aboutsummaryrefslogtreecommitdiff
path: root/ui/vnc.c
AgeCommit message (Collapse)AuthorFilesLines
2016-03-08vnc: send cursor when a new client is connectingFrediano Ziglio1-0/+3
If you have hardware cursor and you are reconnecting the VNC client you need to send the cursor. Failing to do so make the cursor invisible till is changed. Signed-off-by: Frediano Ziglio <fziglio@redhat.com> Message-id: 1456929142-14033-1-git-send-email-fziglio@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-05util: Shorten references into SocketAddressEric Blake1-19/+20
An upcoming patch will alter how simple unions, like SocketAddress, are laid out, which will impact all lines of the form 'addr->u.XXX' (expanding it to the longer 'addr->u.XXX.data'). For better legibility in that patch, and less need for line wrapping, it's better to use a temporary variable to reduce the effect of a layout change to just the variable initializations, rather than every reference within a SocketAddress. Also, take advantage of some C99 initialization where it makes sense (simplifying g_new0() to g_new()). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1457021813-10704-7-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-03-01qapi: rename input buttonsGerd Hoffmann1-2/+2
All lowercase, use-dash instead of CamelCase. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-03-01console: add & use qemu_console_lookup_by_device_nameGerd Hoffmann1-11/+4
We have two places needing this, and a third one will come shortly. So factor things out into a helper function to reduce code duplication. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-02-04ui: Clean up includesPeter Maydell1-1/+1
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1454089805-5470-2-git-send-email-peter.maydell@linaro.org
2016-01-21Merge remote-tracking branch 'remotes/kraxel/tags/pull-socket-20160120-1' ↵Peter Maydell1-6/+12
into staging Convert qemu-socket to use QAPI exclusively, update MAINTAINERS. # gpg: Signature made Wed 20 Jan 2016 06:49:07 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-socket-20160120-1: vnc: distiguish between ipv4/ipv6 omitted vs set to off sockets: remove use of QemuOpts from socket_dgram sockets: remove use of QemuOpts from socket_connect sockets: remove use of QemuOpts from socket_listen sockets: remove use of QemuOpts from header file add MAINTAINERS entry for qemu socket code Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-19vnc: distiguish between ipv4/ipv6 omitted vs set to offDaniel P. Berrange1-6/+12
The VNC code for interpreting QemuOpts does not currently distinguish between ipv4/ipv6 being omitted, and being set to 'off', because historically the 'ipv4' and 'ipv6' options were just flags which did not accept a value. The upshot is that if someone runs $QEMU -vnc localhost:1,ipv6=off QEMU still uses PF_UNSPEC and thus may still bind to IPv6, when it should use PF_INET. This is another instance of the problem previously fixed for chardevs in commit b77e7c8e99f9ac726c4eaa2fc3461fd886017dc0 Author: Paolo Bonzini <pbonzini@redhat.com> Date: Mon Oct 12 15:35:16 2015 +0200 qemu-sockets: fix conversion of ipv4/ipv6 JSON to QemuOpts Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1452518225-11751-6-git-send-email-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-18vnc: fix tls-creds error messageWolfgang Bumiller1-1/+1
The parameter is called 'tls-creds', 'credid' is just the variable name in the code. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1452681360-29239-1-git-send-email-w.bumiller@proxmox.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-18vnc: clear vs->tlscreds after unparenting itWolfgang Bumiller1-0/+1
This pointer should be cleared in vnc_display_close() otherwise a use-after-free can happen when when using the old style 'x509' and 'tls' options rather than a persistent tls-creds -object, by issuing monitor commands to change the vnc server like so: Start with: -vnc unix:test.socket,x509,tls Then use the following monitor command: change vnc unix:test.socket After this the pointer is still set but invalid and a crash can be triggered for instance by issuing the same command a second time which will try to object_unparent() the same pointer again. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-13error: Use error_reportf_err() where it makes obvious senseMarkus Armbruster1-3/+1
Done with this Coccinelle semantic patch @@ expression FMT, E, S; expression list ARGS; @@ - error_report(FMT, ARGS, error_get_pretty(E)); + error_reportf_err(E, FMT/*@@@*/, ARGS); ( - error_free(E); | exit(S); | abort(); ) followed by a replace of '%s"/*@@@*/' by '"' and some line rewrapping, because I can't figure out how to make Coccinelle transform strings. We now use the error whole instead of just its message obtained with error_get_pretty(). This avoids suppressing its hint (see commit 50b7b00), but I can't see how the errors touched in this commit could come with hints. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1450452927-8346-12-git-send-email-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-12-18ui: convert VNC server to use QIOChannelWebsockDaniel P. Berrange1-23/+4
Remove custom websock handling code from the VNC server and use the QIOChannelWebsock class instead. Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18ui: convert VNC server to use QIOChannelTLSDaniel P. Berrange1-64/+5
Switch VNC server over to using the QIOChannelTLS object for the TLS session. This removes all remaining VNC specific code for dealing with TLS handshakes. Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18ui: convert VNC server to use QIOChannelSocketDaniel P. Berrange1-280/+294
The minimal first step conversion to use QIOChannelSocket classes instead of directly using POSIX sockets API. This will later be extended to also cover the TLS, SASL and websockets code. Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-17qapi: Change munging of CamelCase enum valuesEric Blake1-2/+2
When munging enum values, the fact that we were passing the entire prefix + value through camel_to_upper() meant that enum values spelled with CamelCase could be turned into CAMEL_CASE. However, this provides a potential collision (both OneTwo and One-Two would munge into ONE_TWO) for enum types, when the same two names are valid side-by-side as QAPI member names. By changing the generation of enum constants to always be prefix + '_' + c_name(value, False).upper(), and ensuring that there are no case collisions (in the next patches), we no longer have to worry about names that would be distinct as QAPI members but collide as variant tag names, without having to think about what munging the heuristics in camel_to_upper() will actually perform on an enum value. Making the change will affect enums that did not follow coding conventions, using 'CamelCase' rather than desired 'lower-case'. Thankfully, there are only two culprits: InputButton and ErrorClass. We already tweaked ErrorClass to make it an alias of QapiErrorClass, where only the alias needs changing rather than the whole tree. So the bulk of this change is modifying INPUT_BUTTON_WHEEL_UP to the new INPUT_BUTTON_WHEELUP (and likewise for WHEELDOWN). That part of this commit may later need reverting if we rename the enum constants from 'WheelUp' to 'wheel-up' as part of moving x-input-send-event to a stable interface; but at least we have documentation bread crumbs in place to remind us (commit 513e7cd), and it matches the fact that SDL constants are also spelled SDL_BUTTON_WHEELUP. Suggested by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-27-git-send-email-eblake@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Don't let implicit enum MAX member collideEric Blake1-1/+1
Now that we guarantee the user doesn't have any enum values beginning with a single underscore, we can use that for our own purposes. Renaming ENUM_MAX to ENUM__MAX makes it obvious that the sentinel is generated. This patch was mostly generated by applying a temporary patch: |diff --git a/scripts/qapi.py b/scripts/qapi.py |index e6d014b..b862ec9 100644 |--- a/scripts/qapi.py |+++ b/scripts/qapi.py |@@ -1570,6 +1570,7 @@ const char *const %(c_name)s_lookup[] = { | max_index = c_enum_const(name, 'MAX', prefix) | ret += mcgen(''' | [%(max_index)s] = NULL, |+// %(max_index)s | }; | ''', | max_index=max_index) then running: $ cat qapi-{types,event}.c tests/test-qapi-types.c | sed -n 's,^// \(.*\)MAX,s|\1MAX|\1_MAX|g,p' > list $ git grep -l _MAX | xargs sed -i -f list The only things not generated are the changes in scripts/qapi.py. Rejecting enum members named 'MAX' is now useless, and will be dropped in the next patch. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-23-git-send-email-eblake@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> [Rebased to current master, commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-03ui: vnc: avoid floating point exceptionPrasad J Pandit1-3/+3
While sending 'SetPixelFormat' messages to a VNC server, the client could set the 'red-max', 'green-max' and 'blue-max' values to be zero. This leads to a floating point exception in write_png_palette while doing frame buffer updates. Reported-by: Lian Yihan <lianyihan@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-26vnc: fix segfaultGerd Hoffmann1-0/+5
Commit "c7628bf vnc: only alloc server surface with clients connected" missed one rarely used codepath (cirrus with guest drivers using 2d accel) where we have to check for the server surface being present, to avoid qemu crashing with a NULL pointer dereference. Add the check. Reported-by: Anthony PERARD <anthony.perard@citrix.com> Tested-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-11-17Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20151116-1' into ↵Peter Maydell1-24/+68
staging vnc: buffer code improvements, bugfixes. # gpg: Signature made Mon 16 Nov 2015 17:20:02 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vnc-20151116-1: vnc: fix mismerge buffer: allow a buffer to shrink gracefully buffer: factor out buffer_adj_size buffer: factor out buffer_req_size vnc: recycle empty vs->output buffer vnc: fix local state init vnc: only alloc server surface with clients connected vnc: use vnc_{width,height} in vnc_set_area_dirty vnc: factor out vnc_update_server_surface vnc: add vnc_width+vnc_height helpers vnc: zap dead code vnc-jobs: move buffer reset, use new buffer move vnc: kill jobs queue buffer vnc: attach names to buffers buffer: add tracing buffer: add buffer_shrink buffer: add buffer_move buffer: add buffer_move_empty buffer: add buffer_init buffer: make the Buffer capacity increase in powers of two Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-06ui: Use g_new() & friends where that makes obvious senseMarkus Armbruster1-2/+2
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Same Coccinelle semantic patch as in commit b45c03f. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-05vnc: fix mismergeGerd Hoffmann1-2/+0
Commit "4d77b1f vnc: fix bug: vnc server can't start when 'to' is specified" was rebased incorrectly, fix it. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn> Message-id: 1446714738-22400-1-git-send-email-kraxel@redhat.com
2015-11-05vnc: only alloc server surface with clients connectedGerd Hoffmann1-0/+12
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1446203414-4013-15-git-send-email-kraxel@redhat.com
2015-11-05vnc: use vnc_{width,height} in vnc_set_area_dirtyGerd Hoffmann1-11/+10
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1446203414-4013-14-git-send-email-kraxel@redhat.com
2015-11-05vnc: factor out vnc_update_server_surfaceGerd Hoffmann1-6/+15
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1446203414-4013-13-git-send-email-kraxel@redhat.com
2015-11-05vnc: add vnc_width+vnc_height helpersGerd Hoffmann1-3/+13
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1446203414-4013-12-git-send-email-kraxel@redhat.com
2015-11-05vnc: zap dead codeGerd Hoffmann1-4/+0
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1446203414-4013-11-git-send-email-kraxel@redhat.com
2015-11-05vnc: attach names to buffersGerd Hoffmann1-0/+20
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1446203414-4013-8-git-send-email-kraxel@redhat.com
2015-11-03vnc: fix bug: vnc server can't start when 'to' is specifiedYang Hongyang1-0/+2
commit e0d03b8ceb52 converted VNC startup to use SocketAddress, the interface socket_listen don't have a port_offset param, so we need to add the port offset (5900) to both 'port' and 'to' opts. currently only 'port' is added by offset. This patch add the port offset to 'to' opts. Signed-off-by: Yang Hongyang <hongyang.yang@easystack.cn> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1445926252-14830-1-git-send-email-hongyang.yang@easystack.cn Cc: Daniel P. Berrange <berrange@redhat.com> Cc: Eric Blake <eblake@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-11-03vnc: allow fall back to RAW encodingPeter Lieven1-2/+18
I have observed that depending on the contents and the encoding it happens that sending data as RAW sometimes would take less space than the encoded data. This is especially the case for small updates or areas with high color images. If sending RAW encoded data is beneficial allow a fall back to RAW encoding for the framebuffer update. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-11-02sockets: Convert to new qapi union layoutEric Blake1-22/+22
We have two issues with our qapi union layout: 1) Even though the QMP wire format spells the tag 'type', the C code spells it 'kind', requiring some hacks in the generator. 2) The C struct uses an anonymous union, which places all tag values in the same namespace as all non-variant members. This leads to spurious collisions if a tag value matches a non-variant member's name. Make the conversion to the new layout for socket-related code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1445898903-12082-17-git-send-email-eblake@redhat.com> [Commit message tweaked slightly] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-02qapi: Unbox base membersEric Blake1-11/+10
Rather than storing a base class as a pointer to a box, just store the fields of that base class in the same order, so that a child struct can be directly cast to its parent. This gives less malloc overhead, less pointer dereferencing, and even less generated code. Compare to the earlier commit 1e6c1616a "qapi: Generate a nicer struct for flat unions" (although that patch had fewer places to change, as less of qemu was directly using qapi structs for flat unions). It also allows us to turn on automatic type-safe wrappers for upcasting to the base class of a struct. Changes to the generated code look like this in qapi-types.h: | struct SpiceChannel { |- SpiceBasicInfo *base; |+ /* Members inherited from SpiceBasicInfo: */ |+ char *host; |+ char *port; |+ NetworkAddressFamily family; |+ /* Own members: */ | int64_t connection_id; as well as additional upcast functions like qapi_SpiceChannel_base(). Meanwhile, changes to qapi-visit.c look like: | static void visit_type_SpiceChannel_fields(Visitor *v, SpiceChannel **obj, Error **errp) | { | Error *err = NULL; | |- visit_type_implicit_SpiceBasicInfo(v, &(*obj)->base, &err); |+ visit_type_SpiceBasicInfo_fields(v, (SpiceBasicInfo **)obj, &err); | if (err) { (the cast is necessary, since our upcast wrappers only deal with a single pointer, not pointer-to-pointer); plus the wholesale elimination of some now-unused visit_type_implicit_FOO() functions. Without boxing, the corner case of one empty struct having another empty struct as its base type now requires inserting a dummy member (previously, the 'Base *base' member sufficed). And now that we no longer consume a 'base' member in the generated C struct, we can delete the former negative struct-base-clash-base test. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1445898903-12082-11-git-send-email-eblake@redhat.com> [Commit message tweaked slightly] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-02vnc: Hoist allocation of VncBasicInfo to callersEric Blake1-23/+34
A future qapi patch will rework generated structs with a base class to be unboxed. In preparation for that, change the code that allocates then populates an info struct to instead merely populate the fields of an info field passed in as a parameter (renaming vnc_basic_info_get* to vnc_init_basic_info*). Add rudimentary Error handling at the lowest levels for cases where the old code returned NULL; but rather than plumb Error all the way through the stack, the callers drop the error and return NULL as before. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1445898903-12082-7-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-10-20util: pull Buffer code out of VNC moduleDaniel P. Berrange1-43/+0
The Buffer code in the VNC server is useful for the IO channel code, so pull it out into a shared module, QIOBuffer. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-20ui: convert VNC startup code to use SocketAddressDaniel P. Berrange1-70/+90
The VNC code is currently using QemuOpts to configure the sockets connections / listeners it needs. Convert it to use SocketAddress to bring it in line with modern QAPI based code elsewhere in QEMU. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-09-15ui: convert VNC server to use QCryptoTLSSessionDaniel P. Berrange1-122/+218
Switch VNC server over to using the QCryptoTLSSession object for the TLS session. This removes the direct use of gnutls from the VNC server code. It also removes most knowledge about TLS certificate handling from the VNC server code. This has the nice effect that all the CONFIG_VNC_TLS conditionals go away and the user gets an actual error message when requesting TLS instead of it being silently ignored. With this change, the existing configuration options for enabling TLS with -vnc are deprecated. Old syntax for anon-DH credentials: -vnc hostname:0,tls New syntax: -object tls-creds-anon,id=tls0,endpoint=server \ -vnc hostname:0,tls-creds=tls0 Old syntax for x509 credentials, no client certs: -vnc hostname:0,tls,x509=/path/to/certs New syntax: -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \ -vnc hostname:0,tls-creds=tls0 Old syntax for x509 credentials, requiring client certs: -vnc hostname:0,tls,x509verify=/path/to/certs New syntax: -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \ -vnc hostname:0,tls-creds=tls0 This aligns VNC with the way TLS credentials are to be configured in the future for chardev, nbd and migration backends. It also has the benefit that the same TLS credentials can be shared across multiple VNC server instances, if desired. If someone uses the deprecated syntax, it will internally result in the creation of a 'tls-creds' object with an ID based on the VNC server ID. This allows backwards compat with the CLI syntax, while still deleting all the original TLS code from the VNC server. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-09-15ui: fix return type for VNC I/O functions to be ssize_tDaniel P. Berrange1-18/+18
Various VNC server I/O functions return 'long' and then also pass this to a method accepting 'int'. All these should be ssize_t to match the signature of read/write APIs and thus avoid potential for integer truncation / wraparound. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-08-26vnc: fix memory corruption (CVE-2015-5225)Gerd Hoffmann1-5/+10
The _cmp_bytes variable added by commit "bea60dd ui/vnc: fix potential memory corruption issues" can become negative. Result is (possibly exploitable) memory corruption. Reason for that is it uses the stride instead of bytes per scanline to apply limits. For the server surface is is actually fine. vnc creates that itself, there is never any padding and thus scanline length always equals stride. For the guest surface scanline length and stride are typically identical too, but it doesn't has to be that way. So add and use a new variable (guest_ll) for the guest scanline length. Also rename min_stride to line_bytes to make more clear what it actually is. Finally sprinkle in an assert() to make sure we never use a negative _cmp_bytes again. Reported-by: 范祚至(库特) <zuozhi.fzz@alibaba-inc.com> Reviewed-by: P J P <ppandit@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-07-24vnc: fix memory leakGonglei1-1/+4
If vnc's password is configured, it will leak memory which cipher variable pointed on every vnc connection. Cc: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Message-Id: <1437556133-11268-1-git-send-email-arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-14vnc: fix vnc client authenticationWolfgang Bumiller1-1/+1
Commit 800567a61 updated the code to the generic crypto API and mixed up encrypt and decrypt functions in procotol_client_auth_vnc. (Used to be: deskey(key, EN0) which encrypts, and was changed to qcrypto_cipher_decrypt in 800567a61.) Changed it to qcrypto_cipher_encrypt now. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-07-08ui: convert VNC to use generic cipher APIDaniel P. Berrange1-11/+41
Switch the VNC server over to use the generic cipher API, this allows it to use the pluggable DES implementations, instead of being hardcoded to use QEMU's built-in impl. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-11-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-08ui: convert VNC websockets to use crypto APIsDaniel P. Berrange1-54/+13
Remove the direct use of gnutls for hash processing in the websockets code, in favour of using the crypto APIs. This allows the websockets code to be built unconditionally removing countless conditional checks from the VNC code. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-9-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-07crypto: move built-in D3DES implementation into crypto/Daniel P. Berrange1-1/+1
To prepare for a generic internal cipher API, move the built-in D3DES implementation into the crypto/ directory. This is not in fact a normal D3DES implementation, it is D3DES with double & triple length modes removed, and the key bytes in reversed bit order. IOW it is crippled specifically for the "benefit" of RFB, so call the new files desrfb.c instead of d3des.c to make it clear that it isn't a generally useful impl. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-4-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-22Include qapi/qmp/qerror.h exactly where neededMarkus Armbruster1-0/+1
In particular, don't include it into headers. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-22qerror: Move #include out of qerror.hMarkus Armbruster1-0/+1
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-22qerror: Clean up QERR_ macros to expand into a single stringMarkus Armbruster1-2/+2
These macros expand into error class enumeration constant, comma, string. Unclean. Has been that way since commit 13f59ae. The error class is always ERROR_CLASS_GENERIC_ERROR since the previous commit. Clean up as follows: * Prepend every use of a QERR_ macro by ERROR_CLASS_GENERIC_ERROR, and delete it from the QERR_ macro. No change after preprocessing. * Rewrite error_set(ERROR_CLASS_GENERIC_ERROR, ...) into error_setg(...). Again, no change after preprocessing. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-22QemuOpts: Wean off qerror_report_err()Markus Armbruster1-2/+2
qerror_report_err() is a transitional interface to help with converting existing monitor commands to QMP. It should not be used elsewhere. The only remaining user in qemu-option.c is qemu_opts_parse(). Is it used in QMP context? If not, we can simply replace qerror_report_err() by error_report_err(). The uses in qemu-img.c, qemu-io.c, qemu-nbd.c and under tests/ are clearly not in QMP context. The uses in vl.c aren't either, because the only QMP command handlers there are qmp_query_status() and qmp_query_machines(), and they don't call it. Remaining uses: * drive_def(): Command line -drive and such, HMP drive_add and pci_add * hmp_chardev_add(): HMP chardev-add * monitor_parse_command(): HMP core * tmp_config_parse(): Command line -tpmdev * net_host_device_add(): HMP host_net_add * net_client_parse(): Command line -net and -netdev * qemu_global_option(): Command line -global * vnc_parse_func(): Command line -display, -vnc, default display, HMP change, QMP change. Bummer. * qemu_pci_hot_add_nic(): HMP pci_add * usb_net_init(): Command line -usbdevice, HMP usb_add Propagate errors through qemu_opts_parse(). Create a convenience function qemu_opts_parse_noisily() that passes errors to error_report_err(). Switch all non-QMP users outside tests to it. That leaves vnc_parse_func(). Propagate errors through it. Since I'm touching it anyway, rename it to vnc_parse(). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-12Change qemu_set_fd_handler2(..., NULL, ...) to qemu_set_fd_handlerFam Zheng1-15/+12
Done with following Coccinelle semantic patch, plus manual cosmetic changes in net/*.c. @@ expression E1, E2, E3, E4; @@ - qemu_set_fd_handler2(E1, NULL, E2, E3, E4); + qemu_set_fd_handler(E1, E2, E3, E4); Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1433400324-7358-8-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-09QemuOpts: Convert qemu_opts_foreach() to ErrorMarkus Armbruster1-1/+1
Retain the function value for now, to permit selective conversion of its callers. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com>
2015-05-20vnc: Tweak error when init failsCole Robinson1-2/+1
Before: qemu-system-x86_64: -display vnc=unix:/root/foo.sock: Failed to start VNC server on `(null)': Failed to bind socket to /root/foo.sock: Permission denied After: qemu-system-x86_64: -display vnc=unix:/root/foo.sock: Failed to start VNC server: Failed to bind socket to /root/foo.sock: Permission denied Rather than tweak the string possibly show unix: value as well, just drop the explicit display reporting. We already get the cli string in the error message, that should be sufficient. Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-20vnc: Don't assert if opening unix socket failsCole Robinson1-0/+3
Reproducer: $ qemu-system-x86_64 -display vnc=unix:/root/i-cant-access-you.sock qemu-system-x86_64: iohandler.c:60: qemu_set_fd_handler2: Assertion `fd >= 0' failed. Aborted (core dumped) Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-20ui: remove check for failure of qemu_acl_init()Daniel P. Berrange1-8/+0
The qemu_acl_init() function has long since stopped being able to return NULL, since g_malloc will abort on OOM. As such the checks for NULL were unreachable code. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>