Commit Graph

761 Commits

Author SHA1 Message Date
Gerd Hoffmann
641381c1fc spice: don't update mm_time when spice-server is stopped.
Skip mm_time updates (in qxl device memory) in case the guest is stopped.
Guest isn't able to look anyway, and it causes problems with migration.

Also make sure the initial state for spice server is stopped.

Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-29 09:56:01 +02:00
Cole Robinson
bc119048d7 vnc: Tweak error when init fails
Before:
qemu-system-x86_64: -display vnc=unix:/root/foo.sock: Failed to start VNC server on `(null)': Failed to bind socket to /root/foo.sock: Permission denied

After:
qemu-system-x86_64: -display vnc=unix:/root/foo.sock: Failed to start VNC server: Failed to bind socket to /root/foo.sock: Permission denied

Rather than tweak the string possibly show unix: value as well,
just drop the explicit display reporting. We already get the cli
string in the error message, that should be sufficient.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-20 10:23:08 +02:00
Cole Robinson
3d00ac1a2e vnc: Don't assert if opening unix socket fails
Reproducer:

$ qemu-system-x86_64 -display vnc=unix:/root/i-cant-access-you.sock
qemu-system-x86_64: iohandler.c:60: qemu_set_fd_handler2: Assertion `fd >= 0' failed.
Aborted (core dumped)

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-20 10:23:08 +02:00
Daniel P. Berrange
2b2c1a38ee ui: remove check for failure of qemu_acl_init()
The qemu_acl_init() function has long since stopped being able
to return NULL, since g_malloc will abort on OOM. As such the
checks for NULL were unreachable code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-20 10:23:08 +02:00
Ján Tomko
274c3b52e1 Strip brackets from vnc host
Commit v2.2.0-1530-ge556032 vnc: switch to inet_listen_opts
bypassed the use of inet_parse in inet_listen, making literal
IPv6 addresses enclosed in brackets fail:

qemu-kvm: -vnc [::1]:0: Failed to start VNC server on `(null)': address
resolution failed for [::1]:5900: Name or service not known

Strip the brackets to make it work again.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-20 10:23:08 +02:00
Programmingkid
b4c6a112dc ui/cocoa: Add console items to the View menu
Add any console that is available to the current emulator as a
menu item under the View menu.

Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
[PMM: Adjusted to apply after zoom-to-fit menu item was added;
 create the View menu at the same time as all the others, and only
 add the dynamically-determined items to it later]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-19 09:11:18 +01:00
Peter Maydell
8617989eae ui/cocoa: Avoid deprecated NSOKButton/NSCancelButton constants
In OSX 10.10, the NSOKButton and NSCancelButton constants are deprecated
and provoke compiler warnings. Avoid them by using the
NSFileHandlingPanelCancelButton and NSFileHandlingPanelOKButton constants
instead. These are the documented correct constants for the 10.6-and-up
beginSheetModalForWindow API we use. We also use the same method for
the pre-10.6 compatibility code path, but conveniently the constant
values are the same and the constant names have been present since 10.0.
Preferring the constant names that match the non-legacy API makes more
sense anyway.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1431296361-16981-7-git-send-email-peter.maydell@linaro.org
2015-05-19 09:11:18 +01:00
Peter Maydell
81801ae213 ui/cocoa: Don't use NSWindow useOptimizedDrawing on OSX 10.10 and up
Starting in OSX 10.10, NSWindow useOptimizedDrawing is deprecated, so
don't use it there.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1431296361-16981-6-git-send-email-peter.maydell@linaro.org
2015-05-19 09:11:18 +01:00
Peter Maydell
2a4c8c53da ui/cocoa: Declare that QemuCocoaAppController implements NSApplicationDelegate
Our class QemuCocoaAppController implements the NSApplicationDelegate
interface, and we pass an object of this class to [NSApp setDelegate].
However, we weren't declaring in the class definition that we implemented
this interface; in OSX 10.10 this provokes the following (slighly
misleading) warning:
ui/cocoa.m:1031:24: warning: sending 'QemuCocoaAppController *' to parameter of
      incompatible type 'id<NSFileManagerDelegate>'
    [NSApp setDelegate:appController];
                       ^~~~~~~~~~~~~
/System/Library/Frameworks/Foundation.framework/Headers/NSFileManager.h:109:47:
note: passing argument to parameter 'delegate' here
@property (assign) id <NSFileManagerDelegate> delegate NS_AVAILABLE(10_5,
2_0);
                                              ^

Annoyingly, this interface wasn't formally defined until OSX 10.6, so we
have to surround the relevant part of the @interface line with an ifdef.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1431296361-16981-5-git-send-email-peter.maydell@linaro.org
2015-05-19 09:11:18 +01:00
Peter Maydell
de1aadee28 ui/cocoa: openPanelDidEnd returnCode should be NSInteger, not int
The type for openPanelDidEnd's returnCode argument should be NSInteger,
not int. This only matters for the OSX 10.5 code path where we pass
the method directly to an OSX function to call.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1431296361-16981-4-git-send-email-peter.maydell@linaro.org
2015-05-19 09:11:18 +01:00
Peter Maydell
89424ff32f ui/cocoa: Remove compatibility ifdefs for OSX 10.4
Remove compatibility ifdefs that work around OSX 10.4 not providing
various typedefs and functions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1431296361-16981-3-git-send-email-peter.maydell@linaro.org
2015-05-19 09:11:17 +01:00
Peter Maydell
b63901d84c ui/cocoa: Drop tests for CGImageCreateWithImageInRect support
The code that tries to test at both compiletime and runtime
for whether CGImageCreateWithImageInRect is supported provokes
a compile warning on OSX 10.3:

ui/cocoa.m:378:13: warning: comparison of function 'CGImageCreateWithImageInRect'
      equal to a null pointer is always false[-Wtautological-pointer-compare]
        if (CGImageCreateWithImageInRect == NULL) { // test if "CGImageCreateWithImageInRect" is
supported on host at runtime
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~    ~~~~

The simplest way to deal with this is just to drop this code,
since we don't in practice support OSX 10.4 anyway. (10.5 was
released in 2007 and is the last PPC version, so is the earliest
we really need to continue to support at all.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1431296361-16981-2-git-send-email-peter.maydell@linaro.org
2015-05-19 09:11:17 +01:00
Programmingkid
43227af88a ui/cocoa: Make -full-screen option work on Mac OS X
This patch makes the -full-screen option actually instruct QEMU to
enter fullscreen at startup, on Mac OS X.

Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-19 09:11:17 +01:00
Programmingkid
5d1b2eef58 ui/cocoa: Fix several full screen issues on Mac OS X
This patch makes several changes:
- Minimizes distorted full screen display by respecting aspect
ratios.
- Makes full screen mode available on Mac OS 10.7 and higher.
- Allows user to decide if video should be stretched to fill the
screen, using a menu item called "Zoom To Fit".
- Hides the normalWindow so it won't show up in full screen mode.
- Allows user to exit full screen mode.

Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
[PMM: minor whitespace tweaks, remove incorrectly duplicated
 use of 'f' menu accelerator key]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-19 09:11:17 +01:00
Gerd Hoffmann
1271f7f7c6 gtk: update mouse position in mouse_set()
Without that the next mouse motion event uses the old position
as base for relative move calculation, giving wrong results and
making your mouse pointer jump around.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-06 08:38:05 +02:00
Gerd Hoffmann
dc7ff34418 gtk: create gtk.h
Move various gtk bits (includes, data structures) to a header file.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-06 08:38:05 +02:00
Gerd Hoffmann
1301e515ef gtk: add ui_info support
Pass new display size to the guest after window resizes.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-06 08:38:05 +02:00
Gerd Hoffmann
b7fb49f0c7 console: add dpy_ui_info_supported
Allow ui code to check whenever the emulated
display supports display change notifications.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-06 08:38:05 +02:00
Gerd Hoffmann
cf1ecc82ab console: delayed ui_info guest notification
So we don't flood the guest with display change notifications
while the user resizes the window.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-06 08:38:05 +02:00
Max Reitz
e444ea34f8 sdl2: Fix RGB555
Reproducable with:

$ x86_64-softmmu/qemu-system-x86_64 \
    -kernel $vmlinuz_of_your_choice \
    -append vga=0x313 -sdl

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-05 10:48:26 +02:00
Gerd Hoffmann
0b71a5d5ca sdl2: add support for display rendering using opengl.
Add new sdl2-gl.c file, with display
rendering functions using opengl.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2015-05-05 10:48:26 +02:00
Gerd Hoffmann
19dadfccd0 sdl2: move SDL_* includes to sdl2.h
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2015-05-05 10:48:26 +02:00
Gerd Hoffmann
cd2bc889e5 console-gl: add opengl rendering helper functions
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2015-05-05 10:48:22 +02:00
Gerd Hoffmann
985e1c9b00 opengl: add shader helper functions.
Helper functions to compile, link and run opengl shader programs.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-05 10:43:03 +02:00
Emilio G. Cota
dfbf272b77 input: remove unused mouse_handlers list
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-30 16:05:48 +03:00
Chih-Min Chao
c9f88ce330 hw/display : remove 'struct' from 'typedef QXL struct'
Signed-off-by: Chih-Min Chao <cmchao@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-30 16:05:48 +03:00
Chih-Min Chao
9425c004fe ui/console : remove 'struct' from 'typedef struct' type
Signed-off-by: Chih-Min Chao <cmchao@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-30 16:05:48 +03:00
Chih-Min Chao
4769a881cb ui/vnc : remove 'struct' of 'typedef struct'
Signed-off-by: Chih-Min Chao <cmchao@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-30 16:05:48 +03:00
Chih-Min Chao
494cb81741 ui/vnc : fix coding style
reported by checkpatch.pl

Signed-off-by: Chih-Min Chao <cmchao@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-30 16:05:48 +03:00
Peter Maydell
3d27b09cf6 spice: misc fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVPhd0AAoJEEy22O7T6HE4sMkQAK9TcUjMKvKf7k20WsFBDgkc
 RS/NHEHNrrscnWz+n845NDueFvYAa7DfAKok0ayzD5XSK2RC3AkcGsQ/PF21kg5t
 +9B0y7YIdJoAt+9w+SulwF6hcK9wWBx0NOUWJomoZWntZcawAv5pTOTvcLR2TJhN
 eGHuI1lw/Hnsqr0vYXqkFdNNB66zA24oZiaryxsy/TMpd6vlGX3JIvDaLcTden1W
 u0Fmta5JEDlPCiPIBVxau88U21pDeg6PHEHmWhkeLo45Tsr+R+dB72Ugbguihr1x
 LRpzQtZoq8gqyqY2+r1lOS5cHNvCkqZhtDK80Aeo2UPxlg88YPMFvonTuvY8Y8Jm
 6Mq1gepyI48LdoKwoL8S2ja5W8++unS6kd1oP1fxqalWqFI8mwIB1v4W75a4ejxq
 drbVWY4jnJDkNiz8BKmg9GLE4mEConei0Ip/lbgflESbjJ9g0Y7IGoc91cjsCXCv
 1MuAphNrkwLSckJpNxooKzO7MMhYFw9PGNX26RWE64iRnwMFCsqOxE1KC7rzdnZY
 Y09fVV+GC1h5XyH25M5cyMCV5r/S/eM1Y6GEhq/OS8xmunGp2WKB7rmaoLMlioMs
 SiPExlwTaqiZldBHfB71h2E41C7awcmcmY+NsORSxIEg6eTyT4/jljQQXGiwm0JA
 IcfrFHJHvmmWPL6CLwS0
 =Vi97
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20150427-1' into staging

spice: misc fixes.

# gpg: Signature made Mon Apr 27 12:03:16 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-20150427-1:
  spice: learn to hide cursor
  spice: set pointer position on hotspot
  spice: fix mouse cursor position
  spice: fix simple display on bigendian hosts
  monitor: Make client_migrate_info synchronous

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-27 20:00:57 +01:00
Marc-André Lureau
700cd855de spice: learn to hide cursor
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:04 +02:00
Marc-André Lureau
dc8dceee64 spice: set pointer position on hotspot
The Spice protocol uses cursor position on hotspot: the client is
applying hotspot offset when drawing the cursor.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:04 +02:00
Marc-André Lureau
d0df04a156 spice: fix mouse cursor position
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:04 +02:00
Gerd Hoffmann
c1d37cd353 spice: fix simple display on bigendian hosts
Denis Kirjanov is busy getting spice run on ppc64 and trapped into this
one.  Spice wire format is little endian, so we have to explicitly say
we want little endian when letting pixman convert the data for us.

Reported-by: Denis Kirjanov <kirjanov@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:03 +02:00
Markus Armbruster
3b5704b2f8 monitor: Make client_migrate_info synchronous
Live migration with spice works like this today:

  (1) client_migrate_info monitor cmd
  (2) spice server notifies client, client connects to target host.
  (3) qemu waits until spice client connect is finished.
  (4) send over vmstate (i.e. main part of live migration).
  (5) spice handover to target host.

(3) is implemented by making client_migrate_info a async monitor
command.  This is the only async monitor command we have.

The original reason to implement this dance was that qemu did not accept
new tcp connections while the incoming migration was running, so (2) and
(4) could not be done in parallel.  That issue was fixed long ago though.
Qemu version 1.3.0 (released Dec 2012) and newer happily accept tcp
connects while the incoming migration runs.

Time to drop step (3).  This patch does exactly that, by making the
monitor command synchronous and removing the code needed to handle the
async monitor command in ui/spice-core.c

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:46:57 +02:00
Jan Kiszka
1a01716a30 gtk: Avoid accel key leakage into guest on console switch
GTK2 sends the accel key to the guest when switching to the graphic
console via that shortcut. Resolve this by ignoring any keys until the
next key-release event. However, do not ignore keys when switching via
the menu or when on GTK3.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 11:00:43 +02:00
Jan Kiszka
9d677e1c2f gtk: Fix VTE focus grabbing
At least on GTK2, the VTE terminal has to be specified as target of
gtk_widget_grab_focus. Otherwise, switching from one VTE terminal to
another causes the focus to get lost.

CC: John Snow <jsnow@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

[ kraxel: fixed build with CONFIG_VTE=n ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 11:00:07 +02:00
Gerd Hoffmann
779ce88fbd console/gtk: add qemu_console_get_label
Add a new function to get a nice label for a given QemuConsole.
Drop the labeling code in gtk.c and use the new function instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-22 13:21:16 +02:00
Gerd Hoffmann
f8c223f69a gtk: bind to text terminal consoles too
This way gtk has text terminal consoles even when building without vte.
Most notably you'll get a monitor tab on windows now.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-22 13:21:16 +02:00
Gerd Hoffmann
f98f43eab0 gtk: handle switch_surface(NULL) properly
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-22 13:21:16 +02:00
Daniel P. Berrange
2cdb5e142f CVE-2015-1779: limit size of HTTP headers from websockets clients
The VNC server websockets decoder will read and buffer data from
websockets clients until it sees the end of the HTTP headers,
as indicated by \r\n\r\n. In theory this allows a malicious to
trick QEMU into consuming an arbitrary amount of RAM. In practice,
because QEMU runs g_strstr_len() across the buffered header data,
it will spend increasingly long burning CPU time searching for
the substring match and less & less time reading data. So while
this does cause arbitrary memory growth, the bigger problem is
that QEMU will be burning 100% of available CPU time.

A novnc websockets client typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-01 17:12:55 +02:00
Daniel P. Berrange
a2bebfd6e0 CVE-2015-1779: incrementally decode websocket frames
The logic for decoding websocket frames wants to fully
decode the frame header and payload, before allowing the
VNC server to see any of the payload data. There is no
size limit on websocket payloads, so this allows a
malicious network client to consume 2^64 bytes in memory
in QEMU. It can trigger this denial of service before
the VNC server even performs any authentication.

The fix is to decode the header, and then incrementally
decode the payload data as it is needed. With this fix
the websocket decoder will allow at most 4k of data to
be buffered before decoding and processing payload.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]

  @@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
  -        *payload_size = input->offset;
  +        *payload_size = *payload_remain;

[ kraxel: fix 32bit build ]

  @@ -306,7 +306,7 @@ struct VncState
  -    uint64_t ws_payload_remain;
  +    size_t ws_payload_remain;

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-01 17:11:34 +02:00
Hervé Poussineau
4cdfc93526 gtk: do not call gtk_widget_get_window if drawing area is not initialized
This prevents gtk_widget_get_window to return a NULL pointer.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-26 17:58:12 +01:00
Daniel P. Berrange
4a48aaa9f5 ui: ensure VNC websockets server checks the ACL if requested
If the x509verify option is requested, the VNC websockets server
was failing to validate that the websockets client provided an
x509 certificate matching the ACL rules.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18 09:25:14 +01:00
Daniel P. Berrange
7b45a00d05 ui: remove separate gnutls_session for websockets server
The previous change to the auth scheme handling guarantees we
can never have nested TLS sessions in the VNC websockets server.
Thus we can remove the separate gnutls_session instance.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18 09:25:14 +01:00
Daniel P. Berrange
51941e4695 ui: enforce TLS when using websockets server
When TLS is required, the primary VNC server considers it to be
mandatory. ie the server admin decides whether or not TLS is used,
and the client has to comply with this decision. The websockets
server, however, treated it as optional, allowing non-TLS clients
to connect to a server which had setup TLS. Thus enabling websockets
lowers the security of the VNC server leaving the admin no way to
enforce use of TLS.

This removes the code that allows non-TLS fallback in the websockets
server, so that if TLS is requested for VNC it is now mandatory for
both the primary VNC server and the websockets VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18 09:25:13 +01:00
Daniel P. Berrange
f9148c8ae7 ui: fix setup of VNC websockets auth scheme with TLS
The way the websockets TLS code was integrated into the VNC server
made it essentially useless. The only time that the websockets TLS
support could be used is if the primary VNC server had its existing
TLS support disabled. ie QEMU had to be launched with:

  # qemu -vnc localhost:1,websockets=5902,x509=/path/to/certs

Note the absence of the 'tls' flag. This is already a bug, because
the docs indicate that 'x509' is ignored unless 'tls' is given.

If the primary VNC server had TLS turned on via the 'tls' flag,
then this prevented the websockets TLS support from being used,
because it activates the VeNCrypt auth which would have resulted
in TLS being run over a TLS session. Of course no websockets VNC
client supported VeNCrypt so in practice, since the browser clients
cannot setup a nested TLS session over the main HTTPS connection,
so it would not even get past auth.

This patch causes us to decide our auth scheme separately for the
main VNC server vs the websockets VNC server. We take account of
the fact that if TLS is enabled, then the websockets client will
use https, so setting up VeNCrypt is thus redundant as it would
lead to nested TLS sessions.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18 09:25:13 +01:00
Daniel P. Berrange
0dd72e1531 ui: split setup of VNC auth scheme into separate method
The vnc_display_open method is quite long and complex, so
move the VNC auth scheme decision logic into a separate
method for clarity.

Also update the comment to better describe what we are
trying to achieve.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18 09:25:13 +01:00
Daniel P. Berrange
d169f04b8b ui: report error if user requests VNC option that is unsupported
If the VNC server is built without tls, sasl or websocket support
and the user requests one of these features, they are just silently
ignored. This is bad because it means the VNC server ends up running
in a configuration that is less secure than the user asked for.
It also leads to an tangled mass of preprocessor conditionals when
configuring the VNC server.

This ensures that the tls, sasl & websocket options are always
processed and an error is reported back to the user if any of
them were disabled at build time.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18 09:25:13 +01:00
Daniel P. Berrange
153130cd4f ui: replace printf() calls with VNC_DEBUG
Handling of VNC audio messages results in printfs to the console.
This is of no use to anyone in production, so should be using the
normal VNC_DEBUG macro instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18 09:25:13 +01:00