search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
block: Make bdrv_is_allocated_above() byte-based
[qemu/ar7.git] / ui / vnc.c
blob26136f5d29e37adf2177f901cc7616a16c28accc
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "sysemu/sysemu.h"
32 #include "qemu/error-report.h"
33 #include "qemu/sockets.h"
34 #include "qemu/timer.h"
35 #include "qemu/acl.h"
36 #include "qemu/config-file.h"
37 #include "qapi/qmp/qerror.h"
38 #include "qapi/qmp/types.h"
39 #include "qmp-commands.h"
40 #include "ui/input.h"
41 #include "qapi-event.h"
42 #include "crypto/hash.h"
43 #include "crypto/tlscredsanon.h"
44 #include "crypto/tlscredsx509.h"
45 #include "qom/object_interfaces.h"
46 #include "qemu/cutils.h"
47 #include "io/dns-resolver.h"
48
49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50 #define VNC_REFRESH_INTERVAL_INC 50
51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55 #include "vnc_keysym.h"
56 #include "crypto/cipher.h"
57
58 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61 static int vnc_cursor_define(VncState *vs);
62 static void vnc_release_modifiers(VncState *vs);
63
64 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
65 {
66 #ifdef _VNC_DEBUG
67 static const char *mn[] = {
68 [0] = "undefined",
69 [VNC_SHARE_MODE_CONNECTING] = "connecting",
70 [VNC_SHARE_MODE_SHARED] = "shared",
71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
73 };
74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
75 vs->ioc, mn[vs->share_mode], mn[mode]);
76 #endif
77
78 switch (vs->share_mode) {
79 case VNC_SHARE_MODE_CONNECTING:
80 vs->vd->num_connecting--;
81 break;
82 case VNC_SHARE_MODE_SHARED:
83 vs->vd->num_shared--;
84 break;
85 case VNC_SHARE_MODE_EXCLUSIVE:
86 vs->vd->num_exclusive--;
87 break;
88 default:
89 break;
90 }
91
92 vs->share_mode = mode;
93
94 switch (vs->share_mode) {
95 case VNC_SHARE_MODE_CONNECTING:
96 vs->vd->num_connecting++;
97 break;
98 case VNC_SHARE_MODE_SHARED:
99 vs->vd->num_shared++;
100 break;
101 case VNC_SHARE_MODE_EXCLUSIVE:
102 vs->vd->num_exclusive++;
103 break;
104 default:
105 break;
106 }
107 }
108
109
110 static void vnc_init_basic_info(SocketAddress *addr,
111 VncBasicInfo *info,
112 Error **errp)
113 {
114 switch (addr->type) {
115 case SOCKET_ADDRESS_TYPE_INET:
116 info->host = g_strdup(addr->u.inet.host);
117 info->service = g_strdup(addr->u.inet.port);
118 if (addr->u.inet.ipv6) {
119 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
120 } else {
121 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
122 }
123 break;
124
125 case SOCKET_ADDRESS_TYPE_UNIX:
126 info->host = g_strdup("");
127 info->service = g_strdup(addr->u.q_unix.path);
128 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
129 break;
130
131 case SOCKET_ADDRESS_TYPE_VSOCK:
132 case SOCKET_ADDRESS_TYPE_FD:
133 error_setg(errp, "Unsupported socket address type %s",
134 SocketAddressType_lookup[addr->type]);
135 break;
136 default:
137 abort();
138 }
139
140 return;
141 }
142
143 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
144 VncBasicInfo *info,
145 Error **errp)
146 {
147 SocketAddress *addr = NULL;
148
149 if (!ioc) {
150 error_setg(errp, "No listener socket available");
151 return;
152 }
153
154 addr = qio_channel_socket_get_local_address(ioc, errp);
155 if (!addr) {
156 return;
157 }
158
159 vnc_init_basic_info(addr, info, errp);
160 qapi_free_SocketAddress(addr);
161 }
162
163 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
164 VncBasicInfo *info,
165 Error **errp)
166 {
167 SocketAddress *addr = NULL;
168
169 addr = qio_channel_socket_get_remote_address(ioc, errp);
170 if (!addr) {
171 return;
172 }
173
174 vnc_init_basic_info(addr, info, errp);
175 qapi_free_SocketAddress(addr);
176 }
177
178 static const char *vnc_auth_name(VncDisplay *vd) {
179 switch (vd->auth) {
180 case VNC_AUTH_INVALID:
181 return "invalid";
182 case VNC_AUTH_NONE:
183 return "none";
184 case VNC_AUTH_VNC:
185 return "vnc";
186 case VNC_AUTH_RA2:
187 return "ra2";
188 case VNC_AUTH_RA2NE:
189 return "ra2ne";
190 case VNC_AUTH_TIGHT:
191 return "tight";
192 case VNC_AUTH_ULTRA:
193 return "ultra";
194 case VNC_AUTH_TLS:
195 return "tls";
196 case VNC_AUTH_VENCRYPT:
197 switch (vd->subauth) {
198 case VNC_AUTH_VENCRYPT_PLAIN:
199 return "vencrypt+plain";
200 case VNC_AUTH_VENCRYPT_TLSNONE:
201 return "vencrypt+tls+none";
202 case VNC_AUTH_VENCRYPT_TLSVNC:
203 return "vencrypt+tls+vnc";
204 case VNC_AUTH_VENCRYPT_TLSPLAIN:
205 return "vencrypt+tls+plain";
206 case VNC_AUTH_VENCRYPT_X509NONE:
207 return "vencrypt+x509+none";
208 case VNC_AUTH_VENCRYPT_X509VNC:
209 return "vencrypt+x509+vnc";
210 case VNC_AUTH_VENCRYPT_X509PLAIN:
211 return "vencrypt+x509+plain";
212 case VNC_AUTH_VENCRYPT_TLSSASL:
213 return "vencrypt+tls+sasl";
214 case VNC_AUTH_VENCRYPT_X509SASL:
215 return "vencrypt+x509+sasl";
216 default:
217 return "vencrypt";
218 }
219 case VNC_AUTH_SASL:
220 return "sasl";
221 }
222 return "unknown";
223 }
224
225 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
226 {
227 VncServerInfo *info;
228 Error *err = NULL;
229
230 if (!vd->nlsock) {
231 return NULL;
232 }
233
234 info = g_malloc0(sizeof(*info));
235 vnc_init_basic_info_from_server_addr(vd->lsock[0],
236 qapi_VncServerInfo_base(info), &err);
237 info->has_auth = true;
238 info->auth = g_strdup(vnc_auth_name(vd));
239 if (err) {
240 qapi_free_VncServerInfo(info);
241 info = NULL;
242 error_free(err);
243 }
244 return info;
245 }
246
247 static void vnc_client_cache_auth(VncState *client)
248 {
249 if (!client->info) {
250 return;
251 }
252
253 if (client->tls) {
254 client->info->x509_dname =
255 qcrypto_tls_session_get_peer_name(client->tls);
256 client->info->has_x509_dname =
257 client->info->x509_dname != NULL;
258 }
259 #ifdef CONFIG_VNC_SASL
260 if (client->sasl.conn &&
261 client->sasl.username) {
262 client->info->has_sasl_username = true;
263 client->info->sasl_username = g_strdup(client->sasl.username);
264 }
265 #endif
266 }
267
268 static void vnc_client_cache_addr(VncState *client)
269 {
270 Error *err = NULL;
271
272 client->info = g_malloc0(sizeof(*client->info));
273 vnc_init_basic_info_from_remote_addr(client->sioc,
274 qapi_VncClientInfo_base(client->info),
275 &err);
276 if (err) {
277 qapi_free_VncClientInfo(client->info);
278 client->info = NULL;
279 error_free(err);
280 }
281 }
282
283 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
284 {
285 VncServerInfo *si;
286
287 if (!vs->info) {
288 return;
289 }
290
291 si = vnc_server_info_get(vs->vd);
292 if (!si) {
293 return;
294 }
295
296 switch (event) {
297 case QAPI_EVENT_VNC_CONNECTED:
298 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
299 &error_abort);
300 break;
301 case QAPI_EVENT_VNC_INITIALIZED:
302 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
303 break;
304 case QAPI_EVENT_VNC_DISCONNECTED:
305 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
306 break;
307 default:
308 break;
309 }
310
311 qapi_free_VncServerInfo(si);
312 }
313
314 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
315 {
316 VncClientInfo *info;
317 Error *err = NULL;
318
319 info = g_malloc0(sizeof(*info));
320
321 vnc_init_basic_info_from_remote_addr(client->sioc,
322 qapi_VncClientInfo_base(info),
323 &err);
324 if (err) {
325 error_free(err);
326 qapi_free_VncClientInfo(info);
327 return NULL;
328 }
329
330 info->websocket = client->websocket;
331
332 if (client->tls) {
333 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
334 info->has_x509_dname = info->x509_dname != NULL;
335 }
336 #ifdef CONFIG_VNC_SASL
337 if (client->sasl.conn && client->sasl.username) {
338 info->has_sasl_username = true;
339 info->sasl_username = g_strdup(client->sasl.username);
340 }
341 #endif
342
343 return info;
344 }
345
346 static VncDisplay *vnc_display_find(const char *id)
347 {
348 VncDisplay *vd;
349
350 if (id == NULL) {
351 return QTAILQ_FIRST(&vnc_displays);
352 }
353 QTAILQ_FOREACH(vd, &vnc_displays, next) {
354 if (strcmp(id, vd->id) == 0) {
355 return vd;
356 }
357 }
358 return NULL;
359 }
360
361 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
362 {
363 VncClientInfoList *cinfo, *prev = NULL;
364 VncState *client;
365
366 QTAILQ_FOREACH(client, &vd->clients, next) {
367 cinfo = g_new0(VncClientInfoList, 1);
368 cinfo->value = qmp_query_vnc_client(client);
369 cinfo->next = prev;
370 prev = cinfo;
371 }
372 return prev;
373 }
374
375 VncInfo *qmp_query_vnc(Error **errp)
376 {
377 VncInfo *info = g_malloc0(sizeof(*info));
378 VncDisplay *vd = vnc_display_find(NULL);
379 SocketAddress *addr = NULL;
380
381 if (vd == NULL || !vd->nlsock) {
382 info->enabled = false;
383 } else {
384 info->enabled = true;
385
386 /* for compatibility with the original command */
387 info->has_clients = true;
388 info->clients = qmp_query_client_list(vd);
389
390 if (vd->lsock == NULL) {
391 return info;
392 }
393
394 addr = qio_channel_socket_get_local_address(vd->lsock[0], errp);
395 if (!addr) {
396 goto out_error;
397 }
398
399 switch (addr->type) {
400 case SOCKET_ADDRESS_TYPE_INET:
401 info->host = g_strdup(addr->u.inet.host);
402 info->service = g_strdup(addr->u.inet.port);
403 if (addr->u.inet.ipv6) {
404 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
405 } else {
406 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
407 }
408 break;
409
410 case SOCKET_ADDRESS_TYPE_UNIX:
411 info->host = g_strdup("");
412 info->service = g_strdup(addr->u.q_unix.path);
413 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
414 break;
415
416 case SOCKET_ADDRESS_TYPE_VSOCK:
417 case SOCKET_ADDRESS_TYPE_FD:
418 error_setg(errp, "Unsupported socket address type %s",
419 SocketAddressType_lookup[addr->type]);
420 goto out_error;
421 default:
422 abort();
423 }
424
425 info->has_host = true;
426 info->has_service = true;
427 info->has_family = true;
428
429 info->has_auth = true;
430 info->auth = g_strdup(vnc_auth_name(vd));
431 }
432
433 qapi_free_SocketAddress(addr);
434 return info;
435
436 out_error:
437 qapi_free_SocketAddress(addr);
438 qapi_free_VncInfo(info);
439 return NULL;
440 }
441
442
443 static void qmp_query_auth(int auth, int subauth,
444 VncPrimaryAuth *qmp_auth,
445 VncVencryptSubAuth *qmp_vencrypt,
446 bool *qmp_has_vencrypt);
447
448 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
449 bool websocket,
450 int auth,
451 int subauth,
452 VncServerInfo2List *prev)
453 {
454 VncServerInfo2List *list;
455 VncServerInfo2 *info;
456 Error *err = NULL;
457 SocketAddress *addr;
458
459 addr = qio_channel_socket_get_local_address(ioc, &err);
460 if (!addr) {
461 error_free(err);
462 return prev;
463 }
464
465 info = g_new0(VncServerInfo2, 1);
466 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
467 qapi_free_SocketAddress(addr);
468 if (err) {
469 qapi_free_VncServerInfo2(info);
470 error_free(err);
471 return prev;
472 }
473 info->websocket = websocket;
474
475 qmp_query_auth(auth, subauth, &info->auth,
476 &info->vencrypt, &info->has_vencrypt);
477
478 list = g_new0(VncServerInfo2List, 1);
479 list->value = info;
480 list->next = prev;
481 return list;
482 }
483
484 static void qmp_query_auth(int auth, int subauth,
485 VncPrimaryAuth *qmp_auth,
486 VncVencryptSubAuth *qmp_vencrypt,
487 bool *qmp_has_vencrypt)
488 {
489 switch (auth) {
490 case VNC_AUTH_VNC:
491 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
492 break;
493 case VNC_AUTH_RA2:
494 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
495 break;
496 case VNC_AUTH_RA2NE:
497 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
498 break;
499 case VNC_AUTH_TIGHT:
500 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
501 break;
502 case VNC_AUTH_ULTRA:
503 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
504 break;
505 case VNC_AUTH_TLS:
506 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
507 break;
508 case VNC_AUTH_VENCRYPT:
509 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
510 *qmp_has_vencrypt = true;
511 switch (subauth) {
512 case VNC_AUTH_VENCRYPT_PLAIN:
513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
514 break;
515 case VNC_AUTH_VENCRYPT_TLSNONE:
516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
517 break;
518 case VNC_AUTH_VENCRYPT_TLSVNC:
519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
520 break;
521 case VNC_AUTH_VENCRYPT_TLSPLAIN:
522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
523 break;
524 case VNC_AUTH_VENCRYPT_X509NONE:
525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
526 break;
527 case VNC_AUTH_VENCRYPT_X509VNC:
528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
529 break;
530 case VNC_AUTH_VENCRYPT_X509PLAIN:
531 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
532 break;
533 case VNC_AUTH_VENCRYPT_TLSSASL:
534 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
535 break;
536 case VNC_AUTH_VENCRYPT_X509SASL:
537 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
538 break;
539 default:
540 *qmp_has_vencrypt = false;
541 break;
542 }
543 break;
544 case VNC_AUTH_SASL:
545 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
546 break;
547 case VNC_AUTH_NONE:
548 default:
549 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
550 break;
551 }
552 }
553
554 VncInfo2List *qmp_query_vnc_servers(Error **errp)
555 {
556 VncInfo2List *item, *prev = NULL;
557 VncInfo2 *info;
558 VncDisplay *vd;
559 DeviceState *dev;
560 size_t i;
561
562 QTAILQ_FOREACH(vd, &vnc_displays, next) {
563 info = g_new0(VncInfo2, 1);
564 info->id = g_strdup(vd->id);
565 info->clients = qmp_query_client_list(vd);
566 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
567 &info->vencrypt, &info->has_vencrypt);
568 if (vd->dcl.con) {
569 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
570 "device", NULL));
571 info->has_display = true;
572 info->display = g_strdup(dev->id);
573 }
574 for (i = 0; i < vd->nlsock; i++) {
575 info->server = qmp_query_server_entry(
576 vd->lsock[i], false, vd->auth, vd->subauth, info->server);
577 }
578 for (i = 0; i < vd->nlwebsock; i++) {
579 info->server = qmp_query_server_entry(
580 vd->lwebsock[i], true, vd->ws_auth,
581 vd->ws_subauth, info->server);
582 }
583
584 item = g_new0(VncInfo2List, 1);
585 item->value = info;
586 item->next = prev;
587 prev = item;
588 }
589 return prev;
590 }
591
592 /* TODO
593 1) Get the queue working for IO.
594 2) there is some weirdness when using the -S option (the screen is grey
595 and not totally invalidated
596 3) resolutions > 1024
597 */
598
599 static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
600 static void vnc_disconnect_start(VncState *vs);
601
602 static void vnc_colordepth(VncState *vs);
603 static void framebuffer_update_request(VncState *vs, int incremental,
604 int x_position, int y_position,
605 int w, int h);
606 static void vnc_refresh(DisplayChangeListener *dcl);
607 static int vnc_refresh_server_surface(VncDisplay *vd);
608
609 static int vnc_width(VncDisplay *vd)
610 {
611 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
612 VNC_DIRTY_PIXELS_PER_BIT));
613 }
614
615 static int vnc_height(VncDisplay *vd)
616 {
617 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
618 }
619
620 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
621 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
622 VncDisplay *vd,
623 int x, int y, int w, int h)
624 {
625 int width = vnc_width(vd);
626 int height = vnc_height(vd);
627
628 /* this is needed this to ensure we updated all affected
629 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
630 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
631 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
632
633 x = MIN(x, width);
634 y = MIN(y, height);
635 w = MIN(x + w, width) - x;
636 h = MIN(y + h, height);
637
638 for (; y < h; y++) {
639 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
640 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
641 }
642 }
643
644 static void vnc_dpy_update(DisplayChangeListener *dcl,
645 int x, int y, int w, int h)
646 {
647 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
648 struct VncSurface *s = &vd->guest;
649
650 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
651 }
652
653 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
654 int32_t encoding)
655 {
656 vnc_write_u16(vs, x);
657 vnc_write_u16(vs, y);
658 vnc_write_u16(vs, w);
659 vnc_write_u16(vs, h);
660
661 vnc_write_s32(vs, encoding);
662 }
663
664
665 static void vnc_desktop_resize(VncState *vs)
666 {
667 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
668 return;
669 }
670 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
671 vs->client_height == pixman_image_get_height(vs->vd->server)) {
672 return;
673 }
674 vs->client_width = pixman_image_get_width(vs->vd->server);
675 vs->client_height = pixman_image_get_height(vs->vd->server);
676 vnc_lock_output(vs);
677 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
678 vnc_write_u8(vs, 0);
679 vnc_write_u16(vs, 1); /* number of rects */
680 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
681 VNC_ENCODING_DESKTOPRESIZE);
682 vnc_unlock_output(vs);
683 vnc_flush(vs);
684 }
685
686 static void vnc_abort_display_jobs(VncDisplay *vd)
687 {
688 VncState *vs;
689
690 QTAILQ_FOREACH(vs, &vd->clients, next) {
691 vnc_lock_output(vs);
692 vs->abort = true;
693 vnc_unlock_output(vs);
694 }
695 QTAILQ_FOREACH(vs, &vd->clients, next) {
696 vnc_jobs_join(vs);
697 }
698 QTAILQ_FOREACH(vs, &vd->clients, next) {
699 vnc_lock_output(vs);
700 vs->abort = false;
701 vnc_unlock_output(vs);
702 }
703 }
704
705 int vnc_server_fb_stride(VncDisplay *vd)
706 {
707 return pixman_image_get_stride(vd->server);
708 }
709
710 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
711 {
712 uint8_t *ptr;
713
714 ptr = (uint8_t *)pixman_image_get_data(vd->server);
715 ptr += y * vnc_server_fb_stride(vd);
716 ptr += x * VNC_SERVER_FB_BYTES;
717 return ptr;
718 }
719
720 static void vnc_update_server_surface(VncDisplay *vd)
721 {
722 int width, height;
723
724 qemu_pixman_image_unref(vd->server);
725 vd->server = NULL;
726
727 if (QTAILQ_EMPTY(&vd->clients)) {
728 return;
729 }
730
731 width = vnc_width(vd);
732 height = vnc_height(vd);
733 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
734 width, height,
735 NULL, 0);
736
737 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
738 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
739 width, height);
740 }
741
742 static void vnc_dpy_switch(DisplayChangeListener *dcl,
743 DisplaySurface *surface)
744 {
745 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
746 VncState *vs;
747
748 vnc_abort_display_jobs(vd);
749 vd->ds = surface;
750
751 /* server surface */
752 vnc_update_server_surface(vd);
753
754 /* guest surface */
755 qemu_pixman_image_unref(vd->guest.fb);
756 vd->guest.fb = pixman_image_ref(surface->image);
757 vd->guest.format = surface->format;
758
759 QTAILQ_FOREACH(vs, &vd->clients, next) {
760 vnc_colordepth(vs);
761 vnc_desktop_resize(vs);
762 if (vs->vd->cursor) {
763 vnc_cursor_define(vs);
764 }
765 memset(vs->dirty, 0x00, sizeof(vs->dirty));
766 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
767 vnc_width(vd),
768 vnc_height(vd));
769 }
770 }
771
772 /* fastest code */
773 static void vnc_write_pixels_copy(VncState *vs,
774 void *pixels, int size)
775 {
776 vnc_write(vs, pixels, size);
777 }
778
779 /* slowest but generic code. */
780 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
781 {
782 uint8_t r, g, b;
783
784 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
785 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
786 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
787 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
788 #else
789 # error need some bits here if you change VNC_SERVER_FB_FORMAT
790 #endif
791 v = (r << vs->client_pf.rshift) |
792 (g << vs->client_pf.gshift) |
793 (b << vs->client_pf.bshift);
794 switch (vs->client_pf.bytes_per_pixel) {
795 case 1:
796 buf[0] = v;
797 break;
798 case 2:
799 if (vs->client_be) {
800 buf[0] = v >> 8;
801 buf[1] = v;
802 } else {
803 buf[1] = v >> 8;
804 buf[0] = v;
805 }
806 break;
807 default:
808 case 4:
809 if (vs->client_be) {
810 buf[0] = v >> 24;
811 buf[1] = v >> 16;
812 buf[2] = v >> 8;
813 buf[3] = v;
814 } else {
815 buf[3] = v >> 24;
816 buf[2] = v >> 16;
817 buf[1] = v >> 8;
818 buf[0] = v;
819 }
820 break;
821 }
822 }
823
824 static void vnc_write_pixels_generic(VncState *vs,
825 void *pixels1, int size)
826 {
827 uint8_t buf[4];
828
829 if (VNC_SERVER_FB_BYTES == 4) {
830 uint32_t *pixels = pixels1;
831 int n, i;
832 n = size >> 2;
833 for (i = 0; i < n; i++) {
834 vnc_convert_pixel(vs, buf, pixels[i]);
835 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
836 }
837 }
838 }
839
840 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
841 {
842 int i;
843 uint8_t *row;
844 VncDisplay *vd = vs->vd;
845
846 row = vnc_server_fb_ptr(vd, x, y);
847 for (i = 0; i < h; i++) {
848 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
849 row += vnc_server_fb_stride(vd);
850 }
851 return 1;
852 }
853
854 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
855 {
856 int n = 0;
857 bool encode_raw = false;
858 size_t saved_offs = vs->output.offset;
859
860 switch(vs->vnc_encoding) {
861 case VNC_ENCODING_ZLIB:
862 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
863 break;
864 case VNC_ENCODING_HEXTILE:
865 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
866 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
867 break;
868 case VNC_ENCODING_TIGHT:
869 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
870 break;
871 case VNC_ENCODING_TIGHT_PNG:
872 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
873 break;
874 case VNC_ENCODING_ZRLE:
875 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
876 break;
877 case VNC_ENCODING_ZYWRLE:
878 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
879 break;
880 default:
881 encode_raw = true;
882 break;
883 }
884
885 /* If the client has the same pixel format as our internal buffer and
886 * a RAW encoding would need less space fall back to RAW encoding to
887 * save bandwidth and processing power in the client. */
888 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
889 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
890 vs->output.offset = saved_offs;
891 encode_raw = true;
892 }
893
894 if (encode_raw) {
895 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
896 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
897 }
898
899 return n;
900 }
901
902 static void vnc_mouse_set(DisplayChangeListener *dcl,
903 int x, int y, int visible)
904 {
905 /* can we ask the client(s) to move the pointer ??? */
906 }
907
908 static int vnc_cursor_define(VncState *vs)
909 {
910 QEMUCursor *c = vs->vd->cursor;
911 int isize;
912
913 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
914 vnc_lock_output(vs);
915 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
916 vnc_write_u8(vs, 0); /* padding */
917 vnc_write_u16(vs, 1); /* # of rects */
918 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
919 VNC_ENCODING_RICH_CURSOR);
920 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
921 vnc_write_pixels_generic(vs, c->data, isize);
922 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
923 vnc_unlock_output(vs);
924 return 0;
925 }
926 return -1;
927 }
928
929 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
930 QEMUCursor *c)
931 {
932 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
933 VncState *vs;
934
935 cursor_put(vd->cursor);
936 g_free(vd->cursor_mask);
937
938 vd->cursor = c;
939 cursor_get(vd->cursor);
940 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
941 vd->cursor_mask = g_malloc0(vd->cursor_msize);
942 cursor_get_mono_mask(c, 0, vd->cursor_mask);
943
944 QTAILQ_FOREACH(vs, &vd->clients, next) {
945 vnc_cursor_define(vs);
946 }
947 }
948
949 static int find_and_clear_dirty_height(VncState *vs,
950 int y, int last_x, int x, int height)
951 {
952 int h;
953
954 for (h = 1; h < (height - y); h++) {
955 if (!test_bit(last_x, vs->dirty[y + h])) {
956 break;
957 }
958 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
959 }
960
961 return h;
962 }
963
964 static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
965 {
966 if (vs->disconnecting) {
967 vnc_disconnect_finish(vs);
968 return 0;
969 }
970
971 vs->has_dirty += has_dirty;
972 if (vs->need_update && !vs->disconnecting) {
973 VncDisplay *vd = vs->vd;
974 VncJob *job;
975 int y;
976 int height, width;
977 int n = 0;
978
979 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
980 /* kernel send buffers are full -> drop frames to throttle */
981 return 0;
982
983 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
984 return 0;
985
986 /*
987 * Send screen updates to the vnc client using the server
988 * surface and server dirty map. guest surface updates
989 * happening in parallel don't disturb us, the next pass will
990 * send them to the client.
991 */
992 job = vnc_job_new(vs);
993
994 height = pixman_image_get_height(vd->server);
995 width = pixman_image_get_width(vd->server);
996
997 y = 0;
998 for (;;) {
999 int x, h;
1000 unsigned long x2;
1001 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1002 height * VNC_DIRTY_BPL(vs),
1003 y * VNC_DIRTY_BPL(vs));
1004 if (offset == height * VNC_DIRTY_BPL(vs)) {
1005 /* no more dirty bits */
1006 break;
1007 }
1008 y = offset / VNC_DIRTY_BPL(vs);
1009 x = offset % VNC_DIRTY_BPL(vs);
1010 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1011 VNC_DIRTY_BPL(vs), x);
1012 bitmap_clear(vs->dirty[y], x, x2 - x);
1013 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1014 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1015 if (x2 > x) {
1016 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1017 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1018 }
1019 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1020 y += h;
1021 if (y == height) {
1022 break;
1023 }
1024 }
1025 }
1026
1027 vnc_job_push(job);
1028 if (sync) {
1029 vnc_jobs_join(vs);
1030 }
1031 vs->force_update = 0;
1032 vs->has_dirty = 0;
1033 return n;
1034 }
1035
1036 if (vs->disconnecting) {
1037 vnc_disconnect_finish(vs);
1038 } else if (sync) {
1039 vnc_jobs_join(vs);
1040 }
1041
1042 return 0;
1043 }
1044
1045 /* audio */
1046 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1047 {
1048 VncState *vs = opaque;
1049
1050 switch (cmd) {
1051 case AUD_CNOTIFY_DISABLE:
1052 vnc_lock_output(vs);
1053 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1054 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1055 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1056 vnc_unlock_output(vs);
1057 vnc_flush(vs);
1058 break;
1059
1060 case AUD_CNOTIFY_ENABLE:
1061 vnc_lock_output(vs);
1062 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1063 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1064 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1065 vnc_unlock_output(vs);
1066 vnc_flush(vs);
1067 break;
1068 }
1069 }
1070
1071 static void audio_capture_destroy(void *opaque)
1072 {
1073 }
1074
1075 static void audio_capture(void *opaque, void *buf, int size)
1076 {
1077 VncState *vs = opaque;
1078
1079 vnc_lock_output(vs);
1080 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1081 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1082 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1083 vnc_write_u32(vs, size);
1084 vnc_write(vs, buf, size);
1085 vnc_unlock_output(vs);
1086 vnc_flush(vs);
1087 }
1088
1089 static void audio_add(VncState *vs)
1090 {
1091 struct audio_capture_ops ops;
1092
1093 if (vs->audio_cap) {
1094 error_report("audio already running");
1095 return;
1096 }
1097
1098 ops.notify = audio_capture_notify;
1099 ops.destroy = audio_capture_destroy;
1100 ops.capture = audio_capture;
1101
1102 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1103 if (!vs->audio_cap) {
1104 error_report("Failed to add audio capture");
1105 }
1106 }
1107
1108 static void audio_del(VncState *vs)
1109 {
1110 if (vs->audio_cap) {
1111 AUD_del_capture(vs->audio_cap, vs);
1112 vs->audio_cap = NULL;
1113 }
1114 }
1115
1116 static void vnc_disconnect_start(VncState *vs)
1117 {
1118 if (vs->disconnecting) {
1119 return;
1120 }
1121 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1122 if (vs->ioc_tag) {
1123 g_source_remove(vs->ioc_tag);
1124 }
1125 qio_channel_close(vs->ioc, NULL);
1126 vs->disconnecting = TRUE;
1127 }
1128
1129 void vnc_disconnect_finish(VncState *vs)
1130 {
1131 int i;
1132
1133 vnc_jobs_join(vs); /* Wait encoding jobs */
1134
1135 vnc_lock_output(vs);
1136 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1137
1138 buffer_free(&vs->input);
1139 buffer_free(&vs->output);
1140
1141 qapi_free_VncClientInfo(vs->info);
1142
1143 vnc_zlib_clear(vs);
1144 vnc_tight_clear(vs);
1145 vnc_zrle_clear(vs);
1146
1147 #ifdef CONFIG_VNC_SASL
1148 vnc_sasl_client_cleanup(vs);
1149 #endif /* CONFIG_VNC_SASL */
1150 audio_del(vs);
1151 vnc_release_modifiers(vs);
1152
1153 if (vs->mouse_mode_notifier.notify != NULL) {
1154 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1155 }
1156 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1157 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1158 /* last client gone */
1159 vnc_update_server_surface(vs->vd);
1160 }
1161
1162 vnc_unlock_output(vs);
1163
1164 qemu_mutex_destroy(&vs->output_mutex);
1165 if (vs->bh != NULL) {
1166 qemu_bh_delete(vs->bh);
1167 }
1168 buffer_free(&vs->jobs_buffer);
1169
1170 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1171 g_free(vs->lossy_rect[i]);
1172 }
1173 g_free(vs->lossy_rect);
1174
1175 object_unref(OBJECT(vs->ioc));
1176 vs->ioc = NULL;
1177 object_unref(OBJECT(vs->sioc));
1178 vs->sioc = NULL;
1179 g_free(vs);
1180 }
1181
1182 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1183 {
1184 if (ret <= 0) {
1185 if (ret == 0) {
1186 VNC_DEBUG("Closing down client sock: EOF\n");
1187 vnc_disconnect_start(vs);
1188 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1189 VNC_DEBUG("Closing down client sock: ret %zd (%s)\n",
1190 ret, errp ? error_get_pretty(*errp) : "Unknown");
1191 vnc_disconnect_start(vs);
1192 }
1193
1194 if (errp) {
1195 error_free(*errp);
1196 *errp = NULL;
1197 }
1198 return 0;
1199 }
1200 return ret;
1201 }
1202
1203
1204 void vnc_client_error(VncState *vs)
1205 {
1206 VNC_DEBUG("Closing down client sock: protocol error\n");
1207 vnc_disconnect_start(vs);
1208 }
1209
1210
1211 /*
1212 * Called to write a chunk of data to the client socket. The data may
1213 * be the raw data, or may have already been encoded by SASL.
1214 * The data will be written either straight onto the socket, or
1215 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1216 *
1217 * NB, it is theoretically possible to have 2 layers of encryption,
1218 * both SASL, and this TLS layer. It is highly unlikely in practice
1219 * though, since SASL encryption will typically be a no-op if TLS
1220 * is active
1221 *
1222 * Returns the number of bytes written, which may be less than
1223 * the requested 'datalen' if the socket would block. Returns
1224 * -1 on error, and disconnects the client socket.
1225 */
1226 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1227 {
1228 Error *err = NULL;
1229 ssize_t ret;
1230 ret = qio_channel_write(
1231 vs->ioc, (const char *)data, datalen, &err);
1232 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1233 return vnc_client_io_error(vs, ret, &err);
1234 }
1235
1236
1237 /*
1238 * Called to write buffered data to the client socket, when not
1239 * using any SASL SSF encryption layers. Will write as much data
1240 * as possible without blocking. If all buffered data is written,
1241 * will switch the FD poll() handler back to read monitoring.
1242 *
1243 * Returns the number of bytes written, which may be less than
1244 * the buffered output data if the socket would block. Returns
1245 * -1 on error, and disconnects the client socket.
1246 */
1247 static ssize_t vnc_client_write_plain(VncState *vs)
1248 {
1249 ssize_t ret;
1250
1251 #ifdef CONFIG_VNC_SASL
1252 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1253 vs->output.buffer, vs->output.capacity, vs->output.offset,
1254 vs->sasl.waitWriteSSF);
1255
1256 if (vs->sasl.conn &&
1257 vs->sasl.runSSF &&
1258 vs->sasl.waitWriteSSF) {
1259 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1260 if (ret)
1261 vs->sasl.waitWriteSSF -= ret;
1262 } else
1263 #endif /* CONFIG_VNC_SASL */
1264 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1265 if (!ret)
1266 return 0;
1267
1268 buffer_advance(&vs->output, ret);
1269
1270 if (vs->output.offset == 0) {
1271 if (vs->ioc_tag) {
1272 g_source_remove(vs->ioc_tag);
1273 }
1274 vs->ioc_tag = qio_channel_add_watch(
1275 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1276 }
1277
1278 return ret;
1279 }
1280
1281
1282 /*
1283 * First function called whenever there is data to be written to
1284 * the client socket. Will delegate actual work according to whether
1285 * SASL SSF layers are enabled (thus requiring encryption calls)
1286 */
1287 static void vnc_client_write_locked(VncState *vs)
1288 {
1289 #ifdef CONFIG_VNC_SASL
1290 if (vs->sasl.conn &&
1291 vs->sasl.runSSF &&
1292 !vs->sasl.waitWriteSSF) {
1293 vnc_client_write_sasl(vs);
1294 } else
1295 #endif /* CONFIG_VNC_SASL */
1296 {
1297 vnc_client_write_plain(vs);
1298 }
1299 }
1300
1301 static void vnc_client_write(VncState *vs)
1302 {
1303
1304 vnc_lock_output(vs);
1305 if (vs->output.offset) {
1306 vnc_client_write_locked(vs);
1307 } else if (vs->ioc != NULL) {
1308 if (vs->ioc_tag) {
1309 g_source_remove(vs->ioc_tag);
1310 }
1311 vs->ioc_tag = qio_channel_add_watch(
1312 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1313 }
1314 vnc_unlock_output(vs);
1315 }
1316
1317 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1318 {
1319 vs->read_handler = func;
1320 vs->read_handler_expect = expecting;
1321 }
1322
1323
1324 /*
1325 * Called to read a chunk of data from the client socket. The data may
1326 * be the raw data, or may need to be further decoded by SASL.
1327 * The data will be read either straight from to the socket, or
1328 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1329 *
1330 * NB, it is theoretically possible to have 2 layers of encryption,
1331 * both SASL, and this TLS layer. It is highly unlikely in practice
1332 * though, since SASL encryption will typically be a no-op if TLS
1333 * is active
1334 *
1335 * Returns the number of bytes read, which may be less than
1336 * the requested 'datalen' if the socket would block. Returns
1337 * -1 on error, and disconnects the client socket.
1338 */
1339 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1340 {
1341 ssize_t ret;
1342 Error *err = NULL;
1343 ret = qio_channel_read(
1344 vs->ioc, (char *)data, datalen, &err);
1345 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1346 return vnc_client_io_error(vs, ret, &err);
1347 }
1348
1349
1350 /*
1351 * Called to read data from the client socket to the input buffer,
1352 * when not using any SASL SSF encryption layers. Will read as much
1353 * data as possible without blocking.
1354 *
1355 * Returns the number of bytes read. Returns -1 on error, and
1356 * disconnects the client socket.
1357 */
1358 static ssize_t vnc_client_read_plain(VncState *vs)
1359 {
1360 ssize_t ret;
1361 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1362 vs->input.buffer, vs->input.capacity, vs->input.offset);
1363 buffer_reserve(&vs->input, 4096);
1364 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1365 if (!ret)
1366 return 0;
1367 vs->input.offset += ret;
1368 return ret;
1369 }
1370
1371 static void vnc_jobs_bh(void *opaque)
1372 {
1373 VncState *vs = opaque;
1374
1375 vnc_jobs_consume_buffer(vs);
1376 }
1377
1378 /*
1379 * First function called whenever there is more data to be read from
1380 * the client socket. Will delegate actual work according to whether
1381 * SASL SSF layers are enabled (thus requiring decryption calls)
1382 * Returns 0 on success, -1 if client disconnected
1383 */
1384 static int vnc_client_read(VncState *vs)
1385 {
1386 ssize_t ret;
1387
1388 #ifdef CONFIG_VNC_SASL
1389 if (vs->sasl.conn && vs->sasl.runSSF)
1390 ret = vnc_client_read_sasl(vs);
1391 else
1392 #endif /* CONFIG_VNC_SASL */
1393 ret = vnc_client_read_plain(vs);
1394 if (!ret) {
1395 if (vs->disconnecting) {
1396 vnc_disconnect_finish(vs);
1397 return -1;
1398 }
1399 return 0;
1400 }
1401
1402 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1403 size_t len = vs->read_handler_expect;
1404 int ret;
1405
1406 ret = vs->read_handler(vs, vs->input.buffer, len);
1407 if (vs->disconnecting) {
1408 vnc_disconnect_finish(vs);
1409 return -1;
1410 }
1411
1412 if (!ret) {
1413 buffer_advance(&vs->input, len);
1414 } else {
1415 vs->read_handler_expect = ret;
1416 }
1417 }
1418 return 0;
1419 }
1420
1421 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1422 GIOCondition condition, void *opaque)
1423 {
1424 VncState *vs = opaque;
1425 if (condition & G_IO_IN) {
1426 if (vnc_client_read(vs) < 0) {
1427 return TRUE;
1428 }
1429 }
1430 if (condition & G_IO_OUT) {
1431 vnc_client_write(vs);
1432 }
1433 return TRUE;
1434 }
1435
1436
1437 void vnc_write(VncState *vs, const void *data, size_t len)
1438 {
1439 buffer_reserve(&vs->output, len);
1440
1441 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1442 if (vs->ioc_tag) {
1443 g_source_remove(vs->ioc_tag);
1444 }
1445 vs->ioc_tag = qio_channel_add_watch(
1446 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1447 }
1448
1449 buffer_append(&vs->output, data, len);
1450 }
1451
1452 void vnc_write_s32(VncState *vs, int32_t value)
1453 {
1454 vnc_write_u32(vs, *(uint32_t *)&value);
1455 }
1456
1457 void vnc_write_u32(VncState *vs, uint32_t value)
1458 {
1459 uint8_t buf[4];
1460
1461 buf[0] = (value >> 24) & 0xFF;
1462 buf[1] = (value >> 16) & 0xFF;
1463 buf[2] = (value >> 8) & 0xFF;
1464 buf[3] = value & 0xFF;
1465
1466 vnc_write(vs, buf, 4);
1467 }
1468
1469 void vnc_write_u16(VncState *vs, uint16_t value)
1470 {
1471 uint8_t buf[2];
1472
1473 buf[0] = (value >> 8) & 0xFF;
1474 buf[1] = value & 0xFF;
1475
1476 vnc_write(vs, buf, 2);
1477 }
1478
1479 void vnc_write_u8(VncState *vs, uint8_t value)
1480 {
1481 vnc_write(vs, (char *)&value, 1);
1482 }
1483
1484 void vnc_flush(VncState *vs)
1485 {
1486 vnc_lock_output(vs);
1487 if (vs->ioc != NULL && vs->output.offset) {
1488 vnc_client_write_locked(vs);
1489 }
1490 vnc_unlock_output(vs);
1491 }
1492
1493 static uint8_t read_u8(uint8_t *data, size_t offset)
1494 {
1495 return data[offset];
1496 }
1497
1498 static uint16_t read_u16(uint8_t *data, size_t offset)
1499 {
1500 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1501 }
1502
1503 static int32_t read_s32(uint8_t *data, size_t offset)
1504 {
1505 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1506 (data[offset + 2] << 8) | data[offset + 3]);
1507 }
1508
1509 uint32_t read_u32(uint8_t *data, size_t offset)
1510 {
1511 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1512 (data[offset + 2] << 8) | data[offset + 3]);
1513 }
1514
1515 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1516 {
1517 }
1518
1519 static void check_pointer_type_change(Notifier *notifier, void *data)
1520 {
1521 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1522 int absolute = qemu_input_is_absolute();
1523
1524 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1525 vnc_lock_output(vs);
1526 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1527 vnc_write_u8(vs, 0);
1528 vnc_write_u16(vs, 1);
1529 vnc_framebuffer_update(vs, absolute, 0,
1530 pixman_image_get_width(vs->vd->server),
1531 pixman_image_get_height(vs->vd->server),
1532 VNC_ENCODING_POINTER_TYPE_CHANGE);
1533 vnc_unlock_output(vs);
1534 vnc_flush(vs);
1535 }
1536 vs->absolute = absolute;
1537 }
1538
1539 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1540 {
1541 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1542 [INPUT_BUTTON_LEFT] = 0x01,
1543 [INPUT_BUTTON_MIDDLE] = 0x02,
1544 [INPUT_BUTTON_RIGHT] = 0x04,
1545 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1546 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1547 };
1548 QemuConsole *con = vs->vd->dcl.con;
1549 int width = pixman_image_get_width(vs->vd->server);
1550 int height = pixman_image_get_height(vs->vd->server);
1551
1552 if (vs->last_bmask != button_mask) {
1553 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1554 vs->last_bmask = button_mask;
1555 }
1556
1557 if (vs->absolute) {
1558 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1559 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1560 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1561 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1562 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1563 } else {
1564 if (vs->last_x != -1) {
1565 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1566 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1567 }
1568 vs->last_x = x;
1569 vs->last_y = y;
1570 }
1571 qemu_input_event_sync();
1572 }
1573
1574 static void reset_keys(VncState *vs)
1575 {
1576 int i;
1577 for(i = 0; i < 256; i++) {
1578 if (vs->modifiers_state[i]) {
1579 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1580 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1581 vs->modifiers_state[i] = 0;
1582 }
1583 }
1584 }
1585
1586 static void press_key(VncState *vs, int keysym)
1587 {
1588 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1589 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1590 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1591 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1592 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1593 }
1594
1595 static void vnc_led_state_change(VncState *vs)
1596 {
1597 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1598 return;
1599 }
1600
1601 vnc_lock_output(vs);
1602 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1603 vnc_write_u8(vs, 0);
1604 vnc_write_u16(vs, 1);
1605 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1606 vnc_write_u8(vs, vs->vd->ledstate);
1607 vnc_unlock_output(vs);
1608 vnc_flush(vs);
1609 }
1610
1611 static void kbd_leds(void *opaque, int ledstate)
1612 {
1613 VncDisplay *vd = opaque;
1614 VncState *client;
1615
1616 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1617 (ledstate & QEMU_NUM_LOCK_LED),
1618 (ledstate & QEMU_SCROLL_LOCK_LED));
1619
1620 if (ledstate == vd->ledstate) {
1621 return;
1622 }
1623
1624 vd->ledstate = ledstate;
1625
1626 QTAILQ_FOREACH(client, &vd->clients, next) {
1627 vnc_led_state_change(client);
1628 }
1629 }
1630
1631 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1632 {
1633 /* QEMU console switch */
1634 switch(keycode) {
1635 case 0x2a: /* Left Shift */
1636 case 0x36: /* Right Shift */
1637 case 0x1d: /* Left CTRL */
1638 case 0x9d: /* Right CTRL */
1639 case 0x38: /* Left ALT */
1640 case 0xb8: /* Right ALT */
1641 if (down)
1642 vs->modifiers_state[keycode] = 1;
1643 else
1644 vs->modifiers_state[keycode] = 0;
1645 break;
1646 case 0x02 ... 0x0a: /* '1' to '9' keys */
1647 if (vs->vd->dcl.con == NULL &&
1648 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1649 /* Reset the modifiers sent to the current console */
1650 reset_keys(vs);
1651 console_select(keycode - 0x02);
1652 return;
1653 }
1654 break;
1655 case 0x3a: /* CapsLock */
1656 case 0x45: /* NumLock */
1657 if (down)
1658 vs->modifiers_state[keycode] ^= 1;
1659 break;
1660 }
1661
1662 /* Turn off the lock state sync logic if the client support the led
1663 state extension.
1664 */
1665 if (down && vs->vd->lock_key_sync &&
1666 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1667 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1668 /* If the numlock state needs to change then simulate an additional
1669 keypress before sending this one. This will happen if the user
1670 toggles numlock away from the VNC window.
1671 */
1672 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1673 if (!vs->modifiers_state[0x45]) {
1674 trace_vnc_key_sync_numlock(true);
1675 vs->modifiers_state[0x45] = 1;
1676 press_key(vs, 0xff7f);
1677 }
1678 } else {
1679 if (vs->modifiers_state[0x45]) {
1680 trace_vnc_key_sync_numlock(false);
1681 vs->modifiers_state[0x45] = 0;
1682 press_key(vs, 0xff7f);
1683 }
1684 }
1685 }
1686
1687 if (down && vs->vd->lock_key_sync &&
1688 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1689 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1690 /* If the capslock state needs to change then simulate an additional
1691 keypress before sending this one. This will happen if the user
1692 toggles capslock away from the VNC window.
1693 */
1694 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1695 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1696 int capslock = !!(vs->modifiers_state[0x3a]);
1697 if (capslock) {
1698 if (uppercase == shift) {
1699 trace_vnc_key_sync_capslock(false);
1700 vs->modifiers_state[0x3a] = 0;
1701 press_key(vs, 0xffe5);
1702 }
1703 } else {
1704 if (uppercase != shift) {
1705 trace_vnc_key_sync_capslock(true);
1706 vs->modifiers_state[0x3a] = 1;
1707 press_key(vs, 0xffe5);
1708 }
1709 }
1710 }
1711
1712 if (qemu_console_is_graphic(NULL)) {
1713 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1714 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1715 } else {
1716 bool numlock = vs->modifiers_state[0x45];
1717 bool control = (vs->modifiers_state[0x1d] ||
1718 vs->modifiers_state[0x9d]);
1719 /* QEMU console emulation */
1720 if (down) {
1721 switch (keycode) {
1722 case 0x2a: /* Left Shift */
1723 case 0x36: /* Right Shift */
1724 case 0x1d: /* Left CTRL */
1725 case 0x9d: /* Right CTRL */
1726 case 0x38: /* Left ALT */
1727 case 0xb8: /* Right ALT */
1728 break;
1729 case 0xc8:
1730 kbd_put_keysym(QEMU_KEY_UP);
1731 break;
1732 case 0xd0:
1733 kbd_put_keysym(QEMU_KEY_DOWN);
1734 break;
1735 case 0xcb:
1736 kbd_put_keysym(QEMU_KEY_LEFT);
1737 break;
1738 case 0xcd:
1739 kbd_put_keysym(QEMU_KEY_RIGHT);
1740 break;
1741 case 0xd3:
1742 kbd_put_keysym(QEMU_KEY_DELETE);
1743 break;
1744 case 0xc7:
1745 kbd_put_keysym(QEMU_KEY_HOME);
1746 break;
1747 case 0xcf:
1748 kbd_put_keysym(QEMU_KEY_END);
1749 break;
1750 case 0xc9:
1751 kbd_put_keysym(QEMU_KEY_PAGEUP);
1752 break;
1753 case 0xd1:
1754 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1755 break;
1756
1757 case 0x47:
1758 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1759 break;
1760 case 0x48:
1761 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1762 break;
1763 case 0x49:
1764 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1765 break;
1766 case 0x4b:
1767 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1768 break;
1769 case 0x4c:
1770 kbd_put_keysym('5');
1771 break;
1772 case 0x4d:
1773 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1774 break;
1775 case 0x4f:
1776 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1777 break;
1778 case 0x50:
1779 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1780 break;
1781 case 0x51:
1782 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1783 break;
1784 case 0x52:
1785 kbd_put_keysym('0');
1786 break;
1787 case 0x53:
1788 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1789 break;
1790
1791 case 0xb5:
1792 kbd_put_keysym('/');
1793 break;
1794 case 0x37:
1795 kbd_put_keysym('*');
1796 break;
1797 case 0x4a:
1798 kbd_put_keysym('-');
1799 break;
1800 case 0x4e:
1801 kbd_put_keysym('+');
1802 break;
1803 case 0x9c:
1804 kbd_put_keysym('\n');
1805 break;
1806
1807 default:
1808 if (control) {
1809 kbd_put_keysym(sym & 0x1f);
1810 } else {
1811 kbd_put_keysym(sym);
1812 }
1813 break;
1814 }
1815 }
1816 }
1817 }
1818
1819 static void vnc_release_modifiers(VncState *vs)
1820 {
1821 static const int keycodes[] = {
1822 /* shift, control, alt keys, both left & right */
1823 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1824 };
1825 int i, keycode;
1826
1827 if (!qemu_console_is_graphic(NULL)) {
1828 return;
1829 }
1830 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1831 keycode = keycodes[i];
1832 if (!vs->modifiers_state[keycode]) {
1833 continue;
1834 }
1835 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1836 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1837 }
1838 }
1839
1840 static const char *code2name(int keycode)
1841 {
1842 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
1843 }
1844
1845 static void key_event(VncState *vs, int down, uint32_t sym)
1846 {
1847 int keycode;
1848 int lsym = sym;
1849
1850 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1851 lsym = lsym - 'A' + 'a';
1852 }
1853
1854 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1855 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1856 do_key_event(vs, down, keycode, sym);
1857 }
1858
1859 static void ext_key_event(VncState *vs, int down,
1860 uint32_t sym, uint16_t keycode)
1861 {
1862 /* if the user specifies a keyboard layout, always use it */
1863 if (keyboard_layout) {
1864 key_event(vs, down, sym);
1865 } else {
1866 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1867 do_key_event(vs, down, keycode, sym);
1868 }
1869 }
1870
1871 static void framebuffer_update_request(VncState *vs, int incremental,
1872 int x, int y, int w, int h)
1873 {
1874 vs->need_update = 1;
1875
1876 if (incremental) {
1877 return;
1878 }
1879
1880 vs->force_update = 1;
1881 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1882 }
1883
1884 static void send_ext_key_event_ack(VncState *vs)
1885 {
1886 vnc_lock_output(vs);
1887 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1888 vnc_write_u8(vs, 0);
1889 vnc_write_u16(vs, 1);
1890 vnc_framebuffer_update(vs, 0, 0,
1891 pixman_image_get_width(vs->vd->server),
1892 pixman_image_get_height(vs->vd->server),
1893 VNC_ENCODING_EXT_KEY_EVENT);
1894 vnc_unlock_output(vs);
1895 vnc_flush(vs);
1896 }
1897
1898 static void send_ext_audio_ack(VncState *vs)
1899 {
1900 vnc_lock_output(vs);
1901 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1902 vnc_write_u8(vs, 0);
1903 vnc_write_u16(vs, 1);
1904 vnc_framebuffer_update(vs, 0, 0,
1905 pixman_image_get_width(vs->vd->server),
1906 pixman_image_get_height(vs->vd->server),
1907 VNC_ENCODING_AUDIO);
1908 vnc_unlock_output(vs);
1909 vnc_flush(vs);
1910 }
1911
1912 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1913 {
1914 int i;
1915 unsigned int enc = 0;
1916
1917 vs->features = 0;
1918 vs->vnc_encoding = 0;
1919 vs->tight.compression = 9;
1920 vs->tight.quality = -1; /* Lossless by default */
1921 vs->absolute = -1;
1922
1923 /*
1924 * Start from the end because the encodings are sent in order of preference.
1925 * This way the preferred encoding (first encoding defined in the array)
1926 * will be set at the end of the loop.
1927 */
1928 for (i = n_encodings - 1; i >= 0; i--) {
1929 enc = encodings[i];
1930 switch (enc) {
1931 case VNC_ENCODING_RAW:
1932 vs->vnc_encoding = enc;
1933 break;
1934 case VNC_ENCODING_COPYRECT:
1935 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1936 break;
1937 case VNC_ENCODING_HEXTILE:
1938 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1939 vs->vnc_encoding = enc;
1940 break;
1941 case VNC_ENCODING_TIGHT:
1942 vs->features |= VNC_FEATURE_TIGHT_MASK;
1943 vs->vnc_encoding = enc;
1944 break;
1945 #ifdef CONFIG_VNC_PNG
1946 case VNC_ENCODING_TIGHT_PNG:
1947 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1948 vs->vnc_encoding = enc;
1949 break;
1950 #endif
1951 case VNC_ENCODING_ZLIB:
1952 vs->features |= VNC_FEATURE_ZLIB_MASK;
1953 vs->vnc_encoding = enc;
1954 break;
1955 case VNC_ENCODING_ZRLE:
1956 vs->features |= VNC_FEATURE_ZRLE_MASK;
1957 vs->vnc_encoding = enc;
1958 break;
1959 case VNC_ENCODING_ZYWRLE:
1960 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1961 vs->vnc_encoding = enc;
1962 break;
1963 case VNC_ENCODING_DESKTOPRESIZE:
1964 vs->features |= VNC_FEATURE_RESIZE_MASK;
1965 break;
1966 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1967 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1968 break;
1969 case VNC_ENCODING_RICH_CURSOR:
1970 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1971 if (vs->vd->cursor) {
1972 vnc_cursor_define(vs);
1973 }
1974 break;
1975 case VNC_ENCODING_EXT_KEY_EVENT:
1976 send_ext_key_event_ack(vs);
1977 break;
1978 case VNC_ENCODING_AUDIO:
1979 send_ext_audio_ack(vs);
1980 break;
1981 case VNC_ENCODING_WMVi:
1982 vs->features |= VNC_FEATURE_WMVI_MASK;
1983 break;
1984 case VNC_ENCODING_LED_STATE:
1985 vs->features |= VNC_FEATURE_LED_STATE_MASK;
1986 break;
1987 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1988 vs->tight.compression = (enc & 0x0F);
1989 break;
1990 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1991 if (vs->vd->lossy) {
1992 vs->tight.quality = (enc & 0x0F);
1993 }
1994 break;
1995 default:
1996 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1997 break;
1998 }
1999 }
2000 vnc_desktop_resize(vs);
2001 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2002 vnc_led_state_change(vs);
2003 }
2004
2005 static void set_pixel_conversion(VncState *vs)
2006 {
2007 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2008
2009 if (fmt == VNC_SERVER_FB_FORMAT) {
2010 vs->write_pixels = vnc_write_pixels_copy;
2011 vnc_hextile_set_pixel_conversion(vs, 0);
2012 } else {
2013 vs->write_pixels = vnc_write_pixels_generic;
2014 vnc_hextile_set_pixel_conversion(vs, 1);
2015 }
2016 }
2017
2018 static void send_color_map(VncState *vs)
2019 {
2020 int i;
2021
2022 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2023 vnc_write_u8(vs, 0); /* padding */
2024 vnc_write_u16(vs, 0); /* first color */
2025 vnc_write_u16(vs, 256); /* # of colors */
2026
2027 for (i = 0; i < 256; i++) {
2028 PixelFormat *pf = &vs->client_pf;
2029
2030 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2031 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2032 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2033 }
2034 }
2035
2036 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2037 int big_endian_flag, int true_color_flag,
2038 int red_max, int green_max, int blue_max,
2039 int red_shift, int green_shift, int blue_shift)
2040 {
2041 if (!true_color_flag) {
2042 /* Expose a reasonable default 256 color map */
2043 bits_per_pixel = 8;
2044 red_max = 7;
2045 green_max = 7;
2046 blue_max = 3;
2047 red_shift = 0;
2048 green_shift = 3;
2049 blue_shift = 6;
2050 }
2051
2052 switch (bits_per_pixel) {
2053 case 8:
2054 case 16:
2055 case 32:
2056 break;
2057 default:
2058 vnc_client_error(vs);
2059 return;
2060 }
2061
2062 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2063 vs->client_pf.rbits = ctpopl(red_max);
2064 vs->client_pf.rshift = red_shift;
2065 vs->client_pf.rmask = red_max << red_shift;
2066 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2067 vs->client_pf.gbits = ctpopl(green_max);
2068 vs->client_pf.gshift = green_shift;
2069 vs->client_pf.gmask = green_max << green_shift;
2070 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2071 vs->client_pf.bbits = ctpopl(blue_max);
2072 vs->client_pf.bshift = blue_shift;
2073 vs->client_pf.bmask = blue_max << blue_shift;
2074 vs->client_pf.bits_per_pixel = bits_per_pixel;
2075 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2076 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2077 vs->client_be = big_endian_flag;
2078
2079 if (!true_color_flag) {
2080 send_color_map(vs);
2081 }
2082
2083 set_pixel_conversion(vs);
2084
2085 graphic_hw_invalidate(vs->vd->dcl.con);
2086 graphic_hw_update(vs->vd->dcl.con);
2087 }
2088
2089 static void pixel_format_message (VncState *vs) {
2090 char pad[3] = { 0, 0, 0 };
2091
2092 vs->client_pf = qemu_default_pixelformat(32);
2093
2094 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2095 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2096
2097 #ifdef HOST_WORDS_BIGENDIAN
2098 vnc_write_u8(vs, 1); /* big-endian-flag */
2099 #else
2100 vnc_write_u8(vs, 0); /* big-endian-flag */
2101 #endif
2102 vnc_write_u8(vs, 1); /* true-color-flag */
2103 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2104 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2105 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2106 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2107 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2108 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2109 vnc_write(vs, pad, 3); /* padding */
2110
2111 vnc_hextile_set_pixel_conversion(vs, 0);
2112 vs->write_pixels = vnc_write_pixels_copy;
2113 }
2114
2115 static void vnc_colordepth(VncState *vs)
2116 {
2117 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2118 /* Sending a WMVi message to notify the client*/
2119 vnc_lock_output(vs);
2120 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2121 vnc_write_u8(vs, 0);
2122 vnc_write_u16(vs, 1); /* number of rects */
2123 vnc_framebuffer_update(vs, 0, 0,
2124 pixman_image_get_width(vs->vd->server),
2125 pixman_image_get_height(vs->vd->server),
2126 VNC_ENCODING_WMVi);
2127 pixel_format_message(vs);
2128 vnc_unlock_output(vs);
2129 vnc_flush(vs);
2130 } else {
2131 set_pixel_conversion(vs);
2132 }
2133 }
2134
2135 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2136 {
2137 int i;
2138 uint16_t limit;
2139 VncDisplay *vd = vs->vd;
2140
2141 if (data[0] > 3) {
2142 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2143 }
2144
2145 switch (data[0]) {
2146 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2147 if (len == 1)
2148 return 20;
2149
2150 set_pixel_format(vs, read_u8(data, 4),
2151 read_u8(data, 6), read_u8(data, 7),
2152 read_u16(data, 8), read_u16(data, 10),
2153 read_u16(data, 12), read_u8(data, 14),
2154 read_u8(data, 15), read_u8(data, 16));
2155 break;
2156 case VNC_MSG_CLIENT_SET_ENCODINGS:
2157 if (len == 1)
2158 return 4;
2159
2160 if (len == 4) {
2161 limit = read_u16(data, 2);
2162 if (limit > 0)
2163 return 4 + (limit * 4);
2164 } else
2165 limit = read_u16(data, 2);
2166
2167 for (i = 0; i < limit; i++) {
2168 int32_t val = read_s32(data, 4 + (i * 4));
2169 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2170 }
2171
2172 set_encodings(vs, (int32_t *)(data + 4), limit);
2173 break;
2174 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2175 if (len == 1)
2176 return 10;
2177
2178 framebuffer_update_request(vs,
2179 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2180 read_u16(data, 6), read_u16(data, 8));
2181 break;
2182 case VNC_MSG_CLIENT_KEY_EVENT:
2183 if (len == 1)
2184 return 8;
2185
2186 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2187 break;
2188 case VNC_MSG_CLIENT_POINTER_EVENT:
2189 if (len == 1)
2190 return 6;
2191
2192 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2193 break;
2194 case VNC_MSG_CLIENT_CUT_TEXT:
2195 if (len == 1) {
2196 return 8;
2197 }
2198 if (len == 8) {
2199 uint32_t dlen = read_u32(data, 4);
2200 if (dlen > (1 << 20)) {
2201 error_report("vnc: client_cut_text msg payload has %u bytes"
2202 " which exceeds our limit of 1MB.", dlen);
2203 vnc_client_error(vs);
2204 break;
2205 }
2206 if (dlen > 0) {
2207 return 8 + dlen;
2208 }
2209 }
2210
2211 client_cut_text(vs, read_u32(data, 4), data + 8);
2212 break;
2213 case VNC_MSG_CLIENT_QEMU:
2214 if (len == 1)
2215 return 2;
2216
2217 switch (read_u8(data, 1)) {
2218 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2219 if (len == 2)
2220 return 12;
2221
2222 ext_key_event(vs, read_u16(data, 2),
2223 read_u32(data, 4), read_u32(data, 8));
2224 break;
2225 case VNC_MSG_CLIENT_QEMU_AUDIO:
2226 if (len == 2)
2227 return 4;
2228
2229 switch (read_u16 (data, 2)) {
2230 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2231 audio_add(vs);
2232 break;
2233 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2234 audio_del(vs);
2235 break;
2236 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2237 if (len == 4)
2238 return 10;
2239 switch (read_u8(data, 4)) {
2240 case 0: vs->as.fmt = AUD_FMT_U8; break;
2241 case 1: vs->as.fmt = AUD_FMT_S8; break;
2242 case 2: vs->as.fmt = AUD_FMT_U16; break;
2243 case 3: vs->as.fmt = AUD_FMT_S16; break;
2244 case 4: vs->as.fmt = AUD_FMT_U32; break;
2245 case 5: vs->as.fmt = AUD_FMT_S32; break;
2246 default:
2247 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2248 vnc_client_error(vs);
2249 break;
2250 }
2251 vs->as.nchannels = read_u8(data, 5);
2252 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2253 VNC_DEBUG("Invalid audio channel coount %d\n",
2254 read_u8(data, 5));
2255 vnc_client_error(vs);
2256 break;
2257 }
2258 vs->as.freq = read_u32(data, 6);
2259 break;
2260 default:
2261 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2262 vnc_client_error(vs);
2263 break;
2264 }
2265 break;
2266
2267 default:
2268 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2269 vnc_client_error(vs);
2270 break;
2271 }
2272 break;
2273 default:
2274 VNC_DEBUG("Msg: %d\n", data[0]);
2275 vnc_client_error(vs);
2276 break;
2277 }
2278
2279 vnc_read_when(vs, protocol_client_msg, 1);
2280 return 0;
2281 }
2282
2283 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2284 {
2285 char buf[1024];
2286 VncShareMode mode;
2287 int size;
2288
2289 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2290 switch (vs->vd->share_policy) {
2291 case VNC_SHARE_POLICY_IGNORE:
2292 /*
2293 * Ignore the shared flag. Nothing to do here.
2294 *
2295 * Doesn't conform to the rfb spec but is traditional qemu
2296 * behavior, thus left here as option for compatibility
2297 * reasons.
2298 */
2299 break;
2300 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2301 /*
2302 * Policy: Allow clients ask for exclusive access.
2303 *
2304 * Implementation: When a client asks for exclusive access,
2305 * disconnect all others. Shared connects are allowed as long
2306 * as no exclusive connection exists.
2307 *
2308 * This is how the rfb spec suggests to handle the shared flag.
2309 */
2310 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2311 VncState *client;
2312 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2313 if (vs == client) {
2314 continue;
2315 }
2316 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2317 client->share_mode != VNC_SHARE_MODE_SHARED) {
2318 continue;
2319 }
2320 vnc_disconnect_start(client);
2321 }
2322 }
2323 if (mode == VNC_SHARE_MODE_SHARED) {
2324 if (vs->vd->num_exclusive > 0) {
2325 vnc_disconnect_start(vs);
2326 return 0;
2327 }
2328 }
2329 break;
2330 case VNC_SHARE_POLICY_FORCE_SHARED:
2331 /*
2332 * Policy: Shared connects only.
2333 * Implementation: Disallow clients asking for exclusive access.
2334 *
2335 * Useful for shared desktop sessions where you don't want
2336 * someone forgetting to say -shared when running the vnc
2337 * client disconnect everybody else.
2338 */
2339 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2340 vnc_disconnect_start(vs);
2341 return 0;
2342 }
2343 break;
2344 }
2345 vnc_set_share_mode(vs, mode);
2346
2347 if (vs->vd->num_shared > vs->vd->connections_limit) {
2348 vnc_disconnect_start(vs);
2349 return 0;
2350 }
2351
2352 vs->client_width = pixman_image_get_width(vs->vd->server);
2353 vs->client_height = pixman_image_get_height(vs->vd->server);
2354 vnc_write_u16(vs, vs->client_width);
2355 vnc_write_u16(vs, vs->client_height);
2356
2357 pixel_format_message(vs);
2358
2359 if (qemu_name) {
2360 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2361 if (size > sizeof(buf)) {
2362 size = sizeof(buf);
2363 }
2364 } else {
2365 size = snprintf(buf, sizeof(buf), "QEMU");
2366 }
2367
2368 vnc_write_u32(vs, size);
2369 vnc_write(vs, buf, size);
2370 vnc_flush(vs);
2371
2372 vnc_client_cache_auth(vs);
2373 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2374
2375 vnc_read_when(vs, protocol_client_msg, 1);
2376
2377 return 0;
2378 }
2379
2380 void start_client_init(VncState *vs)
2381 {
2382 vnc_read_when(vs, protocol_client_init, 1);
2383 }
2384
2385 static void make_challenge(VncState *vs)
2386 {
2387 int i;
2388
2389 srand(time(NULL)+getpid()+getpid()*987654+rand());
2390
2391 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2392 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2393 }
2394
2395 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2396 {
2397 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2398 size_t i, pwlen;
2399 unsigned char key[8];
2400 time_t now = time(NULL);
2401 QCryptoCipher *cipher = NULL;
2402 Error *err = NULL;
2403
2404 if (!vs->vd->password) {
2405 VNC_DEBUG("No password configured on server");
2406 goto reject;
2407 }
2408 if (vs->vd->expires < now) {
2409 VNC_DEBUG("Password is expired");
2410 goto reject;
2411 }
2412
2413 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2414
2415 /* Calculate the expected challenge response */
2416 pwlen = strlen(vs->vd->password);
2417 for (i=0; i<sizeof(key); i++)
2418 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2419
2420 cipher = qcrypto_cipher_new(
2421 QCRYPTO_CIPHER_ALG_DES_RFB,
2422 QCRYPTO_CIPHER_MODE_ECB,
2423 key, G_N_ELEMENTS(key),
2424 &err);
2425 if (!cipher) {
2426 VNC_DEBUG("Cannot initialize cipher %s",
2427 error_get_pretty(err));
2428 error_free(err);
2429 goto reject;
2430 }
2431
2432 if (qcrypto_cipher_encrypt(cipher,
2433 vs->challenge,
2434 response,
2435 VNC_AUTH_CHALLENGE_SIZE,
2436 &err) < 0) {
2437 VNC_DEBUG("Cannot encrypt challenge %s",
2438 error_get_pretty(err));
2439 error_free(err);
2440 goto reject;
2441 }
2442
2443 /* Compare expected vs actual challenge response */
2444 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2445 VNC_DEBUG("Client challenge response did not match\n");
2446 goto reject;
2447 } else {
2448 VNC_DEBUG("Accepting VNC challenge response\n");
2449 vnc_write_u32(vs, 0); /* Accept auth */
2450 vnc_flush(vs);
2451
2452 start_client_init(vs);
2453 }
2454
2455 qcrypto_cipher_free(cipher);
2456 return 0;
2457
2458 reject:
2459 vnc_write_u32(vs, 1); /* Reject auth */
2460 if (vs->minor >= 8) {
2461 static const char err[] = "Authentication failed";
2462 vnc_write_u32(vs, sizeof(err));
2463 vnc_write(vs, err, sizeof(err));
2464 }
2465 vnc_flush(vs);
2466 vnc_client_error(vs);
2467 qcrypto_cipher_free(cipher);
2468 return 0;
2469 }
2470
2471 void start_auth_vnc(VncState *vs)
2472 {
2473 make_challenge(vs);
2474 /* Send client a 'random' challenge */
2475 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2476 vnc_flush(vs);
2477
2478 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2479 }
2480
2481
2482 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2483 {
2484 /* We only advertise 1 auth scheme at a time, so client
2485 * must pick the one we sent. Verify this */
2486 if (data[0] != vs->auth) { /* Reject auth */
2487 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2488 vnc_write_u32(vs, 1);
2489 if (vs->minor >= 8) {
2490 static const char err[] = "Authentication failed";
2491 vnc_write_u32(vs, sizeof(err));
2492 vnc_write(vs, err, sizeof(err));
2493 }
2494 vnc_client_error(vs);
2495 } else { /* Accept requested auth */
2496 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2497 switch (vs->auth) {
2498 case VNC_AUTH_NONE:
2499 VNC_DEBUG("Accept auth none\n");
2500 if (vs->minor >= 8) {
2501 vnc_write_u32(vs, 0); /* Accept auth completion */
2502 vnc_flush(vs);
2503 }
2504 start_client_init(vs);
2505 break;
2506
2507 case VNC_AUTH_VNC:
2508 VNC_DEBUG("Start VNC auth\n");
2509 start_auth_vnc(vs);
2510 break;
2511
2512 case VNC_AUTH_VENCRYPT:
2513 VNC_DEBUG("Accept VeNCrypt auth\n");
2514 start_auth_vencrypt(vs);
2515 break;
2516
2517 #ifdef CONFIG_VNC_SASL
2518 case VNC_AUTH_SASL:
2519 VNC_DEBUG("Accept SASL auth\n");
2520 start_auth_sasl(vs);
2521 break;
2522 #endif /* CONFIG_VNC_SASL */
2523
2524 default: /* Should not be possible, but just in case */
2525 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2526 vnc_write_u8(vs, 1);
2527 if (vs->minor >= 8) {
2528 static const char err[] = "Authentication failed";
2529 vnc_write_u32(vs, sizeof(err));
2530 vnc_write(vs, err, sizeof(err));
2531 }
2532 vnc_client_error(vs);
2533 }
2534 }
2535 return 0;
2536 }
2537
2538 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2539 {
2540 char local[13];
2541
2542 memcpy(local, version, 12);
2543 local[12] = 0;
2544
2545 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2546 VNC_DEBUG("Malformed protocol version %s\n", local);
2547 vnc_client_error(vs);
2548 return 0;
2549 }
2550 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2551 if (vs->major != 3 ||
2552 (vs->minor != 3 &&
2553 vs->minor != 4 &&
2554 vs->minor != 5 &&
2555 vs->minor != 7 &&
2556 vs->minor != 8)) {
2557 VNC_DEBUG("Unsupported client version\n");
2558 vnc_write_u32(vs, VNC_AUTH_INVALID);
2559 vnc_flush(vs);
2560 vnc_client_error(vs);
2561 return 0;
2562 }
2563 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2564 * as equivalent to v3.3 by servers
2565 */
2566 if (vs->minor == 4 || vs->minor == 5)
2567 vs->minor = 3;
2568
2569 if (vs->minor == 3) {
2570 if (vs->auth == VNC_AUTH_NONE) {
2571 VNC_DEBUG("Tell client auth none\n");
2572 vnc_write_u32(vs, vs->auth);
2573 vnc_flush(vs);
2574 start_client_init(vs);
2575 } else if (vs->auth == VNC_AUTH_VNC) {
2576 VNC_DEBUG("Tell client VNC auth\n");
2577 vnc_write_u32(vs, vs->auth);
2578 vnc_flush(vs);
2579 start_auth_vnc(vs);
2580 } else {
2581 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2582 vnc_write_u32(vs, VNC_AUTH_INVALID);
2583 vnc_flush(vs);
2584 vnc_client_error(vs);
2585 }
2586 } else {
2587 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2588 vnc_write_u8(vs, 1); /* num auth */
2589 vnc_write_u8(vs, vs->auth);
2590 vnc_read_when(vs, protocol_client_auth, 1);
2591 vnc_flush(vs);
2592 }
2593
2594 return 0;
2595 }
2596
2597 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2598 {
2599 struct VncSurface *vs = &vd->guest;
2600
2601 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2602 }
2603
2604 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2605 {
2606 int i, j;
2607
2608 w = (x + w) / VNC_STAT_RECT;
2609 h = (y + h) / VNC_STAT_RECT;
2610 x /= VNC_STAT_RECT;
2611 y /= VNC_STAT_RECT;
2612
2613 for (j = y; j <= h; j++) {
2614 for (i = x; i <= w; i++) {
2615 vs->lossy_rect[j][i] = 1;
2616 }
2617 }
2618 }
2619
2620 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2621 {
2622 VncState *vs;
2623 int sty = y / VNC_STAT_RECT;
2624 int stx = x / VNC_STAT_RECT;
2625 int has_dirty = 0;
2626
2627 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2628 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2629
2630 QTAILQ_FOREACH(vs, &vd->clients, next) {
2631 int j;
2632
2633 /* kernel send buffers are full -> refresh later */
2634 if (vs->output.offset) {
2635 continue;
2636 }
2637
2638 if (!vs->lossy_rect[sty][stx]) {
2639 continue;
2640 }
2641
2642 vs->lossy_rect[sty][stx] = 0;
2643 for (j = 0; j < VNC_STAT_RECT; ++j) {
2644 bitmap_set(vs->dirty[y + j],
2645 x / VNC_DIRTY_PIXELS_PER_BIT,
2646 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2647 }
2648 has_dirty++;
2649 }
2650
2651 return has_dirty;
2652 }
2653
2654 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2655 {
2656 int width = MIN(pixman_image_get_width(vd->guest.fb),
2657 pixman_image_get_width(vd->server));
2658 int height = MIN(pixman_image_get_height(vd->guest.fb),
2659 pixman_image_get_height(vd->server));
2660 int x, y;
2661 struct timeval res;
2662 int has_dirty = 0;
2663
2664 for (y = 0; y < height; y += VNC_STAT_RECT) {
2665 for (x = 0; x < width; x += VNC_STAT_RECT) {
2666 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2667
2668 rect->updated = false;
2669 }
2670 }
2671
2672 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2673
2674 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2675 return has_dirty;
2676 }
2677 vd->guest.last_freq_check = *tv;
2678
2679 for (y = 0; y < height; y += VNC_STAT_RECT) {
2680 for (x = 0; x < width; x += VNC_STAT_RECT) {
2681 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2682 int count = ARRAY_SIZE(rect->times);
2683 struct timeval min, max;
2684
2685 if (!timerisset(&rect->times[count - 1])) {
2686 continue ;
2687 }
2688
2689 max = rect->times[(rect->idx + count - 1) % count];
2690 qemu_timersub(tv, &max, &res);
2691
2692 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2693 rect->freq = 0;
2694 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2695 memset(rect->times, 0, sizeof (rect->times));
2696 continue ;
2697 }
2698
2699 min = rect->times[rect->idx];
2700 max = rect->times[(rect->idx + count - 1) % count];
2701 qemu_timersub(&max, &min, &res);
2702
2703 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2704 rect->freq /= count;
2705 rect->freq = 1. / rect->freq;
2706 }
2707 }
2708 return has_dirty;
2709 }
2710
2711 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2712 {
2713 int i, j;
2714 double total = 0;
2715 int num = 0;
2716
2717 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2718 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2719
2720 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2721 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2722 total += vnc_stat_rect(vs->vd, i, j)->freq;
2723 num++;
2724 }
2725 }
2726
2727 if (num) {
2728 return total / num;
2729 } else {
2730 return 0;
2731 }
2732 }
2733
2734 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2735 {
2736 VncRectStat *rect;
2737
2738 rect = vnc_stat_rect(vd, x, y);
2739 if (rect->updated) {
2740 return ;
2741 }
2742 rect->times[rect->idx] = *tv;
2743 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2744 rect->updated = true;
2745 }
2746
2747 static int vnc_refresh_server_surface(VncDisplay *vd)
2748 {
2749 int width = MIN(pixman_image_get_width(vd->guest.fb),
2750 pixman_image_get_width(vd->server));
2751 int height = MIN(pixman_image_get_height(vd->guest.fb),
2752 pixman_image_get_height(vd->server));
2753 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2754 uint8_t *guest_row0 = NULL, *server_row0;
2755 VncState *vs;
2756 int has_dirty = 0;
2757 pixman_image_t *tmpbuf = NULL;
2758
2759 struct timeval tv = { 0, 0 };
2760
2761 if (!vd->non_adaptive) {
2762 gettimeofday(&tv, NULL);
2763 has_dirty = vnc_update_stats(vd, &tv);
2764 }
2765
2766 /*
2767 * Walk through the guest dirty map.
2768 * Check and copy modified bits from guest to server surface.
2769 * Update server dirty map.
2770 */
2771 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2772 server_stride = guest_stride = guest_ll =
2773 pixman_image_get_stride(vd->server);
2774 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2775 server_stride);
2776 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2777 int width = pixman_image_get_width(vd->server);
2778 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2779 } else {
2780 int guest_bpp =
2781 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2782 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2783 guest_stride = pixman_image_get_stride(vd->guest.fb);
2784 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
2785 }
2786 line_bytes = MIN(server_stride, guest_ll);
2787
2788 for (;;) {
2789 int x;
2790 uint8_t *guest_ptr, *server_ptr;
2791 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2792 height * VNC_DIRTY_BPL(&vd->guest),
2793 y * VNC_DIRTY_BPL(&vd->guest));
2794 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2795 /* no more dirty bits */
2796 break;
2797 }
2798 y = offset / VNC_DIRTY_BPL(&vd->guest);
2799 x = offset % VNC_DIRTY_BPL(&vd->guest);
2800
2801 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2802
2803 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2804 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2805 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2806 } else {
2807 guest_ptr = guest_row0 + y * guest_stride;
2808 }
2809 guest_ptr += x * cmp_bytes;
2810
2811 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2812 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2813 int _cmp_bytes = cmp_bytes;
2814 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2815 continue;
2816 }
2817 if ((x + 1) * cmp_bytes > line_bytes) {
2818 _cmp_bytes = line_bytes - x * cmp_bytes;
2819 }
2820 assert(_cmp_bytes >= 0);
2821 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2822 continue;
2823 }
2824 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2825 if (!vd->non_adaptive) {
2826 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2827 y, &tv);
2828 }
2829 QTAILQ_FOREACH(vs, &vd->clients, next) {
2830 set_bit(x, vs->dirty[y]);
2831 }
2832 has_dirty++;
2833 }
2834
2835 y++;
2836 }
2837 qemu_pixman_image_unref(tmpbuf);
2838 return has_dirty;
2839 }
2840
2841 static void vnc_refresh(DisplayChangeListener *dcl)
2842 {
2843 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2844 VncState *vs, *vn;
2845 int has_dirty, rects = 0;
2846
2847 if (QTAILQ_EMPTY(&vd->clients)) {
2848 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2849 return;
2850 }
2851
2852 graphic_hw_update(vd->dcl.con);
2853
2854 if (vnc_trylock_display(vd)) {
2855 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2856 return;
2857 }
2858
2859 has_dirty = vnc_refresh_server_surface(vd);
2860 vnc_unlock_display(vd);
2861
2862 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2863 rects += vnc_update_client(vs, has_dirty, false);
2864 /* vs might be free()ed here */
2865 }
2866
2867 if (has_dirty && rects) {
2868 vd->dcl.update_interval /= 2;
2869 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2870 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2871 }
2872 } else {
2873 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2874 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2875 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2876 }
2877 }
2878 }
2879
2880 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2881 bool skipauth, bool websocket)
2882 {
2883 VncState *vs = g_new0(VncState, 1);
2884 bool first_client = QTAILQ_EMPTY(&vd->clients);
2885 int i;
2886
2887 vs->sioc = sioc;
2888 object_ref(OBJECT(vs->sioc));
2889 vs->ioc = QIO_CHANNEL(sioc);
2890 object_ref(OBJECT(vs->ioc));
2891 vs->vd = vd;
2892
2893 buffer_init(&vs->input, "vnc-input/%p", sioc);
2894 buffer_init(&vs->output, "vnc-output/%p", sioc);
2895 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2896
2897 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2898 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2899 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2900 #ifdef CONFIG_VNC_JPEG
2901 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2902 #endif
2903 #ifdef CONFIG_VNC_PNG
2904 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2905 #endif
2906 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2907 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
2908 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
2909 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
2910
2911 if (skipauth) {
2912 vs->auth = VNC_AUTH_NONE;
2913 vs->subauth = VNC_AUTH_INVALID;
2914 } else {
2915 if (websocket) {
2916 vs->auth = vd->ws_auth;
2917 vs->subauth = VNC_AUTH_INVALID;
2918 } else {
2919 vs->auth = vd->auth;
2920 vs->subauth = vd->subauth;
2921 }
2922 }
2923 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
2924 sioc, websocket, vs->auth, vs->subauth);
2925
2926 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2927 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2928 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
2929 }
2930
2931 VNC_DEBUG("New client on socket %p\n", vs->sioc);
2932 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2933 qio_channel_set_blocking(vs->ioc, false, NULL);
2934 if (websocket) {
2935 vs->websocket = 1;
2936 if (vd->tlscreds) {
2937 vs->ioc_tag = qio_channel_add_watch(
2938 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
2939 } else {
2940 vs->ioc_tag = qio_channel_add_watch(
2941 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
2942 }
2943 } else {
2944 vs->ioc_tag = qio_channel_add_watch(
2945 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
2946 }
2947
2948 vnc_client_cache_addr(vs);
2949 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
2950 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2951
2952 vs->last_x = -1;
2953 vs->last_y = -1;
2954
2955 vs->as.freq = 44100;
2956 vs->as.nchannels = 2;
2957 vs->as.fmt = AUD_FMT_S16;
2958 vs->as.endianness = 0;
2959
2960 qemu_mutex_init(&vs->output_mutex);
2961 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2962
2963 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
2964 if (first_client) {
2965 vnc_update_server_surface(vd);
2966 }
2967
2968 graphic_hw_update(vd->dcl.con);
2969
2970 if (!vs->websocket) {
2971 vnc_start_protocol(vs);
2972 }
2973
2974 if (vd->num_connecting > vd->connections_limit) {
2975 QTAILQ_FOREACH(vs, &vd->clients, next) {
2976 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
2977 vnc_disconnect_start(vs);
2978 return;
2979 }
2980 }
2981 }
2982 }
2983
2984 void vnc_start_protocol(VncState *vs)
2985 {
2986 vnc_write(vs, "RFB 003.008\n", 12);
2987 vnc_flush(vs);
2988 vnc_read_when(vs, protocol_version, 12);
2989
2990 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2991 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2992 }
2993
2994 static gboolean vnc_listen_io(QIOChannel *ioc,
2995 GIOCondition condition,
2996 void *opaque)
2997 {
2998 VncDisplay *vd = opaque;
2999 QIOChannelSocket *sioc = NULL;
3000 Error *err = NULL;
3001 bool isWebsock = false;
3002 size_t i;
3003
3004 for (i = 0; i < vd->nlwebsock; i++) {
3005 if (ioc == QIO_CHANNEL(vd->lwebsock[i])) {
3006 isWebsock = true;
3007 break;
3008 }
3009 }
3010
3011 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3012 if (sioc != NULL) {
3013 qio_channel_set_name(QIO_CHANNEL(sioc),
3014 isWebsock ? "vnc-ws-server" : "vnc-server");
3015 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3016 vnc_connect(vd, sioc, false, isWebsock);
3017 object_unref(OBJECT(sioc));
3018 } else {
3019 /* client probably closed connection before we got there */
3020 error_free(err);
3021 }
3022
3023 return TRUE;
3024 }
3025
3026 static const DisplayChangeListenerOps dcl_ops = {
3027 .dpy_name = "vnc",
3028 .dpy_refresh = vnc_refresh,
3029 .dpy_gfx_update = vnc_dpy_update,
3030 .dpy_gfx_switch = vnc_dpy_switch,
3031 .dpy_gfx_check_format = qemu_pixman_check_format,
3032 .dpy_mouse_set = vnc_mouse_set,
3033 .dpy_cursor_define = vnc_dpy_cursor_define,
3034 };
3035
3036 void vnc_display_init(const char *id)
3037 {
3038 VncDisplay *vd;
3039
3040 if (vnc_display_find(id) != NULL) {
3041 return;
3042 }
3043 vd = g_malloc0(sizeof(*vd));
3044
3045 vd->id = strdup(id);
3046 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3047
3048 QTAILQ_INIT(&vd->clients);
3049 vd->expires = TIME_MAX;
3050
3051 if (keyboard_layout) {
3052 trace_vnc_key_map_init(keyboard_layout);
3053 vd->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3054 } else {
3055 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3056 }
3057
3058 if (!vd->kbd_layout) {
3059 exit(1);
3060 }
3061
3062 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3063 vd->connections_limit = 32;
3064
3065 qemu_mutex_init(&vd->mutex);
3066 vnc_start_worker_thread();
3067
3068 vd->dcl.ops = &dcl_ops;
3069 register_displaychangelistener(&vd->dcl);
3070 }
3071
3072
3073 static void vnc_display_close(VncDisplay *vd)
3074 {
3075 size_t i;
3076 if (!vd) {
3077 return;
3078 }
3079 vd->is_unix = false;
3080 for (i = 0; i < vd->nlsock; i++) {
3081 if (vd->lsock_tag[i]) {
3082 g_source_remove(vd->lsock_tag[i]);
3083 }
3084 object_unref(OBJECT(vd->lsock[i]));
3085 }
3086 g_free(vd->lsock);
3087 g_free(vd->lsock_tag);
3088 vd->lsock = NULL;
3089 vd->lsock_tag = NULL;
3090 vd->nlsock = 0;
3091
3092 for (i = 0; i < vd->nlwebsock; i++) {
3093 if (vd->lwebsock_tag[i]) {
3094 g_source_remove(vd->lwebsock_tag[i]);
3095 }
3096 object_unref(OBJECT(vd->lwebsock[i]));
3097 }
3098 g_free(vd->lwebsock);
3099 g_free(vd->lwebsock_tag);
3100 vd->lwebsock = NULL;
3101 vd->lwebsock_tag = NULL;
3102 vd->nlwebsock = 0;
3103
3104 vd->auth = VNC_AUTH_INVALID;
3105 vd->subauth = VNC_AUTH_INVALID;
3106 if (vd->tlscreds) {
3107 object_unparent(OBJECT(vd->tlscreds));
3108 vd->tlscreds = NULL;
3109 }
3110 g_free(vd->tlsaclname);
3111 vd->tlsaclname = NULL;
3112 if (vd->lock_key_sync) {
3113 qemu_remove_led_event_handler(vd->led);
3114 vd->led = NULL;
3115 }
3116 }
3117
3118 int vnc_display_password(const char *id, const char *password)
3119 {
3120 VncDisplay *vd = vnc_display_find(id);
3121
3122 if (!vd) {
3123 return -EINVAL;
3124 }
3125 if (vd->auth == VNC_AUTH_NONE) {
3126 error_printf_unless_qmp("If you want use passwords please enable "
3127 "password auth using '-vnc ${dpy},password'.\n");
3128 return -EINVAL;
3129 }
3130
3131 g_free(vd->password);
3132 vd->password = g_strdup(password);
3133
3134 return 0;
3135 }
3136
3137 int vnc_display_pw_expire(const char *id, time_t expires)
3138 {
3139 VncDisplay *vd = vnc_display_find(id);
3140
3141 if (!vd) {
3142 return -EINVAL;
3143 }
3144
3145 vd->expires = expires;
3146 return 0;
3147 }
3148
3149 static void vnc_display_print_local_addr(VncDisplay *vd)
3150 {
3151 SocketAddress *addr;
3152 Error *err = NULL;
3153
3154 if (!vd->nlsock) {
3155 return;
3156 }
3157
3158 addr = qio_channel_socket_get_local_address(vd->lsock[0], &err);
3159 if (!addr) {
3160 return;
3161 }
3162
3163 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3164 qapi_free_SocketAddress(addr);
3165 return;
3166 }
3167 error_printf_unless_qmp("VNC server running on %s:%s\n",
3168 addr->u.inet.host,
3169 addr->u.inet.port);
3170 qapi_free_SocketAddress(addr);
3171 }
3172
3173 static QemuOptsList qemu_vnc_opts = {
3174 .name = "vnc",
3175 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3176 .implied_opt_name = "vnc",
3177 .desc = {
3178 {
3179 .name = "vnc",
3180 .type = QEMU_OPT_STRING,
3181 },{
3182 .name = "websocket",
3183 .type = QEMU_OPT_STRING,
3184 },{
3185 .name = "tls-creds",
3186 .type = QEMU_OPT_STRING,
3187 },{
3188 /* Deprecated in favour of tls-creds */
3189 .name = "x509",
3190 .type = QEMU_OPT_STRING,
3191 },{
3192 .name = "share",
3193 .type = QEMU_OPT_STRING,
3194 },{
3195 .name = "display",
3196 .type = QEMU_OPT_STRING,
3197 },{
3198 .name = "head",
3199 .type = QEMU_OPT_NUMBER,
3200 },{
3201 .name = "connections",
3202 .type = QEMU_OPT_NUMBER,
3203 },{
3204 .name = "to",
3205 .type = QEMU_OPT_NUMBER,
3206 },{
3207 .name = "ipv4",
3208 .type = QEMU_OPT_BOOL,
3209 },{
3210 .name = "ipv6",
3211 .type = QEMU_OPT_BOOL,
3212 },{
3213 .name = "password",
3214 .type = QEMU_OPT_BOOL,
3215 },{
3216 .name = "reverse",
3217 .type = QEMU_OPT_BOOL,
3218 },{
3219 .name = "lock-key-sync",
3220 .type = QEMU_OPT_BOOL,
3221 },{
3222 .name = "key-delay-ms",
3223 .type = QEMU_OPT_NUMBER,
3224 },{
3225 .name = "sasl",
3226 .type = QEMU_OPT_BOOL,
3227 },{
3228 /* Deprecated in favour of tls-creds */
3229 .name = "tls",
3230 .type = QEMU_OPT_BOOL,
3231 },{
3232 /* Deprecated in favour of tls-creds */
3233 .name = "x509verify",
3234 .type = QEMU_OPT_STRING,
3235 },{
3236 .name = "acl",
3237 .type = QEMU_OPT_BOOL,
3238 },{
3239 .name = "lossy",
3240 .type = QEMU_OPT_BOOL,
3241 },{
3242 .name = "non-adaptive",
3243 .type = QEMU_OPT_BOOL,
3244 },
3245 { /* end of list */ }
3246 },
3247 };
3248
3249
3250 static int
3251 vnc_display_setup_auth(int *auth,
3252 int *subauth,
3253 QCryptoTLSCreds *tlscreds,
3254 bool password,
3255 bool sasl,
3256 bool websocket,
3257 Error **errp)
3258 {
3259 /*
3260 * We have a choice of 3 authentication options
3261 *
3262 * 1. none
3263 * 2. vnc
3264 * 3. sasl
3265 *
3266 * The channel can be run in 2 modes
3267 *
3268 * 1. clear
3269 * 2. tls
3270 *
3271 * And TLS can use 2 types of credentials
3272 *
3273 * 1. anon
3274 * 2. x509
3275 *
3276 * We thus have 9 possible logical combinations
3277 *
3278 * 1. clear + none
3279 * 2. clear + vnc
3280 * 3. clear + sasl
3281 * 4. tls + anon + none
3282 * 5. tls + anon + vnc
3283 * 6. tls + anon + sasl
3284 * 7. tls + x509 + none
3285 * 8. tls + x509 + vnc
3286 * 9. tls + x509 + sasl
3287 *
3288 * These need to be mapped into the VNC auth schemes
3289 * in an appropriate manner. In regular VNC, all the
3290 * TLS options get mapped into VNC_AUTH_VENCRYPT
3291 * sub-auth types.
3292 *
3293 * In websockets, the https:// protocol already provides
3294 * TLS support, so there is no need to make use of the
3295 * VeNCrypt extension. Furthermore, websockets browser
3296 * clients could not use VeNCrypt even if they wanted to,
3297 * as they cannot control when the TLS handshake takes
3298 * place. Thus there is no option but to rely on https://,
3299 * meaning combinations 4->6 and 7->9 will be mapped to
3300 * VNC auth schemes in the same way as combos 1->3.
3301 *
3302 * Regardless of fact that we have a different mapping to
3303 * VNC auth mechs for plain VNC vs websockets VNC, the end
3304 * result has the same security characteristics.
3305 */
3306 if (websocket || !tlscreds) {
3307 if (password) {
3308 VNC_DEBUG("Initializing VNC server with password auth\n");
3309 *auth = VNC_AUTH_VNC;
3310 } else if (sasl) {
3311 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3312 *auth = VNC_AUTH_SASL;
3313 } else {
3314 VNC_DEBUG("Initializing VNC server with no auth\n");
3315 *auth = VNC_AUTH_NONE;
3316 }
3317 *subauth = VNC_AUTH_INVALID;
3318 } else {
3319 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3320 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3321 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3322 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3323
3324 if (!is_x509 && !is_anon) {
3325 error_setg(errp,
3326 "Unsupported TLS cred type %s",
3327 object_get_typename(OBJECT(tlscreds)));
3328 return -1;
3329 }
3330 *auth = VNC_AUTH_VENCRYPT;
3331 if (password) {
3332 if (is_x509) {
3333 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3334 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3335 } else {
3336 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3337 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3338 }
3339
3340 } else if (sasl) {
3341 if (is_x509) {
3342 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3343 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3344 } else {
3345 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3346 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3347 }
3348 } else {
3349 if (is_x509) {
3350 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3351 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3352 } else {
3353 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3354 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3355 }
3356 }
3357 }
3358 return 0;
3359 }
3360
3361
3362 /*
3363 * Handle back compat with old CLI syntax by creating some
3364 * suitable QCryptoTLSCreds objects
3365 */
3366 static QCryptoTLSCreds *
3367 vnc_display_create_creds(bool x509,
3368 bool x509verify,
3369 const char *dir,
3370 const char *id,
3371 Error **errp)
3372 {
3373 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3374 Object *parent = object_get_objects_root();
3375 Object *creds;
3376 Error *err = NULL;
3377
3378 if (x509) {
3379 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3380 parent,
3381 credsid,
3382 &err,
3383 "endpoint", "server",
3384 "dir", dir,
3385 "verify-peer", x509verify ? "yes" : "no",
3386 NULL);
3387 } else {
3388 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3389 parent,
3390 credsid,
3391 &err,
3392 "endpoint", "server",
3393 NULL);
3394 }
3395
3396 g_free(credsid);
3397
3398 if (err) {
3399 error_propagate(errp, err);
3400 return NULL;
3401 }
3402
3403 return QCRYPTO_TLS_CREDS(creds);
3404 }
3405
3406
3407 static int vnc_display_get_address(const char *addrstr,
3408 bool websocket,
3409 bool reverse,
3410 int displaynum,
3411 int to,
3412 bool has_ipv4,
3413 bool has_ipv6,
3414 bool ipv4,
3415 bool ipv6,
3416 SocketAddress **retaddr,
3417 Error **errp)
3418 {
3419 int ret = -1;
3420 SocketAddress *addr = NULL;
3421
3422 addr = g_new0(SocketAddress, 1);
3423
3424 if (strncmp(addrstr, "unix:", 5) == 0) {
3425 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3426 addr->u.q_unix.path = g_strdup(addrstr + 5);
3427
3428 if (websocket) {
3429 error_setg(errp, "UNIX sockets not supported with websock");
3430 goto cleanup;
3431 }
3432
3433 if (to) {
3434 error_setg(errp, "Port range not support with UNIX socket");
3435 goto cleanup;
3436 }
3437 ret = 0;
3438 } else {
3439 const char *port;
3440 size_t hostlen;
3441 unsigned long long baseport = 0;
3442 InetSocketAddress *inet;
3443
3444 port = strrchr(addrstr, ':');
3445 if (!port) {
3446 if (websocket) {
3447 hostlen = 0;
3448 port = addrstr;
3449 } else {
3450 error_setg(errp, "no vnc port specified");
3451 goto cleanup;
3452 }
3453 } else {
3454 hostlen = port - addrstr;
3455 port++;
3456 if (*port == '\0') {
3457 error_setg(errp, "vnc port cannot be empty");
3458 goto cleanup;
3459 }
3460 }
3461
3462 addr->type = SOCKET_ADDRESS_TYPE_INET;
3463 inet = &addr->u.inet;
3464 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3465 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3466 } else {
3467 inet->host = g_strndup(addrstr, hostlen);
3468 }
3469 /* plain VNC port is just an offset, for websocket
3470 * port is absolute */
3471 if (websocket) {
3472 if (g_str_equal(addrstr, "") ||
3473 g_str_equal(addrstr, "on")) {
3474 if (displaynum == -1) {
3475 error_setg(errp, "explicit websocket port is required");
3476 goto cleanup;
3477 }
3478 inet->port = g_strdup_printf(
3479 "%d", displaynum + 5700);
3480 if (to) {
3481 inet->has_to = true;
3482 inet->to = to + 5700;
3483 }
3484 } else {
3485 inet->port = g_strdup(port);
3486 }
3487 } else {
3488 int offset = reverse ? 0 : 5900;
3489 if (parse_uint_full(port, &baseport, 10) < 0) {
3490 error_setg(errp, "can't convert to a number: %s", port);
3491 goto cleanup;
3492 }
3493 if (baseport > 65535 ||
3494 baseport + offset > 65535) {
3495 error_setg(errp, "port %s out of range", port);
3496 goto cleanup;
3497 }
3498 inet->port = g_strdup_printf(
3499 "%d", (int)baseport + offset);
3500
3501 if (to) {
3502 inet->has_to = true;
3503 inet->to = to + offset;
3504 }
3505 }
3506
3507 inet->ipv4 = ipv4;
3508 inet->has_ipv4 = has_ipv4;
3509 inet->ipv6 = ipv6;
3510 inet->has_ipv6 = has_ipv6;
3511
3512 ret = baseport;
3513 }
3514
3515 *retaddr = addr;
3516
3517 cleanup:
3518 if (ret < 0) {
3519 qapi_free_SocketAddress(addr);
3520 }
3521 return ret;
3522 }
3523
3524 static int vnc_display_get_addresses(QemuOpts *opts,
3525 bool reverse,
3526 SocketAddress ***retsaddr,
3527 size_t *retnsaddr,
3528 SocketAddress ***retwsaddr,
3529 size_t *retnwsaddr,
3530 Error **errp)
3531 {
3532 SocketAddress *saddr = NULL;
3533 SocketAddress *wsaddr = NULL;
3534 QemuOptsIter addriter;
3535 const char *addr;
3536 int to = qemu_opt_get_number(opts, "to", 0);
3537 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3538 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3539 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3540 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3541 size_t i;
3542 int displaynum = -1;
3543 int ret = -1;
3544
3545 *retsaddr = NULL;
3546 *retnsaddr = 0;
3547 *retwsaddr = NULL;
3548 *retnwsaddr = 0;
3549
3550 addr = qemu_opt_get(opts, "vnc");
3551 if (addr == NULL || g_str_equal(addr, "none")) {
3552 ret = 0;
3553 goto cleanup;
3554 }
3555 if (qemu_opt_get(opts, "websocket") &&
3556 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3557 error_setg(errp,
3558 "SHA1 hash support is required for websockets");
3559 goto cleanup;
3560 }
3561
3562 qemu_opt_iter_init(&addriter, opts, "vnc");
3563 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3564 int rv;
3565 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3566 has_ipv4, has_ipv6,
3567 ipv4, ipv6,
3568 &saddr, errp);
3569 if (rv < 0) {
3570 goto cleanup;
3571 }
3572 /* Historical compat - first listen address can be used
3573 * to set the default websocket port
3574 */
3575 if (displaynum == -1) {
3576 displaynum = rv;
3577 }
3578 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3579 (*retsaddr)[(*retnsaddr)++] = saddr;
3580 }
3581
3582 /* If we had multiple primary displays, we don't do defaults
3583 * for websocket, and require explicit config instead. */
3584 if (*retnsaddr > 1) {
3585 displaynum = -1;
3586 }
3587
3588 qemu_opt_iter_init(&addriter, opts, "websocket");
3589 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3590 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3591 has_ipv4, has_ipv6,
3592 ipv4, ipv6,
3593 &wsaddr, errp) < 0) {
3594 goto cleanup;
3595 }
3596
3597 /* Historical compat - if only a single listen address was
3598 * provided, then this is used to set the default listen
3599 * address for websocket too
3600 */
3601 if (*retnsaddr == 1 &&
3602 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3603 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3604 g_str_equal(wsaddr->u.inet.host, "") &&
3605 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3606 g_free(wsaddr->u.inet.host);
3607 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3608 }
3609
3610 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3611 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3612 }
3613
3614 ret = 0;
3615 cleanup:
3616 if (ret < 0) {
3617 for (i = 0; i < *retnsaddr; i++) {
3618 qapi_free_SocketAddress((*retsaddr)[i]);
3619 }
3620 g_free(*retsaddr);
3621 for (i = 0; i < *retnwsaddr; i++) {
3622 qapi_free_SocketAddress((*retwsaddr)[i]);
3623 }
3624 g_free(*retwsaddr);
3625 *retsaddr = *retwsaddr = NULL;
3626 *retnsaddr = *retnwsaddr = 0;
3627 }
3628 return ret;
3629 }
3630
3631 static int vnc_display_connect(VncDisplay *vd,
3632 SocketAddress **saddr,
3633 size_t nsaddr,
3634 SocketAddress **wsaddr,
3635 size_t nwsaddr,
3636 Error **errp)
3637 {
3638 /* connect to viewer */
3639 QIOChannelSocket *sioc = NULL;
3640 if (nwsaddr != 0) {
3641 error_setg(errp, "Cannot use websockets in reverse mode");
3642 return -1;
3643 }
3644 if (nsaddr != 1) {
3645 error_setg(errp, "Expected a single address in reverse mode");
3646 return -1;
3647 }
3648 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3649 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3650 sioc = qio_channel_socket_new();
3651 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3652 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3653 return -1;
3654 }
3655 vnc_connect(vd, sioc, false, false);
3656 object_unref(OBJECT(sioc));
3657 return 0;
3658 }
3659
3660
3661 static int vnc_display_listen_addr(VncDisplay *vd,
3662 SocketAddress *addr,
3663 const char *name,
3664 QIOChannelSocket ***lsock,
3665 guint **lsock_tag,
3666 size_t *nlsock,
3667 Error **errp)
3668 {
3669 QIODNSResolver *resolver = qio_dns_resolver_get_instance();
3670 SocketAddress **rawaddrs = NULL;
3671 size_t nrawaddrs = 0;
3672 Error *listenerr = NULL;
3673 bool listening = false;
3674 size_t i;
3675
3676 if (qio_dns_resolver_lookup_sync(resolver, addr, &nrawaddrs,
3677 &rawaddrs, errp) < 0) {
3678 return -1;
3679 }
3680
3681 for (i = 0; i < nrawaddrs; i++) {
3682 QIOChannelSocket *sioc = qio_channel_socket_new();
3683
3684 qio_channel_set_name(QIO_CHANNEL(sioc), name);
3685 if (qio_channel_socket_listen_sync(
3686 sioc, rawaddrs[i], listenerr == NULL ? &listenerr : NULL) < 0) {
3687 object_unref(OBJECT(sioc));
3688 continue;
3689 }
3690 listening = true;
3691 (*nlsock)++;
3692 *lsock = g_renew(QIOChannelSocket *, *lsock, *nlsock);
3693 *lsock_tag = g_renew(guint, *lsock_tag, *nlsock);
3694
3695 (*lsock)[*nlsock - 1] = sioc;
3696 (*lsock_tag)[*nlsock - 1] = 0;
3697 }
3698
3699 for (i = 0; i < nrawaddrs; i++) {
3700 qapi_free_SocketAddress(rawaddrs[i]);
3701 }
3702 g_free(rawaddrs);
3703
3704 if (listenerr) {
3705 if (!listening) {
3706 error_propagate(errp, listenerr);
3707 return -1;
3708 } else {
3709 error_free(listenerr);
3710 }
3711 }
3712
3713 for (i = 0; i < *nlsock; i++) {
3714 (*lsock_tag)[i] = qio_channel_add_watch(
3715 QIO_CHANNEL((*lsock)[i]),
3716 G_IO_IN, vnc_listen_io, vd, NULL);
3717 }
3718
3719 return 0;
3720 }
3721
3722
3723 static int vnc_display_listen(VncDisplay *vd,
3724 SocketAddress **saddr,
3725 size_t nsaddr,
3726 SocketAddress **wsaddr,
3727 size_t nwsaddr,
3728 Error **errp)
3729 {
3730 size_t i;
3731
3732 for (i = 0; i < nsaddr; i++) {
3733 if (vnc_display_listen_addr(vd, saddr[i],
3734 "vnc-listen",
3735 &vd->lsock,
3736 &vd->lsock_tag,
3737 &vd->nlsock,
3738 errp) < 0) {
3739 return -1;
3740 }
3741 }
3742 for (i = 0; i < nwsaddr; i++) {
3743 if (vnc_display_listen_addr(vd, wsaddr[i],
3744 "vnc-ws-listen",
3745 &vd->lwebsock,
3746 &vd->lwebsock_tag,
3747 &vd->nlwebsock,
3748 errp) < 0) {
3749 return -1;
3750 }
3751 }
3752
3753 return 0;
3754 }
3755
3756
3757 void vnc_display_open(const char *id, Error **errp)
3758 {
3759 VncDisplay *vd = vnc_display_find(id);
3760 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3761 SocketAddress **saddr = NULL, **wsaddr = NULL;
3762 size_t nsaddr, nwsaddr;
3763 const char *share, *device_id;
3764 QemuConsole *con;
3765 bool password = false;
3766 bool reverse = false;
3767 const char *credid;
3768 bool sasl = false;
3769 #ifdef CONFIG_VNC_SASL
3770 int saslErr;
3771 #endif
3772 int acl = 0;
3773 int lock_key_sync = 1;
3774 int key_delay_ms;
3775 size_t i;
3776
3777 if (!vd) {
3778 error_setg(errp, "VNC display not active");
3779 return;
3780 }
3781 vnc_display_close(vd);
3782
3783 if (!opts) {
3784 return;
3785 }
3786
3787 reverse = qemu_opt_get_bool(opts, "reverse", false);
3788 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3789 &wsaddr, &nwsaddr, errp) < 0) {
3790 goto fail;
3791 }
3792
3793 password = qemu_opt_get_bool(opts, "password", false);
3794 if (password) {
3795 if (fips_get_state()) {
3796 error_setg(errp,
3797 "VNC password auth disabled due to FIPS mode, "
3798 "consider using the VeNCrypt or SASL authentication "
3799 "methods as an alternative");
3800 goto fail;
3801 }
3802 if (!qcrypto_cipher_supports(
3803 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3804 error_setg(errp,
3805 "Cipher backend does not support DES RFB algorithm");
3806 goto fail;
3807 }
3808 }
3809
3810 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3811 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 1);
3812 sasl = qemu_opt_get_bool(opts, "sasl", false);
3813 #ifndef CONFIG_VNC_SASL
3814 if (sasl) {
3815 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3816 goto fail;
3817 }
3818 #endif /* CONFIG_VNC_SASL */
3819 credid = qemu_opt_get(opts, "tls-creds");
3820 if (credid) {
3821 Object *creds;
3822 if (qemu_opt_get(opts, "tls") ||
3823 qemu_opt_get(opts, "x509") ||
3824 qemu_opt_get(opts, "x509verify")) {
3825 error_setg(errp,
3826 "'tls-creds' parameter is mutually exclusive with "
3827 "'tls', 'x509' and 'x509verify' parameters");
3828 goto fail;
3829 }
3830
3831 creds = object_resolve_path_component(
3832 object_get_objects_root(), credid);
3833 if (!creds) {
3834 error_setg(errp, "No TLS credentials with id '%s'",
3835 credid);
3836 goto fail;
3837 }
3838 vd->tlscreds = (QCryptoTLSCreds *)
3839 object_dynamic_cast(creds,
3840 TYPE_QCRYPTO_TLS_CREDS);
3841 if (!vd->tlscreds) {
3842 error_setg(errp, "Object with id '%s' is not TLS credentials",
3843 credid);
3844 goto fail;
3845 }
3846 object_ref(OBJECT(vd->tlscreds));
3847
3848 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3849 error_setg(errp,
3850 "Expecting TLS credentials with a server endpoint");
3851 goto fail;
3852 }
3853 } else {
3854 const char *path;
3855 bool tls = false, x509 = false, x509verify = false;
3856 tls = qemu_opt_get_bool(opts, "tls", false);
3857 if (tls) {
3858 path = qemu_opt_get(opts, "x509");
3859
3860 if (path) {
3861 x509 = true;
3862 } else {
3863 path = qemu_opt_get(opts, "x509verify");
3864 if (path) {
3865 x509 = true;
3866 x509verify = true;
3867 }
3868 }
3869 vd->tlscreds = vnc_display_create_creds(x509,
3870 x509verify,
3871 path,
3872 vd->id,
3873 errp);
3874 if (!vd->tlscreds) {
3875 goto fail;
3876 }
3877 }
3878 }
3879 acl = qemu_opt_get_bool(opts, "acl", false);
3880
3881 share = qemu_opt_get(opts, "share");
3882 if (share) {
3883 if (strcmp(share, "ignore") == 0) {
3884 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3885 } else if (strcmp(share, "allow-exclusive") == 0) {
3886 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3887 } else if (strcmp(share, "force-shared") == 0) {
3888 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3889 } else {
3890 error_setg(errp, "unknown vnc share= option");
3891 goto fail;
3892 }
3893 } else {
3894 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3895 }
3896 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3897
3898 #ifdef CONFIG_VNC_JPEG
3899 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3900 #endif
3901 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3902 /* adaptive updates are only used with tight encoding and
3903 * if lossy updates are enabled so we can disable all the
3904 * calculations otherwise */
3905 if (!vd->lossy) {
3906 vd->non_adaptive = true;
3907 }
3908
3909 if (acl) {
3910 if (strcmp(vd->id, "default") == 0) {
3911 vd->tlsaclname = g_strdup("vnc.x509dname");
3912 } else {
3913 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id);
3914 }
3915 qemu_acl_init(vd->tlsaclname);
3916 }
3917 #ifdef CONFIG_VNC_SASL
3918 if (acl && sasl) {
3919 char *aclname;
3920
3921 if (strcmp(vd->id, "default") == 0) {
3922 aclname = g_strdup("vnc.username");
3923 } else {
3924 aclname = g_strdup_printf("vnc.%s.username", vd->id);
3925 }
3926 vd->sasl.acl = qemu_acl_init(aclname);
3927 g_free(aclname);
3928 }
3929 #endif
3930
3931 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
3932 vd->tlscreds, password,
3933 sasl, false, errp) < 0) {
3934 goto fail;
3935 }
3936
3937 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
3938 vd->tlscreds, password,
3939 sasl, true, errp) < 0) {
3940 goto fail;
3941 }
3942
3943 #ifdef CONFIG_VNC_SASL
3944 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3945 error_setg(errp, "Failed to initialize SASL auth: %s",
3946 sasl_errstring(saslErr, NULL, NULL));
3947 goto fail;
3948 }
3949 #endif
3950 vd->lock_key_sync = lock_key_sync;
3951 if (lock_key_sync) {
3952 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
3953 }
3954 vd->ledstate = 0;
3955 vd->key_delay_ms = key_delay_ms;
3956
3957 device_id = qemu_opt_get(opts, "display");
3958 if (device_id) {
3959 int head = qemu_opt_get_number(opts, "head", 0);
3960 Error *err = NULL;
3961
3962 con = qemu_console_lookup_by_device_name(device_id, head, &err);
3963 if (err) {
3964 error_propagate(errp, err);
3965 goto fail;
3966 }
3967 } else {
3968 con = NULL;
3969 }
3970
3971 if (con != vd->dcl.con) {
3972 unregister_displaychangelistener(&vd->dcl);
3973 vd->dcl.con = con;
3974 register_displaychangelistener(&vd->dcl);
3975 }
3976
3977 if (saddr == NULL) {
3978 goto cleanup;
3979 }
3980
3981 if (reverse) {
3982 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
3983 goto fail;
3984 }
3985 } else {
3986 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
3987 goto fail;
3988 }
3989 }
3990
3991 if (qemu_opt_get(opts, "to")) {
3992 vnc_display_print_local_addr(vd);
3993 }
3994
3995 cleanup:
3996 for (i = 0; i < nsaddr; i++) {
3997 qapi_free_SocketAddress(saddr[i]);
3998 }
3999 for (i = 0; i < nwsaddr; i++) {
4000 qapi_free_SocketAddress(wsaddr[i]);
4001 }
4002 return;
4003
4004 fail:
4005 vnc_display_close(vd);
4006 goto cleanup;
4007 }
4008
4009 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4010 {
4011 VncDisplay *vd = vnc_display_find(id);
4012 QIOChannelSocket *sioc;
4013
4014 if (!vd) {
4015 return;
4016 }
4017
4018 sioc = qio_channel_socket_new_fd(csock, NULL);
4019 if (sioc) {
4020 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4021 vnc_connect(vd, sioc, skipauth, false);
4022 object_unref(OBJECT(sioc));
4023 }
4024 }
4025
4026 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4027 {
4028 int i = 2;
4029 char *id;
4030
4031 id = g_strdup("default");
4032 while (qemu_opts_find(olist, id)) {
4033 g_free(id);
4034 id = g_strdup_printf("vnc%d", i++);
4035 }
4036 qemu_opts_set_id(opts, id);
4037 }
4038
4039 QemuOpts *vnc_parse(const char *str, Error **errp)
4040 {
4041 QemuOptsList *olist = qemu_find_opts("vnc");
4042 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4043 const char *id;
4044
4045 if (!opts) {
4046 return NULL;
4047 }
4048
4049 id = qemu_opts_id(opts);
4050 if (!id) {
4051 /* auto-assign id if not present */
4052 vnc_auto_assign_id(olist, opts);
4053 }
4054 return opts;
4055 }
4056
4057 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4058 {
4059 Error *local_err = NULL;
4060 char *id = (char *)qemu_opts_id(opts);
4061
4062 assert(id);
4063 vnc_display_init(id);
4064 vnc_display_open(id, &local_err);
4065 if (local_err != NULL) {
4066 error_reportf_err(local_err, "Failed to start VNC server: ");
4067 exit(1);
4068 }
4069 return 0;
4070 }
4071
4072 static void vnc_register_config(void)
4073 {
4074 qemu_add_opts(&qemu_vnc_opts);
4075 }
4076 opts_init(vnc_register_config);
AR7 emulation for QEMU