[Qemu-commits] [qemu/qemu] f3cf80: vnc: Fix QMP change not to use funky

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] f3cf80: vnc: Fix QMP change not to use funky

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] f3cf80: vnc: Fix QMP change not to use funky error class
Date:	Thu, 19 Mar 2015 06:30:08 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: f3cf80e805bc22980733606df15917223f311f4b
      
https://github.com/qemu/qemu/commit/f3cf80e805bc22980733606df15917223f311f4b
  Author: Markus Armbruster <address@hidden>
  Date:   2015-03-17 (Tue, 17 Mar 2015)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  vnc: Fix QMP change not to use funky error class

Error classes are a leftover from the days of "rich" error objects.
New code should always use ERROR_CLASS_GENERIC_ERROR.  Commit 1d0d59f
added a use of ERROR_CLASS_DEVICE_NOT_FOUND.  Replace it.

Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: a2f45bc02ae9be18119d2fb88042ef19e7e9247f
      
https://github.com/qemu/qemu/commit/a2f45bc02ae9be18119d2fb88042ef19e7e9247f
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-03-18 (Wed, 18 Mar 2015)

  Changed paths:
    M ui/vnc-auth-vencrypt.c
    M ui/vnc-tls.c
    M ui/vnc-tls.h
    M ui/vnc-ws.c

  Log Message:
  -----------
  ui: remove unused 'wiremode' variable in VncState struct

Signed-off-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 153130cd4fa236e29bb6243eebf9439b983ca266
      
https://github.com/qemu/qemu/commit/153130cd4fa236e29bb6243eebf9439b983ca266
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-03-18 (Wed, 18 Mar 2015)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  ui: replace printf() calls with VNC_DEBUG

Handling of VNC audio messages results in printfs to the console.
This is of no use to anyone in production, so should be using the
normal VNC_DEBUG macro instead.

Signed-off-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: d169f04b8b8424ad9c5377bb5391de2f760e3db1
      
https://github.com/qemu/qemu/commit/d169f04b8b8424ad9c5377bb5391de2f760e3db1
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-03-18 (Wed, 18 Mar 2015)

  Changed paths:
    M ui/vnc.c
    M ui/vnc.h

  Log Message:
  -----------
  ui: report error if user requests VNC option that is unsupported

If the VNC server is built without tls, sasl or websocket support
and the user requests one of these features, they are just silently
ignored. This is bad because it means the VNC server ends up running
in a configuration that is less secure than the user asked for.
It also leads to an tangled mass of preprocessor conditionals when
configuring the VNC server.

This ensures that the tls, sasl & websocket options are always
processed and an error is reported back to the user if any of
them were disabled at build time.

Signed-off-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 0dd72e1531f0ea1a62fd016702ea3b868d116bd8
      
https://github.com/qemu/qemu/commit/0dd72e1531f0ea1a62fd016702ea3b868d116bd8
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-03-18 (Wed, 18 Mar 2015)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  ui: split setup of VNC auth scheme into separate method

The vnc_display_open method is quite long and complex, so
move the VNC auth scheme decision logic into a separate
method for clarity.

Also update the comment to better describe what we are
trying to achieve.

Signed-off-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: f9148c8ae7b1515776699387b4d59864f302c77d
      
https://github.com/qemu/qemu/commit/f9148c8ae7b1515776699387b4d59864f302c77d
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-03-18 (Wed, 18 Mar 2015)

  Changed paths:
    M ui/vnc.c
    M ui/vnc.h

  Log Message:
  -----------
  ui: fix setup of VNC websockets auth scheme with TLS

The way the websockets TLS code was integrated into the VNC server
made it essentially useless. The only time that the websockets TLS
support could be used is if the primary VNC server had its existing
TLS support disabled. ie QEMU had to be launched with:

  # qemu -vnc localhost:1,websockets=5902,x509=/path/to/certs

Note the absence of the 'tls' flag. This is already a bug, because
the docs indicate that 'x509' is ignored unless 'tls' is given.

If the primary VNC server had TLS turned on via the 'tls' flag,
then this prevented the websockets TLS support from being used,
because it activates the VeNCrypt auth which would have resulted
in TLS being run over a TLS session. Of course no websockets VNC
client supported VeNCrypt so in practice, since the browser clients
cannot setup a nested TLS session over the main HTTPS connection,
so it would not even get past auth.

This patch causes us to decide our auth scheme separately for the
main VNC server vs the websockets VNC server. We take account of
the fact that if TLS is enabled, then the websockets client will
use https, so setting up VeNCrypt is thus redundant as it would
lead to nested TLS sessions.

Signed-off-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 51941e4695c6f6c1f786bacef7e8c3a477570e04
      
https://github.com/qemu/qemu/commit/51941e4695c6f6c1f786bacef7e8c3a477570e04
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-03-18 (Wed, 18 Mar 2015)

  Changed paths:
    M ui/vnc-ws.c
    M ui/vnc-ws.h
    M ui/vnc.c

  Log Message:
  -----------
  ui: enforce TLS when using websockets server

When TLS is required, the primary VNC server considers it to be
mandatory. ie the server admin decides whether or not TLS is used,
and the client has to comply with this decision. The websockets
server, however, treated it as optional, allowing non-TLS clients
to connect to a server which had setup TLS. Thus enabling websockets
lowers the security of the VNC server leaving the admin no way to
enforce use of TLS.

This removes the code that allows non-TLS fallback in the websockets
server, so that if TLS is requested for VNC it is now mandatory for
both the primary VNC server and the websockets VNC server.

Signed-off-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 7b45a00d05cc936d28e36b95932864e8cc095968
      
https://github.com/qemu/qemu/commit/7b45a00d05cc936d28e36b95932864e8cc095968
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-03-18 (Wed, 18 Mar 2015)

  Changed paths:
    M ui/vnc-tls.c
    M ui/vnc-ws.c
    M ui/vnc.c
    M ui/vnc.h

  Log Message:
  -----------
  ui: remove separate gnutls_session for websockets server

The previous change to the auth scheme handling guarantees we
can never have nested TLS sessions in the VNC websockets server.
Thus we can remove the separate gnutls_session instance.

Signed-off-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 4a48aaa9f52dbac148be24f591de2f28c58ccb5d
      
https://github.com/qemu/qemu/commit/4a48aaa9f52dbac148be24f591de2f28c58ccb5d
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-03-18 (Wed, 18 Mar 2015)

  Changed paths:
    M ui/vnc-ws.c

  Log Message:
  -----------
  ui: ensure VNC websockets server checks the ACL if requested

If the x509verify option is requested, the VNC websockets server
was failing to validate that the websockets client provided an
x509 certificate matching the ACL rules.

Signed-off-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 1cfa7e0ab223198b8b5449508d37613003d954a4
      
https://github.com/qemu/qemu/commit/1cfa7e0ab223198b8b5449508d37613003d954a4
  Author: Peter Maydell <address@hidden>
  Date:   2015-03-19 (Thu, 19 Mar 2015)

  Changed paths:
    M ui/vnc-auth-vencrypt.c
    M ui/vnc-tls.c
    M ui/vnc-tls.h
    M ui/vnc-ws.c
    M ui/vnc-ws.h
    M ui/vnc.c
    M ui/vnc.h

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20150318-1' into 
staging

vnc: fix websockets & QMP.

# gpg: Signature made Wed Mar 18 13:12:35 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg:                 aka "Gerd Hoffmann <address@hidden>"
# gpg:                 aka "Gerd Hoffmann (private) <address@hidden>"

* remotes/kraxel/tags/pull-vnc-20150318-1:
  ui: ensure VNC websockets server checks the ACL if requested
  ui: remove separate gnutls_session for websockets server
  ui: enforce TLS when using websockets server
  ui: fix setup of VNC websockets auth scheme with TLS
  ui: split setup of VNC auth scheme into separate method
  ui: report error if user requests VNC option that is unsupported
  ui: replace printf() calls with VNC_DEBUG
  ui: remove unused 'wiremode' variable in VncState struct
  vnc: Fix QMP change not to use funky error class

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/2259c16dc21a...1cfa7e0ab223

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] f3cf80: vnc: Fix QMP change not to use funky error class, GitHub <=

Prev by Date: [Qemu-commits] [qemu/qemu] 9e0f5b: virtio: validate the existence of handle_output be...
Next by Date: [Qemu-commits] [qemu/qemu] 62c688: target-mips: fix CP0.BadVAddr by stopping translat...
Previous by thread: [Qemu-commits] [qemu/qemu] 9e0f5b: virtio: validate the existence of handle_output be...
Next by thread: [Qemu-commits] [qemu/qemu] 62c688: target-mips: fix CP0.BadVAddr by stopping translat...
Index(es):
- Date
- Thread