search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ui: rename cursor_{get->ref}, return it
[qemu/ar7.git] / ui / vnc.c
blob8aec5d751e6528c59717e82a776402b3825ed29c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev-core.h"
32 #include "sysemu/sysemu.h"
33 #include "sysemu/runstate.h"
34 #include "qemu/error-report.h"
35 #include "qemu/main-loop.h"
36 #include "qemu/module.h"
37 #include "qemu/option.h"
38 #include "qemu/sockets.h"
39 #include "qemu/timer.h"
40 #include "authz/list.h"
41 #include "qemu/config-file.h"
42 #include "qapi/qapi-emit-events.h"
43 #include "qapi/qapi-events-ui.h"
44 #include "qapi/error.h"
45 #include "qapi/qapi-commands-ui.h"
46 #include "ui/input.h"
47 #include "crypto/hash.h"
48 #include "crypto/tlscreds.h"
49 #include "crypto/tlscredsanon.h"
50 #include "crypto/tlscredsx509.h"
51 #include "crypto/random.h"
52 #include "crypto/secret_common.h"
53 #include "qom/object_interfaces.h"
54 #include "qemu/cutils.h"
55 #include "qemu/help_option.h"
56 #include "io/dns-resolver.h"
57 #include "monitor/monitor.h"
58
59 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
60 #define VNC_REFRESH_INTERVAL_INC 50
61 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
62 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
63 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
64
65 #include "vnc_keysym.h"
66 #include "crypto/cipher.h"
67
68 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
69 QTAILQ_HEAD_INITIALIZER(vnc_displays);
70
71 static int vnc_cursor_define(VncState *vs);
72 static void vnc_update_throttle_offset(VncState *vs);
73
74 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
75 {
76 #ifdef _VNC_DEBUG
77 static const char *mn[] = {
78 [0] = "undefined",
79 [VNC_SHARE_MODE_CONNECTING] = "connecting",
80 [VNC_SHARE_MODE_SHARED] = "shared",
81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
83 };
84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
85 vs->ioc, mn[vs->share_mode], mn[mode]);
86 #endif
87
88 switch (vs->share_mode) {
89 case VNC_SHARE_MODE_CONNECTING:
90 vs->vd->num_connecting--;
91 break;
92 case VNC_SHARE_MODE_SHARED:
93 vs->vd->num_shared--;
94 break;
95 case VNC_SHARE_MODE_EXCLUSIVE:
96 vs->vd->num_exclusive--;
97 break;
98 default:
99 break;
100 }
101
102 vs->share_mode = mode;
103
104 switch (vs->share_mode) {
105 case VNC_SHARE_MODE_CONNECTING:
106 vs->vd->num_connecting++;
107 break;
108 case VNC_SHARE_MODE_SHARED:
109 vs->vd->num_shared++;
110 break;
111 case VNC_SHARE_MODE_EXCLUSIVE:
112 vs->vd->num_exclusive++;
113 break;
114 default:
115 break;
116 }
117 }
118
119
120 static void vnc_init_basic_info(SocketAddress *addr,
121 VncBasicInfo *info,
122 Error **errp)
123 {
124 switch (addr->type) {
125 case SOCKET_ADDRESS_TYPE_INET:
126 info->host = g_strdup(addr->u.inet.host);
127 info->service = g_strdup(addr->u.inet.port);
128 if (addr->u.inet.ipv6) {
129 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
130 } else {
131 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
132 }
133 break;
134
135 case SOCKET_ADDRESS_TYPE_UNIX:
136 info->host = g_strdup("");
137 info->service = g_strdup(addr->u.q_unix.path);
138 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
139 break;
140
141 case SOCKET_ADDRESS_TYPE_VSOCK:
142 case SOCKET_ADDRESS_TYPE_FD:
143 error_setg(errp, "Unsupported socket address type %s",
144 SocketAddressType_str(addr->type));
145 break;
146 default:
147 abort();
148 }
149
150 return;
151 }
152
153 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
154 VncBasicInfo *info,
155 Error **errp)
156 {
157 SocketAddress *addr = NULL;
158
159 if (!ioc) {
160 error_setg(errp, "No listener socket available");
161 return;
162 }
163
164 addr = qio_channel_socket_get_local_address(ioc, errp);
165 if (!addr) {
166 return;
167 }
168
169 vnc_init_basic_info(addr, info, errp);
170 qapi_free_SocketAddress(addr);
171 }
172
173 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
174 VncBasicInfo *info,
175 Error **errp)
176 {
177 SocketAddress *addr = NULL;
178
179 addr = qio_channel_socket_get_remote_address(ioc, errp);
180 if (!addr) {
181 return;
182 }
183
184 vnc_init_basic_info(addr, info, errp);
185 qapi_free_SocketAddress(addr);
186 }
187
188 static const char *vnc_auth_name(VncDisplay *vd) {
189 switch (vd->auth) {
190 case VNC_AUTH_INVALID:
191 return "invalid";
192 case VNC_AUTH_NONE:
193 return "none";
194 case VNC_AUTH_VNC:
195 return "vnc";
196 case VNC_AUTH_RA2:
197 return "ra2";
198 case VNC_AUTH_RA2NE:
199 return "ra2ne";
200 case VNC_AUTH_TIGHT:
201 return "tight";
202 case VNC_AUTH_ULTRA:
203 return "ultra";
204 case VNC_AUTH_TLS:
205 return "tls";
206 case VNC_AUTH_VENCRYPT:
207 switch (vd->subauth) {
208 case VNC_AUTH_VENCRYPT_PLAIN:
209 return "vencrypt+plain";
210 case VNC_AUTH_VENCRYPT_TLSNONE:
211 return "vencrypt+tls+none";
212 case VNC_AUTH_VENCRYPT_TLSVNC:
213 return "vencrypt+tls+vnc";
214 case VNC_AUTH_VENCRYPT_TLSPLAIN:
215 return "vencrypt+tls+plain";
216 case VNC_AUTH_VENCRYPT_X509NONE:
217 return "vencrypt+x509+none";
218 case VNC_AUTH_VENCRYPT_X509VNC:
219 return "vencrypt+x509+vnc";
220 case VNC_AUTH_VENCRYPT_X509PLAIN:
221 return "vencrypt+x509+plain";
222 case VNC_AUTH_VENCRYPT_TLSSASL:
223 return "vencrypt+tls+sasl";
224 case VNC_AUTH_VENCRYPT_X509SASL:
225 return "vencrypt+x509+sasl";
226 default:
227 return "vencrypt";
228 }
229 case VNC_AUTH_SASL:
230 return "sasl";
231 }
232 return "unknown";
233 }
234
235 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
236 {
237 VncServerInfo *info;
238 Error *err = NULL;
239
240 if (!vd->listener || !vd->listener->nsioc) {
241 return NULL;
242 }
243
244 info = g_malloc0(sizeof(*info));
245 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
246 qapi_VncServerInfo_base(info), &err);
247 info->auth = g_strdup(vnc_auth_name(vd));
248 if (err) {
249 qapi_free_VncServerInfo(info);
250 info = NULL;
251 error_free(err);
252 }
253 return info;
254 }
255
256 static void vnc_client_cache_auth(VncState *client)
257 {
258 if (!client->info) {
259 return;
260 }
261
262 if (client->tls) {
263 client->info->x509_dname =
264 qcrypto_tls_session_get_peer_name(client->tls);
265 }
266 #ifdef CONFIG_VNC_SASL
267 if (client->sasl.conn &&
268 client->sasl.username) {
269 client->info->sasl_username = g_strdup(client->sasl.username);
270 }
271 #endif
272 }
273
274 static void vnc_client_cache_addr(VncState *client)
275 {
276 Error *err = NULL;
277
278 client->info = g_malloc0(sizeof(*client->info));
279 vnc_init_basic_info_from_remote_addr(client->sioc,
280 qapi_VncClientInfo_base(client->info),
281 &err);
282 client->info->websocket = client->websocket;
283 if (err) {
284 qapi_free_VncClientInfo(client->info);
285 client->info = NULL;
286 error_free(err);
287 }
288 }
289
290 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
291 {
292 VncServerInfo *si;
293
294 if (!vs->info) {
295 return;
296 }
297
298 si = vnc_server_info_get(vs->vd);
299 if (!si) {
300 return;
301 }
302
303 switch (event) {
304 case QAPI_EVENT_VNC_CONNECTED:
305 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
306 break;
307 case QAPI_EVENT_VNC_INITIALIZED:
308 qapi_event_send_vnc_initialized(si, vs->info);
309 break;
310 case QAPI_EVENT_VNC_DISCONNECTED:
311 qapi_event_send_vnc_disconnected(si, vs->info);
312 break;
313 default:
314 break;
315 }
316
317 qapi_free_VncServerInfo(si);
318 }
319
320 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
321 {
322 VncClientInfo *info;
323 Error *err = NULL;
324
325 info = g_malloc0(sizeof(*info));
326
327 vnc_init_basic_info_from_remote_addr(client->sioc,
328 qapi_VncClientInfo_base(info),
329 &err);
330 if (err) {
331 error_free(err);
332 qapi_free_VncClientInfo(info);
333 return NULL;
334 }
335
336 info->websocket = client->websocket;
337
338 if (client->tls) {
339 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
340 }
341 #ifdef CONFIG_VNC_SASL
342 if (client->sasl.conn && client->sasl.username) {
343 info->sasl_username = g_strdup(client->sasl.username);
344 }
345 #endif
346
347 return info;
348 }
349
350 static VncDisplay *vnc_display_find(const char *id)
351 {
352 VncDisplay *vd;
353
354 if (id == NULL) {
355 return QTAILQ_FIRST(&vnc_displays);
356 }
357 QTAILQ_FOREACH(vd, &vnc_displays, next) {
358 if (strcmp(id, vd->id) == 0) {
359 return vd;
360 }
361 }
362 return NULL;
363 }
364
365 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
366 {
367 VncClientInfoList *prev = NULL;
368 VncState *client;
369
370 QTAILQ_FOREACH(client, &vd->clients, next) {
371 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client));
372 }
373 return prev;
374 }
375
376 VncInfo *qmp_query_vnc(Error **errp)
377 {
378 VncInfo *info = g_malloc0(sizeof(*info));
379 VncDisplay *vd = vnc_display_find(NULL);
380 SocketAddress *addr = NULL;
381
382 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
383 info->enabled = false;
384 } else {
385 info->enabled = true;
386
387 /* for compatibility with the original command */
388 info->has_clients = true;
389 info->clients = qmp_query_client_list(vd);
390
391 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
392 errp);
393 if (!addr) {
394 goto out_error;
395 }
396
397 switch (addr->type) {
398 case SOCKET_ADDRESS_TYPE_INET:
399 info->host = g_strdup(addr->u.inet.host);
400 info->service = g_strdup(addr->u.inet.port);
401 if (addr->u.inet.ipv6) {
402 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
403 } else {
404 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
405 }
406 break;
407
408 case SOCKET_ADDRESS_TYPE_UNIX:
409 info->host = g_strdup("");
410 info->service = g_strdup(addr->u.q_unix.path);
411 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
412 break;
413
414 case SOCKET_ADDRESS_TYPE_VSOCK:
415 case SOCKET_ADDRESS_TYPE_FD:
416 error_setg(errp, "Unsupported socket address type %s",
417 SocketAddressType_str(addr->type));
418 goto out_error;
419 default:
420 abort();
421 }
422
423 info->has_family = true;
424
425 info->auth = g_strdup(vnc_auth_name(vd));
426 }
427
428 qapi_free_SocketAddress(addr);
429 return info;
430
431 out_error:
432 qapi_free_SocketAddress(addr);
433 qapi_free_VncInfo(info);
434 return NULL;
435 }
436
437
438 static void qmp_query_auth(int auth, int subauth,
439 VncPrimaryAuth *qmp_auth,
440 VncVencryptSubAuth *qmp_vencrypt,
441 bool *qmp_has_vencrypt);
442
443 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
444 bool websocket,
445 int auth,
446 int subauth,
447 VncServerInfo2List *prev)
448 {
449 VncServerInfo2 *info;
450 Error *err = NULL;
451 SocketAddress *addr;
452
453 addr = qio_channel_socket_get_local_address(ioc, NULL);
454 if (!addr) {
455 return prev;
456 }
457
458 info = g_new0(VncServerInfo2, 1);
459 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
460 qapi_free_SocketAddress(addr);
461 if (err) {
462 qapi_free_VncServerInfo2(info);
463 error_free(err);
464 return prev;
465 }
466 info->websocket = websocket;
467
468 qmp_query_auth(auth, subauth, &info->auth,
469 &info->vencrypt, &info->has_vencrypt);
470
471 QAPI_LIST_PREPEND(prev, info);
472 return prev;
473 }
474
475 static void qmp_query_auth(int auth, int subauth,
476 VncPrimaryAuth *qmp_auth,
477 VncVencryptSubAuth *qmp_vencrypt,
478 bool *qmp_has_vencrypt)
479 {
480 switch (auth) {
481 case VNC_AUTH_VNC:
482 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
483 break;
484 case VNC_AUTH_RA2:
485 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
486 break;
487 case VNC_AUTH_RA2NE:
488 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
489 break;
490 case VNC_AUTH_TIGHT:
491 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
492 break;
493 case VNC_AUTH_ULTRA:
494 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
495 break;
496 case VNC_AUTH_TLS:
497 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
498 break;
499 case VNC_AUTH_VENCRYPT:
500 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
501 *qmp_has_vencrypt = true;
502 switch (subauth) {
503 case VNC_AUTH_VENCRYPT_PLAIN:
504 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
505 break;
506 case VNC_AUTH_VENCRYPT_TLSNONE:
507 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
508 break;
509 case VNC_AUTH_VENCRYPT_TLSVNC:
510 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
511 break;
512 case VNC_AUTH_VENCRYPT_TLSPLAIN:
513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
514 break;
515 case VNC_AUTH_VENCRYPT_X509NONE:
516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
517 break;
518 case VNC_AUTH_VENCRYPT_X509VNC:
519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
520 break;
521 case VNC_AUTH_VENCRYPT_X509PLAIN:
522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
523 break;
524 case VNC_AUTH_VENCRYPT_TLSSASL:
525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
526 break;
527 case VNC_AUTH_VENCRYPT_X509SASL:
528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
529 break;
530 default:
531 *qmp_has_vencrypt = false;
532 break;
533 }
534 break;
535 case VNC_AUTH_SASL:
536 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
537 break;
538 case VNC_AUTH_NONE:
539 default:
540 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
541 break;
542 }
543 }
544
545 VncInfo2List *qmp_query_vnc_servers(Error **errp)
546 {
547 VncInfo2List *prev = NULL;
548 VncInfo2 *info;
549 VncDisplay *vd;
550 DeviceState *dev;
551 size_t i;
552
553 QTAILQ_FOREACH(vd, &vnc_displays, next) {
554 info = g_new0(VncInfo2, 1);
555 info->id = g_strdup(vd->id);
556 info->clients = qmp_query_client_list(vd);
557 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
558 &info->vencrypt, &info->has_vencrypt);
559 if (vd->dcl.con) {
560 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
561 "device", &error_abort));
562 info->display = g_strdup(dev->id);
563 }
564 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
565 info->server = qmp_query_server_entry(
566 vd->listener->sioc[i], false, vd->auth, vd->subauth,
567 info->server);
568 }
569 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
570 info->server = qmp_query_server_entry(
571 vd->wslistener->sioc[i], true, vd->ws_auth,
572 vd->ws_subauth, info->server);
573 }
574
575 QAPI_LIST_PREPEND(prev, info);
576 }
577 return prev;
578 }
579
580 bool vnc_display_reload_certs(const char *id, Error **errp)
581 {
582 VncDisplay *vd = vnc_display_find(id);
583 QCryptoTLSCredsClass *creds = NULL;
584
585 if (!vd) {
586 error_setg(errp, "Can not find vnc display");
587 return false;
588 }
589
590 if (!vd->tlscreds) {
591 error_setg(errp, "vnc tls is not enabled");
592 return false;
593 }
594
595 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
596 if (creds->reload == NULL) {
597 error_setg(errp, "%s doesn't support to reload TLS credential",
598 object_get_typename(OBJECT(vd->tlscreds)));
599 return false;
600 }
601 if (!creds->reload(vd->tlscreds, errp)) {
602 return false;
603 }
604
605 return true;
606 }
607
608 /* TODO
609 1) Get the queue working for IO.
610 2) there is some weirdness when using the -S option (the screen is grey
611 and not totally invalidated
612 3) resolutions > 1024
613 */
614
615 static int vnc_update_client(VncState *vs, int has_dirty);
616 static void vnc_disconnect_start(VncState *vs);
617
618 static void vnc_colordepth(VncState *vs);
619 static void framebuffer_update_request(VncState *vs, int incremental,
620 int x_position, int y_position,
621 int w, int h);
622 static void vnc_refresh(DisplayChangeListener *dcl);
623 static int vnc_refresh_server_surface(VncDisplay *vd);
624
625 static int vnc_width(VncDisplay *vd)
626 {
627 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
628 VNC_DIRTY_PIXELS_PER_BIT));
629 }
630
631 static int vnc_true_width(VncDisplay *vd)
632 {
633 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds));
634 }
635
636 static int vnc_height(VncDisplay *vd)
637 {
638 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
639 }
640
641 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
642 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
643 VncDisplay *vd,
644 int x, int y, int w, int h)
645 {
646 int width = vnc_width(vd);
647 int height = vnc_height(vd);
648
649 /* this is needed this to ensure we updated all affected
650 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
651 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
652 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
653
654 x = MIN(x, width);
655 y = MIN(y, height);
656 w = MIN(x + w, width) - x;
657 h = MIN(y + h, height);
658
659 for (; y < h; y++) {
660 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
661 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
662 }
663 }
664
665 static void vnc_dpy_update(DisplayChangeListener *dcl,
666 int x, int y, int w, int h)
667 {
668 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
669 struct VncSurface *s = &vd->guest;
670
671 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
672 }
673
674 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
675 int32_t encoding)
676 {
677 vnc_write_u16(vs, x);
678 vnc_write_u16(vs, y);
679 vnc_write_u16(vs, w);
680 vnc_write_u16(vs, h);
681
682 vnc_write_s32(vs, encoding);
683 }
684
685 static void vnc_desktop_resize_ext(VncState *vs, int reject_reason)
686 {
687 trace_vnc_msg_server_ext_desktop_resize(
688 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason);
689
690 vnc_lock_output(vs);
691 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
692 vnc_write_u8(vs, 0);
693 vnc_write_u16(vs, 1); /* number of rects */
694 vnc_framebuffer_update(vs,
695 reject_reason ? 1 : 0,
696 reject_reason,
697 vs->client_width, vs->client_height,
698 VNC_ENCODING_DESKTOP_RESIZE_EXT);
699 vnc_write_u8(vs, 1); /* number of screens */
700 vnc_write_u8(vs, 0); /* padding */
701 vnc_write_u8(vs, 0); /* padding */
702 vnc_write_u8(vs, 0); /* padding */
703 vnc_write_u32(vs, 0); /* screen id */
704 vnc_write_u16(vs, 0); /* screen x-pos */
705 vnc_write_u16(vs, 0); /* screen y-pos */
706 vnc_write_u16(vs, vs->client_width);
707 vnc_write_u16(vs, vs->client_height);
708 vnc_write_u32(vs, 0); /* screen flags */
709 vnc_unlock_output(vs);
710 vnc_flush(vs);
711 }
712
713 static void vnc_desktop_resize(VncState *vs)
714 {
715 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) &&
716 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) {
717 return;
718 }
719 if (vs->client_width == vs->vd->true_width &&
720 vs->client_height == pixman_image_get_height(vs->vd->server)) {
721 return;
722 }
723
724 assert(vs->vd->true_width < 65536 &&
725 vs->vd->true_width >= 0);
726 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
727 pixman_image_get_height(vs->vd->server) >= 0);
728 vs->client_width = vs->vd->true_width;
729 vs->client_height = pixman_image_get_height(vs->vd->server);
730
731 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
732 vnc_desktop_resize_ext(vs, 0);
733 return;
734 }
735
736 trace_vnc_msg_server_desktop_resize(
737 vs, vs->ioc, vs->client_width, vs->client_height);
738
739 vnc_lock_output(vs);
740 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
741 vnc_write_u8(vs, 0);
742 vnc_write_u16(vs, 1); /* number of rects */
743 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
744 VNC_ENCODING_DESKTOPRESIZE);
745 vnc_unlock_output(vs);
746 vnc_flush(vs);
747 }
748
749 static void vnc_abort_display_jobs(VncDisplay *vd)
750 {
751 VncState *vs;
752
753 QTAILQ_FOREACH(vs, &vd->clients, next) {
754 vnc_lock_output(vs);
755 vs->abort = true;
756 vnc_unlock_output(vs);
757 }
758 QTAILQ_FOREACH(vs, &vd->clients, next) {
759 vnc_jobs_join(vs);
760 }
761 QTAILQ_FOREACH(vs, &vd->clients, next) {
762 vnc_lock_output(vs);
763 if (vs->update == VNC_STATE_UPDATE_NONE &&
764 vs->job_update != VNC_STATE_UPDATE_NONE) {
765 /* job aborted before completion */
766 vs->update = vs->job_update;
767 vs->job_update = VNC_STATE_UPDATE_NONE;
768 }
769 vs->abort = false;
770 vnc_unlock_output(vs);
771 }
772 }
773
774 int vnc_server_fb_stride(VncDisplay *vd)
775 {
776 return pixman_image_get_stride(vd->server);
777 }
778
779 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
780 {
781 uint8_t *ptr;
782
783 ptr = (uint8_t *)pixman_image_get_data(vd->server);
784 ptr += y * vnc_server_fb_stride(vd);
785 ptr += x * VNC_SERVER_FB_BYTES;
786 return ptr;
787 }
788
789 static void vnc_update_server_surface(VncDisplay *vd)
790 {
791 int width, height;
792
793 qemu_pixman_image_unref(vd->server);
794 vd->server = NULL;
795
796 if (QTAILQ_EMPTY(&vd->clients)) {
797 return;
798 }
799
800 width = vnc_width(vd);
801 height = vnc_height(vd);
802 vd->true_width = vnc_true_width(vd);
803 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
804 width, height,
805 NULL, 0);
806
807 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
808 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
809 width, height);
810 }
811
812 static bool vnc_check_pageflip(DisplaySurface *s1,
813 DisplaySurface *s2)
814 {
815 return (s1 != NULL &&
816 s2 != NULL &&
817 surface_width(s1) == surface_width(s2) &&
818 surface_height(s1) == surface_height(s2) &&
819 surface_format(s1) == surface_format(s2));
820
821 }
822
823 static void vnc_dpy_switch(DisplayChangeListener *dcl,
824 DisplaySurface *surface)
825 {
826 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
827 bool pageflip = vnc_check_pageflip(vd->ds, surface);
828 VncState *vs;
829
830 vnc_abort_display_jobs(vd);
831 vd->ds = surface;
832
833 /* guest surface */
834 qemu_pixman_image_unref(vd->guest.fb);
835 vd->guest.fb = pixman_image_ref(surface->image);
836 vd->guest.format = surface->format;
837
838
839 if (pageflip) {
840 trace_vnc_server_dpy_pageflip(vd,
841 surface_width(surface),
842 surface_height(surface),
843 surface_format(surface));
844 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
845 surface_width(surface),
846 surface_height(surface));
847 return;
848 }
849
850 trace_vnc_server_dpy_recreate(vd,
851 surface_width(surface),
852 surface_height(surface),
853 surface_format(surface));
854 /* server surface */
855 vnc_update_server_surface(vd);
856
857 QTAILQ_FOREACH(vs, &vd->clients, next) {
858 vnc_colordepth(vs);
859 vnc_desktop_resize(vs);
860 vnc_cursor_define(vs);
861 memset(vs->dirty, 0x00, sizeof(vs->dirty));
862 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
863 vnc_width(vd),
864 vnc_height(vd));
865 vnc_update_throttle_offset(vs);
866 }
867 }
868
869 /* fastest code */
870 static void vnc_write_pixels_copy(VncState *vs,
871 void *pixels, int size)
872 {
873 vnc_write(vs, pixels, size);
874 }
875
876 /* slowest but generic code. */
877 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
878 {
879 uint8_t r, g, b;
880
881 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
882 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
883 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
884 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
885 #else
886 # error need some bits here if you change VNC_SERVER_FB_FORMAT
887 #endif
888 v = (r << vs->client_pf.rshift) |
889 (g << vs->client_pf.gshift) |
890 (b << vs->client_pf.bshift);
891 switch (vs->client_pf.bytes_per_pixel) {
892 case 1:
893 buf[0] = v;
894 break;
895 case 2:
896 if (vs->client_be) {
897 buf[0] = v >> 8;
898 buf[1] = v;
899 } else {
900 buf[1] = v >> 8;
901 buf[0] = v;
902 }
903 break;
904 default:
905 case 4:
906 if (vs->client_be) {
907 buf[0] = v >> 24;
908 buf[1] = v >> 16;
909 buf[2] = v >> 8;
910 buf[3] = v;
911 } else {
912 buf[3] = v >> 24;
913 buf[2] = v >> 16;
914 buf[1] = v >> 8;
915 buf[0] = v;
916 }
917 break;
918 }
919 }
920
921 static void vnc_write_pixels_generic(VncState *vs,
922 void *pixels1, int size)
923 {
924 uint8_t buf[4];
925
926 if (VNC_SERVER_FB_BYTES == 4) {
927 uint32_t *pixels = pixels1;
928 int n, i;
929 n = size >> 2;
930 for (i = 0; i < n; i++) {
931 vnc_convert_pixel(vs, buf, pixels[i]);
932 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
933 }
934 }
935 }
936
937 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
938 {
939 int i;
940 uint8_t *row;
941 VncDisplay *vd = vs->vd;
942
943 row = vnc_server_fb_ptr(vd, x, y);
944 for (i = 0; i < h; i++) {
945 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
946 row += vnc_server_fb_stride(vd);
947 }
948 return 1;
949 }
950
951 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
952 {
953 int n = 0;
954
955 switch(vs->vnc_encoding) {
956 case VNC_ENCODING_ZLIB:
957 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
958 break;
959 case VNC_ENCODING_HEXTILE:
960 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
961 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
962 break;
963 case VNC_ENCODING_TIGHT:
964 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
965 break;
966 case VNC_ENCODING_TIGHT_PNG:
967 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
968 break;
969 case VNC_ENCODING_ZRLE:
970 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
971 break;
972 case VNC_ENCODING_ZYWRLE:
973 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
974 break;
975 default:
976 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
977 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
978 break;
979 }
980 return n;
981 }
982
983 static void vnc_mouse_set(DisplayChangeListener *dcl,
984 int x, int y, int visible)
985 {
986 /* can we ask the client(s) to move the pointer ??? */
987 }
988
989 static int vnc_cursor_define(VncState *vs)
990 {
991 QEMUCursor *c = vs->vd->cursor;
992 int isize;
993
994 if (!vs->vd->cursor) {
995 return -1;
996 }
997
998 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) {
999 vnc_lock_output(vs);
1000 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1001 vnc_write_u8(vs, 0); /* padding */
1002 vnc_write_u16(vs, 1); /* # of rects */
1003 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1004 VNC_ENCODING_ALPHA_CURSOR);
1005 vnc_write_s32(vs, VNC_ENCODING_RAW);
1006 vnc_write(vs, c->data, c->width * c->height * 4);
1007 vnc_unlock_output(vs);
1008 return 0;
1009 }
1010 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1011 vnc_lock_output(vs);
1012 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1013 vnc_write_u8(vs, 0); /* padding */
1014 vnc_write_u16(vs, 1); /* # of rects */
1015 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1016 VNC_ENCODING_RICH_CURSOR);
1017 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1018 vnc_write_pixels_generic(vs, c->data, isize);
1019 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1020 vnc_unlock_output(vs);
1021 return 0;
1022 }
1023 return -1;
1024 }
1025
1026 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1027 QEMUCursor *c)
1028 {
1029 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1030 VncState *vs;
1031
1032 cursor_unref(vd->cursor);
1033 g_free(vd->cursor_mask);
1034
1035 vd->cursor = cursor_ref(vd->cursor);
1036 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1037 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1038 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1039
1040 QTAILQ_FOREACH(vs, &vd->clients, next) {
1041 vnc_cursor_define(vs);
1042 }
1043 }
1044
1045 static int find_and_clear_dirty_height(VncState *vs,
1046 int y, int last_x, int x, int height)
1047 {
1048 int h;
1049
1050 for (h = 1; h < (height - y); h++) {
1051 if (!test_bit(last_x, vs->dirty[y + h])) {
1052 break;
1053 }
1054 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1055 }
1056
1057 return h;
1058 }
1059
1060 /*
1061 * Figure out how much pending data we should allow in the output
1062 * buffer before we throttle incremental display updates, and/or
1063 * drop audio samples.
1064 *
1065 * We allow for equiv of 1 full display's worth of FB updates,
1066 * and 1 second of audio samples. If audio backlog was larger
1067 * than that the client would already suffering awful audio
1068 * glitches, so dropping samples is no worse really).
1069 */
1070 static void vnc_update_throttle_offset(VncState *vs)
1071 {
1072 size_t offset =
1073 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1074
1075 if (vs->audio_cap) {
1076 int bps;
1077 switch (vs->as.fmt) {
1078 default:
1079 case AUDIO_FORMAT_U8:
1080 case AUDIO_FORMAT_S8:
1081 bps = 1;
1082 break;
1083 case AUDIO_FORMAT_U16:
1084 case AUDIO_FORMAT_S16:
1085 bps = 2;
1086 break;
1087 case AUDIO_FORMAT_U32:
1088 case AUDIO_FORMAT_S32:
1089 bps = 4;
1090 break;
1091 }
1092 offset += vs->as.freq * bps * vs->as.nchannels;
1093 }
1094
1095 /* Put a floor of 1MB on offset, so that if we have a large pending
1096 * buffer and the display is resized to a small size & back again
1097 * we don't suddenly apply a tiny send limit
1098 */
1099 offset = MAX(offset, 1024 * 1024);
1100
1101 if (vs->throttle_output_offset != offset) {
1102 trace_vnc_client_throttle_threshold(
1103 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1104 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1105 }
1106
1107 vs->throttle_output_offset = offset;
1108 }
1109
1110 static bool vnc_should_update(VncState *vs)
1111 {
1112 switch (vs->update) {
1113 case VNC_STATE_UPDATE_NONE:
1114 break;
1115 case VNC_STATE_UPDATE_INCREMENTAL:
1116 /* Only allow incremental updates if the pending send queue
1117 * is less than the permitted threshold, and the job worker
1118 * is completely idle.
1119 */
1120 if (vs->output.offset < vs->throttle_output_offset &&
1121 vs->job_update == VNC_STATE_UPDATE_NONE) {
1122 return true;
1123 }
1124 trace_vnc_client_throttle_incremental(
1125 vs, vs->ioc, vs->job_update, vs->output.offset);
1126 break;
1127 case VNC_STATE_UPDATE_FORCE:
1128 /* Only allow forced updates if the pending send queue
1129 * does not contain a previous forced update, and the
1130 * job worker is completely idle.
1131 *
1132 * Note this means we'll queue a forced update, even if
1133 * the output buffer size is otherwise over the throttle
1134 * output limit.
1135 */
1136 if (vs->force_update_offset == 0 &&
1137 vs->job_update == VNC_STATE_UPDATE_NONE) {
1138 return true;
1139 }
1140 trace_vnc_client_throttle_forced(
1141 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1142 break;
1143 }
1144 return false;
1145 }
1146
1147 static int vnc_update_client(VncState *vs, int has_dirty)
1148 {
1149 VncDisplay *vd = vs->vd;
1150 VncJob *job;
1151 int y;
1152 int height, width;
1153 int n = 0;
1154
1155 if (vs->disconnecting) {
1156 vnc_disconnect_finish(vs);
1157 return 0;
1158 }
1159
1160 vs->has_dirty += has_dirty;
1161 if (!vnc_should_update(vs)) {
1162 return 0;
1163 }
1164
1165 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1166 return 0;
1167 }
1168
1169 /*
1170 * Send screen updates to the vnc client using the server
1171 * surface and server dirty map. guest surface updates
1172 * happening in parallel don't disturb us, the next pass will
1173 * send them to the client.
1174 */
1175 job = vnc_job_new(vs);
1176
1177 height = pixman_image_get_height(vd->server);
1178 width = pixman_image_get_width(vd->server);
1179
1180 y = 0;
1181 for (;;) {
1182 int x, h;
1183 unsigned long x2;
1184 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1185 height * VNC_DIRTY_BPL(vs),
1186 y * VNC_DIRTY_BPL(vs));
1187 if (offset == height * VNC_DIRTY_BPL(vs)) {
1188 /* no more dirty bits */
1189 break;
1190 }
1191 y = offset / VNC_DIRTY_BPL(vs);
1192 x = offset % VNC_DIRTY_BPL(vs);
1193 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1194 VNC_DIRTY_BPL(vs), x);
1195 bitmap_clear(vs->dirty[y], x, x2 - x);
1196 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1197 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1198 if (x2 > x) {
1199 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1200 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1201 }
1202 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1203 y += h;
1204 if (y == height) {
1205 break;
1206 }
1207 }
1208 }
1209
1210 vs->job_update = vs->update;
1211 vs->update = VNC_STATE_UPDATE_NONE;
1212 vnc_job_push(job);
1213 vs->has_dirty = 0;
1214 return n;
1215 }
1216
1217 /* audio */
1218 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1219 {
1220 VncState *vs = opaque;
1221
1222 assert(vs->magic == VNC_MAGIC);
1223 switch (cmd) {
1224 case AUD_CNOTIFY_DISABLE:
1225 trace_vnc_msg_server_audio_end(vs, vs->ioc);
1226 vnc_lock_output(vs);
1227 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1228 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1229 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1230 vnc_unlock_output(vs);
1231 vnc_flush(vs);
1232 break;
1233
1234 case AUD_CNOTIFY_ENABLE:
1235 trace_vnc_msg_server_audio_begin(vs, vs->ioc);
1236 vnc_lock_output(vs);
1237 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1238 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1239 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1240 vnc_unlock_output(vs);
1241 vnc_flush(vs);
1242 break;
1243 }
1244 }
1245
1246 static void audio_capture_destroy(void *opaque)
1247 {
1248 }
1249
1250 static void audio_capture(void *opaque, const void *buf, int size)
1251 {
1252 VncState *vs = opaque;
1253
1254 assert(vs->magic == VNC_MAGIC);
1255 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size);
1256 vnc_lock_output(vs);
1257 if (vs->output.offset < vs->throttle_output_offset) {
1258 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1259 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1260 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1261 vnc_write_u32(vs, size);
1262 vnc_write(vs, buf, size);
1263 } else {
1264 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1265 }
1266 vnc_unlock_output(vs);
1267 vnc_flush(vs);
1268 }
1269
1270 static void audio_add(VncState *vs)
1271 {
1272 struct audio_capture_ops ops;
1273
1274 if (vs->audio_cap) {
1275 error_report("audio already running");
1276 return;
1277 }
1278
1279 ops.notify = audio_capture_notify;
1280 ops.destroy = audio_capture_destroy;
1281 ops.capture = audio_capture;
1282
1283 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1284 if (!vs->audio_cap) {
1285 error_report("Failed to add audio capture");
1286 }
1287 }
1288
1289 static void audio_del(VncState *vs)
1290 {
1291 if (vs->audio_cap) {
1292 AUD_del_capture(vs->audio_cap, vs);
1293 vs->audio_cap = NULL;
1294 }
1295 }
1296
1297 static void vnc_disconnect_start(VncState *vs)
1298 {
1299 if (vs->disconnecting) {
1300 return;
1301 }
1302 trace_vnc_client_disconnect_start(vs, vs->ioc);
1303 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1304 if (vs->ioc_tag) {
1305 g_source_remove(vs->ioc_tag);
1306 vs->ioc_tag = 0;
1307 }
1308 qio_channel_close(vs->ioc, NULL);
1309 vs->disconnecting = TRUE;
1310 }
1311
1312 void vnc_disconnect_finish(VncState *vs)
1313 {
1314 int i;
1315
1316 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1317
1318 vnc_jobs_join(vs); /* Wait encoding jobs */
1319
1320 vnc_lock_output(vs);
1321 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1322
1323 buffer_free(&vs->input);
1324 buffer_free(&vs->output);
1325
1326 qapi_free_VncClientInfo(vs->info);
1327
1328 vnc_zlib_clear(vs);
1329 vnc_tight_clear(vs);
1330 vnc_zrle_clear(vs);
1331
1332 #ifdef CONFIG_VNC_SASL
1333 vnc_sasl_client_cleanup(vs);
1334 #endif /* CONFIG_VNC_SASL */
1335 audio_del(vs);
1336 qkbd_state_lift_all_keys(vs->vd->kbd);
1337
1338 if (vs->mouse_mode_notifier.notify != NULL) {
1339 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1340 }
1341 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1342 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1343 /* last client gone */
1344 vnc_update_server_surface(vs->vd);
1345 }
1346 vnc_unlock_output(vs);
1347
1348 if (vs->cbpeer.notifier.notify) {
1349 qemu_clipboard_peer_unregister(&vs->cbpeer);
1350 }
1351
1352 qemu_mutex_destroy(&vs->output_mutex);
1353 if (vs->bh != NULL) {
1354 qemu_bh_delete(vs->bh);
1355 }
1356 buffer_free(&vs->jobs_buffer);
1357
1358 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1359 g_free(vs->lossy_rect[i]);
1360 }
1361 g_free(vs->lossy_rect);
1362
1363 object_unref(OBJECT(vs->ioc));
1364 vs->ioc = NULL;
1365 object_unref(OBJECT(vs->sioc));
1366 vs->sioc = NULL;
1367 vs->magic = 0;
1368 g_free(vs->zrle);
1369 g_free(vs->tight);
1370 g_free(vs);
1371 }
1372
1373 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1374 {
1375 if (ret <= 0) {
1376 if (ret == 0) {
1377 trace_vnc_client_eof(vs, vs->ioc);
1378 vnc_disconnect_start(vs);
1379 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1380 trace_vnc_client_io_error(vs, vs->ioc,
1381 err ? error_get_pretty(err) : "Unknown");
1382 vnc_disconnect_start(vs);
1383 }
1384
1385 error_free(err);
1386 return 0;
1387 }
1388 return ret;
1389 }
1390
1391
1392 void vnc_client_error(VncState *vs)
1393 {
1394 VNC_DEBUG("Closing down client sock: protocol error\n");
1395 vnc_disconnect_start(vs);
1396 }
1397
1398
1399 /*
1400 * Called to write a chunk of data to the client socket. The data may
1401 * be the raw data, or may have already been encoded by SASL.
1402 * The data will be written either straight onto the socket, or
1403 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1404 *
1405 * NB, it is theoretically possible to have 2 layers of encryption,
1406 * both SASL, and this TLS layer. It is highly unlikely in practice
1407 * though, since SASL encryption will typically be a no-op if TLS
1408 * is active
1409 *
1410 * Returns the number of bytes written, which may be less than
1411 * the requested 'datalen' if the socket would block. Returns
1412 * 0 on I/O error, and disconnects the client socket.
1413 */
1414 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1415 {
1416 Error *err = NULL;
1417 ssize_t ret;
1418 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1419 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1420 return vnc_client_io_error(vs, ret, err);
1421 }
1422
1423
1424 /*
1425 * Called to write buffered data to the client socket, when not
1426 * using any SASL SSF encryption layers. Will write as much data
1427 * as possible without blocking. If all buffered data is written,
1428 * will switch the FD poll() handler back to read monitoring.
1429 *
1430 * Returns the number of bytes written, which may be less than
1431 * the buffered output data if the socket would block. Returns
1432 * 0 on I/O error, and disconnects the client socket.
1433 */
1434 static size_t vnc_client_write_plain(VncState *vs)
1435 {
1436 size_t offset;
1437 size_t ret;
1438
1439 #ifdef CONFIG_VNC_SASL
1440 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1441 vs->output.buffer, vs->output.capacity, vs->output.offset,
1442 vs->sasl.waitWriteSSF);
1443
1444 if (vs->sasl.conn &&
1445 vs->sasl.runSSF &&
1446 vs->sasl.waitWriteSSF) {
1447 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1448 if (ret)
1449 vs->sasl.waitWriteSSF -= ret;
1450 } else
1451 #endif /* CONFIG_VNC_SASL */
1452 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1453 if (!ret)
1454 return 0;
1455
1456 if (ret >= vs->force_update_offset) {
1457 if (vs->force_update_offset != 0) {
1458 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1459 }
1460 vs->force_update_offset = 0;
1461 } else {
1462 vs->force_update_offset -= ret;
1463 }
1464 offset = vs->output.offset;
1465 buffer_advance(&vs->output, ret);
1466 if (offset >= vs->throttle_output_offset &&
1467 vs->output.offset < vs->throttle_output_offset) {
1468 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1469 }
1470
1471 if (vs->output.offset == 0) {
1472 if (vs->ioc_tag) {
1473 g_source_remove(vs->ioc_tag);
1474 }
1475 vs->ioc_tag = qio_channel_add_watch(
1476 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1477 vnc_client_io, vs, NULL);
1478 }
1479
1480 return ret;
1481 }
1482
1483
1484 /*
1485 * First function called whenever there is data to be written to
1486 * the client socket. Will delegate actual work according to whether
1487 * SASL SSF layers are enabled (thus requiring encryption calls)
1488 */
1489 static void vnc_client_write_locked(VncState *vs)
1490 {
1491 #ifdef CONFIG_VNC_SASL
1492 if (vs->sasl.conn &&
1493 vs->sasl.runSSF &&
1494 !vs->sasl.waitWriteSSF) {
1495 vnc_client_write_sasl(vs);
1496 } else
1497 #endif /* CONFIG_VNC_SASL */
1498 {
1499 vnc_client_write_plain(vs);
1500 }
1501 }
1502
1503 static void vnc_client_write(VncState *vs)
1504 {
1505 assert(vs->magic == VNC_MAGIC);
1506 vnc_lock_output(vs);
1507 if (vs->output.offset) {
1508 vnc_client_write_locked(vs);
1509 } else if (vs->ioc != NULL) {
1510 if (vs->ioc_tag) {
1511 g_source_remove(vs->ioc_tag);
1512 }
1513 vs->ioc_tag = qio_channel_add_watch(
1514 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1515 vnc_client_io, vs, NULL);
1516 }
1517 vnc_unlock_output(vs);
1518 }
1519
1520 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1521 {
1522 vs->read_handler = func;
1523 vs->read_handler_expect = expecting;
1524 }
1525
1526
1527 /*
1528 * Called to read a chunk of data from the client socket. The data may
1529 * be the raw data, or may need to be further decoded by SASL.
1530 * The data will be read either straight from to the socket, or
1531 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1532 *
1533 * NB, it is theoretically possible to have 2 layers of encryption,
1534 * both SASL, and this TLS layer. It is highly unlikely in practice
1535 * though, since SASL encryption will typically be a no-op if TLS
1536 * is active
1537 *
1538 * Returns the number of bytes read, which may be less than
1539 * the requested 'datalen' if the socket would block. Returns
1540 * 0 on I/O error or EOF, and disconnects the client socket.
1541 */
1542 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1543 {
1544 ssize_t ret;
1545 Error *err = NULL;
1546 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1547 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1548 return vnc_client_io_error(vs, ret, err);
1549 }
1550
1551
1552 /*
1553 * Called to read data from the client socket to the input buffer,
1554 * when not using any SASL SSF encryption layers. Will read as much
1555 * data as possible without blocking.
1556 *
1557 * Returns the number of bytes read, which may be less than
1558 * the requested 'datalen' if the socket would block. Returns
1559 * 0 on I/O error or EOF, and disconnects the client socket.
1560 */
1561 static size_t vnc_client_read_plain(VncState *vs)
1562 {
1563 size_t ret;
1564 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1565 vs->input.buffer, vs->input.capacity, vs->input.offset);
1566 buffer_reserve(&vs->input, 4096);
1567 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1568 if (!ret)
1569 return 0;
1570 vs->input.offset += ret;
1571 return ret;
1572 }
1573
1574 static void vnc_jobs_bh(void *opaque)
1575 {
1576 VncState *vs = opaque;
1577
1578 assert(vs->magic == VNC_MAGIC);
1579 vnc_jobs_consume_buffer(vs);
1580 }
1581
1582 /*
1583 * First function called whenever there is more data to be read from
1584 * the client socket. Will delegate actual work according to whether
1585 * SASL SSF layers are enabled (thus requiring decryption calls)
1586 * Returns 0 on success, -1 if client disconnected
1587 */
1588 static int vnc_client_read(VncState *vs)
1589 {
1590 size_t ret;
1591
1592 #ifdef CONFIG_VNC_SASL
1593 if (vs->sasl.conn && vs->sasl.runSSF)
1594 ret = vnc_client_read_sasl(vs);
1595 else
1596 #endif /* CONFIG_VNC_SASL */
1597 ret = vnc_client_read_plain(vs);
1598 if (!ret) {
1599 if (vs->disconnecting) {
1600 vnc_disconnect_finish(vs);
1601 return -1;
1602 }
1603 return 0;
1604 }
1605
1606 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1607 size_t len = vs->read_handler_expect;
1608 int ret;
1609
1610 ret = vs->read_handler(vs, vs->input.buffer, len);
1611 if (vs->disconnecting) {
1612 vnc_disconnect_finish(vs);
1613 return -1;
1614 }
1615
1616 if (!ret) {
1617 buffer_advance(&vs->input, len);
1618 } else {
1619 vs->read_handler_expect = ret;
1620 }
1621 }
1622 return 0;
1623 }
1624
1625 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1626 GIOCondition condition, void *opaque)
1627 {
1628 VncState *vs = opaque;
1629
1630 assert(vs->magic == VNC_MAGIC);
1631
1632 if (condition & (G_IO_HUP | G_IO_ERR)) {
1633 vnc_disconnect_start(vs);
1634 return TRUE;
1635 }
1636
1637 if (condition & G_IO_IN) {
1638 if (vnc_client_read(vs) < 0) {
1639 /* vs is free()ed here */
1640 return TRUE;
1641 }
1642 }
1643 if (condition & G_IO_OUT) {
1644 vnc_client_write(vs);
1645 }
1646
1647 if (vs->disconnecting) {
1648 if (vs->ioc_tag != 0) {
1649 g_source_remove(vs->ioc_tag);
1650 }
1651 vs->ioc_tag = 0;
1652 }
1653 return TRUE;
1654 }
1655
1656
1657 /*
1658 * Scale factor to apply to vs->throttle_output_offset when checking for
1659 * hard limit. Worst case normal usage could be x2, if we have a complete
1660 * incremental update and complete forced update in the output buffer.
1661 * So x3 should be good enough, but we pick x5 to be conservative and thus
1662 * (hopefully) never trigger incorrectly.
1663 */
1664 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1665
1666 void vnc_write(VncState *vs, const void *data, size_t len)
1667 {
1668 assert(vs->magic == VNC_MAGIC);
1669 if (vs->disconnecting) {
1670 return;
1671 }
1672 /* Protection against malicious client/guest to prevent our output
1673 * buffer growing without bound if client stops reading data. This
1674 * should rarely trigger, because we have earlier throttling code
1675 * which stops issuing framebuffer updates and drops audio data
1676 * if the throttle_output_offset value is exceeded. So we only reach
1677 * this higher level if a huge number of pseudo-encodings get
1678 * triggered while data can't be sent on the socket.
1679 *
1680 * NB throttle_output_offset can be zero during early protocol
1681 * handshake, or from the job thread's VncState clone
1682 */
1683 if (vs->throttle_output_offset != 0 &&
1684 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1685 vs->throttle_output_offset) {
1686 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1687 vs->throttle_output_offset);
1688 vnc_disconnect_start(vs);
1689 return;
1690 }
1691 buffer_reserve(&vs->output, len);
1692
1693 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1694 if (vs->ioc_tag) {
1695 g_source_remove(vs->ioc_tag);
1696 }
1697 vs->ioc_tag = qio_channel_add_watch(
1698 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
1699 vnc_client_io, vs, NULL);
1700 }
1701
1702 buffer_append(&vs->output, data, len);
1703 }
1704
1705 void vnc_write_s32(VncState *vs, int32_t value)
1706 {
1707 vnc_write_u32(vs, *(uint32_t *)&value);
1708 }
1709
1710 void vnc_write_u32(VncState *vs, uint32_t value)
1711 {
1712 uint8_t buf[4];
1713
1714 buf[0] = (value >> 24) & 0xFF;
1715 buf[1] = (value >> 16) & 0xFF;
1716 buf[2] = (value >> 8) & 0xFF;
1717 buf[3] = value & 0xFF;
1718
1719 vnc_write(vs, buf, 4);
1720 }
1721
1722 void vnc_write_u16(VncState *vs, uint16_t value)
1723 {
1724 uint8_t buf[2];
1725
1726 buf[0] = (value >> 8) & 0xFF;
1727 buf[1] = value & 0xFF;
1728
1729 vnc_write(vs, buf, 2);
1730 }
1731
1732 void vnc_write_u8(VncState *vs, uint8_t value)
1733 {
1734 vnc_write(vs, (char *)&value, 1);
1735 }
1736
1737 void vnc_flush(VncState *vs)
1738 {
1739 vnc_lock_output(vs);
1740 if (vs->ioc != NULL && vs->output.offset) {
1741 vnc_client_write_locked(vs);
1742 }
1743 if (vs->disconnecting) {
1744 if (vs->ioc_tag != 0) {
1745 g_source_remove(vs->ioc_tag);
1746 }
1747 vs->ioc_tag = 0;
1748 }
1749 vnc_unlock_output(vs);
1750 }
1751
1752 static uint8_t read_u8(uint8_t *data, size_t offset)
1753 {
1754 return data[offset];
1755 }
1756
1757 static uint16_t read_u16(uint8_t *data, size_t offset)
1758 {
1759 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1760 }
1761
1762 static int32_t read_s32(uint8_t *data, size_t offset)
1763 {
1764 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1765 (data[offset + 2] << 8) | data[offset + 3]);
1766 }
1767
1768 uint32_t read_u32(uint8_t *data, size_t offset)
1769 {
1770 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1771 (data[offset + 2] << 8) | data[offset + 3]);
1772 }
1773
1774 static void check_pointer_type_change(Notifier *notifier, void *data)
1775 {
1776 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1777 int absolute = qemu_input_is_absolute();
1778
1779 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1780 vnc_lock_output(vs);
1781 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1782 vnc_write_u8(vs, 0);
1783 vnc_write_u16(vs, 1);
1784 vnc_framebuffer_update(vs, absolute, 0,
1785 pixman_image_get_width(vs->vd->server),
1786 pixman_image_get_height(vs->vd->server),
1787 VNC_ENCODING_POINTER_TYPE_CHANGE);
1788 vnc_unlock_output(vs);
1789 vnc_flush(vs);
1790 }
1791 vs->absolute = absolute;
1792 }
1793
1794 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1795 {
1796 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1797 [INPUT_BUTTON_LEFT] = 0x01,
1798 [INPUT_BUTTON_MIDDLE] = 0x02,
1799 [INPUT_BUTTON_RIGHT] = 0x04,
1800 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1801 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1802 };
1803 QemuConsole *con = vs->vd->dcl.con;
1804 int width = pixman_image_get_width(vs->vd->server);
1805 int height = pixman_image_get_height(vs->vd->server);
1806
1807 if (vs->last_bmask != button_mask) {
1808 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1809 vs->last_bmask = button_mask;
1810 }
1811
1812 if (vs->absolute) {
1813 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1814 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1815 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1816 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1817 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1818 } else {
1819 if (vs->last_x != -1) {
1820 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1821 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1822 }
1823 vs->last_x = x;
1824 vs->last_y = y;
1825 }
1826 qemu_input_event_sync();
1827 }
1828
1829 static void press_key(VncState *vs, QKeyCode qcode)
1830 {
1831 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1832 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1833 }
1834
1835 static void vnc_led_state_change(VncState *vs)
1836 {
1837 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1838 return;
1839 }
1840
1841 vnc_lock_output(vs);
1842 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1843 vnc_write_u8(vs, 0);
1844 vnc_write_u16(vs, 1);
1845 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1846 vnc_write_u8(vs, vs->vd->ledstate);
1847 vnc_unlock_output(vs);
1848 vnc_flush(vs);
1849 }
1850
1851 static void kbd_leds(void *opaque, int ledstate)
1852 {
1853 VncDisplay *vd = opaque;
1854 VncState *client;
1855
1856 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1857 (ledstate & QEMU_NUM_LOCK_LED),
1858 (ledstate & QEMU_SCROLL_LOCK_LED));
1859
1860 if (ledstate == vd->ledstate) {
1861 return;
1862 }
1863
1864 vd->ledstate = ledstate;
1865
1866 QTAILQ_FOREACH(client, &vd->clients, next) {
1867 vnc_led_state_change(client);
1868 }
1869 }
1870
1871 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1872 {
1873 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1874
1875 /* QEMU console switch */
1876 switch (qcode) {
1877 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */
1878 if (vs->vd->dcl.con == NULL && down &&
1879 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1880 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1881 /* Reset the modifiers sent to the current console */
1882 qkbd_state_lift_all_keys(vs->vd->kbd);
1883 console_select(qcode - Q_KEY_CODE_1);
1884 return;
1885 }
1886 default:
1887 break;
1888 }
1889
1890 /* Turn off the lock state sync logic if the client support the led
1891 state extension.
1892 */
1893 if (down && vs->vd->lock_key_sync &&
1894 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1895 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1896 /* If the numlock state needs to change then simulate an additional
1897 keypress before sending this one. This will happen if the user
1898 toggles numlock away from the VNC window.
1899 */
1900 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1901 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1902 trace_vnc_key_sync_numlock(true);
1903 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1904 }
1905 } else {
1906 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1907 trace_vnc_key_sync_numlock(false);
1908 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1909 }
1910 }
1911 }
1912
1913 if (down && vs->vd->lock_key_sync &&
1914 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1915 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1916 /* If the capslock state needs to change then simulate an additional
1917 keypress before sending this one. This will happen if the user
1918 toggles capslock away from the VNC window.
1919 */
1920 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1921 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1922 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1923 if (capslock) {
1924 if (uppercase == shift) {
1925 trace_vnc_key_sync_capslock(false);
1926 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1927 }
1928 } else {
1929 if (uppercase != shift) {
1930 trace_vnc_key_sync_capslock(true);
1931 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1932 }
1933 }
1934 }
1935
1936 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1937 if (!qemu_console_is_graphic(NULL)) {
1938 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1939 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1940 /* QEMU console emulation */
1941 if (down) {
1942 switch (keycode) {
1943 case 0x2a: /* Left Shift */
1944 case 0x36: /* Right Shift */
1945 case 0x1d: /* Left CTRL */
1946 case 0x9d: /* Right CTRL */
1947 case 0x38: /* Left ALT */
1948 case 0xb8: /* Right ALT */
1949 break;
1950 case 0xc8:
1951 kbd_put_keysym(QEMU_KEY_UP);
1952 break;
1953 case 0xd0:
1954 kbd_put_keysym(QEMU_KEY_DOWN);
1955 break;
1956 case 0xcb:
1957 kbd_put_keysym(QEMU_KEY_LEFT);
1958 break;
1959 case 0xcd:
1960 kbd_put_keysym(QEMU_KEY_RIGHT);
1961 break;
1962 case 0xd3:
1963 kbd_put_keysym(QEMU_KEY_DELETE);
1964 break;
1965 case 0xc7:
1966 kbd_put_keysym(QEMU_KEY_HOME);
1967 break;
1968 case 0xcf:
1969 kbd_put_keysym(QEMU_KEY_END);
1970 break;
1971 case 0xc9:
1972 kbd_put_keysym(QEMU_KEY_PAGEUP);
1973 break;
1974 case 0xd1:
1975 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1976 break;
1977
1978 case 0x47:
1979 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1980 break;
1981 case 0x48:
1982 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1983 break;
1984 case 0x49:
1985 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1986 break;
1987 case 0x4b:
1988 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1989 break;
1990 case 0x4c:
1991 kbd_put_keysym('5');
1992 break;
1993 case 0x4d:
1994 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1995 break;
1996 case 0x4f:
1997 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1998 break;
1999 case 0x50:
2000 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
2001 break;
2002 case 0x51:
2003 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
2004 break;
2005 case 0x52:
2006 kbd_put_keysym('0');
2007 break;
2008 case 0x53:
2009 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
2010 break;
2011
2012 case 0xb5:
2013 kbd_put_keysym('/');
2014 break;
2015 case 0x37:
2016 kbd_put_keysym('*');
2017 break;
2018 case 0x4a:
2019 kbd_put_keysym('-');
2020 break;
2021 case 0x4e:
2022 kbd_put_keysym('+');
2023 break;
2024 case 0x9c:
2025 kbd_put_keysym('\n');
2026 break;
2027
2028 default:
2029 if (control) {
2030 kbd_put_keysym(sym & 0x1f);
2031 } else {
2032 kbd_put_keysym(sym);
2033 }
2034 break;
2035 }
2036 }
2037 }
2038 }
2039
2040 static const char *code2name(int keycode)
2041 {
2042 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2043 }
2044
2045 static void key_event(VncState *vs, int down, uint32_t sym)
2046 {
2047 int keycode;
2048 int lsym = sym;
2049
2050 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
2051 lsym = lsym - 'A' + 'a';
2052 }
2053
2054 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2055 vs->vd->kbd, down) & SCANCODE_KEYMASK;
2056 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2057 do_key_event(vs, down, keycode, sym);
2058 }
2059
2060 static void ext_key_event(VncState *vs, int down,
2061 uint32_t sym, uint16_t keycode)
2062 {
2063 /* if the user specifies a keyboard layout, always use it */
2064 if (keyboard_layout) {
2065 key_event(vs, down, sym);
2066 } else {
2067 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2068 do_key_event(vs, down, keycode, sym);
2069 }
2070 }
2071
2072 static void framebuffer_update_request(VncState *vs, int incremental,
2073 int x, int y, int w, int h)
2074 {
2075 if (incremental) {
2076 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2077 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2078 }
2079 } else {
2080 vs->update = VNC_STATE_UPDATE_FORCE;
2081 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2082 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
2083 vnc_desktop_resize_ext(vs, 0);
2084 }
2085 }
2086 }
2087
2088 static void send_ext_key_event_ack(VncState *vs)
2089 {
2090 vnc_lock_output(vs);
2091 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2092 vnc_write_u8(vs, 0);
2093 vnc_write_u16(vs, 1);
2094 vnc_framebuffer_update(vs, 0, 0,
2095 pixman_image_get_width(vs->vd->server),
2096 pixman_image_get_height(vs->vd->server),
2097 VNC_ENCODING_EXT_KEY_EVENT);
2098 vnc_unlock_output(vs);
2099 vnc_flush(vs);
2100 }
2101
2102 static void send_ext_audio_ack(VncState *vs)
2103 {
2104 vnc_lock_output(vs);
2105 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2106 vnc_write_u8(vs, 0);
2107 vnc_write_u16(vs, 1);
2108 vnc_framebuffer_update(vs, 0, 0,
2109 pixman_image_get_width(vs->vd->server),
2110 pixman_image_get_height(vs->vd->server),
2111 VNC_ENCODING_AUDIO);
2112 vnc_unlock_output(vs);
2113 vnc_flush(vs);
2114 }
2115
2116 static void send_xvp_message(VncState *vs, int code)
2117 {
2118 vnc_lock_output(vs);
2119 vnc_write_u8(vs, VNC_MSG_SERVER_XVP);
2120 vnc_write_u8(vs, 0); /* pad */
2121 vnc_write_u8(vs, 1); /* version */
2122 vnc_write_u8(vs, code);
2123 vnc_unlock_output(vs);
2124 vnc_flush(vs);
2125 }
2126
2127 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2128 {
2129 int i;
2130 unsigned int enc = 0;
2131
2132 vs->features = 0;
2133 vs->vnc_encoding = 0;
2134 vs->tight->compression = 9;
2135 vs->tight->quality = -1; /* Lossless by default */
2136 vs->absolute = -1;
2137
2138 /*
2139 * Start from the end because the encodings are sent in order of preference.
2140 * This way the preferred encoding (first encoding defined in the array)
2141 * will be set at the end of the loop.
2142 */
2143 for (i = n_encodings - 1; i >= 0; i--) {
2144 enc = encodings[i];
2145 switch (enc) {
2146 case VNC_ENCODING_RAW:
2147 vs->vnc_encoding = enc;
2148 break;
2149 case VNC_ENCODING_HEXTILE:
2150 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2151 vs->vnc_encoding = enc;
2152 break;
2153 case VNC_ENCODING_TIGHT:
2154 vs->features |= VNC_FEATURE_TIGHT_MASK;
2155 vs->vnc_encoding = enc;
2156 break;
2157 #ifdef CONFIG_PNG
2158 case VNC_ENCODING_TIGHT_PNG:
2159 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2160 vs->vnc_encoding = enc;
2161 break;
2162 #endif
2163 case VNC_ENCODING_ZLIB:
2164 /*
2165 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB.
2166 * So prioritize ZRLE, even if the client hints that it prefers
2167 * ZLIB.
2168 */
2169 if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) {
2170 vs->features |= VNC_FEATURE_ZLIB_MASK;
2171 vs->vnc_encoding = enc;
2172 }
2173 break;
2174 case VNC_ENCODING_ZRLE:
2175 vs->features |= VNC_FEATURE_ZRLE_MASK;
2176 vs->vnc_encoding = enc;
2177 break;
2178 case VNC_ENCODING_ZYWRLE:
2179 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2180 vs->vnc_encoding = enc;
2181 break;
2182 case VNC_ENCODING_DESKTOPRESIZE:
2183 vs->features |= VNC_FEATURE_RESIZE_MASK;
2184 break;
2185 case VNC_ENCODING_DESKTOP_RESIZE_EXT:
2186 vs->features |= VNC_FEATURE_RESIZE_EXT_MASK;
2187 break;
2188 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2189 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2190 break;
2191 case VNC_ENCODING_RICH_CURSOR:
2192 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2193 break;
2194 case VNC_ENCODING_ALPHA_CURSOR:
2195 vs->features |= VNC_FEATURE_ALPHA_CURSOR_MASK;
2196 break;
2197 case VNC_ENCODING_EXT_KEY_EVENT:
2198 send_ext_key_event_ack(vs);
2199 break;
2200 case VNC_ENCODING_AUDIO:
2201 send_ext_audio_ack(vs);
2202 break;
2203 case VNC_ENCODING_WMVi:
2204 vs->features |= VNC_FEATURE_WMVI_MASK;
2205 break;
2206 case VNC_ENCODING_LED_STATE:
2207 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2208 break;
2209 case VNC_ENCODING_XVP:
2210 if (vs->vd->power_control) {
2211 vs->features |= VNC_FEATURE_XVP;
2212 send_xvp_message(vs, VNC_XVP_CODE_INIT);
2213 }
2214 break;
2215 case VNC_ENCODING_CLIPBOARD_EXT:
2216 vs->features |= VNC_FEATURE_CLIPBOARD_EXT_MASK;
2217 vnc_server_cut_text_caps(vs);
2218 break;
2219 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2220 vs->tight->compression = (enc & 0x0F);
2221 break;
2222 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2223 if (vs->vd->lossy) {
2224 vs->tight->quality = (enc & 0x0F);
2225 }
2226 break;
2227 default:
2228 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2229 break;
2230 }
2231 }
2232 vnc_desktop_resize(vs);
2233 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2234 vnc_led_state_change(vs);
2235 vnc_cursor_define(vs);
2236 }
2237
2238 static void set_pixel_conversion(VncState *vs)
2239 {
2240 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2241
2242 if (fmt == VNC_SERVER_FB_FORMAT) {
2243 vs->write_pixels = vnc_write_pixels_copy;
2244 vnc_hextile_set_pixel_conversion(vs, 0);
2245 } else {
2246 vs->write_pixels = vnc_write_pixels_generic;
2247 vnc_hextile_set_pixel_conversion(vs, 1);
2248 }
2249 }
2250
2251 static void send_color_map(VncState *vs)
2252 {
2253 int i;
2254
2255 vnc_lock_output(vs);
2256 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2257 vnc_write_u8(vs, 0); /* padding */
2258 vnc_write_u16(vs, 0); /* first color */
2259 vnc_write_u16(vs, 256); /* # of colors */
2260
2261 for (i = 0; i < 256; i++) {
2262 PixelFormat *pf = &vs->client_pf;
2263
2264 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2265 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2266 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2267 }
2268 vnc_unlock_output(vs);
2269 }
2270
2271 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2272 int big_endian_flag, int true_color_flag,
2273 int red_max, int green_max, int blue_max,
2274 int red_shift, int green_shift, int blue_shift)
2275 {
2276 if (!true_color_flag) {
2277 /* Expose a reasonable default 256 color map */
2278 bits_per_pixel = 8;
2279 red_max = 7;
2280 green_max = 7;
2281 blue_max = 3;
2282 red_shift = 0;
2283 green_shift = 3;
2284 blue_shift = 6;
2285 }
2286
2287 switch (bits_per_pixel) {
2288 case 8:
2289 case 16:
2290 case 32:
2291 break;
2292 default:
2293 vnc_client_error(vs);
2294 return;
2295 }
2296
2297 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2298 vs->client_pf.rbits = ctpopl(red_max);
2299 vs->client_pf.rshift = red_shift;
2300 vs->client_pf.rmask = red_max << red_shift;
2301 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2302 vs->client_pf.gbits = ctpopl(green_max);
2303 vs->client_pf.gshift = green_shift;
2304 vs->client_pf.gmask = green_max << green_shift;
2305 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2306 vs->client_pf.bbits = ctpopl(blue_max);
2307 vs->client_pf.bshift = blue_shift;
2308 vs->client_pf.bmask = blue_max << blue_shift;
2309 vs->client_pf.bits_per_pixel = bits_per_pixel;
2310 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2311 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2312 vs->client_be = big_endian_flag;
2313
2314 if (!true_color_flag) {
2315 send_color_map(vs);
2316 }
2317
2318 set_pixel_conversion(vs);
2319
2320 graphic_hw_invalidate(vs->vd->dcl.con);
2321 graphic_hw_update(vs->vd->dcl.con);
2322 }
2323
2324 static void pixel_format_message (VncState *vs) {
2325 char pad[3] = { 0, 0, 0 };
2326
2327 vs->client_pf = qemu_default_pixelformat(32);
2328
2329 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2330 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2331
2332 #if HOST_BIG_ENDIAN
2333 vnc_write_u8(vs, 1); /* big-endian-flag */
2334 #else
2335 vnc_write_u8(vs, 0); /* big-endian-flag */
2336 #endif
2337 vnc_write_u8(vs, 1); /* true-color-flag */
2338 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2339 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2340 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2341 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2342 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2343 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2344 vnc_write(vs, pad, 3); /* padding */
2345
2346 vnc_hextile_set_pixel_conversion(vs, 0);
2347 vs->write_pixels = vnc_write_pixels_copy;
2348 }
2349
2350 static void vnc_colordepth(VncState *vs)
2351 {
2352 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2353 /* Sending a WMVi message to notify the client*/
2354 vnc_lock_output(vs);
2355 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2356 vnc_write_u8(vs, 0);
2357 vnc_write_u16(vs, 1); /* number of rects */
2358 vnc_framebuffer_update(vs, 0, 0,
2359 vs->client_width,
2360 vs->client_height,
2361 VNC_ENCODING_WMVi);
2362 pixel_format_message(vs);
2363 vnc_unlock_output(vs);
2364 vnc_flush(vs);
2365 } else {
2366 set_pixel_conversion(vs);
2367 }
2368 }
2369
2370 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2371 {
2372 int i;
2373 uint16_t limit;
2374 uint32_t freq;
2375 VncDisplay *vd = vs->vd;
2376
2377 if (data[0] > 3) {
2378 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2379 }
2380
2381 switch (data[0]) {
2382 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2383 if (len == 1)
2384 return 20;
2385
2386 set_pixel_format(vs, read_u8(data, 4),
2387 read_u8(data, 6), read_u8(data, 7),
2388 read_u16(data, 8), read_u16(data, 10),
2389 read_u16(data, 12), read_u8(data, 14),
2390 read_u8(data, 15), read_u8(data, 16));
2391 break;
2392 case VNC_MSG_CLIENT_SET_ENCODINGS:
2393 if (len == 1)
2394 return 4;
2395
2396 if (len == 4) {
2397 limit = read_u16(data, 2);
2398 if (limit > 0)
2399 return 4 + (limit * 4);
2400 } else
2401 limit = read_u16(data, 2);
2402
2403 for (i = 0; i < limit; i++) {
2404 int32_t val = read_s32(data, 4 + (i * 4));
2405 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2406 }
2407
2408 set_encodings(vs, (int32_t *)(data + 4), limit);
2409 break;
2410 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2411 if (len == 1)
2412 return 10;
2413
2414 framebuffer_update_request(vs,
2415 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2416 read_u16(data, 6), read_u16(data, 8));
2417 break;
2418 case VNC_MSG_CLIENT_KEY_EVENT:
2419 if (len == 1)
2420 return 8;
2421
2422 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2423 break;
2424 case VNC_MSG_CLIENT_POINTER_EVENT:
2425 if (len == 1)
2426 return 6;
2427
2428 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2429 break;
2430 case VNC_MSG_CLIENT_CUT_TEXT:
2431 if (len == 1) {
2432 return 8;
2433 }
2434 uint32_t dlen = abs(read_s32(data, 4));
2435 if (len == 8) {
2436 if (dlen > (1 << 20)) {
2437 error_report("vnc: client_cut_text msg payload has %u bytes"
2438 " which exceeds our limit of 1MB.", dlen);
2439 vnc_client_error(vs);
2440 break;
2441 }
2442 if (dlen > 0) {
2443 return 8 + dlen;
2444 }
2445 }
2446
2447 if (read_s32(data, 4) < 0) {
2448 if (dlen < 4) {
2449 error_report("vnc: malformed payload (header less than 4 bytes)"
2450 " in extended clipboard pseudo-encoding.");
2451 vnc_client_error(vs);
2452 break;
2453 }
2454 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
2455 break;
2456 }
2457 vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
2458 break;
2459 case VNC_MSG_CLIENT_XVP:
2460 if (!(vs->features & VNC_FEATURE_XVP)) {
2461 error_report("vnc: xvp client message while disabled");
2462 vnc_client_error(vs);
2463 break;
2464 }
2465 if (len == 1) {
2466 return 4;
2467 }
2468 if (len == 4) {
2469 uint8_t version = read_u8(data, 2);
2470 uint8_t action = read_u8(data, 3);
2471
2472 if (version != 1) {
2473 error_report("vnc: xvp client message version %d != 1",
2474 version);
2475 vnc_client_error(vs);
2476 break;
2477 }
2478
2479 switch (action) {
2480 case VNC_XVP_ACTION_SHUTDOWN:
2481 qemu_system_powerdown_request();
2482 break;
2483 case VNC_XVP_ACTION_REBOOT:
2484 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2485 break;
2486 case VNC_XVP_ACTION_RESET:
2487 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET);
2488 break;
2489 default:
2490 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2491 break;
2492 }
2493 }
2494 break;
2495 case VNC_MSG_CLIENT_QEMU:
2496 if (len == 1)
2497 return 2;
2498
2499 switch (read_u8(data, 1)) {
2500 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2501 if (len == 2)
2502 return 12;
2503
2504 ext_key_event(vs, read_u16(data, 2),
2505 read_u32(data, 4), read_u32(data, 8));
2506 break;
2507 case VNC_MSG_CLIENT_QEMU_AUDIO:
2508 if (len == 2)
2509 return 4;
2510
2511 switch (read_u16 (data, 2)) {
2512 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2513 trace_vnc_msg_client_audio_enable(vs, vs->ioc);
2514 audio_add(vs);
2515 break;
2516 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2517 trace_vnc_msg_client_audio_disable(vs, vs->ioc);
2518 audio_del(vs);
2519 break;
2520 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2521 if (len == 4)
2522 return 10;
2523 switch (read_u8(data, 4)) {
2524 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2525 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2526 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2527 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2528 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2529 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2530 default:
2531 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2532 vnc_client_error(vs);
2533 break;
2534 }
2535 vs->as.nchannels = read_u8(data, 5);
2536 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2537 VNC_DEBUG("Invalid audio channel count %d\n",
2538 read_u8(data, 5));
2539 vnc_client_error(vs);
2540 break;
2541 }
2542 freq = read_u32(data, 6);
2543 /* No official limit for protocol, but 48khz is a sensible
2544 * upper bound for trustworthy clients, and this limit
2545 * protects calculations involving 'vs->as.freq' later.
2546 */
2547 if (freq > 48000) {
2548 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2549 vnc_client_error(vs);
2550 break;
2551 }
2552 vs->as.freq = freq;
2553 trace_vnc_msg_client_audio_format(
2554 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq);
2555 break;
2556 default:
2557 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2558 vnc_client_error(vs);
2559 break;
2560 }
2561 break;
2562
2563 default:
2564 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2565 vnc_client_error(vs);
2566 break;
2567 }
2568 break;
2569 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE:
2570 {
2571 size_t size;
2572 uint8_t screens;
2573 int w, h;
2574
2575 if (len < 8) {
2576 return 8;
2577 }
2578
2579 screens = read_u8(data, 6);
2580 size = 8 + screens * 16;
2581 if (len < size) {
2582 return size;
2583 }
2584 w = read_u16(data, 2);
2585 h = read_u16(data, 4);
2586
2587 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens);
2588 if (dpy_ui_info_supported(vs->vd->dcl.con)) {
2589 QemuUIInfo info;
2590 memset(&info, 0, sizeof(info));
2591 info.width = w;
2592 info.height = h;
2593 dpy_set_ui_info(vs->vd->dcl.con, &info, false);
2594 vnc_desktop_resize_ext(vs, 4 /* Request forwarded */);
2595 } else {
2596 vnc_desktop_resize_ext(vs, 3 /* Invalid screen layout */);
2597 }
2598
2599 break;
2600 }
2601 default:
2602 VNC_DEBUG("Msg: %d\n", data[0]);
2603 vnc_client_error(vs);
2604 break;
2605 }
2606
2607 vnc_update_throttle_offset(vs);
2608 vnc_read_when(vs, protocol_client_msg, 1);
2609 return 0;
2610 }
2611
2612 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2613 {
2614 char buf[1024];
2615 VncShareMode mode;
2616 int size;
2617
2618 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2619 switch (vs->vd->share_policy) {
2620 case VNC_SHARE_POLICY_IGNORE:
2621 /*
2622 * Ignore the shared flag. Nothing to do here.
2623 *
2624 * Doesn't conform to the rfb spec but is traditional qemu
2625 * behavior, thus left here as option for compatibility
2626 * reasons.
2627 */
2628 break;
2629 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2630 /*
2631 * Policy: Allow clients ask for exclusive access.
2632 *
2633 * Implementation: When a client asks for exclusive access,
2634 * disconnect all others. Shared connects are allowed as long
2635 * as no exclusive connection exists.
2636 *
2637 * This is how the rfb spec suggests to handle the shared flag.
2638 */
2639 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2640 VncState *client;
2641 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2642 if (vs == client) {
2643 continue;
2644 }
2645 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2646 client->share_mode != VNC_SHARE_MODE_SHARED) {
2647 continue;
2648 }
2649 vnc_disconnect_start(client);
2650 }
2651 }
2652 if (mode == VNC_SHARE_MODE_SHARED) {
2653 if (vs->vd->num_exclusive > 0) {
2654 vnc_disconnect_start(vs);
2655 return 0;
2656 }
2657 }
2658 break;
2659 case VNC_SHARE_POLICY_FORCE_SHARED:
2660 /*
2661 * Policy: Shared connects only.
2662 * Implementation: Disallow clients asking for exclusive access.
2663 *
2664 * Useful for shared desktop sessions where you don't want
2665 * someone forgetting to say -shared when running the vnc
2666 * client disconnect everybody else.
2667 */
2668 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2669 vnc_disconnect_start(vs);
2670 return 0;
2671 }
2672 break;
2673 }
2674 vnc_set_share_mode(vs, mode);
2675
2676 if (vs->vd->num_shared > vs->vd->connections_limit) {
2677 vnc_disconnect_start(vs);
2678 return 0;
2679 }
2680
2681 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2682 pixman_image_get_width(vs->vd->server) >= 0);
2683 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2684 pixman_image_get_height(vs->vd->server) >= 0);
2685 vs->client_width = pixman_image_get_width(vs->vd->server);
2686 vs->client_height = pixman_image_get_height(vs->vd->server);
2687 vnc_write_u16(vs, vs->client_width);
2688 vnc_write_u16(vs, vs->client_height);
2689
2690 pixel_format_message(vs);
2691
2692 if (qemu_name) {
2693 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2694 if (size > sizeof(buf)) {
2695 size = sizeof(buf);
2696 }
2697 } else {
2698 size = snprintf(buf, sizeof(buf), "QEMU");
2699 }
2700
2701 vnc_write_u32(vs, size);
2702 vnc_write(vs, buf, size);
2703 vnc_flush(vs);
2704
2705 vnc_client_cache_auth(vs);
2706 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2707
2708 vnc_read_when(vs, protocol_client_msg, 1);
2709
2710 return 0;
2711 }
2712
2713 void start_client_init(VncState *vs)
2714 {
2715 vnc_read_when(vs, protocol_client_init, 1);
2716 }
2717
2718 static void authentication_failed(VncState *vs)
2719 {
2720 vnc_write_u32(vs, 1); /* Reject auth */
2721 if (vs->minor >= 8) {
2722 static const char err[] = "Authentication failed";
2723 vnc_write_u32(vs, sizeof(err));
2724 vnc_write(vs, err, sizeof(err));
2725 }
2726 vnc_flush(vs);
2727 vnc_client_error(vs);
2728 }
2729
2730 static void
2731 vnc_munge_des_rfb_key(unsigned char *key, size_t nkey)
2732 {
2733 size_t i;
2734 for (i = 0; i < nkey; i++) {
2735 uint8_t r = key[i];
2736 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4;
2737 r = (r & 0xcc) >> 2 | (r & 0x33) << 2;
2738 r = (r & 0xaa) >> 1 | (r & 0x55) << 1;
2739 key[i] = r;
2740 }
2741 }
2742
2743 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2744 {
2745 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2746 size_t i, pwlen;
2747 unsigned char key[8];
2748 time_t now = time(NULL);
2749 QCryptoCipher *cipher = NULL;
2750 Error *err = NULL;
2751
2752 if (!vs->vd->password) {
2753 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2754 goto reject;
2755 }
2756 if (vs->vd->expires < now) {
2757 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2758 goto reject;
2759 }
2760
2761 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2762
2763 /* Calculate the expected challenge response */
2764 pwlen = strlen(vs->vd->password);
2765 for (i=0; i<sizeof(key); i++)
2766 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2767 vnc_munge_des_rfb_key(key, sizeof(key));
2768
2769 cipher = qcrypto_cipher_new(
2770 QCRYPTO_CIPHER_ALG_DES,
2771 QCRYPTO_CIPHER_MODE_ECB,
2772 key, G_N_ELEMENTS(key),
2773 &err);
2774 if (!cipher) {
2775 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2776 error_get_pretty(err));
2777 error_free(err);
2778 goto reject;
2779 }
2780
2781 if (qcrypto_cipher_encrypt(cipher,
2782 vs->challenge,
2783 response,
2784 VNC_AUTH_CHALLENGE_SIZE,
2785 &err) < 0) {
2786 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2787 error_get_pretty(err));
2788 error_free(err);
2789 goto reject;
2790 }
2791
2792 /* Compare expected vs actual challenge response */
2793 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2794 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2795 goto reject;
2796 } else {
2797 trace_vnc_auth_pass(vs, vs->auth);
2798 vnc_write_u32(vs, 0); /* Accept auth */
2799 vnc_flush(vs);
2800
2801 start_client_init(vs);
2802 }
2803
2804 qcrypto_cipher_free(cipher);
2805 return 0;
2806
2807 reject:
2808 authentication_failed(vs);
2809 qcrypto_cipher_free(cipher);
2810 return 0;
2811 }
2812
2813 void start_auth_vnc(VncState *vs)
2814 {
2815 Error *err = NULL;
2816
2817 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2818 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2819 error_get_pretty(err));
2820 error_free(err);
2821 authentication_failed(vs);
2822 return;
2823 }
2824
2825 /* Send client a 'random' challenge */
2826 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2827 vnc_flush(vs);
2828
2829 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2830 }
2831
2832
2833 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2834 {
2835 /* We only advertise 1 auth scheme at a time, so client
2836 * must pick the one we sent. Verify this */
2837 if (data[0] != vs->auth) { /* Reject auth */
2838 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2839 authentication_failed(vs);
2840 } else { /* Accept requested auth */
2841 trace_vnc_auth_start(vs, vs->auth);
2842 switch (vs->auth) {
2843 case VNC_AUTH_NONE:
2844 if (vs->minor >= 8) {
2845 vnc_write_u32(vs, 0); /* Accept auth completion */
2846 vnc_flush(vs);
2847 }
2848 trace_vnc_auth_pass(vs, vs->auth);
2849 start_client_init(vs);
2850 break;
2851
2852 case VNC_AUTH_VNC:
2853 start_auth_vnc(vs);
2854 break;
2855
2856 case VNC_AUTH_VENCRYPT:
2857 start_auth_vencrypt(vs);
2858 break;
2859
2860 #ifdef CONFIG_VNC_SASL
2861 case VNC_AUTH_SASL:
2862 start_auth_sasl(vs);
2863 break;
2864 #endif /* CONFIG_VNC_SASL */
2865
2866 default: /* Should not be possible, but just in case */
2867 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2868 authentication_failed(vs);
2869 }
2870 }
2871 return 0;
2872 }
2873
2874 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2875 {
2876 char local[13];
2877
2878 memcpy(local, version, 12);
2879 local[12] = 0;
2880
2881 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2882 VNC_DEBUG("Malformed protocol version %s\n", local);
2883 vnc_client_error(vs);
2884 return 0;
2885 }
2886 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2887 if (vs->major != 3 ||
2888 (vs->minor != 3 &&
2889 vs->minor != 4 &&
2890 vs->minor != 5 &&
2891 vs->minor != 7 &&
2892 vs->minor != 8)) {
2893 VNC_DEBUG("Unsupported client version\n");
2894 vnc_write_u32(vs, VNC_AUTH_INVALID);
2895 vnc_flush(vs);
2896 vnc_client_error(vs);
2897 return 0;
2898 }
2899 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2900 * as equivalent to v3.3 by servers
2901 */
2902 if (vs->minor == 4 || vs->minor == 5)
2903 vs->minor = 3;
2904
2905 if (vs->minor == 3) {
2906 trace_vnc_auth_start(vs, vs->auth);
2907 if (vs->auth == VNC_AUTH_NONE) {
2908 vnc_write_u32(vs, vs->auth);
2909 vnc_flush(vs);
2910 trace_vnc_auth_pass(vs, vs->auth);
2911 start_client_init(vs);
2912 } else if (vs->auth == VNC_AUTH_VNC) {
2913 VNC_DEBUG("Tell client VNC auth\n");
2914 vnc_write_u32(vs, vs->auth);
2915 vnc_flush(vs);
2916 start_auth_vnc(vs);
2917 } else {
2918 trace_vnc_auth_fail(vs, vs->auth,
2919 "Unsupported auth method for v3.3", "");
2920 vnc_write_u32(vs, VNC_AUTH_INVALID);
2921 vnc_flush(vs);
2922 vnc_client_error(vs);
2923 }
2924 } else {
2925 vnc_write_u8(vs, 1); /* num auth */
2926 vnc_write_u8(vs, vs->auth);
2927 vnc_read_when(vs, protocol_client_auth, 1);
2928 vnc_flush(vs);
2929 }
2930
2931 return 0;
2932 }
2933
2934 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2935 {
2936 struct VncSurface *vs = &vd->guest;
2937
2938 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2939 }
2940
2941 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2942 {
2943 int i, j;
2944
2945 w = (x + w) / VNC_STAT_RECT;
2946 h = (y + h) / VNC_STAT_RECT;
2947 x /= VNC_STAT_RECT;
2948 y /= VNC_STAT_RECT;
2949
2950 for (j = y; j <= h; j++) {
2951 for (i = x; i <= w; i++) {
2952 vs->lossy_rect[j][i] = 1;
2953 }
2954 }
2955 }
2956
2957 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2958 {
2959 VncState *vs;
2960 int sty = y / VNC_STAT_RECT;
2961 int stx = x / VNC_STAT_RECT;
2962 int has_dirty = 0;
2963
2964 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2965 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2966
2967 QTAILQ_FOREACH(vs, &vd->clients, next) {
2968 int j;
2969
2970 /* kernel send buffers are full -> refresh later */
2971 if (vs->output.offset) {
2972 continue;
2973 }
2974
2975 if (!vs->lossy_rect[sty][stx]) {
2976 continue;
2977 }
2978
2979 vs->lossy_rect[sty][stx] = 0;
2980 for (j = 0; j < VNC_STAT_RECT; ++j) {
2981 bitmap_set(vs->dirty[y + j],
2982 x / VNC_DIRTY_PIXELS_PER_BIT,
2983 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2984 }
2985 has_dirty++;
2986 }
2987
2988 return has_dirty;
2989 }
2990
2991 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2992 {
2993 int width = MIN(pixman_image_get_width(vd->guest.fb),
2994 pixman_image_get_width(vd->server));
2995 int height = MIN(pixman_image_get_height(vd->guest.fb),
2996 pixman_image_get_height(vd->server));
2997 int x, y;
2998 struct timeval res;
2999 int has_dirty = 0;
3000
3001 for (y = 0; y < height; y += VNC_STAT_RECT) {
3002 for (x = 0; x < width; x += VNC_STAT_RECT) {
3003 VncRectStat *rect = vnc_stat_rect(vd, x, y);
3004
3005 rect->updated = false;
3006 }
3007 }
3008
3009 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
3010
3011 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
3012 return has_dirty;
3013 }
3014 vd->guest.last_freq_check = *tv;
3015
3016 for (y = 0; y < height; y += VNC_STAT_RECT) {
3017 for (x = 0; x < width; x += VNC_STAT_RECT) {
3018 VncRectStat *rect= vnc_stat_rect(vd, x, y);
3019 int count = ARRAY_SIZE(rect->times);
3020 struct timeval min, max;
3021
3022 if (!timerisset(&rect->times[count - 1])) {
3023 continue ;
3024 }
3025
3026 max = rect->times[(rect->idx + count - 1) % count];
3027 qemu_timersub(tv, &max, &res);
3028
3029 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
3030 rect->freq = 0;
3031 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
3032 memset(rect->times, 0, sizeof (rect->times));
3033 continue ;
3034 }
3035
3036 min = rect->times[rect->idx];
3037 max = rect->times[(rect->idx + count - 1) % count];
3038 qemu_timersub(&max, &min, &res);
3039
3040 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
3041 rect->freq /= count;
3042 rect->freq = 1. / rect->freq;
3043 }
3044 }
3045 return has_dirty;
3046 }
3047
3048 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
3049 {
3050 int i, j;
3051 double total = 0;
3052 int num = 0;
3053
3054 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3055 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3056
3057 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
3058 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
3059 total += vnc_stat_rect(vs->vd, i, j)->freq;
3060 num++;
3061 }
3062 }
3063
3064 if (num) {
3065 return total / num;
3066 } else {
3067 return 0;
3068 }
3069 }
3070
3071 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
3072 {
3073 VncRectStat *rect;
3074
3075 rect = vnc_stat_rect(vd, x, y);
3076 if (rect->updated) {
3077 return;
3078 }
3079 rect->times[rect->idx] = *tv;
3080 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
3081 rect->updated = true;
3082 }
3083
3084 static int vnc_refresh_server_surface(VncDisplay *vd)
3085 {
3086 int width = MIN(pixman_image_get_width(vd->guest.fb),
3087 pixman_image_get_width(vd->server));
3088 int height = MIN(pixman_image_get_height(vd->guest.fb),
3089 pixman_image_get_height(vd->server));
3090 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
3091 uint8_t *guest_row0 = NULL, *server_row0;
3092 VncState *vs;
3093 int has_dirty = 0;
3094 pixman_image_t *tmpbuf = NULL;
3095 unsigned long offset;
3096 int x;
3097 uint8_t *guest_ptr, *server_ptr;
3098
3099 struct timeval tv = { 0, 0 };
3100
3101 if (!vd->non_adaptive) {
3102 gettimeofday(&tv, NULL);
3103 has_dirty = vnc_update_stats(vd, &tv);
3104 }
3105
3106 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3107 height * VNC_DIRTY_BPL(&vd->guest), 0);
3108 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3109 /* no dirty bits in guest surface */
3110 return has_dirty;
3111 }
3112
3113 /*
3114 * Walk through the guest dirty map.
3115 * Check and copy modified bits from guest to server surface.
3116 * Update server dirty map.
3117 */
3118 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
3119 server_stride = guest_stride = guest_ll =
3120 pixman_image_get_stride(vd->server);
3121 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
3122 server_stride);
3123 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3124 int width = pixman_image_get_width(vd->server);
3125 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
3126 } else {
3127 int guest_bpp =
3128 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
3129 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
3130 guest_stride = pixman_image_get_stride(vd->guest.fb);
3131 guest_ll = pixman_image_get_width(vd->guest.fb)
3132 * DIV_ROUND_UP(guest_bpp, 8);
3133 }
3134 line_bytes = MIN(server_stride, guest_ll);
3135
3136 for (;;) {
3137 y = offset / VNC_DIRTY_BPL(&vd->guest);
3138 x = offset % VNC_DIRTY_BPL(&vd->guest);
3139
3140 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
3141
3142 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3143 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
3144 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
3145 } else {
3146 guest_ptr = guest_row0 + y * guest_stride;
3147 }
3148 guest_ptr += x * cmp_bytes;
3149
3150 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
3151 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
3152 int _cmp_bytes = cmp_bytes;
3153 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3154 continue;
3155 }
3156 if ((x + 1) * cmp_bytes > line_bytes) {
3157 _cmp_bytes = line_bytes - x * cmp_bytes;
3158 }
3159 assert(_cmp_bytes >= 0);
3160 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3161 continue;
3162 }
3163 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3164 if (!vd->non_adaptive) {
3165 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3166 y, &tv);
3167 }
3168 QTAILQ_FOREACH(vs, &vd->clients, next) {
3169 set_bit(x, vs->dirty[y]);
3170 }
3171 has_dirty++;
3172 }
3173
3174 y++;
3175 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3176 height * VNC_DIRTY_BPL(&vd->guest),
3177 y * VNC_DIRTY_BPL(&vd->guest));
3178 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3179 /* no more dirty bits */
3180 break;
3181 }
3182 }
3183 qemu_pixman_image_unref(tmpbuf);
3184 return has_dirty;
3185 }
3186
3187 static void vnc_refresh(DisplayChangeListener *dcl)
3188 {
3189 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3190 VncState *vs, *vn;
3191 int has_dirty, rects = 0;
3192
3193 if (QTAILQ_EMPTY(&vd->clients)) {
3194 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3195 return;
3196 }
3197
3198 graphic_hw_update(vd->dcl.con);
3199
3200 if (vnc_trylock_display(vd)) {
3201 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3202 return;
3203 }
3204
3205 has_dirty = vnc_refresh_server_surface(vd);
3206 vnc_unlock_display(vd);
3207
3208 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3209 rects += vnc_update_client(vs, has_dirty);
3210 /* vs might be free()ed here */
3211 }
3212
3213 if (has_dirty && rects) {
3214 vd->dcl.update_interval /= 2;
3215 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3216 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3217 }
3218 } else {
3219 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3220 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3221 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3222 }
3223 }
3224 }
3225
3226 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3227 bool skipauth, bool websocket)
3228 {
3229 VncState *vs = g_new0(VncState, 1);
3230 bool first_client = QTAILQ_EMPTY(&vd->clients);
3231 int i;
3232
3233 trace_vnc_client_connect(vs, sioc);
3234 vs->zrle = g_new0(VncZrle, 1);
3235 vs->tight = g_new0(VncTight, 1);
3236 vs->magic = VNC_MAGIC;
3237 vs->sioc = sioc;
3238 object_ref(OBJECT(vs->sioc));
3239 vs->ioc = QIO_CHANNEL(sioc);
3240 object_ref(OBJECT(vs->ioc));
3241 vs->vd = vd;
3242
3243 buffer_init(&vs->input, "vnc-input/%p", sioc);
3244 buffer_init(&vs->output, "vnc-output/%p", sioc);
3245 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3246
3247 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3248 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3249 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3250 #ifdef CONFIG_VNC_JPEG
3251 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3252 #endif
3253 #ifdef CONFIG_PNG
3254 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3255 #endif
3256 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3257 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3258 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3259 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3260
3261 if (skipauth) {
3262 vs->auth = VNC_AUTH_NONE;
3263 vs->subauth = VNC_AUTH_INVALID;
3264 } else {
3265 if (websocket) {
3266 vs->auth = vd->ws_auth;
3267 vs->subauth = VNC_AUTH_INVALID;
3268 } else {
3269 vs->auth = vd->auth;
3270 vs->subauth = vd->subauth;
3271 }
3272 }
3273 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3274 sioc, websocket, vs->auth, vs->subauth);
3275
3276 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3277 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3278 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3279 }
3280
3281 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3282 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3283 qio_channel_set_blocking(vs->ioc, false, NULL);
3284 if (vs->ioc_tag) {
3285 g_source_remove(vs->ioc_tag);
3286 }
3287 if (websocket) {
3288 vs->websocket = 1;
3289 if (vd->tlscreds) {
3290 vs->ioc_tag = qio_channel_add_watch(
3291 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3292 vncws_tls_handshake_io, vs, NULL);
3293 } else {
3294 vs->ioc_tag = qio_channel_add_watch(
3295 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3296 vncws_handshake_io, vs, NULL);
3297 }
3298 } else {
3299 vs->ioc_tag = qio_channel_add_watch(
3300 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3301 vnc_client_io, vs, NULL);
3302 }
3303
3304 vnc_client_cache_addr(vs);
3305 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3306 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3307
3308 vs->last_x = -1;
3309 vs->last_y = -1;
3310
3311 vs->as.freq = 44100;
3312 vs->as.nchannels = 2;
3313 vs->as.fmt = AUDIO_FORMAT_S16;
3314 vs->as.endianness = 0;
3315
3316 qemu_mutex_init(&vs->output_mutex);
3317 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3318
3319 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3320 if (first_client) {
3321 vnc_update_server_surface(vd);
3322 }
3323
3324 graphic_hw_update(vd->dcl.con);
3325
3326 if (!vs->websocket) {
3327 vnc_start_protocol(vs);
3328 }
3329
3330 if (vd->num_connecting > vd->connections_limit) {
3331 QTAILQ_FOREACH(vs, &vd->clients, next) {
3332 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3333 vnc_disconnect_start(vs);
3334 return;
3335 }
3336 }
3337 }
3338 }
3339
3340 void vnc_start_protocol(VncState *vs)
3341 {
3342 vnc_write(vs, "RFB 003.008\n", 12);
3343 vnc_flush(vs);
3344 vnc_read_when(vs, protocol_version, 12);
3345
3346 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3347 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3348 }
3349
3350 static void vnc_listen_io(QIONetListener *listener,
3351 QIOChannelSocket *cioc,
3352 void *opaque)
3353 {
3354 VncDisplay *vd = opaque;
3355 bool isWebsock = listener == vd->wslistener;
3356
3357 qio_channel_set_name(QIO_CHANNEL(cioc),
3358 isWebsock ? "vnc-ws-server" : "vnc-server");
3359 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3360 vnc_connect(vd, cioc, false, isWebsock);
3361 }
3362
3363 static const DisplayChangeListenerOps dcl_ops = {
3364 .dpy_name = "vnc",
3365 .dpy_refresh = vnc_refresh,
3366 .dpy_gfx_update = vnc_dpy_update,
3367 .dpy_gfx_switch = vnc_dpy_switch,
3368 .dpy_gfx_check_format = qemu_pixman_check_format,
3369 .dpy_mouse_set = vnc_mouse_set,
3370 .dpy_cursor_define = vnc_dpy_cursor_define,
3371 };
3372
3373 void vnc_display_init(const char *id, Error **errp)
3374 {
3375 VncDisplay *vd;
3376
3377 if (vnc_display_find(id) != NULL) {
3378 return;
3379 }
3380 vd = g_malloc0(sizeof(*vd));
3381
3382 vd->id = strdup(id);
3383 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3384
3385 QTAILQ_INIT(&vd->clients);
3386 vd->expires = TIME_MAX;
3387
3388 if (keyboard_layout) {
3389 trace_vnc_key_map_init(keyboard_layout);
3390 vd->kbd_layout = init_keyboard_layout(name2keysym,
3391 keyboard_layout, errp);
3392 } else {
3393 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3394 }
3395
3396 if (!vd->kbd_layout) {
3397 return;
3398 }
3399
3400 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3401 vd->connections_limit = 32;
3402
3403 qemu_mutex_init(&vd->mutex);
3404 vnc_start_worker_thread();
3405
3406 vd->dcl.ops = &dcl_ops;
3407 register_displaychangelistener(&vd->dcl);
3408 vd->kbd = qkbd_state_init(vd->dcl.con);
3409 }
3410
3411
3412 static void vnc_display_close(VncDisplay *vd)
3413 {
3414 if (!vd) {
3415 return;
3416 }
3417 vd->is_unix = false;
3418
3419 if (vd->listener) {
3420 qio_net_listener_disconnect(vd->listener);
3421 object_unref(OBJECT(vd->listener));
3422 }
3423 vd->listener = NULL;
3424
3425 if (vd->wslistener) {
3426 qio_net_listener_disconnect(vd->wslistener);
3427 object_unref(OBJECT(vd->wslistener));
3428 }
3429 vd->wslistener = NULL;
3430
3431 vd->auth = VNC_AUTH_INVALID;
3432 vd->subauth = VNC_AUTH_INVALID;
3433 if (vd->tlscreds) {
3434 object_unref(OBJECT(vd->tlscreds));
3435 vd->tlscreds = NULL;
3436 }
3437 if (vd->tlsauthz) {
3438 object_unparent(OBJECT(vd->tlsauthz));
3439 vd->tlsauthz = NULL;
3440 }
3441 g_free(vd->tlsauthzid);
3442 vd->tlsauthzid = NULL;
3443 if (vd->lock_key_sync) {
3444 qemu_remove_led_event_handler(vd->led);
3445 vd->led = NULL;
3446 }
3447 #ifdef CONFIG_VNC_SASL
3448 if (vd->sasl.authz) {
3449 object_unparent(OBJECT(vd->sasl.authz));
3450 vd->sasl.authz = NULL;
3451 }
3452 g_free(vd->sasl.authzid);
3453 vd->sasl.authzid = NULL;
3454 #endif
3455 }
3456
3457 int vnc_display_password(const char *id, const char *password)
3458 {
3459 VncDisplay *vd = vnc_display_find(id);
3460
3461 if (!vd) {
3462 return -EINVAL;
3463 }
3464 if (vd->auth == VNC_AUTH_NONE) {
3465 error_printf_unless_qmp("If you want use passwords please enable "
3466 "password auth using '-vnc ${dpy},password'.\n");
3467 return -EINVAL;
3468 }
3469
3470 g_free(vd->password);
3471 vd->password = g_strdup(password);
3472
3473 return 0;
3474 }
3475
3476 int vnc_display_pw_expire(const char *id, time_t expires)
3477 {
3478 VncDisplay *vd = vnc_display_find(id);
3479
3480 if (!vd) {
3481 return -EINVAL;
3482 }
3483
3484 vd->expires = expires;
3485 return 0;
3486 }
3487
3488 static void vnc_display_print_local_addr(VncDisplay *vd)
3489 {
3490 SocketAddress *addr;
3491
3492 if (!vd->listener || !vd->listener->nsioc) {
3493 return;
3494 }
3495
3496 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3497 if (!addr) {
3498 return;
3499 }
3500
3501 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3502 qapi_free_SocketAddress(addr);
3503 return;
3504 }
3505 error_printf_unless_qmp("VNC server running on %s:%s\n",
3506 addr->u.inet.host,
3507 addr->u.inet.port);
3508 qapi_free_SocketAddress(addr);
3509 }
3510
3511 static QemuOptsList qemu_vnc_opts = {
3512 .name = "vnc",
3513 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3514 .implied_opt_name = "vnc",
3515 .desc = {
3516 {
3517 .name = "vnc",
3518 .type = QEMU_OPT_STRING,
3519 },{
3520 .name = "websocket",
3521 .type = QEMU_OPT_STRING,
3522 },{
3523 .name = "tls-creds",
3524 .type = QEMU_OPT_STRING,
3525 },{
3526 .name = "share",
3527 .type = QEMU_OPT_STRING,
3528 },{
3529 .name = "display",
3530 .type = QEMU_OPT_STRING,
3531 },{
3532 .name = "head",
3533 .type = QEMU_OPT_NUMBER,
3534 },{
3535 .name = "connections",
3536 .type = QEMU_OPT_NUMBER,
3537 },{
3538 .name = "to",
3539 .type = QEMU_OPT_NUMBER,
3540 },{
3541 .name = "ipv4",
3542 .type = QEMU_OPT_BOOL,
3543 },{
3544 .name = "ipv6",
3545 .type = QEMU_OPT_BOOL,
3546 },{
3547 .name = "password",
3548 .type = QEMU_OPT_BOOL,
3549 },{
3550 .name = "password-secret",
3551 .type = QEMU_OPT_STRING,
3552 },{
3553 .name = "reverse",
3554 .type = QEMU_OPT_BOOL,
3555 },{
3556 .name = "lock-key-sync",
3557 .type = QEMU_OPT_BOOL,
3558 },{
3559 .name = "key-delay-ms",
3560 .type = QEMU_OPT_NUMBER,
3561 },{
3562 .name = "sasl",
3563 .type = QEMU_OPT_BOOL,
3564 },{
3565 .name = "tls-authz",
3566 .type = QEMU_OPT_STRING,
3567 },{
3568 .name = "sasl-authz",
3569 .type = QEMU_OPT_STRING,
3570 },{
3571 .name = "lossy",
3572 .type = QEMU_OPT_BOOL,
3573 },{
3574 .name = "non-adaptive",
3575 .type = QEMU_OPT_BOOL,
3576 },{
3577 .name = "audiodev",
3578 .type = QEMU_OPT_STRING,
3579 },{
3580 .name = "power-control",
3581 .type = QEMU_OPT_BOOL,
3582 },
3583 { /* end of list */ }
3584 },
3585 };
3586
3587
3588 static int
3589 vnc_display_setup_auth(int *auth,
3590 int *subauth,
3591 QCryptoTLSCreds *tlscreds,
3592 bool password,
3593 bool sasl,
3594 bool websocket,
3595 Error **errp)
3596 {
3597 /*
3598 * We have a choice of 3 authentication options
3599 *
3600 * 1. none
3601 * 2. vnc
3602 * 3. sasl
3603 *
3604 * The channel can be run in 2 modes
3605 *
3606 * 1. clear
3607 * 2. tls
3608 *
3609 * And TLS can use 2 types of credentials
3610 *
3611 * 1. anon
3612 * 2. x509
3613 *
3614 * We thus have 9 possible logical combinations
3615 *
3616 * 1. clear + none
3617 * 2. clear + vnc
3618 * 3. clear + sasl
3619 * 4. tls + anon + none
3620 * 5. tls + anon + vnc
3621 * 6. tls + anon + sasl
3622 * 7. tls + x509 + none
3623 * 8. tls + x509 + vnc
3624 * 9. tls + x509 + sasl
3625 *
3626 * These need to be mapped into the VNC auth schemes
3627 * in an appropriate manner. In regular VNC, all the
3628 * TLS options get mapped into VNC_AUTH_VENCRYPT
3629 * sub-auth types.
3630 *
3631 * In websockets, the https:// protocol already provides
3632 * TLS support, so there is no need to make use of the
3633 * VeNCrypt extension. Furthermore, websockets browser
3634 * clients could not use VeNCrypt even if they wanted to,
3635 * as they cannot control when the TLS handshake takes
3636 * place. Thus there is no option but to rely on https://,
3637 * meaning combinations 4->6 and 7->9 will be mapped to
3638 * VNC auth schemes in the same way as combos 1->3.
3639 *
3640 * Regardless of fact that we have a different mapping to
3641 * VNC auth mechs for plain VNC vs websockets VNC, the end
3642 * result has the same security characteristics.
3643 */
3644 if (websocket || !tlscreds) {
3645 if (password) {
3646 VNC_DEBUG("Initializing VNC server with password auth\n");
3647 *auth = VNC_AUTH_VNC;
3648 } else if (sasl) {
3649 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3650 *auth = VNC_AUTH_SASL;
3651 } else {
3652 VNC_DEBUG("Initializing VNC server with no auth\n");
3653 *auth = VNC_AUTH_NONE;
3654 }
3655 *subauth = VNC_AUTH_INVALID;
3656 } else {
3657 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3658 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3659 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3660 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3661
3662 if (!is_x509 && !is_anon) {
3663 error_setg(errp,
3664 "Unsupported TLS cred type %s",
3665 object_get_typename(OBJECT(tlscreds)));
3666 return -1;
3667 }
3668 *auth = VNC_AUTH_VENCRYPT;
3669 if (password) {
3670 if (is_x509) {
3671 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3672 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3673 } else {
3674 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3675 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3676 }
3677
3678 } else if (sasl) {
3679 if (is_x509) {
3680 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3681 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3682 } else {
3683 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3684 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3685 }
3686 } else {
3687 if (is_x509) {
3688 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3689 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3690 } else {
3691 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3692 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3693 }
3694 }
3695 }
3696 return 0;
3697 }
3698
3699
3700 static int vnc_display_get_address(const char *addrstr,
3701 bool websocket,
3702 bool reverse,
3703 int displaynum,
3704 int to,
3705 bool has_ipv4,
3706 bool has_ipv6,
3707 bool ipv4,
3708 bool ipv6,
3709 SocketAddress **retaddr,
3710 Error **errp)
3711 {
3712 int ret = -1;
3713 SocketAddress *addr = NULL;
3714
3715 addr = g_new0(SocketAddress, 1);
3716
3717 if (strncmp(addrstr, "unix:", 5) == 0) {
3718 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3719 addr->u.q_unix.path = g_strdup(addrstr + 5);
3720
3721 if (websocket) {
3722 error_setg(errp, "UNIX sockets not supported with websock");
3723 goto cleanup;
3724 }
3725
3726 if (to) {
3727 error_setg(errp, "Port range not support with UNIX socket");
3728 goto cleanup;
3729 }
3730 ret = 0;
3731 } else {
3732 const char *port;
3733 size_t hostlen;
3734 unsigned long long baseport = 0;
3735 InetSocketAddress *inet;
3736
3737 port = strrchr(addrstr, ':');
3738 if (!port) {
3739 if (websocket) {
3740 hostlen = 0;
3741 port = addrstr;
3742 } else {
3743 error_setg(errp, "no vnc port specified");
3744 goto cleanup;
3745 }
3746 } else {
3747 hostlen = port - addrstr;
3748 port++;
3749 if (*port == '\0') {
3750 error_setg(errp, "vnc port cannot be empty");
3751 goto cleanup;
3752 }
3753 }
3754
3755 addr->type = SOCKET_ADDRESS_TYPE_INET;
3756 inet = &addr->u.inet;
3757 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3758 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3759 } else {
3760 inet->host = g_strndup(addrstr, hostlen);
3761 }
3762 /* plain VNC port is just an offset, for websocket
3763 * port is absolute */
3764 if (websocket) {
3765 if (g_str_equal(addrstr, "") ||
3766 g_str_equal(addrstr, "on")) {
3767 if (displaynum == -1) {
3768 error_setg(errp, "explicit websocket port is required");
3769 goto cleanup;
3770 }
3771 inet->port = g_strdup_printf(
3772 "%d", displaynum + 5700);
3773 if (to) {
3774 inet->has_to = true;
3775 inet->to = to + 5700;
3776 }
3777 } else {
3778 inet->port = g_strdup(port);
3779 }
3780 } else {
3781 int offset = reverse ? 0 : 5900;
3782 if (parse_uint_full(port, &baseport, 10) < 0) {
3783 error_setg(errp, "can't convert to a number: %s", port);
3784 goto cleanup;
3785 }
3786 if (baseport > 65535 ||
3787 baseport + offset > 65535) {
3788 error_setg(errp, "port %s out of range", port);
3789 goto cleanup;
3790 }
3791 inet->port = g_strdup_printf(
3792 "%d", (int)baseport + offset);
3793
3794 if (to) {
3795 inet->has_to = true;
3796 inet->to = to + offset;
3797 }
3798 }
3799
3800 inet->ipv4 = ipv4;
3801 inet->has_ipv4 = has_ipv4;
3802 inet->ipv6 = ipv6;
3803 inet->has_ipv6 = has_ipv6;
3804
3805 ret = baseport;
3806 }
3807
3808 *retaddr = addr;
3809
3810 cleanup:
3811 if (ret < 0) {
3812 qapi_free_SocketAddress(addr);
3813 }
3814 return ret;
3815 }
3816
3817 static int vnc_display_get_addresses(QemuOpts *opts,
3818 bool reverse,
3819 SocketAddressList **saddr_list_ret,
3820 SocketAddressList **wsaddr_list_ret,
3821 Error **errp)
3822 {
3823 SocketAddress *saddr = NULL;
3824 SocketAddress *wsaddr = NULL;
3825 g_autoptr(SocketAddressList) saddr_list = NULL;
3826 SocketAddressList **saddr_tail = &saddr_list;
3827 SocketAddress *single_saddr = NULL;
3828 g_autoptr(SocketAddressList) wsaddr_list = NULL;
3829 SocketAddressList **wsaddr_tail = &wsaddr_list;
3830 QemuOptsIter addriter;
3831 const char *addr;
3832 int to = qemu_opt_get_number(opts, "to", 0);
3833 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3834 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3835 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3836 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3837 int displaynum = -1;
3838
3839 addr = qemu_opt_get(opts, "vnc");
3840 if (addr == NULL || g_str_equal(addr, "none")) {
3841 return 0;
3842 }
3843 if (qemu_opt_get(opts, "websocket") &&
3844 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3845 error_setg(errp,
3846 "SHA1 hash support is required for websockets");
3847 return -1;
3848 }
3849
3850 qemu_opt_iter_init(&addriter, opts, "vnc");
3851 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3852 int rv;
3853 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3854 has_ipv4, has_ipv6,
3855 ipv4, ipv6,
3856 &saddr, errp);
3857 if (rv < 0) {
3858 return -1;
3859 }
3860 /* Historical compat - first listen address can be used
3861 * to set the default websocket port
3862 */
3863 if (displaynum == -1) {
3864 displaynum = rv;
3865 }
3866 QAPI_LIST_APPEND(saddr_tail, saddr);
3867 }
3868
3869 if (saddr_list && !saddr_list->next) {
3870 single_saddr = saddr_list->value;
3871 } else {
3872 /*
3873 * If we had multiple primary displays, we don't do defaults
3874 * for websocket, and require explicit config instead.
3875 */
3876 displaynum = -1;
3877 }
3878
3879 qemu_opt_iter_init(&addriter, opts, "websocket");
3880 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3881 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3882 has_ipv4, has_ipv6,
3883 ipv4, ipv6,
3884 &wsaddr, errp) < 0) {
3885 return -1;
3886 }
3887
3888 /* Historical compat - if only a single listen address was
3889 * provided, then this is used to set the default listen
3890 * address for websocket too
3891 */
3892 if (single_saddr &&
3893 single_saddr->type == SOCKET_ADDRESS_TYPE_INET &&
3894 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3895 g_str_equal(wsaddr->u.inet.host, "") &&
3896 !g_str_equal(single_saddr->u.inet.host, "")) {
3897 g_free(wsaddr->u.inet.host);
3898 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host);
3899 }
3900
3901 QAPI_LIST_APPEND(wsaddr_tail, wsaddr);
3902 }
3903
3904 *saddr_list_ret = g_steal_pointer(&saddr_list);
3905 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list);
3906 return 0;
3907 }
3908
3909 static int vnc_display_connect(VncDisplay *vd,
3910 SocketAddressList *saddr_list,
3911 SocketAddressList *wsaddr_list,
3912 Error **errp)
3913 {
3914 /* connect to viewer */
3915 QIOChannelSocket *sioc = NULL;
3916 if (wsaddr_list) {
3917 error_setg(errp, "Cannot use websockets in reverse mode");
3918 return -1;
3919 }
3920 if (!saddr_list || saddr_list->next) {
3921 error_setg(errp, "Expected a single address in reverse mode");
3922 return -1;
3923 }
3924 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3925 vd->is_unix = saddr_list->value->type == SOCKET_ADDRESS_TYPE_UNIX;
3926 sioc = qio_channel_socket_new();
3927 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3928 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) {
3929 object_unref(OBJECT(sioc));
3930 return -1;
3931 }
3932 vnc_connect(vd, sioc, false, false);
3933 object_unref(OBJECT(sioc));
3934 return 0;
3935 }
3936
3937
3938 static int vnc_display_listen(VncDisplay *vd,
3939 SocketAddressList *saddr_list,
3940 SocketAddressList *wsaddr_list,
3941 Error **errp)
3942 {
3943 SocketAddressList *el;
3944
3945 if (saddr_list) {
3946 vd->listener = qio_net_listener_new();
3947 qio_net_listener_set_name(vd->listener, "vnc-listen");
3948 for (el = saddr_list; el; el = el->next) {
3949 if (qio_net_listener_open_sync(vd->listener,
3950 el->value, 1,
3951 errp) < 0) {
3952 return -1;
3953 }
3954 }
3955
3956 qio_net_listener_set_client_func(vd->listener,
3957 vnc_listen_io, vd, NULL);
3958 }
3959
3960 if (wsaddr_list) {
3961 vd->wslistener = qio_net_listener_new();
3962 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3963 for (el = wsaddr_list; el; el = el->next) {
3964 if (qio_net_listener_open_sync(vd->wslistener,
3965 el->value, 1,
3966 errp) < 0) {
3967 return -1;
3968 }
3969 }
3970
3971 qio_net_listener_set_client_func(vd->wslistener,
3972 vnc_listen_io, vd, NULL);
3973 }
3974
3975 return 0;
3976 }
3977
3978 bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp)
3979 {
3980 VncDisplay *vd = vnc_display_find(NULL);
3981
3982 if (!vd) {
3983 error_setg(errp, "Can not find vnc display");
3984 return false;
3985 }
3986
3987 if (arg->has_addresses) {
3988 if (vd->listener) {
3989 qio_net_listener_disconnect(vd->listener);
3990 object_unref(OBJECT(vd->listener));
3991 vd->listener = NULL;
3992 }
3993
3994 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) {
3995 return false;
3996 }
3997 }
3998
3999 return true;
4000 }
4001
4002 void vnc_display_open(const char *id, Error **errp)
4003 {
4004 VncDisplay *vd = vnc_display_find(id);
4005 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
4006 g_autoptr(SocketAddressList) saddr_list = NULL;
4007 g_autoptr(SocketAddressList) wsaddr_list = NULL;
4008 const char *share, *device_id;
4009 QemuConsole *con;
4010 bool password = false;
4011 bool reverse = false;
4012 const char *credid;
4013 bool sasl = false;
4014 const char *tlsauthz;
4015 const char *saslauthz;
4016 int lock_key_sync = 1;
4017 int key_delay_ms;
4018 const char *audiodev;
4019 const char *passwordSecret;
4020
4021 if (!vd) {
4022 error_setg(errp, "VNC display not active");
4023 return;
4024 }
4025 vnc_display_close(vd);
4026
4027 if (!opts) {
4028 return;
4029 }
4030
4031 reverse = qemu_opt_get_bool(opts, "reverse", false);
4032 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list,
4033 errp) < 0) {
4034 goto fail;
4035 }
4036
4037
4038 passwordSecret = qemu_opt_get(opts, "password-secret");
4039 if (passwordSecret) {
4040 if (qemu_opt_get(opts, "password")) {
4041 error_setg(errp,
4042 "'password' flag is redundant with 'password-secret'");
4043 goto fail;
4044 }
4045 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret,
4046 errp);
4047 if (!vd->password) {
4048 goto fail;
4049 }
4050 password = true;
4051 } else {
4052 password = qemu_opt_get_bool(opts, "password", false);
4053 }
4054 if (password) {
4055 if (!qcrypto_cipher_supports(
4056 QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB)) {
4057 error_setg(errp,
4058 "Cipher backend does not support DES algorithm");
4059 goto fail;
4060 }
4061 }
4062
4063 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
4064 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
4065 sasl = qemu_opt_get_bool(opts, "sasl", false);
4066 #ifndef CONFIG_VNC_SASL
4067 if (sasl) {
4068 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4069 goto fail;
4070 }
4071 #endif /* CONFIG_VNC_SASL */
4072 credid = qemu_opt_get(opts, "tls-creds");
4073 if (credid) {
4074 Object *creds;
4075 creds = object_resolve_path_component(
4076 object_get_objects_root(), credid);
4077 if (!creds) {
4078 error_setg(errp, "No TLS credentials with id '%s'",
4079 credid);
4080 goto fail;
4081 }
4082 vd->tlscreds = (QCryptoTLSCreds *)
4083 object_dynamic_cast(creds,
4084 TYPE_QCRYPTO_TLS_CREDS);
4085 if (!vd->tlscreds) {
4086 error_setg(errp, "Object with id '%s' is not TLS credentials",
4087 credid);
4088 goto fail;
4089 }
4090 object_ref(OBJECT(vd->tlscreds));
4091
4092 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds,
4093 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
4094 errp)) {
4095 goto fail;
4096 }
4097 }
4098 tlsauthz = qemu_opt_get(opts, "tls-authz");
4099 if (tlsauthz && !vd->tlscreds) {
4100 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
4101 goto fail;
4102 }
4103
4104 saslauthz = qemu_opt_get(opts, "sasl-authz");
4105 if (saslauthz && !sasl) {
4106 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4107 goto fail;
4108 }
4109
4110 share = qemu_opt_get(opts, "share");
4111 if (share) {
4112 if (strcmp(share, "ignore") == 0) {
4113 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
4114 } else if (strcmp(share, "allow-exclusive") == 0) {
4115 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4116 } else if (strcmp(share, "force-shared") == 0) {
4117 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4118 } else {
4119 error_setg(errp, "unknown vnc share= option");
4120 goto fail;
4121 }
4122 } else {
4123 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4124 }
4125 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4126
4127 #ifdef CONFIG_VNC_JPEG
4128 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4129 #endif
4130 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4131 /* adaptive updates are only used with tight encoding and
4132 * if lossy updates are enabled so we can disable all the
4133 * calculations otherwise */
4134 if (!vd->lossy) {
4135 vd->non_adaptive = true;
4136 }
4137
4138 vd->power_control = qemu_opt_get_bool(opts, "power-control", false);
4139
4140 if (tlsauthz) {
4141 vd->tlsauthzid = g_strdup(tlsauthz);
4142 }
4143 #ifdef CONFIG_VNC_SASL
4144 if (sasl) {
4145 if (saslauthz) {
4146 vd->sasl.authzid = g_strdup(saslauthz);
4147 }
4148 }
4149 #endif
4150
4151 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4152 vd->tlscreds, password,
4153 sasl, false, errp) < 0) {
4154 goto fail;
4155 }
4156 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4157
4158 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4159 vd->tlscreds, password,
4160 sasl, true, errp) < 0) {
4161 goto fail;
4162 }
4163 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4164
4165 #ifdef CONFIG_VNC_SASL
4166 if (sasl && !vnc_sasl_server_init(errp)) {
4167 goto fail;
4168 }
4169 #endif
4170 vd->lock_key_sync = lock_key_sync;
4171 if (lock_key_sync) {
4172 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4173 }
4174 vd->ledstate = 0;
4175
4176 audiodev = qemu_opt_get(opts, "audiodev");
4177 if (audiodev) {
4178 vd->audio_state = audio_state_by_name(audiodev);
4179 if (!vd->audio_state) {
4180 error_setg(errp, "Audiodev '%s' not found", audiodev);
4181 goto fail;
4182 }
4183 }
4184
4185 device_id = qemu_opt_get(opts, "display");
4186 if (device_id) {
4187 int head = qemu_opt_get_number(opts, "head", 0);
4188 Error *err = NULL;
4189
4190 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4191 if (err) {
4192 error_propagate(errp, err);
4193 goto fail;
4194 }
4195 } else {
4196 con = NULL;
4197 }
4198
4199 if (con != vd->dcl.con) {
4200 qkbd_state_free(vd->kbd);
4201 unregister_displaychangelistener(&vd->dcl);
4202 vd->dcl.con = con;
4203 register_displaychangelistener(&vd->dcl);
4204 vd->kbd = qkbd_state_init(vd->dcl.con);
4205 }
4206 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4207
4208 if (saddr_list == NULL) {
4209 return;
4210 }
4211
4212 if (reverse) {
4213 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) {
4214 goto fail;
4215 }
4216 } else {
4217 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) {
4218 goto fail;
4219 }
4220 }
4221
4222 if (qemu_opt_get(opts, "to")) {
4223 vnc_display_print_local_addr(vd);
4224 }
4225
4226 /* Success */
4227 return;
4228
4229 fail:
4230 vnc_display_close(vd);
4231 }
4232
4233 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4234 {
4235 VncDisplay *vd = vnc_display_find(id);
4236 QIOChannelSocket *sioc;
4237
4238 if (!vd) {
4239 return;
4240 }
4241
4242 sioc = qio_channel_socket_new_fd(csock, NULL);
4243 if (sioc) {
4244 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4245 vnc_connect(vd, sioc, skipauth, false);
4246 object_unref(OBJECT(sioc));
4247 }
4248 }
4249
4250 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4251 {
4252 int i = 2;
4253 char *id;
4254
4255 id = g_strdup("default");
4256 while (qemu_opts_find(olist, id)) {
4257 g_free(id);
4258 id = g_strdup_printf("vnc%d", i++);
4259 }
4260 qemu_opts_set_id(opts, id);
4261 }
4262
4263 void vnc_parse(const char *str)
4264 {
4265 QemuOptsList *olist = qemu_find_opts("vnc");
4266 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str));
4267 const char *id;
4268
4269 if (!opts) {
4270 exit(1);
4271 }
4272
4273 id = qemu_opts_id(opts);
4274 if (!id) {
4275 /* auto-assign id if not present */
4276 vnc_auto_assign_id(olist, opts);
4277 }
4278 }
4279
4280 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4281 {
4282 Error *local_err = NULL;
4283 char *id = (char *)qemu_opts_id(opts);
4284
4285 assert(id);
4286 vnc_display_init(id, &local_err);
4287 if (local_err) {
4288 error_propagate(errp, local_err);
4289 return -1;
4290 }
4291 vnc_display_open(id, &local_err);
4292 if (local_err != NULL) {
4293 error_propagate(errp, local_err);
4294 return -1;
4295 }
4296 return 0;
4297 }
4298
4299 static void vnc_register_config(void)
4300 {
4301 qemu_add_opts(&qemu_vnc_opts);
4302 }
4303 opts_init(vnc_register_config);
AR7 emulation for QEMU