1 /* 2 * QEMU VNC display driver. TLS helpers 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony (at) codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 28 #ifndef __QEMU_VNC_TLS_H__ 29 #define __QEMU_VNC_TLS_H__ 30 31 #include <gnutls/gnutls.h> 32 #include <gnutls/x509.h> 33 34 #include "acl.h" 35 36 enum { 37 VNC_WIREMODE_CLEAR, 38 VNC_WIREMODE_TLS, 39 }; 40 41 typedef struct VncDisplayTLS VncDisplayTLS; 42 typedef struct VncStateTLS VncStateTLS; 43 44 /* Server state */ 45 struct VncDisplayTLS { 46 int x509verify; /* Non-zero if server requests & validates client cert */ 47 qemu_acl *acl; 48 49 /* Paths to x509 certs/keys */ 50 char *x509cacert; 51 char *x509cacrl; 52 char *x509cert; 53 char *x509key; 54 }; 55 56 /* Per client state */ 57 struct VncStateTLS { 58 /* Whether data is being TLS encrypted yet */ 59 int wiremode; 60 gnutls_session_t session; 61 62 /* Client's Distinguished Name from the x509 cert */ 63 char *dname; 64 }; 65 66 int vnc_tls_client_setup(VncState *vs, int x509Creds); 67 void vnc_tls_client_cleanup(VncState *vs); 68 69 int vnc_tls_validate_certificate(VncState *vs); 70 71 int vnc_tls_set_x509_creds_dir(VncDisplay *vd, 72 const char *path); 73 74 75 #endif /* __QEMU_VNC_TLS_H__ */ 76 77