vnc: fix tls-creds error message

The parameter is called 'tls-creds', 'credid' is just the variable name in the code. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1452681360-29239-1-git-send-email-w.bumiller@proxmox.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Fix corner-case when using VNC+SASL+SPICE
2016-01-18 16:36:21 +01:00 · 2016-01-18 16:36:21 +01:00 · 2016-01-18 16:36:21 +01:00 · 2016-01-18 16:36:21 +01:00
4 changed files with 49 additions and 4 deletions
--- a/include/ui/gtk.h
+++ b/include/ui/gtk.h
@@ -61,6 +61,7 @@ typedef struct VirtualVteConsole {
    GtkWidget *scrollbar;
    GtkWidget *terminal;
    CharDriverState *chr;
+    bool echo;
 } VirtualVteConsole;
 #endif

--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1588,6 +1588,13 @@ static int gd_vc_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
    return len;
 }

+static void gd_vc_chr_set_echo(CharDriverState *chr, bool echo)
+{
+    VirtualConsole *vc = chr->opaque;
+
+    vc->vte.echo = echo;
+}
+
 static int nb_vcs;
 static CharDriverState *vcs[MAX_VCS];

@@ -1597,6 +1604,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *unused, Error **errp)

    chr = g_malloc0(sizeof(*chr));
    chr->chr_write = gd_vc_chr_write;
+    chr->chr_set_echo = gd_vc_chr_set_echo;
+
+    /* Temporary, until gd_vc_vte_init runs.  */
+    chr->opaque = g_new(VirtualConsole, 1);
+
    /* defer OPENED events until our vc is fully initialized */
    chr->explicit_be_open = true;

@@ -1610,6 +1622,24 @@ static gboolean gd_vc_in(VteTerminal *terminal, gchar *text, guint size,
 {
    VirtualConsole *vc = user_data;

+    if (vc->vte.echo) {
+        VteTerminal *term = VTE_TERMINAL(vc->vte.terminal);
+        int i;
+        for (i = 0; i < size; i++) {
+            uint8_t c = text[i];
+            if (c >= 128 || isprint(c)) {
+                /* 8-bit characters are considered printable.  */
+                vte_terminal_feed(term, &text[i], 1);
+            } else if (c == '\r' || c == '\n') {
+                vte_terminal_feed(term, "\r\n", 2);
+            } else {
+                char ctrl[2] = { '^', 0};
+                ctrl[1] = text[i] ^ 64;
+                vte_terminal_feed(term, ctrl, 2);
+            }
+        }
+    }
+
    qemu_chr_be_write(vc->vte.chr, (uint8_t  *)text, (unsigned int)size);
    return TRUE;
 }
@@ -1622,9 +1652,14 @@ static GSList *gd_vc_vte_init(GtkDisplayState *s, VirtualConsole *vc,
    GtkWidget *box;
    GtkWidget *scrollbar;
    GtkAdjustment *vadjustment;
+    VirtualConsole *tmp_vc = chr->opaque;

    vc->s = s;
+    vc->vte.echo = tmp_vc->vte.echo;
+
    vc->vte.chr = chr;
+    chr->opaque = vc;
+    g_free(tmp_vc);

    snprintf(buffer, sizeof(buffer), "vc%d", idx);
    vc->label = g_strdup_printf("%s", vc->vte.chr->label
@@ -1634,6 +1669,15 @@ static GSList *gd_vc_vte_init(GtkDisplayState *s, VirtualConsole *vc,
    vc->vte.terminal = vte_terminal_new();
    g_signal_connect(vc->vte.terminal, "commit", G_CALLBACK(gd_vc_in), vc);

+    /* The documentation says that the default is UTF-8, but actually it is
+     * 7-bit ASCII at least in VTE 0.38.
+     */
+#if VTE_CHECK_VERSION(0, 40, 0)
+    vte_terminal_set_encoding(VTE_TERMINAL(vc->vte.terminal), "UTF-8", NULL);
+#else
+    vte_terminal_set_encoding(VTE_TERMINAL(vc->vte.terminal), "UTF-8");
+#endif
+
    vte_terminal_set_scrollback_lines(VTE_TERMINAL(vc->vte.terminal), -1);
    vte_terminal_set_size(VTE_TERMINAL(vc->vte.terminal),
                          VC_TERM_X_MIN, VC_TERM_Y_MIN);
@@ -1656,7 +1700,6 @@ static GSList *gd_vc_vte_init(GtkDisplayState *s, VirtualConsole *vc,
    gtk_box_pack_start(GTK_BOX(box), vc->vte.terminal, TRUE, TRUE, 0);
    gtk_box_pack_start(GTK_BOX(box), scrollbar, FALSE, FALSE, 0);

-    vc->vte.chr->opaque = vc;
    vc->vte.box = box;
    vc->vte.scrollbar = scrollbar;

--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -727,8 +727,7 @@ void qemu_spice_init(void)
        qemu_spice_set_passwd(password, false, false);
    }
    if (qemu_opt_get_bool(opts, "sasl", 0)) {
-        if (spice_server_set_sasl_appname(spice_server, "qemu") == -1 ||
-            spice_server_set_sasl(spice_server, 1) == -1) {
+        if (spice_server_set_sasl(spice_server, 1) == -1) {
            error_report("spice: failed to enable sasl");
            exit(1);
        }
@@ -794,6 +793,7 @@ void qemu_spice_init(void)

    seamless_migration = qemu_opt_get_bool(opts, "seamless-migration", 0);
    spice_server_set_seamless_migration(spice_server, seamless_migration);
+    spice_server_set_sasl_appname(spice_server, "qemu");
    if (spice_server_init(spice_server, &core_interface) != 0) {
        error_report("failed to initialize spice server");
        exit(1);
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3134,6 +3134,7 @@ static void vnc_display_close(VncDisplay *vs)
    vs->subauth = VNC_AUTH_INVALID;
    if (vs->tlscreds) {
        object_unparent(OBJECT(vs->tlscreds));
+        vs->tlscreds = NULL;
    }
    g_free(vs->tlsaclname);
    vs->tlsaclname = NULL;
@@ -3605,7 +3606,7 @@ void vnc_display_open(const char *id, Error **errp)
            qemu_opt_get(opts, "x509") ||
            qemu_opt_get(opts, "x509verify")) {
            error_setg(errp,
-                       "'credid' parameter is mutually exclusive with "
+                       "'tls-creds' parameter is mutually exclusive with "
                       "'tls', 'x509' and 'x509verify' parameters");
            goto fail;
        }
Author	SHA1	Message	Date
Wolfgang Bumiller	c62e90af8c	vnc: fix tls-creds error message The parameter is called 'tls-creds', 'credid' is just the variable name in the code. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1452681360-29239-1-git-send-email-w.bumiller@proxmox.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>	2016-01-18 16:36:21 +01:00
Christophe Fergeau	06bb88145c	Fix corner-case when using VNC+SASL+SPICE Similarly to the commit `764eb39d1b` fixing VNC+SASL+QXL, when starting QEMU with SPICE but no SASL, and at the same time VNC with SASL, then spice_server_init() will get called without a previous call to spice_server_set_sasl_appname(), which will cause cyrus-sasl to try to use /etc/sasl2/spice.conf (spice-server uses "spice" as its default appname) rather than the expected /etc/sasl2/qemu.conf. This commit unconditionally calls spice_server_set_sasl_appname() before calling spice_server_init() in order to use the correct appname even if SPICE without SASL was requested on qemu command line. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com> Message-id: 1452607738-1521-1-git-send-email-cfergeau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>	2016-01-18 16:36:21 +01:00
Wolfgang Bumiller	67c4c2bd95	vnc: clear vs->tlscreds after unparenting it This pointer should be cleared in vnc_display_close() otherwise a use-after-free can happen when when using the old style 'x509' and 'tls' options rather than a persistent tls-creds -object, by issuing monitor commands to change the vnc server like so: Start with: -vnc unix:test.socket,x509,tls Then use the following monitor command: change vnc unix:test.socket After this the pointer is still set but invalid and a crash can be triggered for instance by issuing the same command a second time which will try to object_unparent() the same pointer again. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>	2016-01-18 16:36:21 +01:00
Paolo Bonzini	fba958c692	gtk: implement set_echo Even without line editing, this makes -qmp vc more pleasant with the GTK+ backend. The only issue is that set_echo is invoked very early, long before a vc is actually associated with a VirtualConsole. To work around this, create a temporary VirtualConsole until then. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1450356422-31710-1-git-send-email-pbonzini@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>	2016-01-18 16:36:21 +01:00