 'data'), and means that the treatment of a simple union as sugar for a flat union is now equivalent in both languages (previously the two approaches used a different layer of dereferencing, where the simple union could be converted to a flat union with equivalent C layout but different {} on the wire, or to an equivalent QMP wire form but with different C representation). Using the implicit type also lets us get rid of the simple_union_type() hack. Of course, now all clients of simple unions have to adjust from using su->u.member to using su->u.member.data; while this touches a number of files in the tree, some earlier cleanup patches helped minimize the change to the initialization of a temporary variable rather than every single member access. The generated qapi-visit.c code is also affected by the layout change: |@@ -7393,10 +7393,10 @@ void visit_type_ImageInfoSpecific_member | } | switch (obj->type) { | case IMAGE_INFO_SPECIFIC_KIND_QCOW2: |- visit_type_ImageInfoSpecificQCow2(v, "data", &obj->u.qcow2, &err); |+ visit_type_q_obj_ImageInfoSpecificQCow2_wrapper_members(v, &obj->u.qcow2, &err); | break; | case IMAGE_INFO_SPECIFIC_KIND_VMDK: |- visit_type_ImageInfoSpecificVmdk(v, "data", &obj->u.vmdk, &err); |+ visit_type_q_obj_ImageInfoSpecificVmdk_wrapper_members(v, &obj->u.vmdk, &err); | break; | default: | abort(); Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1458254921-17042-13-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* ui: Clean up includesPeter Maydell2016-02-041-0/+1
| | | | | | | | | | Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1454089805-5470-2-git-send-email-peter.maydell@linaro.org
* ui: convert VNC server to use QIOChannelSocketDaniel P. Berrange2015-12-181-12/+45
| | | | | | | | | | The minimal first step conversion to use QIOChannelSocket classes instead of directly using POSIX sockets API. This will later be extended to also cover the TLS, SASL and websockets code. Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* ui: convert VNC server to use QCryptoTLSSessionDaniel P. Berrange2015-09-151-17/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch VNC server over to using the QCryptoTLSSession object for the TLS session. This removes the direct use of gnutls from the VNC server code. It also removes most knowledge about TLS certificate handling from the VNC server code. This has the nice effect that all the CONFIG_VNC_TLS conditionals go away and the user gets an actual error message when requesting TLS instead of it being silently ignored. With this change, the existing configuration options for enabling TLS with -vnc are deprecated. Old syntax for anon-DH credentials: -vnc hostname:0,tls New syntax: -object tls-creds-anon,id=tls0,endpoint=server \ -vnc hostname:0,tls-creds=tls0 Old syntax for x509 credentials, no client certs: -vnc hostname:0,tls,x509=/path/to/certs New syntax: -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \ -vnc hostname:0,tls-creds=tls0 Old syntax for x509 credentials, requiring client certs: -vnc hostname:0,tls,x509verify=/path/to/certs New syntax: -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \ -vnc hostname:0,tls-creds=tls0 This aligns VNC with the way TLS credentials are to be configured in the future for chardev, nbd and migration backends. It also has the benefit that the same TLS credentials can be shared across multiple VNC server instances, if desired. If someone uses the deprecated syntax, it will internally result in the creation of a 'tls-creds' object with an ID based on the VNC server ID. This allows backwards compat with the CLI syntax, while still deleting all the original TLS code from the VNC server. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* Change qemu_set_fd_handler2(..., NULL, ...) to qemu_set_fd_handlerFam Zheng2015-06-121-1/+1
| | | | | | | | | | | | | | | Done with following Coccinelle semantic patch, plus manual cosmetic changes in net/*.c. @@ expression E1, E2, E3, E4; @@ - qemu_set_fd_handler2(E1, NULL, E2, E3, E4); + qemu_set_fd_handler(E1, E2, E3, E4); Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1433400324-7358-8-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* vnc: drop display+ws_display from VncDisplayGerd Hoffmann2015-03-121-1/+1
| | | | | | | | | Nobody cares about those strings, they are only used to check whenever the vnc server / websocket support is enabled or not. Add bools for this and drop the strings. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
* Merge branch 'trivial-patches' of git://github.com/stefanha/qemuAurelien Jarno2012-10-061-1/+0Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'trivial-patches' of git://github.com/stefanha/qemu: versatilepb: Use symbolic indices for ARM PIC qdev: kill bogus comment qemu-barrier: Fix compiler version check for future gcc versions hw: Add missing 'static' attribute for QEMUMachine cleanup useless return sentence qemu-sockets: Fix compiler warning (regression for MinGW) vnc: Fix spelling (hellmen -> hellman) in comment slirp: Fix spelling in comment (enought -> enough, insure -> ensure) tcg/arm: Use tcg_out_mov_reg rather than inline equivalent code cpu: Add missing 'static' attribute to qemu_global_mutex configure: Support empty target list (--target-list=) hw: Fix return value check for bdrv_read, bdrv_write
| * cleanup useless return sentenceAmos Kong2012-10-051-1/+0Star
| | | | | | | | | | | | | | | | This patch cleans up return sentences in the end of void functions. Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Amos Kong <akong@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
* | ui/vnc: simplify and avoid strncpyJim Meyering2012-10-051-3/+1Star
|/ | | | | | | | | Don't bother with strncpy. There's no need for its zero-fill. Use g_strndup in place of g_malloc+strncpy+NUL-terminate. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* vnc: Fix packed boolean struct membersStefan Weil2012-03-191-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes warnings reported by splint: For variables which are packed in a single bit, a signed data type like 'int' does not make much sense. There is no obvious reason why the two values should be packed, so I removed the packing and changed the data type to bool because both are used as boolean values. v2: Some versions of gcc complain after this modification, for example gcc (Debian 4.4.5-8) 4.4.5): ui/vnc-auth-sasl.c: In function ‘vnc_sasl_client_cleanup’: ui/vnc-auth-sasl.c:34: error: suggest parentheses around assignment used as truth value Obviously, the compiler does not like code which does bool = unsigned = bool = 0 Splitting that code in three statements works. Cc: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
* ui/vnc: Convert sasl.mechlist to g_malloc() & friendsMarkus Armbruster2011-11-101-14/+5Star
| | | | | | | | Fixes protocol_client_auth_sasl_mechname() not to crash when malloc() fails. Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
* ui/vnc: Fix use of free() instead of g_free()Stefan Weil2011-11-011-4/+4
| | | | | | | Please note that mechlist still uses malloc / strdup / free. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* Use glib memory allocation and free functionsAnthony Liguori2011-08-211-1/+1
| | | | | | qemu_malloc/qemu_free no longer exist after this commit. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* Remove unused USES_X509_AUTH macro from VNC sasl codeDaniel P. Berrange2011-07-231-7/+0Star
| | | | | | | | | The USES_X509_AUTH macro is defined in several VNC files, but not used in all of them. Remove the unused definition. * ui/vnc-auth-sasl.c: Remove USES_X509_AUTH macro Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* Store VNC auth scheme per-client as well as per-serverDaniel P. Berrange2011-07-231-4/+4
| | | | | | | | | | | | | | | A future patch will introduce a situation where different clients may have different authentication schemes set. When a new client arrives, copy the 'auth' and 'subauth' fields from VncDisplay into the client's VncState, and use the latter in all authentication functions. * ui/vnc.h: Add 'auth' and 'subauth' to VncState * ui/vnc-auth-sasl.c, ui/vnc-auth-vencrypt.c, ui/vnc.c: Make auth functions pull auth scheme from VncState instead of VncDisplay Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* vnc-auth-sasl: fix a memory leakBlue Swirl2011-01-121-6/+8
| | | | | | | Fix a memory leak reported by cppcheck: [/src/qemu/ui/vnc-auth-sasl.c:448]: (error) Memory leak: mechname Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* ui: move all ui components in ui/Corentin Chary2010-07-271-0/+637
Move sdl, vnc, curses and cocoa UI into ui/ to cleanup the root directory. Also remove some unnecessary explicit targets from Makefile. aliguori: fix build when srcdir != objdir Signed-off-by: Corentin Chary <corentincj@iksaif.net> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>