search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ui: refactor code for determining if an update should be sent to the client
[qemu/ar7.git] / ui / vnc.c
blob4ba7fc076a2face45679271ba88f36de1eff93cd
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "sysemu/sysemu.h"
32 #include "qemu/error-report.h"
33 #include "qemu/sockets.h"
34 #include "qemu/timer.h"
35 #include "qemu/acl.h"
36 #include "qemu/config-file.h"
37 #include "qapi/qmp/qerror.h"
38 #include "qapi/qmp/types.h"
39 #include "qmp-commands.h"
40 #include "ui/input.h"
41 #include "qapi-event.h"
42 #include "crypto/hash.h"
43 #include "crypto/tlscredsanon.h"
44 #include "crypto/tlscredsx509.h"
45 #include "qom/object_interfaces.h"
46 #include "qemu/cutils.h"
47 #include "io/dns-resolver.h"
48
49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50 #define VNC_REFRESH_INTERVAL_INC 50
51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55 #include "vnc_keysym.h"
56 #include "crypto/cipher.h"
57
58 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61 static int vnc_cursor_define(VncState *vs);
62 static void vnc_release_modifiers(VncState *vs);
63
64 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
65 {
66 #ifdef _VNC_DEBUG
67 static const char *mn[] = {
68 [0] = "undefined",
69 [VNC_SHARE_MODE_CONNECTING] = "connecting",
70 [VNC_SHARE_MODE_SHARED] = "shared",
71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
73 };
74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
75 vs->ioc, mn[vs->share_mode], mn[mode]);
76 #endif
77
78 switch (vs->share_mode) {
79 case VNC_SHARE_MODE_CONNECTING:
80 vs->vd->num_connecting--;
81 break;
82 case VNC_SHARE_MODE_SHARED:
83 vs->vd->num_shared--;
84 break;
85 case VNC_SHARE_MODE_EXCLUSIVE:
86 vs->vd->num_exclusive--;
87 break;
88 default:
89 break;
90 }
91
92 vs->share_mode = mode;
93
94 switch (vs->share_mode) {
95 case VNC_SHARE_MODE_CONNECTING:
96 vs->vd->num_connecting++;
97 break;
98 case VNC_SHARE_MODE_SHARED:
99 vs->vd->num_shared++;
100 break;
101 case VNC_SHARE_MODE_EXCLUSIVE:
102 vs->vd->num_exclusive++;
103 break;
104 default:
105 break;
106 }
107 }
108
109
110 static void vnc_init_basic_info(SocketAddress *addr,
111 VncBasicInfo *info,
112 Error **errp)
113 {
114 switch (addr->type) {
115 case SOCKET_ADDRESS_TYPE_INET:
116 info->host = g_strdup(addr->u.inet.host);
117 info->service = g_strdup(addr->u.inet.port);
118 if (addr->u.inet.ipv6) {
119 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
120 } else {
121 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
122 }
123 break;
124
125 case SOCKET_ADDRESS_TYPE_UNIX:
126 info->host = g_strdup("");
127 info->service = g_strdup(addr->u.q_unix.path);
128 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
129 break;
130
131 case SOCKET_ADDRESS_TYPE_VSOCK:
132 case SOCKET_ADDRESS_TYPE_FD:
133 error_setg(errp, "Unsupported socket address type %s",
134 SocketAddressType_str(addr->type));
135 break;
136 default:
137 abort();
138 }
139
140 return;
141 }
142
143 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
144 VncBasicInfo *info,
145 Error **errp)
146 {
147 SocketAddress *addr = NULL;
148
149 if (!ioc) {
150 error_setg(errp, "No listener socket available");
151 return;
152 }
153
154 addr = qio_channel_socket_get_local_address(ioc, errp);
155 if (!addr) {
156 return;
157 }
158
159 vnc_init_basic_info(addr, info, errp);
160 qapi_free_SocketAddress(addr);
161 }
162
163 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
164 VncBasicInfo *info,
165 Error **errp)
166 {
167 SocketAddress *addr = NULL;
168
169 addr = qio_channel_socket_get_remote_address(ioc, errp);
170 if (!addr) {
171 return;
172 }
173
174 vnc_init_basic_info(addr, info, errp);
175 qapi_free_SocketAddress(addr);
176 }
177
178 static const char *vnc_auth_name(VncDisplay *vd) {
179 switch (vd->auth) {
180 case VNC_AUTH_INVALID:
181 return "invalid";
182 case VNC_AUTH_NONE:
183 return "none";
184 case VNC_AUTH_VNC:
185 return "vnc";
186 case VNC_AUTH_RA2:
187 return "ra2";
188 case VNC_AUTH_RA2NE:
189 return "ra2ne";
190 case VNC_AUTH_TIGHT:
191 return "tight";
192 case VNC_AUTH_ULTRA:
193 return "ultra";
194 case VNC_AUTH_TLS:
195 return "tls";
196 case VNC_AUTH_VENCRYPT:
197 switch (vd->subauth) {
198 case VNC_AUTH_VENCRYPT_PLAIN:
199 return "vencrypt+plain";
200 case VNC_AUTH_VENCRYPT_TLSNONE:
201 return "vencrypt+tls+none";
202 case VNC_AUTH_VENCRYPT_TLSVNC:
203 return "vencrypt+tls+vnc";
204 case VNC_AUTH_VENCRYPT_TLSPLAIN:
205 return "vencrypt+tls+plain";
206 case VNC_AUTH_VENCRYPT_X509NONE:
207 return "vencrypt+x509+none";
208 case VNC_AUTH_VENCRYPT_X509VNC:
209 return "vencrypt+x509+vnc";
210 case VNC_AUTH_VENCRYPT_X509PLAIN:
211 return "vencrypt+x509+plain";
212 case VNC_AUTH_VENCRYPT_TLSSASL:
213 return "vencrypt+tls+sasl";
214 case VNC_AUTH_VENCRYPT_X509SASL:
215 return "vencrypt+x509+sasl";
216 default:
217 return "vencrypt";
218 }
219 case VNC_AUTH_SASL:
220 return "sasl";
221 }
222 return "unknown";
223 }
224
225 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
226 {
227 VncServerInfo *info;
228 Error *err = NULL;
229
230 if (!vd->nlsock) {
231 return NULL;
232 }
233
234 info = g_malloc0(sizeof(*info));
235 vnc_init_basic_info_from_server_addr(vd->lsock[0],
236 qapi_VncServerInfo_base(info), &err);
237 info->has_auth = true;
238 info->auth = g_strdup(vnc_auth_name(vd));
239 if (err) {
240 qapi_free_VncServerInfo(info);
241 info = NULL;
242 error_free(err);
243 }
244 return info;
245 }
246
247 static void vnc_client_cache_auth(VncState *client)
248 {
249 if (!client->info) {
250 return;
251 }
252
253 if (client->tls) {
254 client->info->x509_dname =
255 qcrypto_tls_session_get_peer_name(client->tls);
256 client->info->has_x509_dname =
257 client->info->x509_dname != NULL;
258 }
259 #ifdef CONFIG_VNC_SASL
260 if (client->sasl.conn &&
261 client->sasl.username) {
262 client->info->has_sasl_username = true;
263 client->info->sasl_username = g_strdup(client->sasl.username);
264 }
265 #endif
266 }
267
268 static void vnc_client_cache_addr(VncState *client)
269 {
270 Error *err = NULL;
271
272 client->info = g_malloc0(sizeof(*client->info));
273 vnc_init_basic_info_from_remote_addr(client->sioc,
274 qapi_VncClientInfo_base(client->info),
275 &err);
276 if (err) {
277 qapi_free_VncClientInfo(client->info);
278 client->info = NULL;
279 error_free(err);
280 }
281 }
282
283 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
284 {
285 VncServerInfo *si;
286
287 if (!vs->info) {
288 return;
289 }
290
291 si = vnc_server_info_get(vs->vd);
292 if (!si) {
293 return;
294 }
295
296 switch (event) {
297 case QAPI_EVENT_VNC_CONNECTED:
298 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
299 &error_abort);
300 break;
301 case QAPI_EVENT_VNC_INITIALIZED:
302 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
303 break;
304 case QAPI_EVENT_VNC_DISCONNECTED:
305 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
306 break;
307 default:
308 break;
309 }
310
311 qapi_free_VncServerInfo(si);
312 }
313
314 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
315 {
316 VncClientInfo *info;
317 Error *err = NULL;
318
319 info = g_malloc0(sizeof(*info));
320
321 vnc_init_basic_info_from_remote_addr(client->sioc,
322 qapi_VncClientInfo_base(info),
323 &err);
324 if (err) {
325 error_free(err);
326 qapi_free_VncClientInfo(info);
327 return NULL;
328 }
329
330 info->websocket = client->websocket;
331
332 if (client->tls) {
333 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
334 info->has_x509_dname = info->x509_dname != NULL;
335 }
336 #ifdef CONFIG_VNC_SASL
337 if (client->sasl.conn && client->sasl.username) {
338 info->has_sasl_username = true;
339 info->sasl_username = g_strdup(client->sasl.username);
340 }
341 #endif
342
343 return info;
344 }
345
346 static VncDisplay *vnc_display_find(const char *id)
347 {
348 VncDisplay *vd;
349
350 if (id == NULL) {
351 return QTAILQ_FIRST(&vnc_displays);
352 }
353 QTAILQ_FOREACH(vd, &vnc_displays, next) {
354 if (strcmp(id, vd->id) == 0) {
355 return vd;
356 }
357 }
358 return NULL;
359 }
360
361 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
362 {
363 VncClientInfoList *cinfo, *prev = NULL;
364 VncState *client;
365
366 QTAILQ_FOREACH(client, &vd->clients, next) {
367 cinfo = g_new0(VncClientInfoList, 1);
368 cinfo->value = qmp_query_vnc_client(client);
369 cinfo->next = prev;
370 prev = cinfo;
371 }
372 return prev;
373 }
374
375 VncInfo *qmp_query_vnc(Error **errp)
376 {
377 VncInfo *info = g_malloc0(sizeof(*info));
378 VncDisplay *vd = vnc_display_find(NULL);
379 SocketAddress *addr = NULL;
380
381 if (vd == NULL || !vd->nlsock) {
382 info->enabled = false;
383 } else {
384 info->enabled = true;
385
386 /* for compatibility with the original command */
387 info->has_clients = true;
388 info->clients = qmp_query_client_list(vd);
389
390 if (vd->lsock == NULL) {
391 return info;
392 }
393
394 addr = qio_channel_socket_get_local_address(vd->lsock[0], errp);
395 if (!addr) {
396 goto out_error;
397 }
398
399 switch (addr->type) {
400 case SOCKET_ADDRESS_TYPE_INET:
401 info->host = g_strdup(addr->u.inet.host);
402 info->service = g_strdup(addr->u.inet.port);
403 if (addr->u.inet.ipv6) {
404 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
405 } else {
406 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
407 }
408 break;
409
410 case SOCKET_ADDRESS_TYPE_UNIX:
411 info->host = g_strdup("");
412 info->service = g_strdup(addr->u.q_unix.path);
413 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
414 break;
415
416 case SOCKET_ADDRESS_TYPE_VSOCK:
417 case SOCKET_ADDRESS_TYPE_FD:
418 error_setg(errp, "Unsupported socket address type %s",
419 SocketAddressType_str(addr->type));
420 goto out_error;
421 default:
422 abort();
423 }
424
425 info->has_host = true;
426 info->has_service = true;
427 info->has_family = true;
428
429 info->has_auth = true;
430 info->auth = g_strdup(vnc_auth_name(vd));
431 }
432
433 qapi_free_SocketAddress(addr);
434 return info;
435
436 out_error:
437 qapi_free_SocketAddress(addr);
438 qapi_free_VncInfo(info);
439 return NULL;
440 }
441
442
443 static void qmp_query_auth(int auth, int subauth,
444 VncPrimaryAuth *qmp_auth,
445 VncVencryptSubAuth *qmp_vencrypt,
446 bool *qmp_has_vencrypt);
447
448 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
449 bool websocket,
450 int auth,
451 int subauth,
452 VncServerInfo2List *prev)
453 {
454 VncServerInfo2List *list;
455 VncServerInfo2 *info;
456 Error *err = NULL;
457 SocketAddress *addr;
458
459 addr = qio_channel_socket_get_local_address(ioc, &err);
460 if (!addr) {
461 error_free(err);
462 return prev;
463 }
464
465 info = g_new0(VncServerInfo2, 1);
466 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
467 qapi_free_SocketAddress(addr);
468 if (err) {
469 qapi_free_VncServerInfo2(info);
470 error_free(err);
471 return prev;
472 }
473 info->websocket = websocket;
474
475 qmp_query_auth(auth, subauth, &info->auth,
476 &info->vencrypt, &info->has_vencrypt);
477
478 list = g_new0(VncServerInfo2List, 1);
479 list->value = info;
480 list->next = prev;
481 return list;
482 }
483
484 static void qmp_query_auth(int auth, int subauth,
485 VncPrimaryAuth *qmp_auth,
486 VncVencryptSubAuth *qmp_vencrypt,
487 bool *qmp_has_vencrypt)
488 {
489 switch (auth) {
490 case VNC_AUTH_VNC:
491 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
492 break;
493 case VNC_AUTH_RA2:
494 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
495 break;
496 case VNC_AUTH_RA2NE:
497 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
498 break;
499 case VNC_AUTH_TIGHT:
500 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
501 break;
502 case VNC_AUTH_ULTRA:
503 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
504 break;
505 case VNC_AUTH_TLS:
506 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
507 break;
508 case VNC_AUTH_VENCRYPT:
509 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
510 *qmp_has_vencrypt = true;
511 switch (subauth) {
512 case VNC_AUTH_VENCRYPT_PLAIN:
513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
514 break;
515 case VNC_AUTH_VENCRYPT_TLSNONE:
516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
517 break;
518 case VNC_AUTH_VENCRYPT_TLSVNC:
519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
520 break;
521 case VNC_AUTH_VENCRYPT_TLSPLAIN:
522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
523 break;
524 case VNC_AUTH_VENCRYPT_X509NONE:
525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
526 break;
527 case VNC_AUTH_VENCRYPT_X509VNC:
528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
529 break;
530 case VNC_AUTH_VENCRYPT_X509PLAIN:
531 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
532 break;
533 case VNC_AUTH_VENCRYPT_TLSSASL:
534 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
535 break;
536 case VNC_AUTH_VENCRYPT_X509SASL:
537 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
538 break;
539 default:
540 *qmp_has_vencrypt = false;
541 break;
542 }
543 break;
544 case VNC_AUTH_SASL:
545 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
546 break;
547 case VNC_AUTH_NONE:
548 default:
549 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
550 break;
551 }
552 }
553
554 VncInfo2List *qmp_query_vnc_servers(Error **errp)
555 {
556 VncInfo2List *item, *prev = NULL;
557 VncInfo2 *info;
558 VncDisplay *vd;
559 DeviceState *dev;
560 size_t i;
561
562 QTAILQ_FOREACH(vd, &vnc_displays, next) {
563 info = g_new0(VncInfo2, 1);
564 info->id = g_strdup(vd->id);
565 info->clients = qmp_query_client_list(vd);
566 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
567 &info->vencrypt, &info->has_vencrypt);
568 if (vd->dcl.con) {
569 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
570 "device", NULL));
571 info->has_display = true;
572 info->display = g_strdup(dev->id);
573 }
574 for (i = 0; i < vd->nlsock; i++) {
575 info->server = qmp_query_server_entry(
576 vd->lsock[i], false, vd->auth, vd->subauth, info->server);
577 }
578 for (i = 0; i < vd->nlwebsock; i++) {
579 info->server = qmp_query_server_entry(
580 vd->lwebsock[i], true, vd->ws_auth,
581 vd->ws_subauth, info->server);
582 }
583
584 item = g_new0(VncInfo2List, 1);
585 item->value = info;
586 item->next = prev;
587 prev = item;
588 }
589 return prev;
590 }
591
592 /* TODO
593 1) Get the queue working for IO.
594 2) there is some weirdness when using the -S option (the screen is grey
595 and not totally invalidated
596 3) resolutions > 1024
597 */
598
599 static int vnc_update_client(VncState *vs, int has_dirty);
600 static void vnc_disconnect_start(VncState *vs);
601
602 static void vnc_colordepth(VncState *vs);
603 static void framebuffer_update_request(VncState *vs, int incremental,
604 int x_position, int y_position,
605 int w, int h);
606 static void vnc_refresh(DisplayChangeListener *dcl);
607 static int vnc_refresh_server_surface(VncDisplay *vd);
608
609 static int vnc_width(VncDisplay *vd)
610 {
611 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
612 VNC_DIRTY_PIXELS_PER_BIT));
613 }
614
615 static int vnc_height(VncDisplay *vd)
616 {
617 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
618 }
619
620 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
621 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
622 VncDisplay *vd,
623 int x, int y, int w, int h)
624 {
625 int width = vnc_width(vd);
626 int height = vnc_height(vd);
627
628 /* this is needed this to ensure we updated all affected
629 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
630 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
631 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
632
633 x = MIN(x, width);
634 y = MIN(y, height);
635 w = MIN(x + w, width) - x;
636 h = MIN(y + h, height);
637
638 for (; y < h; y++) {
639 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
640 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
641 }
642 }
643
644 static void vnc_dpy_update(DisplayChangeListener *dcl,
645 int x, int y, int w, int h)
646 {
647 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
648 struct VncSurface *s = &vd->guest;
649
650 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
651 }
652
653 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
654 int32_t encoding)
655 {
656 vnc_write_u16(vs, x);
657 vnc_write_u16(vs, y);
658 vnc_write_u16(vs, w);
659 vnc_write_u16(vs, h);
660
661 vnc_write_s32(vs, encoding);
662 }
663
664
665 static void vnc_desktop_resize(VncState *vs)
666 {
667 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
668 return;
669 }
670 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
671 vs->client_height == pixman_image_get_height(vs->vd->server)) {
672 return;
673 }
674 vs->client_width = pixman_image_get_width(vs->vd->server);
675 vs->client_height = pixman_image_get_height(vs->vd->server);
676 vnc_lock_output(vs);
677 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
678 vnc_write_u8(vs, 0);
679 vnc_write_u16(vs, 1); /* number of rects */
680 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
681 VNC_ENCODING_DESKTOPRESIZE);
682 vnc_unlock_output(vs);
683 vnc_flush(vs);
684 }
685
686 static void vnc_abort_display_jobs(VncDisplay *vd)
687 {
688 VncState *vs;
689
690 QTAILQ_FOREACH(vs, &vd->clients, next) {
691 vnc_lock_output(vs);
692 vs->abort = true;
693 vnc_unlock_output(vs);
694 }
695 QTAILQ_FOREACH(vs, &vd->clients, next) {
696 vnc_jobs_join(vs);
697 }
698 QTAILQ_FOREACH(vs, &vd->clients, next) {
699 vnc_lock_output(vs);
700 vs->abort = false;
701 vnc_unlock_output(vs);
702 }
703 }
704
705 int vnc_server_fb_stride(VncDisplay *vd)
706 {
707 return pixman_image_get_stride(vd->server);
708 }
709
710 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
711 {
712 uint8_t *ptr;
713
714 ptr = (uint8_t *)pixman_image_get_data(vd->server);
715 ptr += y * vnc_server_fb_stride(vd);
716 ptr += x * VNC_SERVER_FB_BYTES;
717 return ptr;
718 }
719
720 static void vnc_update_server_surface(VncDisplay *vd)
721 {
722 int width, height;
723
724 qemu_pixman_image_unref(vd->server);
725 vd->server = NULL;
726
727 if (QTAILQ_EMPTY(&vd->clients)) {
728 return;
729 }
730
731 width = vnc_width(vd);
732 height = vnc_height(vd);
733 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
734 width, height,
735 NULL, 0);
736
737 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
738 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
739 width, height);
740 }
741
742 static void vnc_dpy_switch(DisplayChangeListener *dcl,
743 DisplaySurface *surface)
744 {
745 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
746 VncState *vs;
747
748 vnc_abort_display_jobs(vd);
749 vd->ds = surface;
750
751 /* server surface */
752 vnc_update_server_surface(vd);
753
754 /* guest surface */
755 qemu_pixman_image_unref(vd->guest.fb);
756 vd->guest.fb = pixman_image_ref(surface->image);
757 vd->guest.format = surface->format;
758
759 QTAILQ_FOREACH(vs, &vd->clients, next) {
760 vnc_colordepth(vs);
761 vnc_desktop_resize(vs);
762 if (vs->vd->cursor) {
763 vnc_cursor_define(vs);
764 }
765 memset(vs->dirty, 0x00, sizeof(vs->dirty));
766 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
767 vnc_width(vd),
768 vnc_height(vd));
769 }
770 }
771
772 /* fastest code */
773 static void vnc_write_pixels_copy(VncState *vs,
774 void *pixels, int size)
775 {
776 vnc_write(vs, pixels, size);
777 }
778
779 /* slowest but generic code. */
780 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
781 {
782 uint8_t r, g, b;
783
784 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
785 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
786 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
787 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
788 #else
789 # error need some bits here if you change VNC_SERVER_FB_FORMAT
790 #endif
791 v = (r << vs->client_pf.rshift) |
792 (g << vs->client_pf.gshift) |
793 (b << vs->client_pf.bshift);
794 switch (vs->client_pf.bytes_per_pixel) {
795 case 1:
796 buf[0] = v;
797 break;
798 case 2:
799 if (vs->client_be) {
800 buf[0] = v >> 8;
801 buf[1] = v;
802 } else {
803 buf[1] = v >> 8;
804 buf[0] = v;
805 }
806 break;
807 default:
808 case 4:
809 if (vs->client_be) {
810 buf[0] = v >> 24;
811 buf[1] = v >> 16;
812 buf[2] = v >> 8;
813 buf[3] = v;
814 } else {
815 buf[3] = v >> 24;
816 buf[2] = v >> 16;
817 buf[1] = v >> 8;
818 buf[0] = v;
819 }
820 break;
821 }
822 }
823
824 static void vnc_write_pixels_generic(VncState *vs,
825 void *pixels1, int size)
826 {
827 uint8_t buf[4];
828
829 if (VNC_SERVER_FB_BYTES == 4) {
830 uint32_t *pixels = pixels1;
831 int n, i;
832 n = size >> 2;
833 for (i = 0; i < n; i++) {
834 vnc_convert_pixel(vs, buf, pixels[i]);
835 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
836 }
837 }
838 }
839
840 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
841 {
842 int i;
843 uint8_t *row;
844 VncDisplay *vd = vs->vd;
845
846 row = vnc_server_fb_ptr(vd, x, y);
847 for (i = 0; i < h; i++) {
848 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
849 row += vnc_server_fb_stride(vd);
850 }
851 return 1;
852 }
853
854 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
855 {
856 int n = 0;
857 bool encode_raw = false;
858 size_t saved_offs = vs->output.offset;
859
860 switch(vs->vnc_encoding) {
861 case VNC_ENCODING_ZLIB:
862 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
863 break;
864 case VNC_ENCODING_HEXTILE:
865 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
866 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
867 break;
868 case VNC_ENCODING_TIGHT:
869 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
870 break;
871 case VNC_ENCODING_TIGHT_PNG:
872 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
873 break;
874 case VNC_ENCODING_ZRLE:
875 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
876 break;
877 case VNC_ENCODING_ZYWRLE:
878 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
879 break;
880 default:
881 encode_raw = true;
882 break;
883 }
884
885 /* If the client has the same pixel format as our internal buffer and
886 * a RAW encoding would need less space fall back to RAW encoding to
887 * save bandwidth and processing power in the client. */
888 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
889 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
890 vs->output.offset = saved_offs;
891 encode_raw = true;
892 }
893
894 if (encode_raw) {
895 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
896 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
897 }
898
899 return n;
900 }
901
902 static void vnc_mouse_set(DisplayChangeListener *dcl,
903 int x, int y, int visible)
904 {
905 /* can we ask the client(s) to move the pointer ??? */
906 }
907
908 static int vnc_cursor_define(VncState *vs)
909 {
910 QEMUCursor *c = vs->vd->cursor;
911 int isize;
912
913 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
914 vnc_lock_output(vs);
915 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
916 vnc_write_u8(vs, 0); /* padding */
917 vnc_write_u16(vs, 1); /* # of rects */
918 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
919 VNC_ENCODING_RICH_CURSOR);
920 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
921 vnc_write_pixels_generic(vs, c->data, isize);
922 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
923 vnc_unlock_output(vs);
924 return 0;
925 }
926 return -1;
927 }
928
929 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
930 QEMUCursor *c)
931 {
932 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
933 VncState *vs;
934
935 cursor_put(vd->cursor);
936 g_free(vd->cursor_mask);
937
938 vd->cursor = c;
939 cursor_get(vd->cursor);
940 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
941 vd->cursor_mask = g_malloc0(vd->cursor_msize);
942 cursor_get_mono_mask(c, 0, vd->cursor_mask);
943
944 QTAILQ_FOREACH(vs, &vd->clients, next) {
945 vnc_cursor_define(vs);
946 }
947 }
948
949 static int find_and_clear_dirty_height(VncState *vs,
950 int y, int last_x, int x, int height)
951 {
952 int h;
953
954 for (h = 1; h < (height - y); h++) {
955 if (!test_bit(last_x, vs->dirty[y + h])) {
956 break;
957 }
958 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
959 }
960
961 return h;
962 }
963
964 static bool vnc_should_update(VncState *vs)
965 {
966 switch (vs->update) {
967 case VNC_STATE_UPDATE_NONE:
968 break;
969 case VNC_STATE_UPDATE_INCREMENTAL:
970 /* Only allow incremental updates if the output buffer
971 * is empty, or if audio capture is enabled.
972 */
973 if (!vs->output.offset || vs->audio_cap) {
974 return true;
975 }
976 break;
977 case VNC_STATE_UPDATE_FORCE:
978 return true;
979 }
980 return false;
981 }
982
983 static int vnc_update_client(VncState *vs, int has_dirty)
984 {
985 VncDisplay *vd = vs->vd;
986 VncJob *job;
987 int y;
988 int height, width;
989 int n = 0;
990
991 if (vs->disconnecting) {
992 vnc_disconnect_finish(vs);
993 return 0;
994 }
995
996 vs->has_dirty += has_dirty;
997 if (!vnc_should_update(vs)) {
998 return 0;
999 }
1000
1001 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1002 return 0;
1003 }
1004
1005 /*
1006 * Send screen updates to the vnc client using the server
1007 * surface and server dirty map. guest surface updates
1008 * happening in parallel don't disturb us, the next pass will
1009 * send them to the client.
1010 */
1011 job = vnc_job_new(vs);
1012
1013 height = pixman_image_get_height(vd->server);
1014 width = pixman_image_get_width(vd->server);
1015
1016 y = 0;
1017 for (;;) {
1018 int x, h;
1019 unsigned long x2;
1020 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1021 height * VNC_DIRTY_BPL(vs),
1022 y * VNC_DIRTY_BPL(vs));
1023 if (offset == height * VNC_DIRTY_BPL(vs)) {
1024 /* no more dirty bits */
1025 break;
1026 }
1027 y = offset / VNC_DIRTY_BPL(vs);
1028 x = offset % VNC_DIRTY_BPL(vs);
1029 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1030 VNC_DIRTY_BPL(vs), x);
1031 bitmap_clear(vs->dirty[y], x, x2 - x);
1032 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1033 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1034 if (x2 > x) {
1035 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1036 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1037 }
1038 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1039 y += h;
1040 if (y == height) {
1041 break;
1042 }
1043 }
1044 }
1045
1046 vnc_job_push(job);
1047 vs->update = VNC_STATE_UPDATE_NONE;
1048 vs->has_dirty = 0;
1049 return n;
1050 }
1051
1052 /* audio */
1053 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1054 {
1055 VncState *vs = opaque;
1056
1057 switch (cmd) {
1058 case AUD_CNOTIFY_DISABLE:
1059 vnc_lock_output(vs);
1060 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1061 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1062 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1063 vnc_unlock_output(vs);
1064 vnc_flush(vs);
1065 break;
1066
1067 case AUD_CNOTIFY_ENABLE:
1068 vnc_lock_output(vs);
1069 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1070 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1071 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1072 vnc_unlock_output(vs);
1073 vnc_flush(vs);
1074 break;
1075 }
1076 }
1077
1078 static void audio_capture_destroy(void *opaque)
1079 {
1080 }
1081
1082 static void audio_capture(void *opaque, void *buf, int size)
1083 {
1084 VncState *vs = opaque;
1085
1086 vnc_lock_output(vs);
1087 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1088 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1089 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1090 vnc_write_u32(vs, size);
1091 vnc_write(vs, buf, size);
1092 vnc_unlock_output(vs);
1093 vnc_flush(vs);
1094 }
1095
1096 static void audio_add(VncState *vs)
1097 {
1098 struct audio_capture_ops ops;
1099
1100 if (vs->audio_cap) {
1101 error_report("audio already running");
1102 return;
1103 }
1104
1105 ops.notify = audio_capture_notify;
1106 ops.destroy = audio_capture_destroy;
1107 ops.capture = audio_capture;
1108
1109 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1110 if (!vs->audio_cap) {
1111 error_report("Failed to add audio capture");
1112 }
1113 }
1114
1115 static void audio_del(VncState *vs)
1116 {
1117 if (vs->audio_cap) {
1118 AUD_del_capture(vs->audio_cap, vs);
1119 vs->audio_cap = NULL;
1120 }
1121 }
1122
1123 static void vnc_disconnect_start(VncState *vs)
1124 {
1125 if (vs->disconnecting) {
1126 return;
1127 }
1128 trace_vnc_client_disconnect_start(vs, vs->ioc);
1129 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1130 if (vs->ioc_tag) {
1131 g_source_remove(vs->ioc_tag);
1132 vs->ioc_tag = 0;
1133 }
1134 qio_channel_close(vs->ioc, NULL);
1135 vs->disconnecting = TRUE;
1136 }
1137
1138 void vnc_disconnect_finish(VncState *vs)
1139 {
1140 int i;
1141
1142 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1143
1144 vnc_jobs_join(vs); /* Wait encoding jobs */
1145
1146 vnc_lock_output(vs);
1147 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1148
1149 buffer_free(&vs->input);
1150 buffer_free(&vs->output);
1151
1152 qapi_free_VncClientInfo(vs->info);
1153
1154 vnc_zlib_clear(vs);
1155 vnc_tight_clear(vs);
1156 vnc_zrle_clear(vs);
1157
1158 #ifdef CONFIG_VNC_SASL
1159 vnc_sasl_client_cleanup(vs);
1160 #endif /* CONFIG_VNC_SASL */
1161 audio_del(vs);
1162 vnc_release_modifiers(vs);
1163
1164 if (vs->mouse_mode_notifier.notify != NULL) {
1165 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1166 }
1167 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1168 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1169 /* last client gone */
1170 vnc_update_server_surface(vs->vd);
1171 }
1172
1173 vnc_unlock_output(vs);
1174
1175 qemu_mutex_destroy(&vs->output_mutex);
1176 if (vs->bh != NULL) {
1177 qemu_bh_delete(vs->bh);
1178 }
1179 buffer_free(&vs->jobs_buffer);
1180
1181 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1182 g_free(vs->lossy_rect[i]);
1183 }
1184 g_free(vs->lossy_rect);
1185
1186 object_unref(OBJECT(vs->ioc));
1187 vs->ioc = NULL;
1188 object_unref(OBJECT(vs->sioc));
1189 vs->sioc = NULL;
1190 g_free(vs);
1191 }
1192
1193 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1194 {
1195 if (ret <= 0) {
1196 if (ret == 0) {
1197 trace_vnc_client_eof(vs, vs->ioc);
1198 vnc_disconnect_start(vs);
1199 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1200 trace_vnc_client_io_error(vs, vs->ioc,
1201 errp ? error_get_pretty(*errp) :
1202 "Unknown");
1203 vnc_disconnect_start(vs);
1204 }
1205
1206 if (errp) {
1207 error_free(*errp);
1208 *errp = NULL;
1209 }
1210 return 0;
1211 }
1212 return ret;
1213 }
1214
1215
1216 void vnc_client_error(VncState *vs)
1217 {
1218 VNC_DEBUG("Closing down client sock: protocol error\n");
1219 vnc_disconnect_start(vs);
1220 }
1221
1222
1223 /*
1224 * Called to write a chunk of data to the client socket. The data may
1225 * be the raw data, or may have already been encoded by SASL.
1226 * The data will be written either straight onto the socket, or
1227 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1228 *
1229 * NB, it is theoretically possible to have 2 layers of encryption,
1230 * both SASL, and this TLS layer. It is highly unlikely in practice
1231 * though, since SASL encryption will typically be a no-op if TLS
1232 * is active
1233 *
1234 * Returns the number of bytes written, which may be less than
1235 * the requested 'datalen' if the socket would block. Returns
1236 * -1 on error, and disconnects the client socket.
1237 */
1238 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1239 {
1240 Error *err = NULL;
1241 ssize_t ret;
1242 ret = qio_channel_write(
1243 vs->ioc, (const char *)data, datalen, &err);
1244 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1245 return vnc_client_io_error(vs, ret, &err);
1246 }
1247
1248
1249 /*
1250 * Called to write buffered data to the client socket, when not
1251 * using any SASL SSF encryption layers. Will write as much data
1252 * as possible without blocking. If all buffered data is written,
1253 * will switch the FD poll() handler back to read monitoring.
1254 *
1255 * Returns the number of bytes written, which may be less than
1256 * the buffered output data if the socket would block. Returns
1257 * -1 on error, and disconnects the client socket.
1258 */
1259 static ssize_t vnc_client_write_plain(VncState *vs)
1260 {
1261 ssize_t ret;
1262
1263 #ifdef CONFIG_VNC_SASL
1264 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1265 vs->output.buffer, vs->output.capacity, vs->output.offset,
1266 vs->sasl.waitWriteSSF);
1267
1268 if (vs->sasl.conn &&
1269 vs->sasl.runSSF &&
1270 vs->sasl.waitWriteSSF) {
1271 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1272 if (ret)
1273 vs->sasl.waitWriteSSF -= ret;
1274 } else
1275 #endif /* CONFIG_VNC_SASL */
1276 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1277 if (!ret)
1278 return 0;
1279
1280 buffer_advance(&vs->output, ret);
1281
1282 if (vs->output.offset == 0) {
1283 if (vs->ioc_tag) {
1284 g_source_remove(vs->ioc_tag);
1285 }
1286 vs->ioc_tag = qio_channel_add_watch(
1287 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1288 }
1289
1290 return ret;
1291 }
1292
1293
1294 /*
1295 * First function called whenever there is data to be written to
1296 * the client socket. Will delegate actual work according to whether
1297 * SASL SSF layers are enabled (thus requiring encryption calls)
1298 */
1299 static void vnc_client_write_locked(VncState *vs)
1300 {
1301 #ifdef CONFIG_VNC_SASL
1302 if (vs->sasl.conn &&
1303 vs->sasl.runSSF &&
1304 !vs->sasl.waitWriteSSF) {
1305 vnc_client_write_sasl(vs);
1306 } else
1307 #endif /* CONFIG_VNC_SASL */
1308 {
1309 vnc_client_write_plain(vs);
1310 }
1311 }
1312
1313 static void vnc_client_write(VncState *vs)
1314 {
1315
1316 vnc_lock_output(vs);
1317 if (vs->output.offset) {
1318 vnc_client_write_locked(vs);
1319 } else if (vs->ioc != NULL) {
1320 if (vs->ioc_tag) {
1321 g_source_remove(vs->ioc_tag);
1322 }
1323 vs->ioc_tag = qio_channel_add_watch(
1324 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1325 }
1326 vnc_unlock_output(vs);
1327 }
1328
1329 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1330 {
1331 vs->read_handler = func;
1332 vs->read_handler_expect = expecting;
1333 }
1334
1335
1336 /*
1337 * Called to read a chunk of data from the client socket. The data may
1338 * be the raw data, or may need to be further decoded by SASL.
1339 * The data will be read either straight from to the socket, or
1340 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1341 *
1342 * NB, it is theoretically possible to have 2 layers of encryption,
1343 * both SASL, and this TLS layer. It is highly unlikely in practice
1344 * though, since SASL encryption will typically be a no-op if TLS
1345 * is active
1346 *
1347 * Returns the number of bytes read, which may be less than
1348 * the requested 'datalen' if the socket would block. Returns
1349 * -1 on error, and disconnects the client socket.
1350 */
1351 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1352 {
1353 ssize_t ret;
1354 Error *err = NULL;
1355 ret = qio_channel_read(
1356 vs->ioc, (char *)data, datalen, &err);
1357 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1358 return vnc_client_io_error(vs, ret, &err);
1359 }
1360
1361
1362 /*
1363 * Called to read data from the client socket to the input buffer,
1364 * when not using any SASL SSF encryption layers. Will read as much
1365 * data as possible without blocking.
1366 *
1367 * Returns the number of bytes read. Returns -1 on error, and
1368 * disconnects the client socket.
1369 */
1370 static ssize_t vnc_client_read_plain(VncState *vs)
1371 {
1372 ssize_t ret;
1373 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1374 vs->input.buffer, vs->input.capacity, vs->input.offset);
1375 buffer_reserve(&vs->input, 4096);
1376 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1377 if (!ret)
1378 return 0;
1379 vs->input.offset += ret;
1380 return ret;
1381 }
1382
1383 static void vnc_jobs_bh(void *opaque)
1384 {
1385 VncState *vs = opaque;
1386
1387 vnc_jobs_consume_buffer(vs);
1388 }
1389
1390 /*
1391 * First function called whenever there is more data to be read from
1392 * the client socket. Will delegate actual work according to whether
1393 * SASL SSF layers are enabled (thus requiring decryption calls)
1394 * Returns 0 on success, -1 if client disconnected
1395 */
1396 static int vnc_client_read(VncState *vs)
1397 {
1398 ssize_t ret;
1399
1400 #ifdef CONFIG_VNC_SASL
1401 if (vs->sasl.conn && vs->sasl.runSSF)
1402 ret = vnc_client_read_sasl(vs);
1403 else
1404 #endif /* CONFIG_VNC_SASL */
1405 ret = vnc_client_read_plain(vs);
1406 if (!ret) {
1407 if (vs->disconnecting) {
1408 vnc_disconnect_finish(vs);
1409 return -1;
1410 }
1411 return 0;
1412 }
1413
1414 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1415 size_t len = vs->read_handler_expect;
1416 int ret;
1417
1418 ret = vs->read_handler(vs, vs->input.buffer, len);
1419 if (vs->disconnecting) {
1420 vnc_disconnect_finish(vs);
1421 return -1;
1422 }
1423
1424 if (!ret) {
1425 buffer_advance(&vs->input, len);
1426 } else {
1427 vs->read_handler_expect = ret;
1428 }
1429 }
1430 return 0;
1431 }
1432
1433 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1434 GIOCondition condition, void *opaque)
1435 {
1436 VncState *vs = opaque;
1437 if (condition & G_IO_IN) {
1438 if (vnc_client_read(vs) < 0) {
1439 return TRUE;
1440 }
1441 }
1442 if (condition & G_IO_OUT) {
1443 vnc_client_write(vs);
1444 }
1445 return TRUE;
1446 }
1447
1448
1449 void vnc_write(VncState *vs, const void *data, size_t len)
1450 {
1451 buffer_reserve(&vs->output, len);
1452
1453 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1454 if (vs->ioc_tag) {
1455 g_source_remove(vs->ioc_tag);
1456 }
1457 vs->ioc_tag = qio_channel_add_watch(
1458 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1459 }
1460
1461 buffer_append(&vs->output, data, len);
1462 }
1463
1464 void vnc_write_s32(VncState *vs, int32_t value)
1465 {
1466 vnc_write_u32(vs, *(uint32_t *)&value);
1467 }
1468
1469 void vnc_write_u32(VncState *vs, uint32_t value)
1470 {
1471 uint8_t buf[4];
1472
1473 buf[0] = (value >> 24) & 0xFF;
1474 buf[1] = (value >> 16) & 0xFF;
1475 buf[2] = (value >> 8) & 0xFF;
1476 buf[3] = value & 0xFF;
1477
1478 vnc_write(vs, buf, 4);
1479 }
1480
1481 void vnc_write_u16(VncState *vs, uint16_t value)
1482 {
1483 uint8_t buf[2];
1484
1485 buf[0] = (value >> 8) & 0xFF;
1486 buf[1] = value & 0xFF;
1487
1488 vnc_write(vs, buf, 2);
1489 }
1490
1491 void vnc_write_u8(VncState *vs, uint8_t value)
1492 {
1493 vnc_write(vs, (char *)&value, 1);
1494 }
1495
1496 void vnc_flush(VncState *vs)
1497 {
1498 vnc_lock_output(vs);
1499 if (vs->ioc != NULL && vs->output.offset) {
1500 vnc_client_write_locked(vs);
1501 }
1502 vnc_unlock_output(vs);
1503 }
1504
1505 static uint8_t read_u8(uint8_t *data, size_t offset)
1506 {
1507 return data[offset];
1508 }
1509
1510 static uint16_t read_u16(uint8_t *data, size_t offset)
1511 {
1512 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1513 }
1514
1515 static int32_t read_s32(uint8_t *data, size_t offset)
1516 {
1517 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1518 (data[offset + 2] << 8) | data[offset + 3]);
1519 }
1520
1521 uint32_t read_u32(uint8_t *data, size_t offset)
1522 {
1523 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1524 (data[offset + 2] << 8) | data[offset + 3]);
1525 }
1526
1527 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1528 {
1529 }
1530
1531 static void check_pointer_type_change(Notifier *notifier, void *data)
1532 {
1533 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1534 int absolute = qemu_input_is_absolute();
1535
1536 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1537 vnc_lock_output(vs);
1538 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1539 vnc_write_u8(vs, 0);
1540 vnc_write_u16(vs, 1);
1541 vnc_framebuffer_update(vs, absolute, 0,
1542 pixman_image_get_width(vs->vd->server),
1543 pixman_image_get_height(vs->vd->server),
1544 VNC_ENCODING_POINTER_TYPE_CHANGE);
1545 vnc_unlock_output(vs);
1546 vnc_flush(vs);
1547 }
1548 vs->absolute = absolute;
1549 }
1550
1551 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1552 {
1553 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1554 [INPUT_BUTTON_LEFT] = 0x01,
1555 [INPUT_BUTTON_MIDDLE] = 0x02,
1556 [INPUT_BUTTON_RIGHT] = 0x04,
1557 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1558 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1559 };
1560 QemuConsole *con = vs->vd->dcl.con;
1561 int width = pixman_image_get_width(vs->vd->server);
1562 int height = pixman_image_get_height(vs->vd->server);
1563
1564 if (vs->last_bmask != button_mask) {
1565 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1566 vs->last_bmask = button_mask;
1567 }
1568
1569 if (vs->absolute) {
1570 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1571 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1572 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1573 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1574 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1575 } else {
1576 if (vs->last_x != -1) {
1577 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1578 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1579 }
1580 vs->last_x = x;
1581 vs->last_y = y;
1582 }
1583 qemu_input_event_sync();
1584 }
1585
1586 static void reset_keys(VncState *vs)
1587 {
1588 int i;
1589 for(i = 0; i < 256; i++) {
1590 if (vs->modifiers_state[i]) {
1591 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1592 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1593 vs->modifiers_state[i] = 0;
1594 }
1595 }
1596 }
1597
1598 static void press_key(VncState *vs, int keysym)
1599 {
1600 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1601 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1602 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1603 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1604 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1605 }
1606
1607 static void vnc_led_state_change(VncState *vs)
1608 {
1609 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1610 return;
1611 }
1612
1613 vnc_lock_output(vs);
1614 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1615 vnc_write_u8(vs, 0);
1616 vnc_write_u16(vs, 1);
1617 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1618 vnc_write_u8(vs, vs->vd->ledstate);
1619 vnc_unlock_output(vs);
1620 vnc_flush(vs);
1621 }
1622
1623 static void kbd_leds(void *opaque, int ledstate)
1624 {
1625 VncDisplay *vd = opaque;
1626 VncState *client;
1627
1628 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1629 (ledstate & QEMU_NUM_LOCK_LED),
1630 (ledstate & QEMU_SCROLL_LOCK_LED));
1631
1632 if (ledstate == vd->ledstate) {
1633 return;
1634 }
1635
1636 vd->ledstate = ledstate;
1637
1638 QTAILQ_FOREACH(client, &vd->clients, next) {
1639 vnc_led_state_change(client);
1640 }
1641 }
1642
1643 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1644 {
1645 /* QEMU console switch */
1646 switch(keycode) {
1647 case 0x2a: /* Left Shift */
1648 case 0x36: /* Right Shift */
1649 case 0x1d: /* Left CTRL */
1650 case 0x9d: /* Right CTRL */
1651 case 0x38: /* Left ALT */
1652 case 0xb8: /* Right ALT */
1653 if (down)
1654 vs->modifiers_state[keycode] = 1;
1655 else
1656 vs->modifiers_state[keycode] = 0;
1657 break;
1658 case 0x02 ... 0x0a: /* '1' to '9' keys */
1659 if (vs->vd->dcl.con == NULL &&
1660 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1661 /* Reset the modifiers sent to the current console */
1662 reset_keys(vs);
1663 console_select(keycode - 0x02);
1664 return;
1665 }
1666 break;
1667 case 0x3a: /* CapsLock */
1668 case 0x45: /* NumLock */
1669 if (down)
1670 vs->modifiers_state[keycode] ^= 1;
1671 break;
1672 }
1673
1674 /* Turn off the lock state sync logic if the client support the led
1675 state extension.
1676 */
1677 if (down && vs->vd->lock_key_sync &&
1678 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1679 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1680 /* If the numlock state needs to change then simulate an additional
1681 keypress before sending this one. This will happen if the user
1682 toggles numlock away from the VNC window.
1683 */
1684 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1685 if (!vs->modifiers_state[0x45]) {
1686 trace_vnc_key_sync_numlock(true);
1687 vs->modifiers_state[0x45] = 1;
1688 press_key(vs, 0xff7f);
1689 }
1690 } else {
1691 if (vs->modifiers_state[0x45]) {
1692 trace_vnc_key_sync_numlock(false);
1693 vs->modifiers_state[0x45] = 0;
1694 press_key(vs, 0xff7f);
1695 }
1696 }
1697 }
1698
1699 if (down && vs->vd->lock_key_sync &&
1700 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1701 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1702 /* If the capslock state needs to change then simulate an additional
1703 keypress before sending this one. This will happen if the user
1704 toggles capslock away from the VNC window.
1705 */
1706 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1707 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1708 int capslock = !!(vs->modifiers_state[0x3a]);
1709 if (capslock) {
1710 if (uppercase == shift) {
1711 trace_vnc_key_sync_capslock(false);
1712 vs->modifiers_state[0x3a] = 0;
1713 press_key(vs, 0xffe5);
1714 }
1715 } else {
1716 if (uppercase != shift) {
1717 trace_vnc_key_sync_capslock(true);
1718 vs->modifiers_state[0x3a] = 1;
1719 press_key(vs, 0xffe5);
1720 }
1721 }
1722 }
1723
1724 if (qemu_console_is_graphic(NULL)) {
1725 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1726 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1727 } else {
1728 bool numlock = vs->modifiers_state[0x45];
1729 bool control = (vs->modifiers_state[0x1d] ||
1730 vs->modifiers_state[0x9d]);
1731 /* QEMU console emulation */
1732 if (down) {
1733 switch (keycode) {
1734 case 0x2a: /* Left Shift */
1735 case 0x36: /* Right Shift */
1736 case 0x1d: /* Left CTRL */
1737 case 0x9d: /* Right CTRL */
1738 case 0x38: /* Left ALT */
1739 case 0xb8: /* Right ALT */
1740 break;
1741 case 0xc8:
1742 kbd_put_keysym(QEMU_KEY_UP);
1743 break;
1744 case 0xd0:
1745 kbd_put_keysym(QEMU_KEY_DOWN);
1746 break;
1747 case 0xcb:
1748 kbd_put_keysym(QEMU_KEY_LEFT);
1749 break;
1750 case 0xcd:
1751 kbd_put_keysym(QEMU_KEY_RIGHT);
1752 break;
1753 case 0xd3:
1754 kbd_put_keysym(QEMU_KEY_DELETE);
1755 break;
1756 case 0xc7:
1757 kbd_put_keysym(QEMU_KEY_HOME);
1758 break;
1759 case 0xcf:
1760 kbd_put_keysym(QEMU_KEY_END);
1761 break;
1762 case 0xc9:
1763 kbd_put_keysym(QEMU_KEY_PAGEUP);
1764 break;
1765 case 0xd1:
1766 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1767 break;
1768
1769 case 0x47:
1770 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1771 break;
1772 case 0x48:
1773 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1774 break;
1775 case 0x49:
1776 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1777 break;
1778 case 0x4b:
1779 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1780 break;
1781 case 0x4c:
1782 kbd_put_keysym('5');
1783 break;
1784 case 0x4d:
1785 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1786 break;
1787 case 0x4f:
1788 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1789 break;
1790 case 0x50:
1791 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1792 break;
1793 case 0x51:
1794 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1795 break;
1796 case 0x52:
1797 kbd_put_keysym('0');
1798 break;
1799 case 0x53:
1800 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1801 break;
1802
1803 case 0xb5:
1804 kbd_put_keysym('/');
1805 break;
1806 case 0x37:
1807 kbd_put_keysym('*');
1808 break;
1809 case 0x4a:
1810 kbd_put_keysym('-');
1811 break;
1812 case 0x4e:
1813 kbd_put_keysym('+');
1814 break;
1815 case 0x9c:
1816 kbd_put_keysym('\n');
1817 break;
1818
1819 default:
1820 if (control) {
1821 kbd_put_keysym(sym & 0x1f);
1822 } else {
1823 kbd_put_keysym(sym);
1824 }
1825 break;
1826 }
1827 }
1828 }
1829 }
1830
1831 static void vnc_release_modifiers(VncState *vs)
1832 {
1833 static const int keycodes[] = {
1834 /* shift, control, alt keys, both left & right */
1835 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1836 };
1837 int i, keycode;
1838
1839 if (!qemu_console_is_graphic(NULL)) {
1840 return;
1841 }
1842 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1843 keycode = keycodes[i];
1844 if (!vs->modifiers_state[keycode]) {
1845 continue;
1846 }
1847 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1848 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1849 }
1850 }
1851
1852 static const char *code2name(int keycode)
1853 {
1854 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
1855 }
1856
1857 static void key_event(VncState *vs, int down, uint32_t sym)
1858 {
1859 int keycode;
1860 int lsym = sym;
1861
1862 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1863 lsym = lsym - 'A' + 'a';
1864 }
1865
1866 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1867 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1868 do_key_event(vs, down, keycode, sym);
1869 }
1870
1871 static void ext_key_event(VncState *vs, int down,
1872 uint32_t sym, uint16_t keycode)
1873 {
1874 /* if the user specifies a keyboard layout, always use it */
1875 if (keyboard_layout) {
1876 key_event(vs, down, sym);
1877 } else {
1878 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1879 do_key_event(vs, down, keycode, sym);
1880 }
1881 }
1882
1883 static void framebuffer_update_request(VncState *vs, int incremental,
1884 int x, int y, int w, int h)
1885 {
1886 if (incremental) {
1887 if (vs->update != VNC_STATE_UPDATE_FORCE) {
1888 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
1889 }
1890 } else {
1891 vs->update = VNC_STATE_UPDATE_FORCE;
1892 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1893 }
1894 }
1895
1896 static void send_ext_key_event_ack(VncState *vs)
1897 {
1898 vnc_lock_output(vs);
1899 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1900 vnc_write_u8(vs, 0);
1901 vnc_write_u16(vs, 1);
1902 vnc_framebuffer_update(vs, 0, 0,
1903 pixman_image_get_width(vs->vd->server),
1904 pixman_image_get_height(vs->vd->server),
1905 VNC_ENCODING_EXT_KEY_EVENT);
1906 vnc_unlock_output(vs);
1907 vnc_flush(vs);
1908 }
1909
1910 static void send_ext_audio_ack(VncState *vs)
1911 {
1912 vnc_lock_output(vs);
1913 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1914 vnc_write_u8(vs, 0);
1915 vnc_write_u16(vs, 1);
1916 vnc_framebuffer_update(vs, 0, 0,
1917 pixman_image_get_width(vs->vd->server),
1918 pixman_image_get_height(vs->vd->server),
1919 VNC_ENCODING_AUDIO);
1920 vnc_unlock_output(vs);
1921 vnc_flush(vs);
1922 }
1923
1924 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1925 {
1926 int i;
1927 unsigned int enc = 0;
1928
1929 vs->features = 0;
1930 vs->vnc_encoding = 0;
1931 vs->tight.compression = 9;
1932 vs->tight.quality = -1; /* Lossless by default */
1933 vs->absolute = -1;
1934
1935 /*
1936 * Start from the end because the encodings are sent in order of preference.
1937 * This way the preferred encoding (first encoding defined in the array)
1938 * will be set at the end of the loop.
1939 */
1940 for (i = n_encodings - 1; i >= 0; i--) {
1941 enc = encodings[i];
1942 switch (enc) {
1943 case VNC_ENCODING_RAW:
1944 vs->vnc_encoding = enc;
1945 break;
1946 case VNC_ENCODING_COPYRECT:
1947 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1948 break;
1949 case VNC_ENCODING_HEXTILE:
1950 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1951 vs->vnc_encoding = enc;
1952 break;
1953 case VNC_ENCODING_TIGHT:
1954 vs->features |= VNC_FEATURE_TIGHT_MASK;
1955 vs->vnc_encoding = enc;
1956 break;
1957 #ifdef CONFIG_VNC_PNG
1958 case VNC_ENCODING_TIGHT_PNG:
1959 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1960 vs->vnc_encoding = enc;
1961 break;
1962 #endif
1963 case VNC_ENCODING_ZLIB:
1964 vs->features |= VNC_FEATURE_ZLIB_MASK;
1965 vs->vnc_encoding = enc;
1966 break;
1967 case VNC_ENCODING_ZRLE:
1968 vs->features |= VNC_FEATURE_ZRLE_MASK;
1969 vs->vnc_encoding = enc;
1970 break;
1971 case VNC_ENCODING_ZYWRLE:
1972 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1973 vs->vnc_encoding = enc;
1974 break;
1975 case VNC_ENCODING_DESKTOPRESIZE:
1976 vs->features |= VNC_FEATURE_RESIZE_MASK;
1977 break;
1978 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1979 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1980 break;
1981 case VNC_ENCODING_RICH_CURSOR:
1982 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1983 if (vs->vd->cursor) {
1984 vnc_cursor_define(vs);
1985 }
1986 break;
1987 case VNC_ENCODING_EXT_KEY_EVENT:
1988 send_ext_key_event_ack(vs);
1989 break;
1990 case VNC_ENCODING_AUDIO:
1991 send_ext_audio_ack(vs);
1992 break;
1993 case VNC_ENCODING_WMVi:
1994 vs->features |= VNC_FEATURE_WMVI_MASK;
1995 break;
1996 case VNC_ENCODING_LED_STATE:
1997 vs->features |= VNC_FEATURE_LED_STATE_MASK;
1998 break;
1999 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2000 vs->tight.compression = (enc & 0x0F);
2001 break;
2002 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2003 if (vs->vd->lossy) {
2004 vs->tight.quality = (enc & 0x0F);
2005 }
2006 break;
2007 default:
2008 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2009 break;
2010 }
2011 }
2012 vnc_desktop_resize(vs);
2013 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2014 vnc_led_state_change(vs);
2015 }
2016
2017 static void set_pixel_conversion(VncState *vs)
2018 {
2019 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2020
2021 if (fmt == VNC_SERVER_FB_FORMAT) {
2022 vs->write_pixels = vnc_write_pixels_copy;
2023 vnc_hextile_set_pixel_conversion(vs, 0);
2024 } else {
2025 vs->write_pixels = vnc_write_pixels_generic;
2026 vnc_hextile_set_pixel_conversion(vs, 1);
2027 }
2028 }
2029
2030 static void send_color_map(VncState *vs)
2031 {
2032 int i;
2033
2034 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2035 vnc_write_u8(vs, 0); /* padding */
2036 vnc_write_u16(vs, 0); /* first color */
2037 vnc_write_u16(vs, 256); /* # of colors */
2038
2039 for (i = 0; i < 256; i++) {
2040 PixelFormat *pf = &vs->client_pf;
2041
2042 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2043 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2044 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2045 }
2046 }
2047
2048 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2049 int big_endian_flag, int true_color_flag,
2050 int red_max, int green_max, int blue_max,
2051 int red_shift, int green_shift, int blue_shift)
2052 {
2053 if (!true_color_flag) {
2054 /* Expose a reasonable default 256 color map */
2055 bits_per_pixel = 8;
2056 red_max = 7;
2057 green_max = 7;
2058 blue_max = 3;
2059 red_shift = 0;
2060 green_shift = 3;
2061 blue_shift = 6;
2062 }
2063
2064 switch (bits_per_pixel) {
2065 case 8:
2066 case 16:
2067 case 32:
2068 break;
2069 default:
2070 vnc_client_error(vs);
2071 return;
2072 }
2073
2074 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2075 vs->client_pf.rbits = ctpopl(red_max);
2076 vs->client_pf.rshift = red_shift;
2077 vs->client_pf.rmask = red_max << red_shift;
2078 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2079 vs->client_pf.gbits = ctpopl(green_max);
2080 vs->client_pf.gshift = green_shift;
2081 vs->client_pf.gmask = green_max << green_shift;
2082 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2083 vs->client_pf.bbits = ctpopl(blue_max);
2084 vs->client_pf.bshift = blue_shift;
2085 vs->client_pf.bmask = blue_max << blue_shift;
2086 vs->client_pf.bits_per_pixel = bits_per_pixel;
2087 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2088 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2089 vs->client_be = big_endian_flag;
2090
2091 if (!true_color_flag) {
2092 send_color_map(vs);
2093 }
2094
2095 set_pixel_conversion(vs);
2096
2097 graphic_hw_invalidate(vs->vd->dcl.con);
2098 graphic_hw_update(vs->vd->dcl.con);
2099 }
2100
2101 static void pixel_format_message (VncState *vs) {
2102 char pad[3] = { 0, 0, 0 };
2103
2104 vs->client_pf = qemu_default_pixelformat(32);
2105
2106 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2107 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2108
2109 #ifdef HOST_WORDS_BIGENDIAN
2110 vnc_write_u8(vs, 1); /* big-endian-flag */
2111 #else
2112 vnc_write_u8(vs, 0); /* big-endian-flag */
2113 #endif
2114 vnc_write_u8(vs, 1); /* true-color-flag */
2115 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2116 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2117 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2118 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2119 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2120 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2121 vnc_write(vs, pad, 3); /* padding */
2122
2123 vnc_hextile_set_pixel_conversion(vs, 0);
2124 vs->write_pixels = vnc_write_pixels_copy;
2125 }
2126
2127 static void vnc_colordepth(VncState *vs)
2128 {
2129 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2130 /* Sending a WMVi message to notify the client*/
2131 vnc_lock_output(vs);
2132 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2133 vnc_write_u8(vs, 0);
2134 vnc_write_u16(vs, 1); /* number of rects */
2135 vnc_framebuffer_update(vs, 0, 0,
2136 pixman_image_get_width(vs->vd->server),
2137 pixman_image_get_height(vs->vd->server),
2138 VNC_ENCODING_WMVi);
2139 pixel_format_message(vs);
2140 vnc_unlock_output(vs);
2141 vnc_flush(vs);
2142 } else {
2143 set_pixel_conversion(vs);
2144 }
2145 }
2146
2147 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2148 {
2149 int i;
2150 uint16_t limit;
2151 VncDisplay *vd = vs->vd;
2152
2153 if (data[0] > 3) {
2154 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2155 }
2156
2157 switch (data[0]) {
2158 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2159 if (len == 1)
2160 return 20;
2161
2162 set_pixel_format(vs, read_u8(data, 4),
2163 read_u8(data, 6), read_u8(data, 7),
2164 read_u16(data, 8), read_u16(data, 10),
2165 read_u16(data, 12), read_u8(data, 14),
2166 read_u8(data, 15), read_u8(data, 16));
2167 break;
2168 case VNC_MSG_CLIENT_SET_ENCODINGS:
2169 if (len == 1)
2170 return 4;
2171
2172 if (len == 4) {
2173 limit = read_u16(data, 2);
2174 if (limit > 0)
2175 return 4 + (limit * 4);
2176 } else
2177 limit = read_u16(data, 2);
2178
2179 for (i = 0; i < limit; i++) {
2180 int32_t val = read_s32(data, 4 + (i * 4));
2181 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2182 }
2183
2184 set_encodings(vs, (int32_t *)(data + 4), limit);
2185 break;
2186 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2187 if (len == 1)
2188 return 10;
2189
2190 framebuffer_update_request(vs,
2191 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2192 read_u16(data, 6), read_u16(data, 8));
2193 break;
2194 case VNC_MSG_CLIENT_KEY_EVENT:
2195 if (len == 1)
2196 return 8;
2197
2198 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2199 break;
2200 case VNC_MSG_CLIENT_POINTER_EVENT:
2201 if (len == 1)
2202 return 6;
2203
2204 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2205 break;
2206 case VNC_MSG_CLIENT_CUT_TEXT:
2207 if (len == 1) {
2208 return 8;
2209 }
2210 if (len == 8) {
2211 uint32_t dlen = read_u32(data, 4);
2212 if (dlen > (1 << 20)) {
2213 error_report("vnc: client_cut_text msg payload has %u bytes"
2214 " which exceeds our limit of 1MB.", dlen);
2215 vnc_client_error(vs);
2216 break;
2217 }
2218 if (dlen > 0) {
2219 return 8 + dlen;
2220 }
2221 }
2222
2223 client_cut_text(vs, read_u32(data, 4), data + 8);
2224 break;
2225 case VNC_MSG_CLIENT_QEMU:
2226 if (len == 1)
2227 return 2;
2228
2229 switch (read_u8(data, 1)) {
2230 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2231 if (len == 2)
2232 return 12;
2233
2234 ext_key_event(vs, read_u16(data, 2),
2235 read_u32(data, 4), read_u32(data, 8));
2236 break;
2237 case VNC_MSG_CLIENT_QEMU_AUDIO:
2238 if (len == 2)
2239 return 4;
2240
2241 switch (read_u16 (data, 2)) {
2242 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2243 audio_add(vs);
2244 break;
2245 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2246 audio_del(vs);
2247 break;
2248 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2249 if (len == 4)
2250 return 10;
2251 switch (read_u8(data, 4)) {
2252 case 0: vs->as.fmt = AUD_FMT_U8; break;
2253 case 1: vs->as.fmt = AUD_FMT_S8; break;
2254 case 2: vs->as.fmt = AUD_FMT_U16; break;
2255 case 3: vs->as.fmt = AUD_FMT_S16; break;
2256 case 4: vs->as.fmt = AUD_FMT_U32; break;
2257 case 5: vs->as.fmt = AUD_FMT_S32; break;
2258 default:
2259 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2260 vnc_client_error(vs);
2261 break;
2262 }
2263 vs->as.nchannels = read_u8(data, 5);
2264 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2265 VNC_DEBUG("Invalid audio channel count %d\n",
2266 read_u8(data, 5));
2267 vnc_client_error(vs);
2268 break;
2269 }
2270 vs->as.freq = read_u32(data, 6);
2271 break;
2272 default:
2273 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2274 vnc_client_error(vs);
2275 break;
2276 }
2277 break;
2278
2279 default:
2280 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2281 vnc_client_error(vs);
2282 break;
2283 }
2284 break;
2285 default:
2286 VNC_DEBUG("Msg: %d\n", data[0]);
2287 vnc_client_error(vs);
2288 break;
2289 }
2290
2291 vnc_read_when(vs, protocol_client_msg, 1);
2292 return 0;
2293 }
2294
2295 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2296 {
2297 char buf[1024];
2298 VncShareMode mode;
2299 int size;
2300
2301 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2302 switch (vs->vd->share_policy) {
2303 case VNC_SHARE_POLICY_IGNORE:
2304 /*
2305 * Ignore the shared flag. Nothing to do here.
2306 *
2307 * Doesn't conform to the rfb spec but is traditional qemu
2308 * behavior, thus left here as option for compatibility
2309 * reasons.
2310 */
2311 break;
2312 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2313 /*
2314 * Policy: Allow clients ask for exclusive access.
2315 *
2316 * Implementation: When a client asks for exclusive access,
2317 * disconnect all others. Shared connects are allowed as long
2318 * as no exclusive connection exists.
2319 *
2320 * This is how the rfb spec suggests to handle the shared flag.
2321 */
2322 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2323 VncState *client;
2324 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2325 if (vs == client) {
2326 continue;
2327 }
2328 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2329 client->share_mode != VNC_SHARE_MODE_SHARED) {
2330 continue;
2331 }
2332 vnc_disconnect_start(client);
2333 }
2334 }
2335 if (mode == VNC_SHARE_MODE_SHARED) {
2336 if (vs->vd->num_exclusive > 0) {
2337 vnc_disconnect_start(vs);
2338 return 0;
2339 }
2340 }
2341 break;
2342 case VNC_SHARE_POLICY_FORCE_SHARED:
2343 /*
2344 * Policy: Shared connects only.
2345 * Implementation: Disallow clients asking for exclusive access.
2346 *
2347 * Useful for shared desktop sessions where you don't want
2348 * someone forgetting to say -shared when running the vnc
2349 * client disconnect everybody else.
2350 */
2351 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2352 vnc_disconnect_start(vs);
2353 return 0;
2354 }
2355 break;
2356 }
2357 vnc_set_share_mode(vs, mode);
2358
2359 if (vs->vd->num_shared > vs->vd->connections_limit) {
2360 vnc_disconnect_start(vs);
2361 return 0;
2362 }
2363
2364 vs->client_width = pixman_image_get_width(vs->vd->server);
2365 vs->client_height = pixman_image_get_height(vs->vd->server);
2366 vnc_write_u16(vs, vs->client_width);
2367 vnc_write_u16(vs, vs->client_height);
2368
2369 pixel_format_message(vs);
2370
2371 if (qemu_name) {
2372 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2373 if (size > sizeof(buf)) {
2374 size = sizeof(buf);
2375 }
2376 } else {
2377 size = snprintf(buf, sizeof(buf), "QEMU");
2378 }
2379
2380 vnc_write_u32(vs, size);
2381 vnc_write(vs, buf, size);
2382 vnc_flush(vs);
2383
2384 vnc_client_cache_auth(vs);
2385 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2386
2387 vnc_read_when(vs, protocol_client_msg, 1);
2388
2389 return 0;
2390 }
2391
2392 void start_client_init(VncState *vs)
2393 {
2394 vnc_read_when(vs, protocol_client_init, 1);
2395 }
2396
2397 static void make_challenge(VncState *vs)
2398 {
2399 int i;
2400
2401 srand(time(NULL)+getpid()+getpid()*987654+rand());
2402
2403 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2404 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2405 }
2406
2407 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2408 {
2409 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2410 size_t i, pwlen;
2411 unsigned char key[8];
2412 time_t now = time(NULL);
2413 QCryptoCipher *cipher = NULL;
2414 Error *err = NULL;
2415
2416 if (!vs->vd->password) {
2417 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2418 goto reject;
2419 }
2420 if (vs->vd->expires < now) {
2421 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2422 goto reject;
2423 }
2424
2425 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2426
2427 /* Calculate the expected challenge response */
2428 pwlen = strlen(vs->vd->password);
2429 for (i=0; i<sizeof(key); i++)
2430 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2431
2432 cipher = qcrypto_cipher_new(
2433 QCRYPTO_CIPHER_ALG_DES_RFB,
2434 QCRYPTO_CIPHER_MODE_ECB,
2435 key, G_N_ELEMENTS(key),
2436 &err);
2437 if (!cipher) {
2438 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2439 error_get_pretty(err));
2440 error_free(err);
2441 goto reject;
2442 }
2443
2444 if (qcrypto_cipher_encrypt(cipher,
2445 vs->challenge,
2446 response,
2447 VNC_AUTH_CHALLENGE_SIZE,
2448 &err) < 0) {
2449 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2450 error_get_pretty(err));
2451 error_free(err);
2452 goto reject;
2453 }
2454
2455 /* Compare expected vs actual challenge response */
2456 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2457 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2458 goto reject;
2459 } else {
2460 trace_vnc_auth_pass(vs, vs->auth);
2461 vnc_write_u32(vs, 0); /* Accept auth */
2462 vnc_flush(vs);
2463
2464 start_client_init(vs);
2465 }
2466
2467 qcrypto_cipher_free(cipher);
2468 return 0;
2469
2470 reject:
2471 vnc_write_u32(vs, 1); /* Reject auth */
2472 if (vs->minor >= 8) {
2473 static const char err[] = "Authentication failed";
2474 vnc_write_u32(vs, sizeof(err));
2475 vnc_write(vs, err, sizeof(err));
2476 }
2477 vnc_flush(vs);
2478 vnc_client_error(vs);
2479 qcrypto_cipher_free(cipher);
2480 return 0;
2481 }
2482
2483 void start_auth_vnc(VncState *vs)
2484 {
2485 make_challenge(vs);
2486 /* Send client a 'random' challenge */
2487 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2488 vnc_flush(vs);
2489
2490 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2491 }
2492
2493
2494 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2495 {
2496 /* We only advertise 1 auth scheme at a time, so client
2497 * must pick the one we sent. Verify this */
2498 if (data[0] != vs->auth) { /* Reject auth */
2499 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2500 vnc_write_u32(vs, 1);
2501 if (vs->minor >= 8) {
2502 static const char err[] = "Authentication failed";
2503 vnc_write_u32(vs, sizeof(err));
2504 vnc_write(vs, err, sizeof(err));
2505 }
2506 vnc_client_error(vs);
2507 } else { /* Accept requested auth */
2508 trace_vnc_auth_start(vs, vs->auth);
2509 switch (vs->auth) {
2510 case VNC_AUTH_NONE:
2511 if (vs->minor >= 8) {
2512 vnc_write_u32(vs, 0); /* Accept auth completion */
2513 vnc_flush(vs);
2514 }
2515 trace_vnc_auth_pass(vs, vs->auth);
2516 start_client_init(vs);
2517 break;
2518
2519 case VNC_AUTH_VNC:
2520 start_auth_vnc(vs);
2521 break;
2522
2523 case VNC_AUTH_VENCRYPT:
2524 start_auth_vencrypt(vs);
2525 break;
2526
2527 #ifdef CONFIG_VNC_SASL
2528 case VNC_AUTH_SASL:
2529 start_auth_sasl(vs);
2530 break;
2531 #endif /* CONFIG_VNC_SASL */
2532
2533 default: /* Should not be possible, but just in case */
2534 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2535 vnc_write_u8(vs, 1);
2536 if (vs->minor >= 8) {
2537 static const char err[] = "Authentication failed";
2538 vnc_write_u32(vs, sizeof(err));
2539 vnc_write(vs, err, sizeof(err));
2540 }
2541 vnc_client_error(vs);
2542 }
2543 }
2544 return 0;
2545 }
2546
2547 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2548 {
2549 char local[13];
2550
2551 memcpy(local, version, 12);
2552 local[12] = 0;
2553
2554 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2555 VNC_DEBUG("Malformed protocol version %s\n", local);
2556 vnc_client_error(vs);
2557 return 0;
2558 }
2559 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2560 if (vs->major != 3 ||
2561 (vs->minor != 3 &&
2562 vs->minor != 4 &&
2563 vs->minor != 5 &&
2564 vs->minor != 7 &&
2565 vs->minor != 8)) {
2566 VNC_DEBUG("Unsupported client version\n");
2567 vnc_write_u32(vs, VNC_AUTH_INVALID);
2568 vnc_flush(vs);
2569 vnc_client_error(vs);
2570 return 0;
2571 }
2572 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2573 * as equivalent to v3.3 by servers
2574 */
2575 if (vs->minor == 4 || vs->minor == 5)
2576 vs->minor = 3;
2577
2578 if (vs->minor == 3) {
2579 trace_vnc_auth_start(vs, vs->auth);
2580 if (vs->auth == VNC_AUTH_NONE) {
2581 vnc_write_u32(vs, vs->auth);
2582 vnc_flush(vs);
2583 trace_vnc_auth_pass(vs, vs->auth);
2584 start_client_init(vs);
2585 } else if (vs->auth == VNC_AUTH_VNC) {
2586 VNC_DEBUG("Tell client VNC auth\n");
2587 vnc_write_u32(vs, vs->auth);
2588 vnc_flush(vs);
2589 start_auth_vnc(vs);
2590 } else {
2591 trace_vnc_auth_fail(vs, vs->auth,
2592 "Unsupported auth method for v3.3", "");
2593 vnc_write_u32(vs, VNC_AUTH_INVALID);
2594 vnc_flush(vs);
2595 vnc_client_error(vs);
2596 }
2597 } else {
2598 vnc_write_u8(vs, 1); /* num auth */
2599 vnc_write_u8(vs, vs->auth);
2600 vnc_read_when(vs, protocol_client_auth, 1);
2601 vnc_flush(vs);
2602 }
2603
2604 return 0;
2605 }
2606
2607 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2608 {
2609 struct VncSurface *vs = &vd->guest;
2610
2611 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2612 }
2613
2614 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2615 {
2616 int i, j;
2617
2618 w = (x + w) / VNC_STAT_RECT;
2619 h = (y + h) / VNC_STAT_RECT;
2620 x /= VNC_STAT_RECT;
2621 y /= VNC_STAT_RECT;
2622
2623 for (j = y; j <= h; j++) {
2624 for (i = x; i <= w; i++) {
2625 vs->lossy_rect[j][i] = 1;
2626 }
2627 }
2628 }
2629
2630 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2631 {
2632 VncState *vs;
2633 int sty = y / VNC_STAT_RECT;
2634 int stx = x / VNC_STAT_RECT;
2635 int has_dirty = 0;
2636
2637 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2638 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2639
2640 QTAILQ_FOREACH(vs, &vd->clients, next) {
2641 int j;
2642
2643 /* kernel send buffers are full -> refresh later */
2644 if (vs->output.offset) {
2645 continue;
2646 }
2647
2648 if (!vs->lossy_rect[sty][stx]) {
2649 continue;
2650 }
2651
2652 vs->lossy_rect[sty][stx] = 0;
2653 for (j = 0; j < VNC_STAT_RECT; ++j) {
2654 bitmap_set(vs->dirty[y + j],
2655 x / VNC_DIRTY_PIXELS_PER_BIT,
2656 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2657 }
2658 has_dirty++;
2659 }
2660
2661 return has_dirty;
2662 }
2663
2664 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2665 {
2666 int width = MIN(pixman_image_get_width(vd->guest.fb),
2667 pixman_image_get_width(vd->server));
2668 int height = MIN(pixman_image_get_height(vd->guest.fb),
2669 pixman_image_get_height(vd->server));
2670 int x, y;
2671 struct timeval res;
2672 int has_dirty = 0;
2673
2674 for (y = 0; y < height; y += VNC_STAT_RECT) {
2675 for (x = 0; x < width; x += VNC_STAT_RECT) {
2676 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2677
2678 rect->updated = false;
2679 }
2680 }
2681
2682 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2683
2684 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2685 return has_dirty;
2686 }
2687 vd->guest.last_freq_check = *tv;
2688
2689 for (y = 0; y < height; y += VNC_STAT_RECT) {
2690 for (x = 0; x < width; x += VNC_STAT_RECT) {
2691 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2692 int count = ARRAY_SIZE(rect->times);
2693 struct timeval min, max;
2694
2695 if (!timerisset(&rect->times[count - 1])) {
2696 continue ;
2697 }
2698
2699 max = rect->times[(rect->idx + count - 1) % count];
2700 qemu_timersub(tv, &max, &res);
2701
2702 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2703 rect->freq = 0;
2704 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2705 memset(rect->times, 0, sizeof (rect->times));
2706 continue ;
2707 }
2708
2709 min = rect->times[rect->idx];
2710 max = rect->times[(rect->idx + count - 1) % count];
2711 qemu_timersub(&max, &min, &res);
2712
2713 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2714 rect->freq /= count;
2715 rect->freq = 1. / rect->freq;
2716 }
2717 }
2718 return has_dirty;
2719 }
2720
2721 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2722 {
2723 int i, j;
2724 double total = 0;
2725 int num = 0;
2726
2727 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2728 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2729
2730 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2731 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2732 total += vnc_stat_rect(vs->vd, i, j)->freq;
2733 num++;
2734 }
2735 }
2736
2737 if (num) {
2738 return total / num;
2739 } else {
2740 return 0;
2741 }
2742 }
2743
2744 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2745 {
2746 VncRectStat *rect;
2747
2748 rect = vnc_stat_rect(vd, x, y);
2749 if (rect->updated) {
2750 return ;
2751 }
2752 rect->times[rect->idx] = *tv;
2753 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2754 rect->updated = true;
2755 }
2756
2757 static int vnc_refresh_server_surface(VncDisplay *vd)
2758 {
2759 int width = MIN(pixman_image_get_width(vd->guest.fb),
2760 pixman_image_get_width(vd->server));
2761 int height = MIN(pixman_image_get_height(vd->guest.fb),
2762 pixman_image_get_height(vd->server));
2763 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2764 uint8_t *guest_row0 = NULL, *server_row0;
2765 VncState *vs;
2766 int has_dirty = 0;
2767 pixman_image_t *tmpbuf = NULL;
2768
2769 struct timeval tv = { 0, 0 };
2770
2771 if (!vd->non_adaptive) {
2772 gettimeofday(&tv, NULL);
2773 has_dirty = vnc_update_stats(vd, &tv);
2774 }
2775
2776 /*
2777 * Walk through the guest dirty map.
2778 * Check and copy modified bits from guest to server surface.
2779 * Update server dirty map.
2780 */
2781 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2782 server_stride = guest_stride = guest_ll =
2783 pixman_image_get_stride(vd->server);
2784 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2785 server_stride);
2786 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2787 int width = pixman_image_get_width(vd->server);
2788 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2789 } else {
2790 int guest_bpp =
2791 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2792 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2793 guest_stride = pixman_image_get_stride(vd->guest.fb);
2794 guest_ll = pixman_image_get_width(vd->guest.fb) * (DIV_ROUND_UP(guest_bpp, 8));
2795 }
2796 line_bytes = MIN(server_stride, guest_ll);
2797
2798 for (;;) {
2799 int x;
2800 uint8_t *guest_ptr, *server_ptr;
2801 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2802 height * VNC_DIRTY_BPL(&vd->guest),
2803 y * VNC_DIRTY_BPL(&vd->guest));
2804 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2805 /* no more dirty bits */
2806 break;
2807 }
2808 y = offset / VNC_DIRTY_BPL(&vd->guest);
2809 x = offset % VNC_DIRTY_BPL(&vd->guest);
2810
2811 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2812
2813 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2814 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2815 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2816 } else {
2817 guest_ptr = guest_row0 + y * guest_stride;
2818 }
2819 guest_ptr += x * cmp_bytes;
2820
2821 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2822 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2823 int _cmp_bytes = cmp_bytes;
2824 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2825 continue;
2826 }
2827 if ((x + 1) * cmp_bytes > line_bytes) {
2828 _cmp_bytes = line_bytes - x * cmp_bytes;
2829 }
2830 assert(_cmp_bytes >= 0);
2831 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2832 continue;
2833 }
2834 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2835 if (!vd->non_adaptive) {
2836 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2837 y, &tv);
2838 }
2839 QTAILQ_FOREACH(vs, &vd->clients, next) {
2840 set_bit(x, vs->dirty[y]);
2841 }
2842 has_dirty++;
2843 }
2844
2845 y++;
2846 }
2847 qemu_pixman_image_unref(tmpbuf);
2848 return has_dirty;
2849 }
2850
2851 static void vnc_refresh(DisplayChangeListener *dcl)
2852 {
2853 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2854 VncState *vs, *vn;
2855 int has_dirty, rects = 0;
2856
2857 if (QTAILQ_EMPTY(&vd->clients)) {
2858 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2859 return;
2860 }
2861
2862 graphic_hw_update(vd->dcl.con);
2863
2864 if (vnc_trylock_display(vd)) {
2865 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2866 return;
2867 }
2868
2869 has_dirty = vnc_refresh_server_surface(vd);
2870 vnc_unlock_display(vd);
2871
2872 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2873 rects += vnc_update_client(vs, has_dirty);
2874 /* vs might be free()ed here */
2875 }
2876
2877 if (has_dirty && rects) {
2878 vd->dcl.update_interval /= 2;
2879 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2880 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2881 }
2882 } else {
2883 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2884 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2885 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2886 }
2887 }
2888 }
2889
2890 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2891 bool skipauth, bool websocket)
2892 {
2893 VncState *vs = g_new0(VncState, 1);
2894 bool first_client = QTAILQ_EMPTY(&vd->clients);
2895 int i;
2896
2897 trace_vnc_client_connect(vs, sioc);
2898 vs->sioc = sioc;
2899 object_ref(OBJECT(vs->sioc));
2900 vs->ioc = QIO_CHANNEL(sioc);
2901 object_ref(OBJECT(vs->ioc));
2902 vs->vd = vd;
2903
2904 buffer_init(&vs->input, "vnc-input/%p", sioc);
2905 buffer_init(&vs->output, "vnc-output/%p", sioc);
2906 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2907
2908 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2909 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2910 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2911 #ifdef CONFIG_VNC_JPEG
2912 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2913 #endif
2914 #ifdef CONFIG_VNC_PNG
2915 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2916 #endif
2917 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2918 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
2919 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
2920 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
2921
2922 if (skipauth) {
2923 vs->auth = VNC_AUTH_NONE;
2924 vs->subauth = VNC_AUTH_INVALID;
2925 } else {
2926 if (websocket) {
2927 vs->auth = vd->ws_auth;
2928 vs->subauth = VNC_AUTH_INVALID;
2929 } else {
2930 vs->auth = vd->auth;
2931 vs->subauth = vd->subauth;
2932 }
2933 }
2934 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
2935 sioc, websocket, vs->auth, vs->subauth);
2936
2937 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2938 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2939 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
2940 }
2941
2942 VNC_DEBUG("New client on socket %p\n", vs->sioc);
2943 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2944 qio_channel_set_blocking(vs->ioc, false, NULL);
2945 if (vs->ioc_tag) {
2946 g_source_remove(vs->ioc_tag);
2947 }
2948 if (websocket) {
2949 vs->websocket = 1;
2950 if (vd->tlscreds) {
2951 vs->ioc_tag = qio_channel_add_watch(
2952 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
2953 } else {
2954 vs->ioc_tag = qio_channel_add_watch(
2955 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
2956 }
2957 } else {
2958 vs->ioc_tag = qio_channel_add_watch(
2959 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
2960 }
2961
2962 vnc_client_cache_addr(vs);
2963 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
2964 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2965
2966 vs->last_x = -1;
2967 vs->last_y = -1;
2968
2969 vs->as.freq = 44100;
2970 vs->as.nchannels = 2;
2971 vs->as.fmt = AUD_FMT_S16;
2972 vs->as.endianness = 0;
2973
2974 qemu_mutex_init(&vs->output_mutex);
2975 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2976
2977 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
2978 if (first_client) {
2979 vnc_update_server_surface(vd);
2980 }
2981
2982 graphic_hw_update(vd->dcl.con);
2983
2984 if (!vs->websocket) {
2985 vnc_start_protocol(vs);
2986 }
2987
2988 if (vd->num_connecting > vd->connections_limit) {
2989 QTAILQ_FOREACH(vs, &vd->clients, next) {
2990 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
2991 vnc_disconnect_start(vs);
2992 return;
2993 }
2994 }
2995 }
2996 }
2997
2998 void vnc_start_protocol(VncState *vs)
2999 {
3000 vnc_write(vs, "RFB 003.008\n", 12);
3001 vnc_flush(vs);
3002 vnc_read_when(vs, protocol_version, 12);
3003
3004 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3005 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3006 }
3007
3008 static gboolean vnc_listen_io(QIOChannel *ioc,
3009 GIOCondition condition,
3010 void *opaque)
3011 {
3012 VncDisplay *vd = opaque;
3013 QIOChannelSocket *sioc = NULL;
3014 Error *err = NULL;
3015 bool isWebsock = false;
3016 size_t i;
3017
3018 for (i = 0; i < vd->nlwebsock; i++) {
3019 if (ioc == QIO_CHANNEL(vd->lwebsock[i])) {
3020 isWebsock = true;
3021 break;
3022 }
3023 }
3024
3025 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3026 if (sioc != NULL) {
3027 qio_channel_set_name(QIO_CHANNEL(sioc),
3028 isWebsock ? "vnc-ws-server" : "vnc-server");
3029 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3030 vnc_connect(vd, sioc, false, isWebsock);
3031 object_unref(OBJECT(sioc));
3032 } else {
3033 /* client probably closed connection before we got there */
3034 error_free(err);
3035 }
3036
3037 return TRUE;
3038 }
3039
3040 static const DisplayChangeListenerOps dcl_ops = {
3041 .dpy_name = "vnc",
3042 .dpy_refresh = vnc_refresh,
3043 .dpy_gfx_update = vnc_dpy_update,
3044 .dpy_gfx_switch = vnc_dpy_switch,
3045 .dpy_gfx_check_format = qemu_pixman_check_format,
3046 .dpy_mouse_set = vnc_mouse_set,
3047 .dpy_cursor_define = vnc_dpy_cursor_define,
3048 };
3049
3050 void vnc_display_init(const char *id)
3051 {
3052 VncDisplay *vd;
3053
3054 if (vnc_display_find(id) != NULL) {
3055 return;
3056 }
3057 vd = g_malloc0(sizeof(*vd));
3058
3059 vd->id = strdup(id);
3060 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3061
3062 QTAILQ_INIT(&vd->clients);
3063 vd->expires = TIME_MAX;
3064
3065 if (keyboard_layout) {
3066 trace_vnc_key_map_init(keyboard_layout);
3067 vd->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3068 } else {
3069 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3070 }
3071
3072 if (!vd->kbd_layout) {
3073 exit(1);
3074 }
3075
3076 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3077 vd->connections_limit = 32;
3078
3079 qemu_mutex_init(&vd->mutex);
3080 vnc_start_worker_thread();
3081
3082 vd->dcl.ops = &dcl_ops;
3083 register_displaychangelistener(&vd->dcl);
3084 }
3085
3086
3087 static void vnc_display_close(VncDisplay *vd)
3088 {
3089 size_t i;
3090 if (!vd) {
3091 return;
3092 }
3093 vd->is_unix = false;
3094 for (i = 0; i < vd->nlsock; i++) {
3095 if (vd->lsock_tag[i]) {
3096 g_source_remove(vd->lsock_tag[i]);
3097 }
3098 object_unref(OBJECT(vd->lsock[i]));
3099 }
3100 g_free(vd->lsock);
3101 g_free(vd->lsock_tag);
3102 vd->lsock = NULL;
3103 vd->lsock_tag = NULL;
3104 vd->nlsock = 0;
3105
3106 for (i = 0; i < vd->nlwebsock; i++) {
3107 if (vd->lwebsock_tag[i]) {
3108 g_source_remove(vd->lwebsock_tag[i]);
3109 }
3110 object_unref(OBJECT(vd->lwebsock[i]));
3111 }
3112 g_free(vd->lwebsock);
3113 g_free(vd->lwebsock_tag);
3114 vd->lwebsock = NULL;
3115 vd->lwebsock_tag = NULL;
3116 vd->nlwebsock = 0;
3117
3118 vd->auth = VNC_AUTH_INVALID;
3119 vd->subauth = VNC_AUTH_INVALID;
3120 if (vd->tlscreds) {
3121 object_unparent(OBJECT(vd->tlscreds));
3122 vd->tlscreds = NULL;
3123 }
3124 g_free(vd->tlsaclname);
3125 vd->tlsaclname = NULL;
3126 if (vd->lock_key_sync) {
3127 qemu_remove_led_event_handler(vd->led);
3128 vd->led = NULL;
3129 }
3130 }
3131
3132 int vnc_display_password(const char *id, const char *password)
3133 {
3134 VncDisplay *vd = vnc_display_find(id);
3135
3136 if (!vd) {
3137 return -EINVAL;
3138 }
3139 if (vd->auth == VNC_AUTH_NONE) {
3140 error_printf_unless_qmp("If you want use passwords please enable "
3141 "password auth using '-vnc ${dpy},password'.\n");
3142 return -EINVAL;
3143 }
3144
3145 g_free(vd->password);
3146 vd->password = g_strdup(password);
3147
3148 return 0;
3149 }
3150
3151 int vnc_display_pw_expire(const char *id, time_t expires)
3152 {
3153 VncDisplay *vd = vnc_display_find(id);
3154
3155 if (!vd) {
3156 return -EINVAL;
3157 }
3158
3159 vd->expires = expires;
3160 return 0;
3161 }
3162
3163 static void vnc_display_print_local_addr(VncDisplay *vd)
3164 {
3165 SocketAddress *addr;
3166 Error *err = NULL;
3167
3168 if (!vd->nlsock) {
3169 return;
3170 }
3171
3172 addr = qio_channel_socket_get_local_address(vd->lsock[0], &err);
3173 if (!addr) {
3174 return;
3175 }
3176
3177 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3178 qapi_free_SocketAddress(addr);
3179 return;
3180 }
3181 error_printf_unless_qmp("VNC server running on %s:%s\n",
3182 addr->u.inet.host,
3183 addr->u.inet.port);
3184 qapi_free_SocketAddress(addr);
3185 }
3186
3187 static QemuOptsList qemu_vnc_opts = {
3188 .name = "vnc",
3189 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3190 .implied_opt_name = "vnc",
3191 .desc = {
3192 {
3193 .name = "vnc",
3194 .type = QEMU_OPT_STRING,
3195 },{
3196 .name = "websocket",
3197 .type = QEMU_OPT_STRING,
3198 },{
3199 .name = "tls-creds",
3200 .type = QEMU_OPT_STRING,
3201 },{
3202 /* Deprecated in favour of tls-creds */
3203 .name = "x509",
3204 .type = QEMU_OPT_STRING,
3205 },{
3206 .name = "share",
3207 .type = QEMU_OPT_STRING,
3208 },{
3209 .name = "display",
3210 .type = QEMU_OPT_STRING,
3211 },{
3212 .name = "head",
3213 .type = QEMU_OPT_NUMBER,
3214 },{
3215 .name = "connections",
3216 .type = QEMU_OPT_NUMBER,
3217 },{
3218 .name = "to",
3219 .type = QEMU_OPT_NUMBER,
3220 },{
3221 .name = "ipv4",
3222 .type = QEMU_OPT_BOOL,
3223 },{
3224 .name = "ipv6",
3225 .type = QEMU_OPT_BOOL,
3226 },{
3227 .name = "password",
3228 .type = QEMU_OPT_BOOL,
3229 },{
3230 .name = "reverse",
3231 .type = QEMU_OPT_BOOL,
3232 },{
3233 .name = "lock-key-sync",
3234 .type = QEMU_OPT_BOOL,
3235 },{
3236 .name = "key-delay-ms",
3237 .type = QEMU_OPT_NUMBER,
3238 },{
3239 .name = "sasl",
3240 .type = QEMU_OPT_BOOL,
3241 },{
3242 /* Deprecated in favour of tls-creds */
3243 .name = "tls",
3244 .type = QEMU_OPT_BOOL,
3245 },{
3246 /* Deprecated in favour of tls-creds */
3247 .name = "x509verify",
3248 .type = QEMU_OPT_STRING,
3249 },{
3250 .name = "acl",
3251 .type = QEMU_OPT_BOOL,
3252 },{
3253 .name = "lossy",
3254 .type = QEMU_OPT_BOOL,
3255 },{
3256 .name = "non-adaptive",
3257 .type = QEMU_OPT_BOOL,
3258 },
3259 { /* end of list */ }
3260 },
3261 };
3262
3263
3264 static int
3265 vnc_display_setup_auth(int *auth,
3266 int *subauth,
3267 QCryptoTLSCreds *tlscreds,
3268 bool password,
3269 bool sasl,
3270 bool websocket,
3271 Error **errp)
3272 {
3273 /*
3274 * We have a choice of 3 authentication options
3275 *
3276 * 1. none
3277 * 2. vnc
3278 * 3. sasl
3279 *
3280 * The channel can be run in 2 modes
3281 *
3282 * 1. clear
3283 * 2. tls
3284 *
3285 * And TLS can use 2 types of credentials
3286 *
3287 * 1. anon
3288 * 2. x509
3289 *
3290 * We thus have 9 possible logical combinations
3291 *
3292 * 1. clear + none
3293 * 2. clear + vnc
3294 * 3. clear + sasl
3295 * 4. tls + anon + none
3296 * 5. tls + anon + vnc
3297 * 6. tls + anon + sasl
3298 * 7. tls + x509 + none
3299 * 8. tls + x509 + vnc
3300 * 9. tls + x509 + sasl
3301 *
3302 * These need to be mapped into the VNC auth schemes
3303 * in an appropriate manner. In regular VNC, all the
3304 * TLS options get mapped into VNC_AUTH_VENCRYPT
3305 * sub-auth types.
3306 *
3307 * In websockets, the https:// protocol already provides
3308 * TLS support, so there is no need to make use of the
3309 * VeNCrypt extension. Furthermore, websockets browser
3310 * clients could not use VeNCrypt even if they wanted to,
3311 * as they cannot control when the TLS handshake takes
3312 * place. Thus there is no option but to rely on https://,
3313 * meaning combinations 4->6 and 7->9 will be mapped to
3314 * VNC auth schemes in the same way as combos 1->3.
3315 *
3316 * Regardless of fact that we have a different mapping to
3317 * VNC auth mechs for plain VNC vs websockets VNC, the end
3318 * result has the same security characteristics.
3319 */
3320 if (websocket || !tlscreds) {
3321 if (password) {
3322 VNC_DEBUG("Initializing VNC server with password auth\n");
3323 *auth = VNC_AUTH_VNC;
3324 } else if (sasl) {
3325 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3326 *auth = VNC_AUTH_SASL;
3327 } else {
3328 VNC_DEBUG("Initializing VNC server with no auth\n");
3329 *auth = VNC_AUTH_NONE;
3330 }
3331 *subauth = VNC_AUTH_INVALID;
3332 } else {
3333 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3334 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3335 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3336 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3337
3338 if (!is_x509 && !is_anon) {
3339 error_setg(errp,
3340 "Unsupported TLS cred type %s",
3341 object_get_typename(OBJECT(tlscreds)));
3342 return -1;
3343 }
3344 *auth = VNC_AUTH_VENCRYPT;
3345 if (password) {
3346 if (is_x509) {
3347 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3348 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3349 } else {
3350 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3351 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3352 }
3353
3354 } else if (sasl) {
3355 if (is_x509) {
3356 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3357 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3358 } else {
3359 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3360 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3361 }
3362 } else {
3363 if (is_x509) {
3364 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3365 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3366 } else {
3367 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3368 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3369 }
3370 }
3371 }
3372 return 0;
3373 }
3374
3375
3376 /*
3377 * Handle back compat with old CLI syntax by creating some
3378 * suitable QCryptoTLSCreds objects
3379 */
3380 static QCryptoTLSCreds *
3381 vnc_display_create_creds(bool x509,
3382 bool x509verify,
3383 const char *dir,
3384 const char *id,
3385 Error **errp)
3386 {
3387 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3388 Object *parent = object_get_objects_root();
3389 Object *creds;
3390 Error *err = NULL;
3391
3392 if (x509) {
3393 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3394 parent,
3395 credsid,
3396 &err,
3397 "endpoint", "server",
3398 "dir", dir,
3399 "verify-peer", x509verify ? "yes" : "no",
3400 NULL);
3401 } else {
3402 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3403 parent,
3404 credsid,
3405 &err,
3406 "endpoint", "server",
3407 NULL);
3408 }
3409
3410 g_free(credsid);
3411
3412 if (err) {
3413 error_propagate(errp, err);
3414 return NULL;
3415 }
3416
3417 return QCRYPTO_TLS_CREDS(creds);
3418 }
3419
3420
3421 static int vnc_display_get_address(const char *addrstr,
3422 bool websocket,
3423 bool reverse,
3424 int displaynum,
3425 int to,
3426 bool has_ipv4,
3427 bool has_ipv6,
3428 bool ipv4,
3429 bool ipv6,
3430 SocketAddress **retaddr,
3431 Error **errp)
3432 {
3433 int ret = -1;
3434 SocketAddress *addr = NULL;
3435
3436 addr = g_new0(SocketAddress, 1);
3437
3438 if (strncmp(addrstr, "unix:", 5) == 0) {
3439 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3440 addr->u.q_unix.path = g_strdup(addrstr + 5);
3441
3442 if (websocket) {
3443 error_setg(errp, "UNIX sockets not supported with websock");
3444 goto cleanup;
3445 }
3446
3447 if (to) {
3448 error_setg(errp, "Port range not support with UNIX socket");
3449 goto cleanup;
3450 }
3451 ret = 0;
3452 } else {
3453 const char *port;
3454 size_t hostlen;
3455 unsigned long long baseport = 0;
3456 InetSocketAddress *inet;
3457
3458 port = strrchr(addrstr, ':');
3459 if (!port) {
3460 if (websocket) {
3461 hostlen = 0;
3462 port = addrstr;
3463 } else {
3464 error_setg(errp, "no vnc port specified");
3465 goto cleanup;
3466 }
3467 } else {
3468 hostlen = port - addrstr;
3469 port++;
3470 if (*port == '\0') {
3471 error_setg(errp, "vnc port cannot be empty");
3472 goto cleanup;
3473 }
3474 }
3475
3476 addr->type = SOCKET_ADDRESS_TYPE_INET;
3477 inet = &addr->u.inet;
3478 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3479 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3480 } else {
3481 inet->host = g_strndup(addrstr, hostlen);
3482 }
3483 /* plain VNC port is just an offset, for websocket
3484 * port is absolute */
3485 if (websocket) {
3486 if (g_str_equal(addrstr, "") ||
3487 g_str_equal(addrstr, "on")) {
3488 if (displaynum == -1) {
3489 error_setg(errp, "explicit websocket port is required");
3490 goto cleanup;
3491 }
3492 inet->port = g_strdup_printf(
3493 "%d", displaynum + 5700);
3494 if (to) {
3495 inet->has_to = true;
3496 inet->to = to + 5700;
3497 }
3498 } else {
3499 inet->port = g_strdup(port);
3500 }
3501 } else {
3502 int offset = reverse ? 0 : 5900;
3503 if (parse_uint_full(port, &baseport, 10) < 0) {
3504 error_setg(errp, "can't convert to a number: %s", port);
3505 goto cleanup;
3506 }
3507 if (baseport > 65535 ||
3508 baseport + offset > 65535) {
3509 error_setg(errp, "port %s out of range", port);
3510 goto cleanup;
3511 }
3512 inet->port = g_strdup_printf(
3513 "%d", (int)baseport + offset);
3514
3515 if (to) {
3516 inet->has_to = true;
3517 inet->to = to + offset;
3518 }
3519 }
3520
3521 inet->ipv4 = ipv4;
3522 inet->has_ipv4 = has_ipv4;
3523 inet->ipv6 = ipv6;
3524 inet->has_ipv6 = has_ipv6;
3525
3526 ret = baseport;
3527 }
3528
3529 *retaddr = addr;
3530
3531 cleanup:
3532 if (ret < 0) {
3533 qapi_free_SocketAddress(addr);
3534 }
3535 return ret;
3536 }
3537
3538 static void vnc_free_addresses(SocketAddress ***retsaddr,
3539 size_t *retnsaddr)
3540 {
3541 size_t i;
3542
3543 for (i = 0; i < *retnsaddr; i++) {
3544 qapi_free_SocketAddress((*retsaddr)[i]);
3545 }
3546 g_free(*retsaddr);
3547
3548 *retsaddr = NULL;
3549 *retnsaddr = 0;
3550 }
3551
3552 static int vnc_display_get_addresses(QemuOpts *opts,
3553 bool reverse,
3554 SocketAddress ***retsaddr,
3555 size_t *retnsaddr,
3556 SocketAddress ***retwsaddr,
3557 size_t *retnwsaddr,
3558 Error **errp)
3559 {
3560 SocketAddress *saddr = NULL;
3561 SocketAddress *wsaddr = NULL;
3562 QemuOptsIter addriter;
3563 const char *addr;
3564 int to = qemu_opt_get_number(opts, "to", 0);
3565 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3566 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3567 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3568 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3569 int displaynum = -1;
3570 int ret = -1;
3571
3572 *retsaddr = NULL;
3573 *retnsaddr = 0;
3574 *retwsaddr = NULL;
3575 *retnwsaddr = 0;
3576
3577 addr = qemu_opt_get(opts, "vnc");
3578 if (addr == NULL || g_str_equal(addr, "none")) {
3579 ret = 0;
3580 goto cleanup;
3581 }
3582 if (qemu_opt_get(opts, "websocket") &&
3583 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3584 error_setg(errp,
3585 "SHA1 hash support is required for websockets");
3586 goto cleanup;
3587 }
3588
3589 qemu_opt_iter_init(&addriter, opts, "vnc");
3590 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3591 int rv;
3592 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3593 has_ipv4, has_ipv6,
3594 ipv4, ipv6,
3595 &saddr, errp);
3596 if (rv < 0) {
3597 goto cleanup;
3598 }
3599 /* Historical compat - first listen address can be used
3600 * to set the default websocket port
3601 */
3602 if (displaynum == -1) {
3603 displaynum = rv;
3604 }
3605 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3606 (*retsaddr)[(*retnsaddr)++] = saddr;
3607 }
3608
3609 /* If we had multiple primary displays, we don't do defaults
3610 * for websocket, and require explicit config instead. */
3611 if (*retnsaddr > 1) {
3612 displaynum = -1;
3613 }
3614
3615 qemu_opt_iter_init(&addriter, opts, "websocket");
3616 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3617 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3618 has_ipv4, has_ipv6,
3619 ipv4, ipv6,
3620 &wsaddr, errp) < 0) {
3621 goto cleanup;
3622 }
3623
3624 /* Historical compat - if only a single listen address was
3625 * provided, then this is used to set the default listen
3626 * address for websocket too
3627 */
3628 if (*retnsaddr == 1 &&
3629 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3630 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3631 g_str_equal(wsaddr->u.inet.host, "") &&
3632 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3633 g_free(wsaddr->u.inet.host);
3634 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3635 }
3636
3637 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3638 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3639 }
3640
3641 ret = 0;
3642 cleanup:
3643 if (ret < 0) {
3644 vnc_free_addresses(retsaddr, retnsaddr);
3645 vnc_free_addresses(retwsaddr, retnwsaddr);
3646 }
3647 return ret;
3648 }
3649
3650 static int vnc_display_connect(VncDisplay *vd,
3651 SocketAddress **saddr,
3652 size_t nsaddr,
3653 SocketAddress **wsaddr,
3654 size_t nwsaddr,
3655 Error **errp)
3656 {
3657 /* connect to viewer */
3658 QIOChannelSocket *sioc = NULL;
3659 if (nwsaddr != 0) {
3660 error_setg(errp, "Cannot use websockets in reverse mode");
3661 return -1;
3662 }
3663 if (nsaddr != 1) {
3664 error_setg(errp, "Expected a single address in reverse mode");
3665 return -1;
3666 }
3667 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3668 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3669 sioc = qio_channel_socket_new();
3670 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3671 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3672 return -1;
3673 }
3674 vnc_connect(vd, sioc, false, false);
3675 object_unref(OBJECT(sioc));
3676 return 0;
3677 }
3678
3679
3680 static int vnc_display_listen_addr(VncDisplay *vd,
3681 SocketAddress *addr,
3682 const char *name,
3683 QIOChannelSocket ***lsock,
3684 guint **lsock_tag,
3685 size_t *nlsock,
3686 Error **errp)
3687 {
3688 QIODNSResolver *resolver = qio_dns_resolver_get_instance();
3689 SocketAddress **rawaddrs = NULL;
3690 size_t nrawaddrs = 0;
3691 Error *listenerr = NULL;
3692 bool listening = false;
3693 size_t i;
3694
3695 if (qio_dns_resolver_lookup_sync(resolver, addr, &nrawaddrs,
3696 &rawaddrs, errp) < 0) {
3697 return -1;
3698 }
3699
3700 for (i = 0; i < nrawaddrs; i++) {
3701 QIOChannelSocket *sioc = qio_channel_socket_new();
3702
3703 qio_channel_set_name(QIO_CHANNEL(sioc), name);
3704 if (qio_channel_socket_listen_sync(
3705 sioc, rawaddrs[i], listenerr == NULL ? &listenerr : NULL) < 0) {
3706 object_unref(OBJECT(sioc));
3707 continue;
3708 }
3709 listening = true;
3710 (*nlsock)++;
3711 *lsock = g_renew(QIOChannelSocket *, *lsock, *nlsock);
3712 *lsock_tag = g_renew(guint, *lsock_tag, *nlsock);
3713
3714 (*lsock)[*nlsock - 1] = sioc;
3715 (*lsock_tag)[*nlsock - 1] = 0;
3716 }
3717
3718 for (i = 0; i < nrawaddrs; i++) {
3719 qapi_free_SocketAddress(rawaddrs[i]);
3720 }
3721 g_free(rawaddrs);
3722
3723 if (listenerr) {
3724 if (!listening) {
3725 error_propagate(errp, listenerr);
3726 return -1;
3727 } else {
3728 error_free(listenerr);
3729 }
3730 }
3731
3732 for (i = 0; i < *nlsock; i++) {
3733 (*lsock_tag)[i] = qio_channel_add_watch(
3734 QIO_CHANNEL((*lsock)[i]),
3735 G_IO_IN, vnc_listen_io, vd, NULL);
3736 }
3737
3738 return 0;
3739 }
3740
3741
3742 static int vnc_display_listen(VncDisplay *vd,
3743 SocketAddress **saddr,
3744 size_t nsaddr,
3745 SocketAddress **wsaddr,
3746 size_t nwsaddr,
3747 Error **errp)
3748 {
3749 size_t i;
3750
3751 for (i = 0; i < nsaddr; i++) {
3752 if (vnc_display_listen_addr(vd, saddr[i],
3753 "vnc-listen",
3754 &vd->lsock,
3755 &vd->lsock_tag,
3756 &vd->nlsock,
3757 errp) < 0) {
3758 return -1;
3759 }
3760 }
3761 for (i = 0; i < nwsaddr; i++) {
3762 if (vnc_display_listen_addr(vd, wsaddr[i],
3763 "vnc-ws-listen",
3764 &vd->lwebsock,
3765 &vd->lwebsock_tag,
3766 &vd->nlwebsock,
3767 errp) < 0) {
3768 return -1;
3769 }
3770 }
3771
3772 return 0;
3773 }
3774
3775
3776 void vnc_display_open(const char *id, Error **errp)
3777 {
3778 VncDisplay *vd = vnc_display_find(id);
3779 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3780 SocketAddress **saddr = NULL, **wsaddr = NULL;
3781 size_t nsaddr, nwsaddr;
3782 const char *share, *device_id;
3783 QemuConsole *con;
3784 bool password = false;
3785 bool reverse = false;
3786 const char *credid;
3787 bool sasl = false;
3788 #ifdef CONFIG_VNC_SASL
3789 int saslErr;
3790 #endif
3791 int acl = 0;
3792 int lock_key_sync = 1;
3793 int key_delay_ms;
3794
3795 if (!vd) {
3796 error_setg(errp, "VNC display not active");
3797 return;
3798 }
3799 vnc_display_close(vd);
3800
3801 if (!opts) {
3802 return;
3803 }
3804
3805 reverse = qemu_opt_get_bool(opts, "reverse", false);
3806 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3807 &wsaddr, &nwsaddr, errp) < 0) {
3808 goto fail;
3809 }
3810
3811 password = qemu_opt_get_bool(opts, "password", false);
3812 if (password) {
3813 if (fips_get_state()) {
3814 error_setg(errp,
3815 "VNC password auth disabled due to FIPS mode, "
3816 "consider using the VeNCrypt or SASL authentication "
3817 "methods as an alternative");
3818 goto fail;
3819 }
3820 if (!qcrypto_cipher_supports(
3821 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3822 error_setg(errp,
3823 "Cipher backend does not support DES RFB algorithm");
3824 goto fail;
3825 }
3826 }
3827
3828 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3829 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3830 sasl = qemu_opt_get_bool(opts, "sasl", false);
3831 #ifndef CONFIG_VNC_SASL
3832 if (sasl) {
3833 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3834 goto fail;
3835 }
3836 #endif /* CONFIG_VNC_SASL */
3837 credid = qemu_opt_get(opts, "tls-creds");
3838 if (credid) {
3839 Object *creds;
3840 if (qemu_opt_get(opts, "tls") ||
3841 qemu_opt_get(opts, "x509") ||
3842 qemu_opt_get(opts, "x509verify")) {
3843 error_setg(errp,
3844 "'tls-creds' parameter is mutually exclusive with "
3845 "'tls', 'x509' and 'x509verify' parameters");
3846 goto fail;
3847 }
3848
3849 creds = object_resolve_path_component(
3850 object_get_objects_root(), credid);
3851 if (!creds) {
3852 error_setg(errp, "No TLS credentials with id '%s'",
3853 credid);
3854 goto fail;
3855 }
3856 vd->tlscreds = (QCryptoTLSCreds *)
3857 object_dynamic_cast(creds,
3858 TYPE_QCRYPTO_TLS_CREDS);
3859 if (!vd->tlscreds) {
3860 error_setg(errp, "Object with id '%s' is not TLS credentials",
3861 credid);
3862 goto fail;
3863 }
3864 object_ref(OBJECT(vd->tlscreds));
3865
3866 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3867 error_setg(errp,
3868 "Expecting TLS credentials with a server endpoint");
3869 goto fail;
3870 }
3871 } else {
3872 const char *path;
3873 bool tls = false, x509 = false, x509verify = false;
3874 tls = qemu_opt_get_bool(opts, "tls", false);
3875 if (tls) {
3876 path = qemu_opt_get(opts, "x509");
3877
3878 if (path) {
3879 x509 = true;
3880 } else {
3881 path = qemu_opt_get(opts, "x509verify");
3882 if (path) {
3883 x509 = true;
3884 x509verify = true;
3885 }
3886 }
3887 vd->tlscreds = vnc_display_create_creds(x509,
3888 x509verify,
3889 path,
3890 vd->id,
3891 errp);
3892 if (!vd->tlscreds) {
3893 goto fail;
3894 }
3895 }
3896 }
3897 acl = qemu_opt_get_bool(opts, "acl", false);
3898
3899 share = qemu_opt_get(opts, "share");
3900 if (share) {
3901 if (strcmp(share, "ignore") == 0) {
3902 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3903 } else if (strcmp(share, "allow-exclusive") == 0) {
3904 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3905 } else if (strcmp(share, "force-shared") == 0) {
3906 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3907 } else {
3908 error_setg(errp, "unknown vnc share= option");
3909 goto fail;
3910 }
3911 } else {
3912 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3913 }
3914 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3915
3916 #ifdef CONFIG_VNC_JPEG
3917 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3918 #endif
3919 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3920 /* adaptive updates are only used with tight encoding and
3921 * if lossy updates are enabled so we can disable all the
3922 * calculations otherwise */
3923 if (!vd->lossy) {
3924 vd->non_adaptive = true;
3925 }
3926
3927 if (acl) {
3928 if (strcmp(vd->id, "default") == 0) {
3929 vd->tlsaclname = g_strdup("vnc.x509dname");
3930 } else {
3931 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id);
3932 }
3933 qemu_acl_init(vd->tlsaclname);
3934 }
3935 #ifdef CONFIG_VNC_SASL
3936 if (acl && sasl) {
3937 char *aclname;
3938
3939 if (strcmp(vd->id, "default") == 0) {
3940 aclname = g_strdup("vnc.username");
3941 } else {
3942 aclname = g_strdup_printf("vnc.%s.username", vd->id);
3943 }
3944 vd->sasl.acl = qemu_acl_init(aclname);
3945 g_free(aclname);
3946 }
3947 #endif
3948
3949 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
3950 vd->tlscreds, password,
3951 sasl, false, errp) < 0) {
3952 goto fail;
3953 }
3954 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
3955
3956 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
3957 vd->tlscreds, password,
3958 sasl, true, errp) < 0) {
3959 goto fail;
3960 }
3961 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
3962
3963 #ifdef CONFIG_VNC_SASL
3964 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3965 error_setg(errp, "Failed to initialize SASL auth: %s",
3966 sasl_errstring(saslErr, NULL, NULL));
3967 goto fail;
3968 }
3969 #endif
3970 vd->lock_key_sync = lock_key_sync;
3971 if (lock_key_sync) {
3972 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
3973 }
3974 vd->ledstate = 0;
3975 vd->key_delay_ms = key_delay_ms;
3976
3977 device_id = qemu_opt_get(opts, "display");
3978 if (device_id) {
3979 int head = qemu_opt_get_number(opts, "head", 0);
3980 Error *err = NULL;
3981
3982 con = qemu_console_lookup_by_device_name(device_id, head, &err);
3983 if (err) {
3984 error_propagate(errp, err);
3985 goto fail;
3986 }
3987 } else {
3988 con = NULL;
3989 }
3990
3991 if (con != vd->dcl.con) {
3992 unregister_displaychangelistener(&vd->dcl);
3993 vd->dcl.con = con;
3994 register_displaychangelistener(&vd->dcl);
3995 }
3996
3997 if (saddr == NULL) {
3998 goto cleanup;
3999 }
4000
4001 if (reverse) {
4002 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4003 goto fail;
4004 }
4005 } else {
4006 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4007 goto fail;
4008 }
4009 }
4010
4011 if (qemu_opt_get(opts, "to")) {
4012 vnc_display_print_local_addr(vd);
4013 }
4014
4015 cleanup:
4016 vnc_free_addresses(&saddr, &nsaddr);
4017 vnc_free_addresses(&wsaddr, &nwsaddr);
4018 return;
4019
4020 fail:
4021 vnc_display_close(vd);
4022 goto cleanup;
4023 }
4024
4025 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4026 {
4027 VncDisplay *vd = vnc_display_find(id);
4028 QIOChannelSocket *sioc;
4029
4030 if (!vd) {
4031 return;
4032 }
4033
4034 sioc = qio_channel_socket_new_fd(csock, NULL);
4035 if (sioc) {
4036 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4037 vnc_connect(vd, sioc, skipauth, false);
4038 object_unref(OBJECT(sioc));
4039 }
4040 }
4041
4042 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4043 {
4044 int i = 2;
4045 char *id;
4046
4047 id = g_strdup("default");
4048 while (qemu_opts_find(olist, id)) {
4049 g_free(id);
4050 id = g_strdup_printf("vnc%d", i++);
4051 }
4052 qemu_opts_set_id(opts, id);
4053 }
4054
4055 QemuOpts *vnc_parse(const char *str, Error **errp)
4056 {
4057 QemuOptsList *olist = qemu_find_opts("vnc");
4058 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4059 const char *id;
4060
4061 if (!opts) {
4062 return NULL;
4063 }
4064
4065 id = qemu_opts_id(opts);
4066 if (!id) {
4067 /* auto-assign id if not present */
4068 vnc_auto_assign_id(olist, opts);
4069 }
4070 return opts;
4071 }
4072
4073 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4074 {
4075 Error *local_err = NULL;
4076 char *id = (char *)qemu_opts_id(opts);
4077
4078 assert(id);
4079 vnc_display_init(id);
4080 vnc_display_open(id, &local_err);
4081 if (local_err != NULL) {
4082 error_reportf_err(local_err, "Failed to start VNC server: ");
4083 exit(1);
4084 }
4085 return 0;
4086 }
4087
4088 static void vnc_register_config(void)
4089 {
4090 qemu_add_opts(&qemu_vnc_opts);
4091 }
4092 opts_init(vnc_register_config);
AR7 emulation for QEMU