This finished the work of 90ff154b36
(cfr "Update usage of GObject private structures").
Removes last call to g_type_class_add_private.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
This removes a not really useful switch/case, and changes the function
to exit early on error cases, rather than exiting early in the nominal
case.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
This renames the method to smartcard_new_vsc_msg_item as this creates a
new object. This also removes the creation of a temporary VHeader which
is then going to be duplicated.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
The function returns NULL if vheader->type is VSC_Init so no need to
check it a second time.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Only RedCharDeviceVDIPortClass implements this vfunc, rather than
forcing every classes deriving from RedCharDeviceClass to implement it,
red_char_device_send_tokens_to_client() can deal with it.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
New functions and macros have been added in glib 2.38 to better handle
this case.
c8de2b11bb/NEWS
G_TYPE_INSTANCE_GET_PRIVATE will be deprecated in GLib 2.58.
https://gitlab.gnome.org/GNOME/glib/merge_requests/7/commits
Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Bugs such as https://bugzilla.redhat.com/show_bug.cgi?id=1651882 can be
quite tricky to figure out without the detailed OpenSSL error. This
commit adds a detailed dump of the OpenSSL error stack when an OpenSSL
failure happens.
In the bug above, this would have displayed:
(process:13154): Spice-WARNING **: 05:43:10.139: reds.c:2816:reds_init_ssl: Could not load certificates from /etc/pki/libvirt-spice/server-cert.pem
(process:13154): Spice-WARNING **: 05:43:10.140: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
RedMemSlotInfo keeps an array of groups, and each group contains an
array of slots. Unfortunately, these checks are off by 1, they check
that the index is greater or equal to the number of elements in the
array, while these arrays are 0 based. The check should only check for
strictly greater than the number of elements.
For the group array, this is not a big issue, as these memslot groups
are created by spice-server users (eg QEMU), and the group ids used to
index that array are also generated by the spice-server user, so it
should not be possible for the guest to set them to arbitrary values.
The slot id is more problematic, as it's calculated from a QXLPHYSICAL
address, and such addresses are usually set by the guest QXL driver, so
the guest can set these to arbitrary values, including malicious values,
which are probably easy to build from the guest PCI configuration.
This patch fixes the arrays bound check, and adds a test case for this.
This fixes CVE-2019-3813.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
There should be no reason for the caller to modify the internal
structure.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
Client process termination did not work for Windows, used Win32
APIs.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Windows does not support Unix sockets.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
MingW does not include this header while including stdint.h so
on Windows you need to include it.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This is a preparatory patch for next portability patches
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
display-channel.h is not using any of the definition from
these headers.
Adding a missing include to red-worker.c.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
Avoid using strncpy, considered not secure.
In this case a simple memcpy is used, we are going to terminate
the string in any case on the next line.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Lukáš Hrázký <lhrazky@redhat.com>
Zlib structure take up more than 1MB and it is rarely used nowadays
as it is not much effective.
Initialise it only when necessary saving some memory in the normal
case.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
When a client disconnects, smartcard_channel_client_set_char_device
is called with a NULL "device" argument. In that case there is
no need to take a weak reference to the device.
Without this patch the server complains:
g_object_add_weak_pointer: assertion 'G_IS_OBJECT (object)' failed
and aborts when a second client attempts to connect.
Signed-off-by: Uri Lublin <uril@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Adds the graphics device info from the streaming device(s) to the
VDAgentGraphicsDeviceInfo message sent to the vd_agent.
Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Receives the GraphicsDeviceInfo message from the streaming agent and
stores the data in a list on the streaming device.
Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Sends the device address and device display IDs to the vdagent. The
message is sent either in reaction to the SPICE_MSGC_MAIN_AGENT_START
message or when the graphics device info changes.
Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Instead of one unsupported example, present two real world examples.
Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Replace it by spice_qxl_set_device_info. Note we can't use
monitors_count for what's stored in max_monitors, because monitors_count
denotes the length of the device_display_ids array, which
spice_qxl_set_max_monitors doesn't touch.
Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Adds a function to let QEMU provide information to identify graphics
devices and their monitors in the guest. The function
(spice_qxl_set_device_info) sets the device address (e.g. a PCI path)
and monitor ID -> device display ID mapping of displays exposed by given
QXL interface.
Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Trace when data is received from the guest and when is sent
to the client.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Victor Toso <victortoso@redhat.com>
Instead of
if (serveroutlen) {
...
} else {
red_stream_write_u32_le(stream, serveroutlen);
}
use 'red_stream_write_u32_le(stream, 0);' in the else block as it's
slightly more obvious.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
These constants are meant to be used in format string for pointers
types. Use them for portability.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
Due to previous commit "make syntax-check" command reports:
prohibit_signal_without_use
server/tests/test-display-base.c
maint.mk: the above files include signal.h but don't use it
make: *** [maint.mk:639: sc_prohibit_signal_without_use] Error 1
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
Use GLib function to launch and wait process exit.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
If input contains the binary record we can't have it modified
during read.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Split level computation, make clear is a sine wave on both channels.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
We are waiting for a client connection, channel is already there
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
This changes tests/pki/server-cert.pem and tests/pki/ca-cert.pem to have
2048 bits. These certificates were generated using the
instructions on https://www.spice-space.org/spice-user-manual.html
The -subj args were omitted, and the defaults suggested by openssl used.
The -days parameter was changed to -days 10950, the bits to 2048.
This fixes https://gitlab.freedesktop.org/spice/spice/issues/27.
Some distros are starting to use stricter settings for their openssl
configuration, which forbids 1024 bit keys, and causes test suite
failures.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
Now that we have a refcounted RedSurfaceCmd, we can store the command
itself in DisplayChannel rather than copying QXLReleaseInfoExt. This
will let us move the release of the QXL guest resources in red-parse-qxl
in the next commit.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Currently, RedWorker is using stack-allocated variables for RedSurfaceCmd.
Surface commands are rare enough that we can dynamically allocate them
instead, and make the API in red-parse-qxl.h consistent with how other
QXL commands are handled.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Currently, RedUpdateCmd are allocated on the stack, and then
initialized/uninitialized with red_{get,put}_update_cmd
This makes the API inconsistent with what is being done for RedDrawable,
RedCursor and RedMessage. QXLUpdateCmd are not occurring very often,
we can dynamically allocate them instead, and get a consistent API.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Currently, RedMessage are allocated on the stack, and then
initialized/uninitialized with red_{get,put}_message
This makes the API inconsistent with what is being done for RedDrawable
and RedCursor. Since QXLMessage is just a (mostly unused/unsecure) debugging tool,
we can dynamically allocate it instead, and get a consistent API.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Currently, the cursor channel is allocating RedCursorCmd instances itself, and then
calling into red-parse-qxl.h to initialize it, and doing something
similar when releasing the data. This commit moves this common code to
red-parse-qxl.[ch]
The ref/unref are not strictly needed, red_cursor_cmd_free() would
currently be enough, but this makes the API consistent with
red_drawable_{new,ref,unref}.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
At the moment, we'll unconditionally release the guest QXL resources in
red_put_drawable() even if red_get_drawable() failed and did not
initialize drawable->release_info_ext properly.
This commit only sets RedDrawable::qxl once the guest resource have been
successfully retrieved, and only free the guest QXL resources when
RedDrawable::qxl is set.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
