Commit Graph

135 Commits

Author SHA1 Message Date
aliguori 457772e68f Replace asprintf() with snprintf() in vnc.c ("Daniel P. Berrange")
As previously discussed, this patch removes the non-portable use of
asprintf(), replacing it with malloc+snprintf instead

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6843 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-13 15:03:27 +00:00
aliguori 28a76be8f4 Remove tabs introduced from VNC ACL series
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6727 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:40 +00:00
aliguori 76655d6dec Support ACLs for controlling VNC access ("Daniel P. Berrange")
This patch introduces a generic internal API for access control lists
to be used by network servers in QEMU. It adds support for checking
these ACL in the VNC server, in two places. The first ACL is for the
SASL authentication mechanism, checking the SASL username. This ACL
is called 'vnc.username'. The second is for the TLS authentication
mechanism, when x509 client certificates are turned on, checking against
the Distinguished Name of the client. This ACL is called 'vnc.x509dname'

The internal API provides for an ACL with the following characteristics

 - A unique name, eg  vnc.username, and vnc.x509dname.
 - A default policy, allow or deny
 - An ordered series of match rules, with allow or deny policy

If none of the match rules apply, then the default policy is
used.

There is a monitor API to manipulate the ACLs, which I'll describe via
examples

  (qemu) acl show vnc.username
  policy: allow
  (qemu) acl policy vnc.username denya
  acl: policy set to 'deny'
  (qemu) acl allow vnc.username fred
  acl: added rule at position 1
  (qemu) acl allow vnc.username bob
  acl: added rule at position 2
  (qemu) acl allow vnc.username joe 1
  acl: added rule at position 1
  (qemu) acl show vnc.username
  policy: deny
  0: allow fred
  1: allow joe
  2: allow bob


  (qemu) acl show vnc.x509dname
  policy: allow
  (qemu) acl policy vnc.x509dname deny
  acl: policy set to 'deny'
  (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
  acl: added rule at position 1
  (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
  acl: added rule at position 2
  (qemu) acl show vnc.x509dname
  policy: deny
  0: allow C=GB,O=ACME,L=London,CN=*
  1: allow C=GB,O=ACME,L=Boston,CN=bob

By default the VNC server will not use any ACLs, allowing access to
the server if the user successfully authenticates. To enable use of
ACLs to restrict user access, the ',acl' flag should be given when
starting QEMU. The initial ACL activated will be a 'deny all' policy
and should be customized using monitor commands.

eg enable SASL auth and ACLs

    qemu ....  -vnc localhost:1,sasl,acl

The next patch will provide a way to load a pre-defined ACL when
starting up


 Makefile        |    6 +
 b/acl.c         |  185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 b/acl.h         |   74 ++++++++++++++++++++++
 configure       |   18 +++++
 monitor.c       |   95 ++++++++++++++++++++++++++++
 qemu-doc.texi   |   49 ++++++++++++++
 vnc-auth-sasl.c |   16 +++-
 vnc-auth-sasl.h |    7 ++
 vnc-tls.c       |   19 +++++
 vnc-tls.h       |    3 
 vnc.c           |   21 ++++++
 vnc.h           |    3 
 12 files changed, 491 insertions(+), 5 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
aliguori 1263b7d613 Include auth credentials in 'info vnc' ("Daniel P. Berrange")
This patch extends the 'info vnc' monitor output to include information
about the VNC client authentication credentials.

For clients authenticated using SASL, this will output the username.

For clients authenticated using x509 certificates, this will output
the x509 distinguished name.

Auth can be stacked, so both username & x509 dname may be shown.

    Server:
         address: 0.0.0.0:5902
            auth: vencrypt+x509+sasl
    Client:
         address: 10.33.6.67:38621
      x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost
        username: admin
    Client:
         address: 10.33.6.63:38620
      x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost
        username: admin



 vnc-tls.c |   17 +++++++++++++++++
 vnc-tls.h |    3 +++
 vnc.c     |   19 +++++++++++++++++--
 3 files changed, 37 insertions(+), 2 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6725 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:32 +00:00
aliguori 2f9606b373 Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.

It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5).  If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.

eg, if using GSSAPI

   qemu -vnc localhost:1,sasl

eg if using  TLS/x509 for encryption

   qemu -vnc localhost:1,sasl,tls,x509


By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf.  For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2.  NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.

Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c.  The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.

There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use

 - Clear.    read/write straight to socket
 - TLS.      read/write via GNUTLS helpers
 - SASL.     encode/decode via SASL SSF layer, then read/write to socket
 - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS

Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.

   vnc_client_read:  main entry point for reading, calls either

       - vnc_client_read_plain   reading, with no intermediate decoding
       - vnc_client_read_sasl    reading, with SASL SSF decoding

   These two methods, then call vnc_client_read_buf(). This decides
   whether to write to the socket directly or write via GNUTLS.

The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.

The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.

The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.


 Makefile            |    7 
 Makefile.target     |    5 
 b/qemu.sasl         |   34 ++
 b/vnc-auth-sasl.c   |  626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 b/vnc-auth-sasl.h   |   67 +++++
 configure           |   34 ++
 qemu-doc.texi       |   97 ++++++++
 vnc-auth-vencrypt.c |   12 
 vnc.c               |  249 ++++++++++++++++++--
 vnc.h               |   31 ++
 10 files changed, 1129 insertions(+), 33 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
aliguori 5fb6c7a8b2 Move TLS auth into separate file ("Daniel P. Berrange")
This patch refactors the existing TLS code to make the main VNC code
more managable. The code moves to two new files

 - vnc-tls.c: generic helpers for TLS handshake & credential setup
 - vnc-auth-vencrypt.c: the actual VNC TLS authentication mechanism.

The reason for this split is that there are other TLS based auth
mechanisms which we may like to use in the future. These can all
share the same vnc-tls.c routines. In addition this will facilitate
anyone who may want to port the vnc-tls.c file to allow for choice
of GNUTLS & NSS for impl.

The TLS state is moved out of the VncState struct, and into a separate
VncStateTLS struct, defined in vnc-tls.h. This is then referenced from
the main VncState. End size of the struct is the same, but it keeps
things a little more managable.

The vnc.h file gains a bunch more function prototypes, for functions
in vnc.c that were previously static, but now need to be accessed
from the separate auth code files.

The only TLS related code still in the main vl.c is the command line
argument handling / setup, and the low level I/O routines calling
gnutls_send/recv.


 Makefile              |   11 
 b/vnc-auth-vencrypt.c |  167 ++++++++++++++
 b/vnc-auth-vencrypt.h |   33 ++
 b/vnc-tls.c           |  414 +++++++++++++++++++++++++++++++++++
 b/vnc-tls.h           |   70 ++++++
 vnc.c                 |  581 +++-----------------------------------------------
 vnc.h                 |   76 ++++--
 7 files changed, 780 insertions(+), 572 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6723 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:23 +00:00
aliguori 19a490bfca Move VNC structs into header file ("Daniel P. Berrange")
This patch moves the definitions of VncState and VncDisplay structs
out into a vnc.h header file. This is to allow the code for TLS
and SASL auth mechanisms to be moved out of the main vnc.c file.


 vnc.c |  109 ------------------------------------------------
 vnc.h |  149 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 148 insertions(+), 110 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6722 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:13 +00:00
aliguori 0483755a4d Refactor keymap code to avoid duplication ("Daniel P. Berrange")
Each of the graphical frontends #include a .c file, for keymap code
resulting in duplicated definitions & duplicated compiled code. A
couple of small changes allowed this to be sanitized, so instead of
doing a #include "keymaps.c", duplicating all code, we can have a
shared keymaps.h file, and only compile code once. This allows the
next patch to move the VncState struct out into a header file without
causing clashing definitions.


 Makefile      |    9 +++++---
 b/keymaps.h   |   60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 curses.c      |    3 --
 curses_keys.h |    9 +++-----
 keymaps.c     |   45 ++++++++++++++++---------------------------
 sdl.c         |    3 --
 sdl_keysym.h  |    7 ++----
 vnc.c         |    5 +---
 vnc_keysym.h  |    7 ++----
 9 files changed, 97 insertions(+), 51 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6721 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:10 +00:00
aliguori 1ff7df1a84 Enhance 'info vnc' monitor output ("Daniel P. Berrange")
The current 'info vnc' monitor output just displays the VNC server address
as provided by the -vnc command line flag. This isn't particularly useful
since it doesn't tell you what VNC is actually listening on. eg, if you
use '-vnc :1' it is useful to know whether this translated to '0.0.0.0:5901'
or chose IPv6 ':::5901'.  It is also useful to know the address of the
client that is currently connected. It is also useful to know the active
authentication (if any).

This patch tweaks the monitor output to look like:

   (qemu) info vnc
    Server:
         address: 0.0.0.0:5902
            auth: vencrypt+x509
    Client: none

And when 2 clients are connected

   (qemu) info vnc
    Server:
         address: 0.0.0.0:5902
            auth: vencrypt+x509
    Client:
         address: 10.33.6.67:38621
    Client:
         address: 10.33.6.63:38620

More data will be added to this later in the patch series...

The 'addr_to_string' helper method in this patch is overly generic
for the needs of this patch alone. This is because it will be re-used
by the later SASL patches in this series, where the flexibility is
important.


 vnc.c |  137 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 127 insertions(+), 10 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6720 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:05 +00:00
aliguori adc5ec856c Fix bug in TLS authentication ("Daniel P. Berrange")
This patch was previously posted here:

  http://lists.gnu.org/archive/html/qemu-devel/2009-02/msg00820.html

In the case where the TLS handshake does *not* block on I/O, QEMU
sends the next 'start sub-auth' message twice. This seriously confuses
the VNC client :-) Fortunately the chances of the handshake not blocking
are close to zero for a TCP socket, which is why it has not been noticed
thus far. Even with both client & server on localhost, I can only hit the
bug 1 time in 20.

NB, the diff context here is not too informative. If you look at the
full code you'll see that a few lines early we called vnc_start_tls()
which called vnc_continue_handshake() which called the method
start_auth_vencrypt_subauth(). Hence, fixing the bug, just involves
removing the 2nd bogus call to start_auth_vencrypt_subauth() as per
this patch.


 vnc.c |    8 --------
 1 file changed, 8 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6719 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:02 +00:00
aliguori 376253ece4 monitor: Rework API (Jan Kiszka)
Refactor the monitor API and prepare it for decoupled terminals:
term_print functions are renamed to monitor_* and all monitor services
gain a new parameter (mon) that will once refer to the monitor instance
the output is supposed to appear on. However, the argument remains
unused for now. All monitor command callbacks are also extended by a mon
parameter so that command handlers are able to pass an appropriate
reference to monitor output services.

For the case that monitor outputs so far happen without clearly
identifiable context, the global variable cur_mon is introduced that
shall once provide a pointer either to the current active monitor (while
processing commands) or to the default one. On the mid or long term,
those use case will be obsoleted so that this variable can be removed
again.

Due to the broad usage of the monitor interface, this patch mostly deals
with converting users of the monitor API. A few of them are already
extended to pass 'mon' from the command handler further down to internal
functions that invoke monitor_printf.

At this chance, monitor-related prototypes are moved from console.h to
a new monitor.h. The same is done for the readline API.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6711 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-05 23:01:23 +00:00
aliguori 753b405331 Support multiple VNC clients (Brian Kress)
Change structure associated with a display from VncState to a new structure
VncDisplay. Remove client specific fields from VncDisplay. Remove display
specific fields from VncState. Maintain a linked list of VncStates per
VncDisplay structure, update as necessary. When updates/resizes/copies come in
from the hardware, dispatch to all clients. 

Signed-off-by: Brian Kress <kressb@moose.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6621 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-16 14:59:30 +00:00
aliguori 452b4d88e5 monitor: Don't change VNC server when disabled (Jan Kiszka)
[ As requested, broken out of the monitor rework series. ]

Avoid a segfault when the user issues 'change vnc' without having vnc
enabled on startup.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6616 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-11 21:00:38 +00:00
aliguori 1eec614b36 toplevel: remove error handling from qemu_malloc() callers (Avi Kivity)
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6531 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-05 22:06:18 +00:00
aliguori 059cef4092 Add zlib encoding support (Alexander Graf)
This patch adds zlib encoding support for VNC. It basically runs
the raw traffic through zlib, providing a pretty good compression
ratio.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6499 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-02 15:58:54 +00:00
aliguori d2a0102a4c Move the framebuffer update package out (Alexander Graf)
Currently the send_framebuffer_update_raw and send_framebuffer_update_hextile
respectively send a send_framebuffer_update packet themselves. We need to reuse
send_framebuffer_update_raw for zlib encoding though, so let's move it out.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6498 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-02 15:58:51 +00:00
aliguori 8906428682 Move buffer functions up (Alexander Graf)
We will need to use buffer functions in code that will end up being
below the current buffer functions. In order to not introduce any
function stub defines, let's just move them up.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6497 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-02 15:58:47 +00:00
aliguori fb43731328 Add some tight awareness to vnc.c (Alexander Graf)
This patch enables the vnc server to understand fundamental tight extensions.
It changes from a "Hextile or not" scheme when sending framebuffer updates to
a "preferred encoding", namely the last one set.

While this is not perfect, as actually a list of "preferred encodings" should
be kept, it's good enough for now.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6496 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-02 15:58:43 +00:00
aliguori 26f8b9cc87 Fix invalid #if in vnc.c when debugging is enabled (Alexander Graf)
While running with debugging enabled, I found an #if testing for
an undefined value, not defined(value). This patch fixes that.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6495 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-02 15:58:38 +00:00
aliguori 29fa4ed9f0 Use VNC protocol defines (Alexander Graf)
Now that we have nice defines for all sorts of constants, let's
use them!

This patch also takes the "feature variables", currently called has_*
into a single feature int. This way adding new features is a lot
easier and doesn't clutter the VncState struct.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6494 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-02 15:58:29 +00:00
aliguori e06679fb76 Split VNC defines to vnc.h (Alexander Graf)
The VNC protocol contains quite some constants, some of which are
currently hardcoded in the vnc.c code. This is not exactly pretty.

Let's move all those constants out to vnc.h, so they are clearly
separated. While at it, I also included other defines that will be
used later in this patch series.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6493 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-02 15:58:25 +00:00
aliguori 90a1e3c0b5 vnc fixes and improvements (Stefano Stabellini)
this patch fixes a bug and improves the generic pixel conversion
function in vnc.c.
The bug is that when a new vnc client connects we need to reset the flag
has_WMVi but currently we don't.
The generic pixel conversion function is vnc_convert_pixel and currently
is not very efficient since uses the division and multiplication
operators.
To make it more efficient I changed to use bit shift operators instead.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6441 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-26 15:37:30 +00:00
aliguori 6cec548799 exploiting the new interface in vnc.c (Stefano Stabellini)
This patch exploits the new DisplaySurface and PixelFormat structures in
vnc, making the code easier to read allowing further improvements.

Compared to the last version I fixed a bug that prevented the hextile
encoding from working properly.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6337 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15 22:17:38 +00:00
aliguori 7d957bd8cb DisplayState interface change (Stefano Stabellini)
This patch changes the DisplayState interface adding support for
multiple frontends at the same time (sdl and vnc) and implements most
of the benefit of the shared_buf patch without the added complexity.

Currently DisplayState is managed by sdl (or vnc) and sdl (or vnc) is
also responsible for allocating the data and setting the depth.
Vga.c (or another backend) will do any necessary conversion.

The idea is to change it so that is vga.c (or another backend) together
with console.c that fully manage the DisplayState interface allocating
data and setting the depth (either 16 or 32 bit, if the guest uses a
different resolution or is in text mode, vga.c (or another backend) is
in charge of doing the conversion seamlessly).

The other idea is that DisplayState supports *multiple* frontends
like sdl and vnc; each of them can register some callbacks to be called
when a display event occurs.

The interesting changes are:

- the new structures and related functions in console.h and console.c

in particular the following functions are very helpful to manage a
DisplaySurface:

qemu_create_displaysurface
qemu_resize_displaysurface
qemu_create_displaysurface_from
qemu_free_displaysurface

- console_select and qemu_console_resize in console.c
this two functions manage multiple consoles on a single host display

- moving code around in hw/vga.c
as for the shared_buf patch this is necessary to be able to handle a dynamic
DisplaySurface bpp

- changes to vga_draw_graphic in hw/vga.c
this is the place where the DisplaySurface buffer is shared with the
videoram, when possible;


Compared to the last version the only changes are:

- do not remove support to dpy_copy in cirrus_vga
- change the name of the displaysurface handling functions

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6336 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15 22:14:11 +00:00
blueswir1 bc575e95d1 Fix some more warnings
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6300 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-14 18:34:22 +00:00
aliguori 69dd5c9ffd Properly handle the case of SetPixelEncodings with a length of zero.
This commit addresses CORE-2008-1210/CVE-2008-2382.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6121 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-22 21:06:23 +00:00
aurel32 13412c9d2f vnc: Fix crash on 'info vnc' after 'change vnc none'
vnc_state->display is set to NULL after "change vnc none" but vnc_state itself
is still valid.

(James Ko)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6010 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-13 18:57:12 +00:00
malc 1ea879e558 Make audio violate POSIX less
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5864 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-03 22:48:44 +00:00
aliguori 4a55bfdfcf Exclude unix: from vnc call to unix_listen() (Ryan Harper)
When using an existing unix socket like:

 -vnc unix:/tmp/file1Y2nY2

qemu fails to bind a unix socket because the vnc call to unix_listen includes
the unix: prefix and stores that in the unix.sun_path.  The fix is to not pass
in unix: for the filename (same way qemu-char.c does it).

Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5856 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-02 20:02:14 +00:00
malc 53762ddb27 Reset the key modifiers upon client connect
VNC should not maintain modifer state upon reconnects With some window
managers/vnc clients it will only see a key down event for a modifier
followed by immediate disconnect(think Alt-F4), with a net effect of
subsequently connected clients operating as if the modifier was never
released.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5851 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-01 20:57:52 +00:00
malc 429a8ed384 Add basic audio functionality to vnc.c
This allows among other things to capturing A/V of running
guests. Ad-hoc client that does this (via script that invokes ffmpeg)
can be found at:
http://repo.or.cz/w/qemu/malc.git?a=tree;f=vcap;hb=capture3

Thanks to Anthony Liguori for comments and review.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5850 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-01 20:57:48 +00:00
balrog d0513623ae Don't try to select on an invalid VNC socket when init fails.
Otherwise we get a segfault.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5840 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-01 01:48:36 +00:00
aliguori 0e1f5a0c49 Introduce accessors for DisplayState (Stefano Stabellini)
Introducing some accessors:

ds_get_linesize
ds_get_bits_per_pixel
ds_get_width
ds_get_height
ds_get_data

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5789 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-24 19:29:13 +00:00
balrog be3512610b r5531 made x509 certs not loadable (original patch from Henrik Holst).
The patch in r5531 which replaced a bunch of strncpy with pstrcpy causes
the x509 credentials from the -vnc parameter to be one character shorter
than entered meaning that there is currently no way to enter x509
certificates...


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5707 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-12 16:50:36 +00:00
aliguori 9712ecaf94 sockets: switch vnc to new code, support vnc port auto-allocation (Gerd Hoffman)
This patch switches the vnc code ofer to the new socket helper
functions.

It adds support IPv6 support and for automatically allocating an unused
vnc display port.  The latter is handled ising a to= option, specifying
the upper limit for the display number to try.  Scanning is started at
the display number given in the display specification, i.e. this command
line:

    -vnc localhost:7,to=11

will try displays 7 to 11 (inclusive).

There are also new "ipv4" and "ipv6" options to make qemu try only
the specified internet protocol version.

The display actually allocated can be queried using the "info vnc"
monitor command.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5696 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-11 20:51:59 +00:00
blueswir1 be15b141e0 Replace uses of strncpy (a GNU extension) with Qemu pstrcpy
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5531 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-25 11:21:28 +00:00
ths 234c9bcd7a Fix compiler warning when _VNC_DEBUG isn't defined.
Signed-off-by: Thiemo Seufer <ths@networkno.de>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5312 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-24 15:17:57 +00:00
aliguori ca4cca4da1 WMVi extension support (Stefano Stabellini)
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5230 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-15 16:05:16 +00:00
aliguori 7eac3a87f1 vnc dynamic resolution (Stefano Stabellini)
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5229 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-15 16:03:41 +00:00
blueswir1 eb38c52c2a Fix most warnings that would be caused by gcc flag -Wundef
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5173 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-06 17:47:39 +00:00
aurel32 5bfd5521ff Some little fixes on QEMU
- some vectors can be declared as "const"
- test on CONFIG_VNC_TLS is done for two times while just one is enough.

(Carlo Bramini)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5172 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-06 16:31:30 +00:00
aliguori 9ca313aa08 VNC: Support for ExtendedKeyEvent client message
This patch adds support for the ExtendedKeyEvent client message.  This message
allows a client to send raw scan codes directly to the server.  If the client
and server are using the same keymap, then it's unnecessary to use the '-k'
option with QEMU when this extension is supported.

This is extension is currently only implemented by gtk-vnc based clients
(gvncviewer, virt-manager, vinagre, etc.).

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5076 c046a42c-6fe2-441c-8c8c-71466251a162
2008-08-23 23:27:37 +00:00
aliguori bcfad70fb0 add DisplayState->idle (Samuel Thibault)
Add idle field to DisplayState struct, so drivers can figure
the display is idle and take advantage of that.

The xen framebuffer driver will use this to communicate the
idle state to the guest, so it knows it can stop doing updates
to a virtual display which is invisible anyway.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5056 c046a42c-6fe2-441c-8c8c-71466251a162
2008-08-21 20:08:55 +00:00
ths 2137b4cca9 Add qemu_realloc(), by Gerd Hoffmann.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4986 c046a42c-6fe2-441c-8c8c-71466251a162
2008-08-06 08:37:17 +00:00
balrog b94eb43f6e Don't forget to save VNC FB dimensions after resize (Brad Campbell).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4644 c046a42c-6fe2-441c-8c8c-71466251a162
2008-06-02 01:40:29 +00:00
balrog 731dd637c2 Fix VNC update regoin height.
'h' actually is the coordinate of bottom of the rectangle and not height.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4571 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-25 00:38:47 +00:00
balrog 8bba5c81b1 Invalidate VNC framebuffer on every resize.
On a resize, vncviewer keeps the image in the upper-left part of the screen
unmodified and fills the right end of the lines with black colour.  vnc.c       keeps the first n bytes of the framebuffer unmodified instead - meaning that
the client's image doesn't match the image in framebuffer and checking
for dirty rows gives wrong results.  We can either invalidate the whole
buffer or implement the same transformation as the client.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4569 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-25 00:14:34 +00:00
balrog 788abf8e41 Prevent SEGV in VNC server for old clients (Anthony Liguori).
If the client does not support the DesktopResize pseudo-encoding, then
vs->{width,height} may be smaller than ds->{width,height}.  dirty_row is
sized according to vs->{width,height}, not ds->{width,height}.

This patch makes sure to bound the update region to vs->{width,height} to
avoid a possible SEGV.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Reported-by: Marcelo Tosatti <mtosatti@redhat.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4502 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-20 00:07:58 +00:00
balrog ea01e5fd49 Fix spurious VNC disconnects on Win32 (Hervé Poussineau).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4251 c046a42c-6fe2-441c-8c8c-71466251a162
2008-04-24 23:40:55 +00:00
aurel32 b94ed5772e Let the USB tablet reach the far bottom and right pixels
(Samuel Thibault)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4036 c046a42c-6fe2-441c-8c8c-71466251a162
2008-03-10 19:34:27 +00:00
balrog 4d3b6f6e12 Add an ncurses UI.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3976 c046a42c-6fe2-441c-8c8c-71466251a162
2008-02-10 16:33:14 +00:00
balrog 3aa3eea310 Add VNC reverse connections, by Eddie Kohler.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3951 c046a42c-6fe2-441c-8c8c-71466251a162
2008-02-03 02:54:04 +00:00
balrog 9f60ad5075 Add a missing vga_hw_update() when accepting a connection (Anders Melchiorsen).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3919 c046a42c-6fe2-441c-8c8c-71466251a162
2008-01-14 21:45:55 +00:00
balrog a0ecfb73b1 Reduce redundant timer ticks in VNC, by Anders Melchiorsen.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3904 c046a42c-6fe2-441c-8c8c-71466251a162
2008-01-13 23:51:53 +00:00
ths 60fe76f386 Fix wrong signedness, by Andre Przywara.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3815 c046a42c-6fe2-441c-8c8c-71466251a162
2007-12-16 03:02:09 +00:00
balrog 0486e8a714 Fix fragments due to incomplete dirty tracking in CGA mode (Anthony Liguori).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3809 c046a42c-6fe2-441c-8c8c-71466251a162
2007-12-11 22:31:32 +00:00
pbrook 9596ebb701 Add statics and missing #includes for prototypes.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3683 c046a42c-6fe2-441c-8c8c-71466251a162
2007-11-18 01:44:38 +00:00
pbrook 87ecb68bdf Break up vl.h.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3674 c046a42c-6fe2-441c-8c8c-71466251a162
2007-11-17 17:14:51 +00:00
balrog a26c97adce Handle 3.7 VNC clients authentication correctly (Dan Kenigsberg).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3498 c046a42c-6fe2-441c-8c8c-71466251a162
2007-10-31 01:58:56 +00:00
balrog a528b80cb0 Miscellaneous VNC related fixes from Xen forwarded by Matthew Kent.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3489 c046a42c-6fe2-441c-8c8c-71466251a162
2007-10-30 22:38:53 +00:00
ths b0566f4f45 Support UltraVNC clients, by Eduardo Felipe.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3288 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-30 13:01:15 +00:00
ths 3b46e62427 find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in the regex.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3177 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-17 08:09:54 +00:00
ths 5fafdf24ef find -type f | xargs sed -i 's/[\t ]$//g' # on most files
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3173 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-16 21:08:06 +00:00
ths baa7666c74 Fix infinite loop in VNC support, by Marc Bevand.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3169 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-13 12:41:42 +00:00
ths 6f43024c90 Custom location for x509 cert paths, by Daniel P. Berrange.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3139 c046a42c-6fe2-441c-8c8c-71466251a162
2007-08-25 01:39:57 +00:00
ths 469b15c68d x509 client certificate verification, by Daniel P. Berrange.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3138 c046a42c-6fe2-441c-8c8c-71466251a162
2007-08-25 01:39:10 +00:00
ths 3a702699b2 x509 certificate for server, by Daniel P. Berrange.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3137 c046a42c-6fe2-441c-8c8c-71466251a162
2007-08-25 01:38:36 +00:00
ths 8d5d2d4c47 VeNCrypt basic TLS support, by Daniel P. Berrange.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3136 c046a42c-6fe2-441c-8c8c-71466251a162
2007-08-25 01:37:51 +00:00
ths 7084851534 VNC password authentication, by Daniel P. Berrange.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3135 c046a42c-6fe2-441c-8c8c-71466251a162
2007-08-25 01:37:05 +00:00
ths e25a5822ca Extend monitor 'change' command for VNC, by Daniel P. Berrange.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3134 c046a42c-6fe2-441c-8c8c-71466251a162
2007-08-25 01:36:20 +00:00
ths 71cab5ca0d Refactor VNC server setup API, by Daniel P. Berrange.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3133 c046a42c-6fe2-441c-8c8c-71466251a162
2007-08-25 01:35:38 +00:00
ths cf2d385c43 Crop VNC update requests to avoid segfaults, by Thomas Tuttle.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2741 c046a42c-6fe2-441c-8c8c-71466251a162
2007-04-29 01:53:20 +00:00
ths c35734b2a6 Add -name option, by Anthony Liguori.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2505 c046a42c-6fe2-441c-8c8c-71466251a162
2007-03-19 15:17:08 +00:00
bellard a9ce859052 info vnc command (Anthony Liguori)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2391 c046a42c-6fe2-441c-8c8c-71466251a162
2007-02-05 20:20:30 +00:00
bellard 564c337efd Mouse relative offset VNC extension (Anthony Liguori)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2390 c046a42c-6fe2-441c-8c8c-71466251a162
2007-02-05 20:14:10 +00:00
ths 73fc97427b Unix domain socket support for VNC, by Anthony Liguori.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2260 c046a42c-6fe2-441c-8c8c-71466251a162
2006-12-22 02:09:07 +00:00
ths 73e14b623f Reduce VNC resize traffic, thanks Eduardo Felipe.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2245 c046a42c-6fe2-441c-8c8c-71466251a162
2006-12-14 13:36:01 +00:00
bellard 64f5a135a7 signed fixes - VNC console switch (initial patch by Andrzej Zaborowski)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2137 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-24 20:36:44 +00:00
bellard 99589bdcd1 support for higher resolutions
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1956 c046a42c-6fe2-441c-8c8c-71466251a162
2006-06-13 16:35:24 +00:00
bellard 3512779a88 support for all VNC pixel formats
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1923 c046a42c-6fe2-441c-8c8c-71466251a162
2006-05-14 18:11:49 +00:00
bellard ceb5caaf18 removed ssize_t for win32 compatibility
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1900 c046a42c-6fe2-441c-8c8c-71466251a162
2006-05-03 21:18:59 +00:00
bellard bdbd7676fd uppercase fix (Anthony Liguori)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1889 c046a42c-6fe2-441c-8c8c-71466251a162
2006-05-01 21:44:22 +00:00
bellard 7d510b8c0c copyright
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1878 c046a42c-6fe2-441c-8c8c-71466251a162
2006-05-01 10:38:19 +00:00
bellard 6ca957f08f win32 socket fixes
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1876 c046a42c-6fe2-441c-8c8c-71466251a162
2006-04-30 22:53:25 +00:00
bellard 24236869fb VNC server (Anthony Liguori)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1869 c046a42c-6fe2-441c-8c8c-71466251a162
2006-04-30 21:28:36 +00:00