search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
virtiofsd: Prevent multiply running with same vhost_user_socket
[qemu/ar7.git] / ui / vnc.c
blob4100d6e4048c1c067880fcae950c1173316a35f3
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev-core.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/main-loop.h"
35 #include "qemu/module.h"
36 #include "qemu/option.h"
37 #include "qemu/sockets.h"
38 #include "qemu/timer.h"
39 #include "authz/list.h"
40 #include "qemu/config-file.h"
41 #include "qapi/qapi-emit-events.h"
42 #include "qapi/qapi-events-ui.h"
43 #include "qapi/error.h"
44 #include "qapi/qapi-commands-ui.h"
45 #include "ui/input.h"
46 #include "crypto/hash.h"
47 #include "crypto/tlscredsanon.h"
48 #include "crypto/tlscredsx509.h"
49 #include "crypto/random.h"
50 #include "qom/object_interfaces.h"
51 #include "qemu/cutils.h"
52 #include "io/dns-resolver.h"
53
54 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
55 #define VNC_REFRESH_INTERVAL_INC 50
56 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
57 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
58 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
59
60 #include "vnc_keysym.h"
61 #include "crypto/cipher.h"
62
63 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
64 QTAILQ_HEAD_INITIALIZER(vnc_displays);
65
66 static int vnc_cursor_define(VncState *vs);
67 static void vnc_update_throttle_offset(VncState *vs);
68
69 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
70 {
71 #ifdef _VNC_DEBUG
72 static const char *mn[] = {
73 [0] = "undefined",
74 [VNC_SHARE_MODE_CONNECTING] = "connecting",
75 [VNC_SHARE_MODE_SHARED] = "shared",
76 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
77 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
78 };
79 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
80 vs->ioc, mn[vs->share_mode], mn[mode]);
81 #endif
82
83 switch (vs->share_mode) {
84 case VNC_SHARE_MODE_CONNECTING:
85 vs->vd->num_connecting--;
86 break;
87 case VNC_SHARE_MODE_SHARED:
88 vs->vd->num_shared--;
89 break;
90 case VNC_SHARE_MODE_EXCLUSIVE:
91 vs->vd->num_exclusive--;
92 break;
93 default:
94 break;
95 }
96
97 vs->share_mode = mode;
98
99 switch (vs->share_mode) {
100 case VNC_SHARE_MODE_CONNECTING:
101 vs->vd->num_connecting++;
102 break;
103 case VNC_SHARE_MODE_SHARED:
104 vs->vd->num_shared++;
105 break;
106 case VNC_SHARE_MODE_EXCLUSIVE:
107 vs->vd->num_exclusive++;
108 break;
109 default:
110 break;
111 }
112 }
113
114
115 static void vnc_init_basic_info(SocketAddress *addr,
116 VncBasicInfo *info,
117 Error **errp)
118 {
119 switch (addr->type) {
120 case SOCKET_ADDRESS_TYPE_INET:
121 info->host = g_strdup(addr->u.inet.host);
122 info->service = g_strdup(addr->u.inet.port);
123 if (addr->u.inet.ipv6) {
124 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
125 } else {
126 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
127 }
128 break;
129
130 case SOCKET_ADDRESS_TYPE_UNIX:
131 info->host = g_strdup("");
132 info->service = g_strdup(addr->u.q_unix.path);
133 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
134 break;
135
136 case SOCKET_ADDRESS_TYPE_VSOCK:
137 case SOCKET_ADDRESS_TYPE_FD:
138 error_setg(errp, "Unsupported socket address type %s",
139 SocketAddressType_str(addr->type));
140 break;
141 default:
142 abort();
143 }
144
145 return;
146 }
147
148 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
149 VncBasicInfo *info,
150 Error **errp)
151 {
152 SocketAddress *addr = NULL;
153
154 if (!ioc) {
155 error_setg(errp, "No listener socket available");
156 return;
157 }
158
159 addr = qio_channel_socket_get_local_address(ioc, errp);
160 if (!addr) {
161 return;
162 }
163
164 vnc_init_basic_info(addr, info, errp);
165 qapi_free_SocketAddress(addr);
166 }
167
168 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
169 VncBasicInfo *info,
170 Error **errp)
171 {
172 SocketAddress *addr = NULL;
173
174 addr = qio_channel_socket_get_remote_address(ioc, errp);
175 if (!addr) {
176 return;
177 }
178
179 vnc_init_basic_info(addr, info, errp);
180 qapi_free_SocketAddress(addr);
181 }
182
183 static const char *vnc_auth_name(VncDisplay *vd) {
184 switch (vd->auth) {
185 case VNC_AUTH_INVALID:
186 return "invalid";
187 case VNC_AUTH_NONE:
188 return "none";
189 case VNC_AUTH_VNC:
190 return "vnc";
191 case VNC_AUTH_RA2:
192 return "ra2";
193 case VNC_AUTH_RA2NE:
194 return "ra2ne";
195 case VNC_AUTH_TIGHT:
196 return "tight";
197 case VNC_AUTH_ULTRA:
198 return "ultra";
199 case VNC_AUTH_TLS:
200 return "tls";
201 case VNC_AUTH_VENCRYPT:
202 switch (vd->subauth) {
203 case VNC_AUTH_VENCRYPT_PLAIN:
204 return "vencrypt+plain";
205 case VNC_AUTH_VENCRYPT_TLSNONE:
206 return "vencrypt+tls+none";
207 case VNC_AUTH_VENCRYPT_TLSVNC:
208 return "vencrypt+tls+vnc";
209 case VNC_AUTH_VENCRYPT_TLSPLAIN:
210 return "vencrypt+tls+plain";
211 case VNC_AUTH_VENCRYPT_X509NONE:
212 return "vencrypt+x509+none";
213 case VNC_AUTH_VENCRYPT_X509VNC:
214 return "vencrypt+x509+vnc";
215 case VNC_AUTH_VENCRYPT_X509PLAIN:
216 return "vencrypt+x509+plain";
217 case VNC_AUTH_VENCRYPT_TLSSASL:
218 return "vencrypt+tls+sasl";
219 case VNC_AUTH_VENCRYPT_X509SASL:
220 return "vencrypt+x509+sasl";
221 default:
222 return "vencrypt";
223 }
224 case VNC_AUTH_SASL:
225 return "sasl";
226 }
227 return "unknown";
228 }
229
230 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
231 {
232 VncServerInfo *info;
233 Error *err = NULL;
234
235 if (!vd->listener || !vd->listener->nsioc) {
236 return NULL;
237 }
238
239 info = g_malloc0(sizeof(*info));
240 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
241 qapi_VncServerInfo_base(info), &err);
242 info->has_auth = true;
243 info->auth = g_strdup(vnc_auth_name(vd));
244 if (err) {
245 qapi_free_VncServerInfo(info);
246 info = NULL;
247 error_free(err);
248 }
249 return info;
250 }
251
252 static void vnc_client_cache_auth(VncState *client)
253 {
254 if (!client->info) {
255 return;
256 }
257
258 if (client->tls) {
259 client->info->x509_dname =
260 qcrypto_tls_session_get_peer_name(client->tls);
261 client->info->has_x509_dname =
262 client->info->x509_dname != NULL;
263 }
264 #ifdef CONFIG_VNC_SASL
265 if (client->sasl.conn &&
266 client->sasl.username) {
267 client->info->has_sasl_username = true;
268 client->info->sasl_username = g_strdup(client->sasl.username);
269 }
270 #endif
271 }
272
273 static void vnc_client_cache_addr(VncState *client)
274 {
275 Error *err = NULL;
276
277 client->info = g_malloc0(sizeof(*client->info));
278 vnc_init_basic_info_from_remote_addr(client->sioc,
279 qapi_VncClientInfo_base(client->info),
280 &err);
281 client->info->websocket = client->websocket;
282 if (err) {
283 qapi_free_VncClientInfo(client->info);
284 client->info = NULL;
285 error_free(err);
286 }
287 }
288
289 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
290 {
291 VncServerInfo *si;
292
293 if (!vs->info) {
294 return;
295 }
296
297 si = vnc_server_info_get(vs->vd);
298 if (!si) {
299 return;
300 }
301
302 switch (event) {
303 case QAPI_EVENT_VNC_CONNECTED:
304 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
305 break;
306 case QAPI_EVENT_VNC_INITIALIZED:
307 qapi_event_send_vnc_initialized(si, vs->info);
308 break;
309 case QAPI_EVENT_VNC_DISCONNECTED:
310 qapi_event_send_vnc_disconnected(si, vs->info);
311 break;
312 default:
313 break;
314 }
315
316 qapi_free_VncServerInfo(si);
317 }
318
319 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
320 {
321 VncClientInfo *info;
322 Error *err = NULL;
323
324 info = g_malloc0(sizeof(*info));
325
326 vnc_init_basic_info_from_remote_addr(client->sioc,
327 qapi_VncClientInfo_base(info),
328 &err);
329 if (err) {
330 error_free(err);
331 qapi_free_VncClientInfo(info);
332 return NULL;
333 }
334
335 info->websocket = client->websocket;
336
337 if (client->tls) {
338 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
339 info->has_x509_dname = info->x509_dname != NULL;
340 }
341 #ifdef CONFIG_VNC_SASL
342 if (client->sasl.conn && client->sasl.username) {
343 info->has_sasl_username = true;
344 info->sasl_username = g_strdup(client->sasl.username);
345 }
346 #endif
347
348 return info;
349 }
350
351 static VncDisplay *vnc_display_find(const char *id)
352 {
353 VncDisplay *vd;
354
355 if (id == NULL) {
356 return QTAILQ_FIRST(&vnc_displays);
357 }
358 QTAILQ_FOREACH(vd, &vnc_displays, next) {
359 if (strcmp(id, vd->id) == 0) {
360 return vd;
361 }
362 }
363 return NULL;
364 }
365
366 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
367 {
368 VncClientInfoList *cinfo, *prev = NULL;
369 VncState *client;
370
371 QTAILQ_FOREACH(client, &vd->clients, next) {
372 cinfo = g_new0(VncClientInfoList, 1);
373 cinfo->value = qmp_query_vnc_client(client);
374 cinfo->next = prev;
375 prev = cinfo;
376 }
377 return prev;
378 }
379
380 VncInfo *qmp_query_vnc(Error **errp)
381 {
382 VncInfo *info = g_malloc0(sizeof(*info));
383 VncDisplay *vd = vnc_display_find(NULL);
384 SocketAddress *addr = NULL;
385
386 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
387 info->enabled = false;
388 } else {
389 info->enabled = true;
390
391 /* for compatibility with the original command */
392 info->has_clients = true;
393 info->clients = qmp_query_client_list(vd);
394
395 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
396 errp);
397 if (!addr) {
398 goto out_error;
399 }
400
401 switch (addr->type) {
402 case SOCKET_ADDRESS_TYPE_INET:
403 info->host = g_strdup(addr->u.inet.host);
404 info->service = g_strdup(addr->u.inet.port);
405 if (addr->u.inet.ipv6) {
406 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
407 } else {
408 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
409 }
410 break;
411
412 case SOCKET_ADDRESS_TYPE_UNIX:
413 info->host = g_strdup("");
414 info->service = g_strdup(addr->u.q_unix.path);
415 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
416 break;
417
418 case SOCKET_ADDRESS_TYPE_VSOCK:
419 case SOCKET_ADDRESS_TYPE_FD:
420 error_setg(errp, "Unsupported socket address type %s",
421 SocketAddressType_str(addr->type));
422 goto out_error;
423 default:
424 abort();
425 }
426
427 info->has_host = true;
428 info->has_service = true;
429 info->has_family = true;
430
431 info->has_auth = true;
432 info->auth = g_strdup(vnc_auth_name(vd));
433 }
434
435 qapi_free_SocketAddress(addr);
436 return info;
437
438 out_error:
439 qapi_free_SocketAddress(addr);
440 qapi_free_VncInfo(info);
441 return NULL;
442 }
443
444
445 static void qmp_query_auth(int auth, int subauth,
446 VncPrimaryAuth *qmp_auth,
447 VncVencryptSubAuth *qmp_vencrypt,
448 bool *qmp_has_vencrypt);
449
450 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
451 bool websocket,
452 int auth,
453 int subauth,
454 VncServerInfo2List *prev)
455 {
456 VncServerInfo2List *list;
457 VncServerInfo2 *info;
458 Error *err = NULL;
459 SocketAddress *addr;
460
461 addr = qio_channel_socket_get_local_address(ioc, &err);
462 if (!addr) {
463 error_free(err);
464 return prev;
465 }
466
467 info = g_new0(VncServerInfo2, 1);
468 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
469 qapi_free_SocketAddress(addr);
470 if (err) {
471 qapi_free_VncServerInfo2(info);
472 error_free(err);
473 return prev;
474 }
475 info->websocket = websocket;
476
477 qmp_query_auth(auth, subauth, &info->auth,
478 &info->vencrypt, &info->has_vencrypt);
479
480 list = g_new0(VncServerInfo2List, 1);
481 list->value = info;
482 list->next = prev;
483 return list;
484 }
485
486 static void qmp_query_auth(int auth, int subauth,
487 VncPrimaryAuth *qmp_auth,
488 VncVencryptSubAuth *qmp_vencrypt,
489 bool *qmp_has_vencrypt)
490 {
491 switch (auth) {
492 case VNC_AUTH_VNC:
493 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
494 break;
495 case VNC_AUTH_RA2:
496 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
497 break;
498 case VNC_AUTH_RA2NE:
499 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
500 break;
501 case VNC_AUTH_TIGHT:
502 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
503 break;
504 case VNC_AUTH_ULTRA:
505 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
506 break;
507 case VNC_AUTH_TLS:
508 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
509 break;
510 case VNC_AUTH_VENCRYPT:
511 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
512 *qmp_has_vencrypt = true;
513 switch (subauth) {
514 case VNC_AUTH_VENCRYPT_PLAIN:
515 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
516 break;
517 case VNC_AUTH_VENCRYPT_TLSNONE:
518 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
519 break;
520 case VNC_AUTH_VENCRYPT_TLSVNC:
521 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
522 break;
523 case VNC_AUTH_VENCRYPT_TLSPLAIN:
524 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
525 break;
526 case VNC_AUTH_VENCRYPT_X509NONE:
527 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
528 break;
529 case VNC_AUTH_VENCRYPT_X509VNC:
530 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
531 break;
532 case VNC_AUTH_VENCRYPT_X509PLAIN:
533 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
534 break;
535 case VNC_AUTH_VENCRYPT_TLSSASL:
536 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
537 break;
538 case VNC_AUTH_VENCRYPT_X509SASL:
539 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
540 break;
541 default:
542 *qmp_has_vencrypt = false;
543 break;
544 }
545 break;
546 case VNC_AUTH_SASL:
547 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
548 break;
549 case VNC_AUTH_NONE:
550 default:
551 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
552 break;
553 }
554 }
555
556 VncInfo2List *qmp_query_vnc_servers(Error **errp)
557 {
558 VncInfo2List *item, *prev = NULL;
559 VncInfo2 *info;
560 VncDisplay *vd;
561 DeviceState *dev;
562 size_t i;
563
564 QTAILQ_FOREACH(vd, &vnc_displays, next) {
565 info = g_new0(VncInfo2, 1);
566 info->id = g_strdup(vd->id);
567 info->clients = qmp_query_client_list(vd);
568 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
569 &info->vencrypt, &info->has_vencrypt);
570 if (vd->dcl.con) {
571 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
572 "device", NULL));
573 info->has_display = true;
574 info->display = g_strdup(dev->id);
575 }
576 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
577 info->server = qmp_query_server_entry(
578 vd->listener->sioc[i], false, vd->auth, vd->subauth,
579 info->server);
580 }
581 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
582 info->server = qmp_query_server_entry(
583 vd->wslistener->sioc[i], true, vd->ws_auth,
584 vd->ws_subauth, info->server);
585 }
586
587 item = g_new0(VncInfo2List, 1);
588 item->value = info;
589 item->next = prev;
590 prev = item;
591 }
592 return prev;
593 }
594
595 /* TODO
596 1) Get the queue working for IO.
597 2) there is some weirdness when using the -S option (the screen is grey
598 and not totally invalidated
599 3) resolutions > 1024
600 */
601
602 static int vnc_update_client(VncState *vs, int has_dirty);
603 static void vnc_disconnect_start(VncState *vs);
604
605 static void vnc_colordepth(VncState *vs);
606 static void framebuffer_update_request(VncState *vs, int incremental,
607 int x_position, int y_position,
608 int w, int h);
609 static void vnc_refresh(DisplayChangeListener *dcl);
610 static int vnc_refresh_server_surface(VncDisplay *vd);
611
612 static int vnc_width(VncDisplay *vd)
613 {
614 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
615 VNC_DIRTY_PIXELS_PER_BIT));
616 }
617
618 static int vnc_height(VncDisplay *vd)
619 {
620 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
621 }
622
623 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
624 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
625 VncDisplay *vd,
626 int x, int y, int w, int h)
627 {
628 int width = vnc_width(vd);
629 int height = vnc_height(vd);
630
631 /* this is needed this to ensure we updated all affected
632 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
633 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
634 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
635
636 x = MIN(x, width);
637 y = MIN(y, height);
638 w = MIN(x + w, width) - x;
639 h = MIN(y + h, height);
640
641 for (; y < h; y++) {
642 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
643 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
644 }
645 }
646
647 static void vnc_dpy_update(DisplayChangeListener *dcl,
648 int x, int y, int w, int h)
649 {
650 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
651 struct VncSurface *s = &vd->guest;
652
653 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
654 }
655
656 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
657 int32_t encoding)
658 {
659 vnc_write_u16(vs, x);
660 vnc_write_u16(vs, y);
661 vnc_write_u16(vs, w);
662 vnc_write_u16(vs, h);
663
664 vnc_write_s32(vs, encoding);
665 }
666
667
668 static void vnc_desktop_resize(VncState *vs)
669 {
670 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
671 return;
672 }
673 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
674 vs->client_height == pixman_image_get_height(vs->vd->server)) {
675 return;
676 }
677
678 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
679 pixman_image_get_width(vs->vd->server) >= 0);
680 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
681 pixman_image_get_height(vs->vd->server) >= 0);
682 vs->client_width = pixman_image_get_width(vs->vd->server);
683 vs->client_height = pixman_image_get_height(vs->vd->server);
684 vnc_lock_output(vs);
685 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
686 vnc_write_u8(vs, 0);
687 vnc_write_u16(vs, 1); /* number of rects */
688 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
689 VNC_ENCODING_DESKTOPRESIZE);
690 vnc_unlock_output(vs);
691 vnc_flush(vs);
692 }
693
694 static void vnc_abort_display_jobs(VncDisplay *vd)
695 {
696 VncState *vs;
697
698 QTAILQ_FOREACH(vs, &vd->clients, next) {
699 vnc_lock_output(vs);
700 vs->abort = true;
701 vnc_unlock_output(vs);
702 }
703 QTAILQ_FOREACH(vs, &vd->clients, next) {
704 vnc_jobs_join(vs);
705 }
706 QTAILQ_FOREACH(vs, &vd->clients, next) {
707 vnc_lock_output(vs);
708 if (vs->update == VNC_STATE_UPDATE_NONE &&
709 vs->job_update != VNC_STATE_UPDATE_NONE) {
710 /* job aborted before completion */
711 vs->update = vs->job_update;
712 vs->job_update = VNC_STATE_UPDATE_NONE;
713 }
714 vs->abort = false;
715 vnc_unlock_output(vs);
716 }
717 }
718
719 int vnc_server_fb_stride(VncDisplay *vd)
720 {
721 return pixman_image_get_stride(vd->server);
722 }
723
724 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
725 {
726 uint8_t *ptr;
727
728 ptr = (uint8_t *)pixman_image_get_data(vd->server);
729 ptr += y * vnc_server_fb_stride(vd);
730 ptr += x * VNC_SERVER_FB_BYTES;
731 return ptr;
732 }
733
734 static void vnc_update_server_surface(VncDisplay *vd)
735 {
736 int width, height;
737
738 qemu_pixman_image_unref(vd->server);
739 vd->server = NULL;
740
741 if (QTAILQ_EMPTY(&vd->clients)) {
742 return;
743 }
744
745 width = vnc_width(vd);
746 height = vnc_height(vd);
747 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
748 width, height,
749 NULL, 0);
750
751 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
752 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
753 width, height);
754 }
755
756 static bool vnc_check_pageflip(DisplaySurface *s1,
757 DisplaySurface *s2)
758 {
759 return (s1 != NULL &&
760 s2 != NULL &&
761 surface_width(s1) == surface_width(s2) &&
762 surface_height(s1) == surface_height(s2) &&
763 surface_format(s1) == surface_format(s2));
764
765 }
766
767 static void vnc_dpy_switch(DisplayChangeListener *dcl,
768 DisplaySurface *surface)
769 {
770 static const char placeholder_msg[] =
771 "Display output is not active.";
772 static DisplaySurface *placeholder;
773 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
774 bool pageflip = vnc_check_pageflip(vd->ds, surface);
775 VncState *vs;
776
777 if (surface == NULL) {
778 if (placeholder == NULL) {
779 placeholder = qemu_create_message_surface(640, 480, placeholder_msg);
780 }
781 surface = placeholder;
782 }
783
784 vnc_abort_display_jobs(vd);
785 vd->ds = surface;
786
787 /* guest surface */
788 qemu_pixman_image_unref(vd->guest.fb);
789 vd->guest.fb = pixman_image_ref(surface->image);
790 vd->guest.format = surface->format;
791
792 if (pageflip) {
793 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
794 surface_width(surface),
795 surface_height(surface));
796 return;
797 }
798
799 /* server surface */
800 vnc_update_server_surface(vd);
801
802 QTAILQ_FOREACH(vs, &vd->clients, next) {
803 vnc_colordepth(vs);
804 vnc_desktop_resize(vs);
805 if (vs->vd->cursor) {
806 vnc_cursor_define(vs);
807 }
808 memset(vs->dirty, 0x00, sizeof(vs->dirty));
809 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
810 vnc_width(vd),
811 vnc_height(vd));
812 vnc_update_throttle_offset(vs);
813 }
814 }
815
816 /* fastest code */
817 static void vnc_write_pixels_copy(VncState *vs,
818 void *pixels, int size)
819 {
820 vnc_write(vs, pixels, size);
821 }
822
823 /* slowest but generic code. */
824 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
825 {
826 uint8_t r, g, b;
827
828 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
829 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
830 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
831 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
832 #else
833 # error need some bits here if you change VNC_SERVER_FB_FORMAT
834 #endif
835 v = (r << vs->client_pf.rshift) |
836 (g << vs->client_pf.gshift) |
837 (b << vs->client_pf.bshift);
838 switch (vs->client_pf.bytes_per_pixel) {
839 case 1:
840 buf[0] = v;
841 break;
842 case 2:
843 if (vs->client_be) {
844 buf[0] = v >> 8;
845 buf[1] = v;
846 } else {
847 buf[1] = v >> 8;
848 buf[0] = v;
849 }
850 break;
851 default:
852 case 4:
853 if (vs->client_be) {
854 buf[0] = v >> 24;
855 buf[1] = v >> 16;
856 buf[2] = v >> 8;
857 buf[3] = v;
858 } else {
859 buf[3] = v >> 24;
860 buf[2] = v >> 16;
861 buf[1] = v >> 8;
862 buf[0] = v;
863 }
864 break;
865 }
866 }
867
868 static void vnc_write_pixels_generic(VncState *vs,
869 void *pixels1, int size)
870 {
871 uint8_t buf[4];
872
873 if (VNC_SERVER_FB_BYTES == 4) {
874 uint32_t *pixels = pixels1;
875 int n, i;
876 n = size >> 2;
877 for (i = 0; i < n; i++) {
878 vnc_convert_pixel(vs, buf, pixels[i]);
879 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
880 }
881 }
882 }
883
884 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
885 {
886 int i;
887 uint8_t *row;
888 VncDisplay *vd = vs->vd;
889
890 row = vnc_server_fb_ptr(vd, x, y);
891 for (i = 0; i < h; i++) {
892 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
893 row += vnc_server_fb_stride(vd);
894 }
895 return 1;
896 }
897
898 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
899 {
900 int n = 0;
901 bool encode_raw = false;
902 size_t saved_offs = vs->output.offset;
903
904 switch(vs->vnc_encoding) {
905 case VNC_ENCODING_ZLIB:
906 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
907 break;
908 case VNC_ENCODING_HEXTILE:
909 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
910 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
911 break;
912 case VNC_ENCODING_TIGHT:
913 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
914 break;
915 case VNC_ENCODING_TIGHT_PNG:
916 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
917 break;
918 case VNC_ENCODING_ZRLE:
919 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
920 break;
921 case VNC_ENCODING_ZYWRLE:
922 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
923 break;
924 default:
925 encode_raw = true;
926 break;
927 }
928
929 /* If the client has the same pixel format as our internal buffer and
930 * a RAW encoding would need less space fall back to RAW encoding to
931 * save bandwidth and processing power in the client. */
932 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
933 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
934 vs->output.offset = saved_offs;
935 encode_raw = true;
936 }
937
938 if (encode_raw) {
939 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
940 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
941 }
942
943 return n;
944 }
945
946 static void vnc_mouse_set(DisplayChangeListener *dcl,
947 int x, int y, int visible)
948 {
949 /* can we ask the client(s) to move the pointer ??? */
950 }
951
952 static int vnc_cursor_define(VncState *vs)
953 {
954 QEMUCursor *c = vs->vd->cursor;
955 int isize;
956
957 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
958 vnc_lock_output(vs);
959 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
960 vnc_write_u8(vs, 0); /* padding */
961 vnc_write_u16(vs, 1); /* # of rects */
962 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
963 VNC_ENCODING_RICH_CURSOR);
964 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
965 vnc_write_pixels_generic(vs, c->data, isize);
966 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
967 vnc_unlock_output(vs);
968 return 0;
969 }
970 return -1;
971 }
972
973 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
974 QEMUCursor *c)
975 {
976 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
977 VncState *vs;
978
979 cursor_put(vd->cursor);
980 g_free(vd->cursor_mask);
981
982 vd->cursor = c;
983 cursor_get(vd->cursor);
984 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
985 vd->cursor_mask = g_malloc0(vd->cursor_msize);
986 cursor_get_mono_mask(c, 0, vd->cursor_mask);
987
988 QTAILQ_FOREACH(vs, &vd->clients, next) {
989 vnc_cursor_define(vs);
990 }
991 }
992
993 static int find_and_clear_dirty_height(VncState *vs,
994 int y, int last_x, int x, int height)
995 {
996 int h;
997
998 for (h = 1; h < (height - y); h++) {
999 if (!test_bit(last_x, vs->dirty[y + h])) {
1000 break;
1001 }
1002 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1003 }
1004
1005 return h;
1006 }
1007
1008 /*
1009 * Figure out how much pending data we should allow in the output
1010 * buffer before we throttle incremental display updates, and/or
1011 * drop audio samples.
1012 *
1013 * We allow for equiv of 1 full display's worth of FB updates,
1014 * and 1 second of audio samples. If audio backlog was larger
1015 * than that the client would already suffering awful audio
1016 * glitches, so dropping samples is no worse really).
1017 */
1018 static void vnc_update_throttle_offset(VncState *vs)
1019 {
1020 size_t offset =
1021 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1022
1023 if (vs->audio_cap) {
1024 int bps;
1025 switch (vs->as.fmt) {
1026 default:
1027 case AUDIO_FORMAT_U8:
1028 case AUDIO_FORMAT_S8:
1029 bps = 1;
1030 break;
1031 case AUDIO_FORMAT_U16:
1032 case AUDIO_FORMAT_S16:
1033 bps = 2;
1034 break;
1035 case AUDIO_FORMAT_U32:
1036 case AUDIO_FORMAT_S32:
1037 bps = 4;
1038 break;
1039 }
1040 offset += vs->as.freq * bps * vs->as.nchannels;
1041 }
1042
1043 /* Put a floor of 1MB on offset, so that if we have a large pending
1044 * buffer and the display is resized to a small size & back again
1045 * we don't suddenly apply a tiny send limit
1046 */
1047 offset = MAX(offset, 1024 * 1024);
1048
1049 if (vs->throttle_output_offset != offset) {
1050 trace_vnc_client_throttle_threshold(
1051 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1052 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1053 }
1054
1055 vs->throttle_output_offset = offset;
1056 }
1057
1058 static bool vnc_should_update(VncState *vs)
1059 {
1060 switch (vs->update) {
1061 case VNC_STATE_UPDATE_NONE:
1062 break;
1063 case VNC_STATE_UPDATE_INCREMENTAL:
1064 /* Only allow incremental updates if the pending send queue
1065 * is less than the permitted threshold, and the job worker
1066 * is completely idle.
1067 */
1068 if (vs->output.offset < vs->throttle_output_offset &&
1069 vs->job_update == VNC_STATE_UPDATE_NONE) {
1070 return true;
1071 }
1072 trace_vnc_client_throttle_incremental(
1073 vs, vs->ioc, vs->job_update, vs->output.offset);
1074 break;
1075 case VNC_STATE_UPDATE_FORCE:
1076 /* Only allow forced updates if the pending send queue
1077 * does not contain a previous forced update, and the
1078 * job worker is completely idle.
1079 *
1080 * Note this means we'll queue a forced update, even if
1081 * the output buffer size is otherwise over the throttle
1082 * output limit.
1083 */
1084 if (vs->force_update_offset == 0 &&
1085 vs->job_update == VNC_STATE_UPDATE_NONE) {
1086 return true;
1087 }
1088 trace_vnc_client_throttle_forced(
1089 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1090 break;
1091 }
1092 return false;
1093 }
1094
1095 static int vnc_update_client(VncState *vs, int has_dirty)
1096 {
1097 VncDisplay *vd = vs->vd;
1098 VncJob *job;
1099 int y;
1100 int height, width;
1101 int n = 0;
1102
1103 if (vs->disconnecting) {
1104 vnc_disconnect_finish(vs);
1105 return 0;
1106 }
1107
1108 vs->has_dirty += has_dirty;
1109 if (!vnc_should_update(vs)) {
1110 return 0;
1111 }
1112
1113 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1114 return 0;
1115 }
1116
1117 /*
1118 * Send screen updates to the vnc client using the server
1119 * surface and server dirty map. guest surface updates
1120 * happening in parallel don't disturb us, the next pass will
1121 * send them to the client.
1122 */
1123 job = vnc_job_new(vs);
1124
1125 height = pixman_image_get_height(vd->server);
1126 width = pixman_image_get_width(vd->server);
1127
1128 y = 0;
1129 for (;;) {
1130 int x, h;
1131 unsigned long x2;
1132 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1133 height * VNC_DIRTY_BPL(vs),
1134 y * VNC_DIRTY_BPL(vs));
1135 if (offset == height * VNC_DIRTY_BPL(vs)) {
1136 /* no more dirty bits */
1137 break;
1138 }
1139 y = offset / VNC_DIRTY_BPL(vs);
1140 x = offset % VNC_DIRTY_BPL(vs);
1141 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1142 VNC_DIRTY_BPL(vs), x);
1143 bitmap_clear(vs->dirty[y], x, x2 - x);
1144 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1145 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1146 if (x2 > x) {
1147 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1148 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1149 }
1150 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1151 y += h;
1152 if (y == height) {
1153 break;
1154 }
1155 }
1156 }
1157
1158 vs->job_update = vs->update;
1159 vs->update = VNC_STATE_UPDATE_NONE;
1160 vnc_job_push(job);
1161 vs->has_dirty = 0;
1162 return n;
1163 }
1164
1165 /* audio */
1166 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1167 {
1168 VncState *vs = opaque;
1169
1170 assert(vs->magic == VNC_MAGIC);
1171 switch (cmd) {
1172 case AUD_CNOTIFY_DISABLE:
1173 vnc_lock_output(vs);
1174 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1175 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1176 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1177 vnc_unlock_output(vs);
1178 vnc_flush(vs);
1179 break;
1180
1181 case AUD_CNOTIFY_ENABLE:
1182 vnc_lock_output(vs);
1183 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1184 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1185 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1186 vnc_unlock_output(vs);
1187 vnc_flush(vs);
1188 break;
1189 }
1190 }
1191
1192 static void audio_capture_destroy(void *opaque)
1193 {
1194 }
1195
1196 static void audio_capture(void *opaque, void *buf, int size)
1197 {
1198 VncState *vs = opaque;
1199
1200 assert(vs->magic == VNC_MAGIC);
1201 vnc_lock_output(vs);
1202 if (vs->output.offset < vs->throttle_output_offset) {
1203 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1204 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1205 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1206 vnc_write_u32(vs, size);
1207 vnc_write(vs, buf, size);
1208 } else {
1209 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1210 }
1211 vnc_unlock_output(vs);
1212 vnc_flush(vs);
1213 }
1214
1215 static void audio_add(VncState *vs)
1216 {
1217 struct audio_capture_ops ops;
1218
1219 if (vs->audio_cap) {
1220 error_report("audio already running");
1221 return;
1222 }
1223
1224 ops.notify = audio_capture_notify;
1225 ops.destroy = audio_capture_destroy;
1226 ops.capture = audio_capture;
1227
1228 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1229 if (!vs->audio_cap) {
1230 error_report("Failed to add audio capture");
1231 }
1232 }
1233
1234 static void audio_del(VncState *vs)
1235 {
1236 if (vs->audio_cap) {
1237 AUD_del_capture(vs->audio_cap, vs);
1238 vs->audio_cap = NULL;
1239 }
1240 }
1241
1242 static void vnc_disconnect_start(VncState *vs)
1243 {
1244 if (vs->disconnecting) {
1245 return;
1246 }
1247 trace_vnc_client_disconnect_start(vs, vs->ioc);
1248 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1249 if (vs->ioc_tag) {
1250 g_source_remove(vs->ioc_tag);
1251 vs->ioc_tag = 0;
1252 }
1253 qio_channel_close(vs->ioc, NULL);
1254 vs->disconnecting = TRUE;
1255 }
1256
1257 void vnc_disconnect_finish(VncState *vs)
1258 {
1259 int i;
1260
1261 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1262
1263 vnc_jobs_join(vs); /* Wait encoding jobs */
1264
1265 vnc_lock_output(vs);
1266 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1267
1268 buffer_free(&vs->input);
1269 buffer_free(&vs->output);
1270
1271 qapi_free_VncClientInfo(vs->info);
1272
1273 vnc_zlib_clear(vs);
1274 vnc_tight_clear(vs);
1275 vnc_zrle_clear(vs);
1276
1277 #ifdef CONFIG_VNC_SASL
1278 vnc_sasl_client_cleanup(vs);
1279 #endif /* CONFIG_VNC_SASL */
1280 audio_del(vs);
1281 qkbd_state_lift_all_keys(vs->vd->kbd);
1282
1283 if (vs->mouse_mode_notifier.notify != NULL) {
1284 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1285 }
1286 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1287 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1288 /* last client gone */
1289 vnc_update_server_surface(vs->vd);
1290 }
1291
1292 vnc_unlock_output(vs);
1293
1294 qemu_mutex_destroy(&vs->output_mutex);
1295 if (vs->bh != NULL) {
1296 qemu_bh_delete(vs->bh);
1297 }
1298 buffer_free(&vs->jobs_buffer);
1299
1300 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1301 g_free(vs->lossy_rect[i]);
1302 }
1303 g_free(vs->lossy_rect);
1304
1305 object_unref(OBJECT(vs->ioc));
1306 vs->ioc = NULL;
1307 object_unref(OBJECT(vs->sioc));
1308 vs->sioc = NULL;
1309 vs->magic = 0;
1310 g_free(vs->zrle);
1311 g_free(vs->tight);
1312 g_free(vs);
1313 }
1314
1315 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1316 {
1317 if (ret <= 0) {
1318 if (ret == 0) {
1319 trace_vnc_client_eof(vs, vs->ioc);
1320 vnc_disconnect_start(vs);
1321 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1322 trace_vnc_client_io_error(vs, vs->ioc,
1323 err ? error_get_pretty(err) : "Unknown");
1324 vnc_disconnect_start(vs);
1325 }
1326
1327 error_free(err);
1328 return 0;
1329 }
1330 return ret;
1331 }
1332
1333
1334 void vnc_client_error(VncState *vs)
1335 {
1336 VNC_DEBUG("Closing down client sock: protocol error\n");
1337 vnc_disconnect_start(vs);
1338 }
1339
1340
1341 /*
1342 * Called to write a chunk of data to the client socket. The data may
1343 * be the raw data, or may have already been encoded by SASL.
1344 * The data will be written either straight onto the socket, or
1345 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1346 *
1347 * NB, it is theoretically possible to have 2 layers of encryption,
1348 * both SASL, and this TLS layer. It is highly unlikely in practice
1349 * though, since SASL encryption will typically be a no-op if TLS
1350 * is active
1351 *
1352 * Returns the number of bytes written, which may be less than
1353 * the requested 'datalen' if the socket would block. Returns
1354 * 0 on I/O error, and disconnects the client socket.
1355 */
1356 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1357 {
1358 Error *err = NULL;
1359 ssize_t ret;
1360 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1361 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1362 return vnc_client_io_error(vs, ret, err);
1363 }
1364
1365
1366 /*
1367 * Called to write buffered data to the client socket, when not
1368 * using any SASL SSF encryption layers. Will write as much data
1369 * as possible without blocking. If all buffered data is written,
1370 * will switch the FD poll() handler back to read monitoring.
1371 *
1372 * Returns the number of bytes written, which may be less than
1373 * the buffered output data if the socket would block. Returns
1374 * 0 on I/O error, and disconnects the client socket.
1375 */
1376 static size_t vnc_client_write_plain(VncState *vs)
1377 {
1378 size_t offset;
1379 size_t ret;
1380
1381 #ifdef CONFIG_VNC_SASL
1382 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1383 vs->output.buffer, vs->output.capacity, vs->output.offset,
1384 vs->sasl.waitWriteSSF);
1385
1386 if (vs->sasl.conn &&
1387 vs->sasl.runSSF &&
1388 vs->sasl.waitWriteSSF) {
1389 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1390 if (ret)
1391 vs->sasl.waitWriteSSF -= ret;
1392 } else
1393 #endif /* CONFIG_VNC_SASL */
1394 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1395 if (!ret)
1396 return 0;
1397
1398 if (ret >= vs->force_update_offset) {
1399 if (vs->force_update_offset != 0) {
1400 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1401 }
1402 vs->force_update_offset = 0;
1403 } else {
1404 vs->force_update_offset -= ret;
1405 }
1406 offset = vs->output.offset;
1407 buffer_advance(&vs->output, ret);
1408 if (offset >= vs->throttle_output_offset &&
1409 vs->output.offset < vs->throttle_output_offset) {
1410 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1411 }
1412
1413 if (vs->output.offset == 0) {
1414 if (vs->ioc_tag) {
1415 g_source_remove(vs->ioc_tag);
1416 }
1417 vs->ioc_tag = qio_channel_add_watch(
1418 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1419 }
1420
1421 return ret;
1422 }
1423
1424
1425 /*
1426 * First function called whenever there is data to be written to
1427 * the client socket. Will delegate actual work according to whether
1428 * SASL SSF layers are enabled (thus requiring encryption calls)
1429 */
1430 static void vnc_client_write_locked(VncState *vs)
1431 {
1432 #ifdef CONFIG_VNC_SASL
1433 if (vs->sasl.conn &&
1434 vs->sasl.runSSF &&
1435 !vs->sasl.waitWriteSSF) {
1436 vnc_client_write_sasl(vs);
1437 } else
1438 #endif /* CONFIG_VNC_SASL */
1439 {
1440 vnc_client_write_plain(vs);
1441 }
1442 }
1443
1444 static void vnc_client_write(VncState *vs)
1445 {
1446 assert(vs->magic == VNC_MAGIC);
1447 vnc_lock_output(vs);
1448 if (vs->output.offset) {
1449 vnc_client_write_locked(vs);
1450 } else if (vs->ioc != NULL) {
1451 if (vs->ioc_tag) {
1452 g_source_remove(vs->ioc_tag);
1453 }
1454 vs->ioc_tag = qio_channel_add_watch(
1455 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1456 }
1457 vnc_unlock_output(vs);
1458 }
1459
1460 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1461 {
1462 vs->read_handler = func;
1463 vs->read_handler_expect = expecting;
1464 }
1465
1466
1467 /*
1468 * Called to read a chunk of data from the client socket. The data may
1469 * be the raw data, or may need to be further decoded by SASL.
1470 * The data will be read either straight from to the socket, or
1471 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1472 *
1473 * NB, it is theoretically possible to have 2 layers of encryption,
1474 * both SASL, and this TLS layer. It is highly unlikely in practice
1475 * though, since SASL encryption will typically be a no-op if TLS
1476 * is active
1477 *
1478 * Returns the number of bytes read, which may be less than
1479 * the requested 'datalen' if the socket would block. Returns
1480 * 0 on I/O error or EOF, and disconnects the client socket.
1481 */
1482 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1483 {
1484 ssize_t ret;
1485 Error *err = NULL;
1486 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1487 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1488 return vnc_client_io_error(vs, ret, err);
1489 }
1490
1491
1492 /*
1493 * Called to read data from the client socket to the input buffer,
1494 * when not using any SASL SSF encryption layers. Will read as much
1495 * data as possible without blocking.
1496 *
1497 * Returns the number of bytes read, which may be less than
1498 * the requested 'datalen' if the socket would block. Returns
1499 * 0 on I/O error or EOF, and disconnects the client socket.
1500 */
1501 static size_t vnc_client_read_plain(VncState *vs)
1502 {
1503 size_t ret;
1504 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1505 vs->input.buffer, vs->input.capacity, vs->input.offset);
1506 buffer_reserve(&vs->input, 4096);
1507 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1508 if (!ret)
1509 return 0;
1510 vs->input.offset += ret;
1511 return ret;
1512 }
1513
1514 static void vnc_jobs_bh(void *opaque)
1515 {
1516 VncState *vs = opaque;
1517
1518 assert(vs->magic == VNC_MAGIC);
1519 vnc_jobs_consume_buffer(vs);
1520 }
1521
1522 /*
1523 * First function called whenever there is more data to be read from
1524 * the client socket. Will delegate actual work according to whether
1525 * SASL SSF layers are enabled (thus requiring decryption calls)
1526 * Returns 0 on success, -1 if client disconnected
1527 */
1528 static int vnc_client_read(VncState *vs)
1529 {
1530 size_t ret;
1531
1532 #ifdef CONFIG_VNC_SASL
1533 if (vs->sasl.conn && vs->sasl.runSSF)
1534 ret = vnc_client_read_sasl(vs);
1535 else
1536 #endif /* CONFIG_VNC_SASL */
1537 ret = vnc_client_read_plain(vs);
1538 if (!ret) {
1539 if (vs->disconnecting) {
1540 vnc_disconnect_finish(vs);
1541 return -1;
1542 }
1543 return 0;
1544 }
1545
1546 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1547 size_t len = vs->read_handler_expect;
1548 int ret;
1549
1550 ret = vs->read_handler(vs, vs->input.buffer, len);
1551 if (vs->disconnecting) {
1552 vnc_disconnect_finish(vs);
1553 return -1;
1554 }
1555
1556 if (!ret) {
1557 buffer_advance(&vs->input, len);
1558 } else {
1559 vs->read_handler_expect = ret;
1560 }
1561 }
1562 return 0;
1563 }
1564
1565 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1566 GIOCondition condition, void *opaque)
1567 {
1568 VncState *vs = opaque;
1569
1570 assert(vs->magic == VNC_MAGIC);
1571 if (condition & G_IO_IN) {
1572 if (vnc_client_read(vs) < 0) {
1573 /* vs is free()ed here */
1574 return TRUE;
1575 }
1576 }
1577 if (condition & G_IO_OUT) {
1578 vnc_client_write(vs);
1579 }
1580
1581 if (vs->disconnecting) {
1582 if (vs->ioc_tag != 0) {
1583 g_source_remove(vs->ioc_tag);
1584 }
1585 vs->ioc_tag = 0;
1586 }
1587 return TRUE;
1588 }
1589
1590
1591 /*
1592 * Scale factor to apply to vs->throttle_output_offset when checking for
1593 * hard limit. Worst case normal usage could be x2, if we have a complete
1594 * incremental update and complete forced update in the output buffer.
1595 * So x3 should be good enough, but we pick x5 to be conservative and thus
1596 * (hopefully) never trigger incorrectly.
1597 */
1598 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1599
1600 void vnc_write(VncState *vs, const void *data, size_t len)
1601 {
1602 assert(vs->magic == VNC_MAGIC);
1603 if (vs->disconnecting) {
1604 return;
1605 }
1606 /* Protection against malicious client/guest to prevent our output
1607 * buffer growing without bound if client stops reading data. This
1608 * should rarely trigger, because we have earlier throttling code
1609 * which stops issuing framebuffer updates and drops audio data
1610 * if the throttle_output_offset value is exceeded. So we only reach
1611 * this higher level if a huge number of pseudo-encodings get
1612 * triggered while data can't be sent on the socket.
1613 *
1614 * NB throttle_output_offset can be zero during early protocol
1615 * handshake, or from the job thread's VncState clone
1616 */
1617 if (vs->throttle_output_offset != 0 &&
1618 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1619 vs->throttle_output_offset) {
1620 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1621 vs->throttle_output_offset);
1622 vnc_disconnect_start(vs);
1623 return;
1624 }
1625 buffer_reserve(&vs->output, len);
1626
1627 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1628 if (vs->ioc_tag) {
1629 g_source_remove(vs->ioc_tag);
1630 }
1631 vs->ioc_tag = qio_channel_add_watch(
1632 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1633 }
1634
1635 buffer_append(&vs->output, data, len);
1636 }
1637
1638 void vnc_write_s32(VncState *vs, int32_t value)
1639 {
1640 vnc_write_u32(vs, *(uint32_t *)&value);
1641 }
1642
1643 void vnc_write_u32(VncState *vs, uint32_t value)
1644 {
1645 uint8_t buf[4];
1646
1647 buf[0] = (value >> 24) & 0xFF;
1648 buf[1] = (value >> 16) & 0xFF;
1649 buf[2] = (value >> 8) & 0xFF;
1650 buf[3] = value & 0xFF;
1651
1652 vnc_write(vs, buf, 4);
1653 }
1654
1655 void vnc_write_u16(VncState *vs, uint16_t value)
1656 {
1657 uint8_t buf[2];
1658
1659 buf[0] = (value >> 8) & 0xFF;
1660 buf[1] = value & 0xFF;
1661
1662 vnc_write(vs, buf, 2);
1663 }
1664
1665 void vnc_write_u8(VncState *vs, uint8_t value)
1666 {
1667 vnc_write(vs, (char *)&value, 1);
1668 }
1669
1670 void vnc_flush(VncState *vs)
1671 {
1672 vnc_lock_output(vs);
1673 if (vs->ioc != NULL && vs->output.offset) {
1674 vnc_client_write_locked(vs);
1675 }
1676 if (vs->disconnecting) {
1677 if (vs->ioc_tag != 0) {
1678 g_source_remove(vs->ioc_tag);
1679 }
1680 vs->ioc_tag = 0;
1681 }
1682 vnc_unlock_output(vs);
1683 }
1684
1685 static uint8_t read_u8(uint8_t *data, size_t offset)
1686 {
1687 return data[offset];
1688 }
1689
1690 static uint16_t read_u16(uint8_t *data, size_t offset)
1691 {
1692 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1693 }
1694
1695 static int32_t read_s32(uint8_t *data, size_t offset)
1696 {
1697 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1698 (data[offset + 2] << 8) | data[offset + 3]);
1699 }
1700
1701 uint32_t read_u32(uint8_t *data, size_t offset)
1702 {
1703 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1704 (data[offset + 2] << 8) | data[offset + 3]);
1705 }
1706
1707 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1708 {
1709 }
1710
1711 static void check_pointer_type_change(Notifier *notifier, void *data)
1712 {
1713 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1714 int absolute = qemu_input_is_absolute();
1715
1716 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1717 vnc_lock_output(vs);
1718 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1719 vnc_write_u8(vs, 0);
1720 vnc_write_u16(vs, 1);
1721 vnc_framebuffer_update(vs, absolute, 0,
1722 pixman_image_get_width(vs->vd->server),
1723 pixman_image_get_height(vs->vd->server),
1724 VNC_ENCODING_POINTER_TYPE_CHANGE);
1725 vnc_unlock_output(vs);
1726 vnc_flush(vs);
1727 }
1728 vs->absolute = absolute;
1729 }
1730
1731 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1732 {
1733 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1734 [INPUT_BUTTON_LEFT] = 0x01,
1735 [INPUT_BUTTON_MIDDLE] = 0x02,
1736 [INPUT_BUTTON_RIGHT] = 0x04,
1737 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1738 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1739 };
1740 QemuConsole *con = vs->vd->dcl.con;
1741 int width = pixman_image_get_width(vs->vd->server);
1742 int height = pixman_image_get_height(vs->vd->server);
1743
1744 if (vs->last_bmask != button_mask) {
1745 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1746 vs->last_bmask = button_mask;
1747 }
1748
1749 if (vs->absolute) {
1750 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1751 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1752 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1753 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1754 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1755 } else {
1756 if (vs->last_x != -1) {
1757 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1758 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1759 }
1760 vs->last_x = x;
1761 vs->last_y = y;
1762 }
1763 qemu_input_event_sync();
1764 }
1765
1766 static void press_key(VncState *vs, QKeyCode qcode)
1767 {
1768 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1769 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1770 }
1771
1772 static void vnc_led_state_change(VncState *vs)
1773 {
1774 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1775 return;
1776 }
1777
1778 vnc_lock_output(vs);
1779 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1780 vnc_write_u8(vs, 0);
1781 vnc_write_u16(vs, 1);
1782 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1783 vnc_write_u8(vs, vs->vd->ledstate);
1784 vnc_unlock_output(vs);
1785 vnc_flush(vs);
1786 }
1787
1788 static void kbd_leds(void *opaque, int ledstate)
1789 {
1790 VncDisplay *vd = opaque;
1791 VncState *client;
1792
1793 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1794 (ledstate & QEMU_NUM_LOCK_LED),
1795 (ledstate & QEMU_SCROLL_LOCK_LED));
1796
1797 if (ledstate == vd->ledstate) {
1798 return;
1799 }
1800
1801 vd->ledstate = ledstate;
1802
1803 QTAILQ_FOREACH(client, &vd->clients, next) {
1804 vnc_led_state_change(client);
1805 }
1806 }
1807
1808 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1809 {
1810 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1811
1812 /* QEMU console switch */
1813 switch (qcode) {
1814 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */
1815 if (vs->vd->dcl.con == NULL && down &&
1816 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1817 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1818 /* Reset the modifiers sent to the current console */
1819 qkbd_state_lift_all_keys(vs->vd->kbd);
1820 console_select(qcode - Q_KEY_CODE_1);
1821 return;
1822 }
1823 default:
1824 break;
1825 }
1826
1827 /* Turn off the lock state sync logic if the client support the led
1828 state extension.
1829 */
1830 if (down && vs->vd->lock_key_sync &&
1831 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1832 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1833 /* If the numlock state needs to change then simulate an additional
1834 keypress before sending this one. This will happen if the user
1835 toggles numlock away from the VNC window.
1836 */
1837 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1838 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1839 trace_vnc_key_sync_numlock(true);
1840 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1841 }
1842 } else {
1843 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1844 trace_vnc_key_sync_numlock(false);
1845 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1846 }
1847 }
1848 }
1849
1850 if (down && vs->vd->lock_key_sync &&
1851 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1852 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1853 /* If the capslock state needs to change then simulate an additional
1854 keypress before sending this one. This will happen if the user
1855 toggles capslock away from the VNC window.
1856 */
1857 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1858 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1859 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1860 if (capslock) {
1861 if (uppercase == shift) {
1862 trace_vnc_key_sync_capslock(false);
1863 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1864 }
1865 } else {
1866 if (uppercase != shift) {
1867 trace_vnc_key_sync_capslock(true);
1868 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1869 }
1870 }
1871 }
1872
1873 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1874 if (!qemu_console_is_graphic(NULL)) {
1875 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1876 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1877 /* QEMU console emulation */
1878 if (down) {
1879 switch (keycode) {
1880 case 0x2a: /* Left Shift */
1881 case 0x36: /* Right Shift */
1882 case 0x1d: /* Left CTRL */
1883 case 0x9d: /* Right CTRL */
1884 case 0x38: /* Left ALT */
1885 case 0xb8: /* Right ALT */
1886 break;
1887 case 0xc8:
1888 kbd_put_keysym(QEMU_KEY_UP);
1889 break;
1890 case 0xd0:
1891 kbd_put_keysym(QEMU_KEY_DOWN);
1892 break;
1893 case 0xcb:
1894 kbd_put_keysym(QEMU_KEY_LEFT);
1895 break;
1896 case 0xcd:
1897 kbd_put_keysym(QEMU_KEY_RIGHT);
1898 break;
1899 case 0xd3:
1900 kbd_put_keysym(QEMU_KEY_DELETE);
1901 break;
1902 case 0xc7:
1903 kbd_put_keysym(QEMU_KEY_HOME);
1904 break;
1905 case 0xcf:
1906 kbd_put_keysym(QEMU_KEY_END);
1907 break;
1908 case 0xc9:
1909 kbd_put_keysym(QEMU_KEY_PAGEUP);
1910 break;
1911 case 0xd1:
1912 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1913 break;
1914
1915 case 0x47:
1916 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1917 break;
1918 case 0x48:
1919 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1920 break;
1921 case 0x49:
1922 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1923 break;
1924 case 0x4b:
1925 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1926 break;
1927 case 0x4c:
1928 kbd_put_keysym('5');
1929 break;
1930 case 0x4d:
1931 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1932 break;
1933 case 0x4f:
1934 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1935 break;
1936 case 0x50:
1937 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1938 break;
1939 case 0x51:
1940 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1941 break;
1942 case 0x52:
1943 kbd_put_keysym('0');
1944 break;
1945 case 0x53:
1946 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1947 break;
1948
1949 case 0xb5:
1950 kbd_put_keysym('/');
1951 break;
1952 case 0x37:
1953 kbd_put_keysym('*');
1954 break;
1955 case 0x4a:
1956 kbd_put_keysym('-');
1957 break;
1958 case 0x4e:
1959 kbd_put_keysym('+');
1960 break;
1961 case 0x9c:
1962 kbd_put_keysym('\n');
1963 break;
1964
1965 default:
1966 if (control) {
1967 kbd_put_keysym(sym & 0x1f);
1968 } else {
1969 kbd_put_keysym(sym);
1970 }
1971 break;
1972 }
1973 }
1974 }
1975 }
1976
1977 static const char *code2name(int keycode)
1978 {
1979 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
1980 }
1981
1982 static void key_event(VncState *vs, int down, uint32_t sym)
1983 {
1984 int keycode;
1985 int lsym = sym;
1986
1987 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1988 lsym = lsym - 'A' + 'a';
1989 }
1990
1991 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
1992 vs->vd->kbd, down) & SCANCODE_KEYMASK;
1993 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1994 do_key_event(vs, down, keycode, sym);
1995 }
1996
1997 static void ext_key_event(VncState *vs, int down,
1998 uint32_t sym, uint16_t keycode)
1999 {
2000 /* if the user specifies a keyboard layout, always use it */
2001 if (keyboard_layout) {
2002 key_event(vs, down, sym);
2003 } else {
2004 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2005 do_key_event(vs, down, keycode, sym);
2006 }
2007 }
2008
2009 static void framebuffer_update_request(VncState *vs, int incremental,
2010 int x, int y, int w, int h)
2011 {
2012 if (incremental) {
2013 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2014 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2015 }
2016 } else {
2017 vs->update = VNC_STATE_UPDATE_FORCE;
2018 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2019 }
2020 }
2021
2022 static void send_ext_key_event_ack(VncState *vs)
2023 {
2024 vnc_lock_output(vs);
2025 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2026 vnc_write_u8(vs, 0);
2027 vnc_write_u16(vs, 1);
2028 vnc_framebuffer_update(vs, 0, 0,
2029 pixman_image_get_width(vs->vd->server),
2030 pixman_image_get_height(vs->vd->server),
2031 VNC_ENCODING_EXT_KEY_EVENT);
2032 vnc_unlock_output(vs);
2033 vnc_flush(vs);
2034 }
2035
2036 static void send_ext_audio_ack(VncState *vs)
2037 {
2038 vnc_lock_output(vs);
2039 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2040 vnc_write_u8(vs, 0);
2041 vnc_write_u16(vs, 1);
2042 vnc_framebuffer_update(vs, 0, 0,
2043 pixman_image_get_width(vs->vd->server),
2044 pixman_image_get_height(vs->vd->server),
2045 VNC_ENCODING_AUDIO);
2046 vnc_unlock_output(vs);
2047 vnc_flush(vs);
2048 }
2049
2050 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2051 {
2052 int i;
2053 unsigned int enc = 0;
2054
2055 vs->features = 0;
2056 vs->vnc_encoding = 0;
2057 vs->tight->compression = 9;
2058 vs->tight->quality = -1; /* Lossless by default */
2059 vs->absolute = -1;
2060
2061 /*
2062 * Start from the end because the encodings are sent in order of preference.
2063 * This way the preferred encoding (first encoding defined in the array)
2064 * will be set at the end of the loop.
2065 */
2066 for (i = n_encodings - 1; i >= 0; i--) {
2067 enc = encodings[i];
2068 switch (enc) {
2069 case VNC_ENCODING_RAW:
2070 vs->vnc_encoding = enc;
2071 break;
2072 case VNC_ENCODING_COPYRECT:
2073 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2074 break;
2075 case VNC_ENCODING_HEXTILE:
2076 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2077 vs->vnc_encoding = enc;
2078 break;
2079 case VNC_ENCODING_TIGHT:
2080 vs->features |= VNC_FEATURE_TIGHT_MASK;
2081 vs->vnc_encoding = enc;
2082 break;
2083 #ifdef CONFIG_VNC_PNG
2084 case VNC_ENCODING_TIGHT_PNG:
2085 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2086 vs->vnc_encoding = enc;
2087 break;
2088 #endif
2089 case VNC_ENCODING_ZLIB:
2090 vs->features |= VNC_FEATURE_ZLIB_MASK;
2091 vs->vnc_encoding = enc;
2092 break;
2093 case VNC_ENCODING_ZRLE:
2094 vs->features |= VNC_FEATURE_ZRLE_MASK;
2095 vs->vnc_encoding = enc;
2096 break;
2097 case VNC_ENCODING_ZYWRLE:
2098 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2099 vs->vnc_encoding = enc;
2100 break;
2101 case VNC_ENCODING_DESKTOPRESIZE:
2102 vs->features |= VNC_FEATURE_RESIZE_MASK;
2103 break;
2104 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2105 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2106 break;
2107 case VNC_ENCODING_RICH_CURSOR:
2108 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2109 if (vs->vd->cursor) {
2110 vnc_cursor_define(vs);
2111 }
2112 break;
2113 case VNC_ENCODING_EXT_KEY_EVENT:
2114 send_ext_key_event_ack(vs);
2115 break;
2116 case VNC_ENCODING_AUDIO:
2117 send_ext_audio_ack(vs);
2118 break;
2119 case VNC_ENCODING_WMVi:
2120 vs->features |= VNC_FEATURE_WMVI_MASK;
2121 break;
2122 case VNC_ENCODING_LED_STATE:
2123 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2124 break;
2125 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2126 vs->tight->compression = (enc & 0x0F);
2127 break;
2128 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2129 if (vs->vd->lossy) {
2130 vs->tight->quality = (enc & 0x0F);
2131 }
2132 break;
2133 default:
2134 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2135 break;
2136 }
2137 }
2138 vnc_desktop_resize(vs);
2139 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2140 vnc_led_state_change(vs);
2141 }
2142
2143 static void set_pixel_conversion(VncState *vs)
2144 {
2145 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2146
2147 if (fmt == VNC_SERVER_FB_FORMAT) {
2148 vs->write_pixels = vnc_write_pixels_copy;
2149 vnc_hextile_set_pixel_conversion(vs, 0);
2150 } else {
2151 vs->write_pixels = vnc_write_pixels_generic;
2152 vnc_hextile_set_pixel_conversion(vs, 1);
2153 }
2154 }
2155
2156 static void send_color_map(VncState *vs)
2157 {
2158 int i;
2159
2160 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2161 vnc_write_u8(vs, 0); /* padding */
2162 vnc_write_u16(vs, 0); /* first color */
2163 vnc_write_u16(vs, 256); /* # of colors */
2164
2165 for (i = 0; i < 256; i++) {
2166 PixelFormat *pf = &vs->client_pf;
2167
2168 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2169 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2170 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2171 }
2172 }
2173
2174 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2175 int big_endian_flag, int true_color_flag,
2176 int red_max, int green_max, int blue_max,
2177 int red_shift, int green_shift, int blue_shift)
2178 {
2179 if (!true_color_flag) {
2180 /* Expose a reasonable default 256 color map */
2181 bits_per_pixel = 8;
2182 red_max = 7;
2183 green_max = 7;
2184 blue_max = 3;
2185 red_shift = 0;
2186 green_shift = 3;
2187 blue_shift = 6;
2188 }
2189
2190 switch (bits_per_pixel) {
2191 case 8:
2192 case 16:
2193 case 32:
2194 break;
2195 default:
2196 vnc_client_error(vs);
2197 return;
2198 }
2199
2200 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2201 vs->client_pf.rbits = ctpopl(red_max);
2202 vs->client_pf.rshift = red_shift;
2203 vs->client_pf.rmask = red_max << red_shift;
2204 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2205 vs->client_pf.gbits = ctpopl(green_max);
2206 vs->client_pf.gshift = green_shift;
2207 vs->client_pf.gmask = green_max << green_shift;
2208 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2209 vs->client_pf.bbits = ctpopl(blue_max);
2210 vs->client_pf.bshift = blue_shift;
2211 vs->client_pf.bmask = blue_max << blue_shift;
2212 vs->client_pf.bits_per_pixel = bits_per_pixel;
2213 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2214 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2215 vs->client_be = big_endian_flag;
2216
2217 if (!true_color_flag) {
2218 send_color_map(vs);
2219 }
2220
2221 set_pixel_conversion(vs);
2222
2223 graphic_hw_invalidate(vs->vd->dcl.con);
2224 graphic_hw_update(vs->vd->dcl.con);
2225 }
2226
2227 static void pixel_format_message (VncState *vs) {
2228 char pad[3] = { 0, 0, 0 };
2229
2230 vs->client_pf = qemu_default_pixelformat(32);
2231
2232 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2233 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2234
2235 #ifdef HOST_WORDS_BIGENDIAN
2236 vnc_write_u8(vs, 1); /* big-endian-flag */
2237 #else
2238 vnc_write_u8(vs, 0); /* big-endian-flag */
2239 #endif
2240 vnc_write_u8(vs, 1); /* true-color-flag */
2241 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2242 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2243 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2244 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2245 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2246 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2247 vnc_write(vs, pad, 3); /* padding */
2248
2249 vnc_hextile_set_pixel_conversion(vs, 0);
2250 vs->write_pixels = vnc_write_pixels_copy;
2251 }
2252
2253 static void vnc_colordepth(VncState *vs)
2254 {
2255 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2256 /* Sending a WMVi message to notify the client*/
2257 vnc_lock_output(vs);
2258 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2259 vnc_write_u8(vs, 0);
2260 vnc_write_u16(vs, 1); /* number of rects */
2261 vnc_framebuffer_update(vs, 0, 0,
2262 pixman_image_get_width(vs->vd->server),
2263 pixman_image_get_height(vs->vd->server),
2264 VNC_ENCODING_WMVi);
2265 pixel_format_message(vs);
2266 vnc_unlock_output(vs);
2267 vnc_flush(vs);
2268 } else {
2269 set_pixel_conversion(vs);
2270 }
2271 }
2272
2273 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2274 {
2275 int i;
2276 uint16_t limit;
2277 uint32_t freq;
2278 VncDisplay *vd = vs->vd;
2279
2280 if (data[0] > 3) {
2281 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2282 }
2283
2284 switch (data[0]) {
2285 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2286 if (len == 1)
2287 return 20;
2288
2289 set_pixel_format(vs, read_u8(data, 4),
2290 read_u8(data, 6), read_u8(data, 7),
2291 read_u16(data, 8), read_u16(data, 10),
2292 read_u16(data, 12), read_u8(data, 14),
2293 read_u8(data, 15), read_u8(data, 16));
2294 break;
2295 case VNC_MSG_CLIENT_SET_ENCODINGS:
2296 if (len == 1)
2297 return 4;
2298
2299 if (len == 4) {
2300 limit = read_u16(data, 2);
2301 if (limit > 0)
2302 return 4 + (limit * 4);
2303 } else
2304 limit = read_u16(data, 2);
2305
2306 for (i = 0; i < limit; i++) {
2307 int32_t val = read_s32(data, 4 + (i * 4));
2308 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2309 }
2310
2311 set_encodings(vs, (int32_t *)(data + 4), limit);
2312 break;
2313 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2314 if (len == 1)
2315 return 10;
2316
2317 framebuffer_update_request(vs,
2318 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2319 read_u16(data, 6), read_u16(data, 8));
2320 break;
2321 case VNC_MSG_CLIENT_KEY_EVENT:
2322 if (len == 1)
2323 return 8;
2324
2325 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2326 break;
2327 case VNC_MSG_CLIENT_POINTER_EVENT:
2328 if (len == 1)
2329 return 6;
2330
2331 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2332 break;
2333 case VNC_MSG_CLIENT_CUT_TEXT:
2334 if (len == 1) {
2335 return 8;
2336 }
2337 if (len == 8) {
2338 uint32_t dlen = read_u32(data, 4);
2339 if (dlen > (1 << 20)) {
2340 error_report("vnc: client_cut_text msg payload has %u bytes"
2341 " which exceeds our limit of 1MB.", dlen);
2342 vnc_client_error(vs);
2343 break;
2344 }
2345 if (dlen > 0) {
2346 return 8 + dlen;
2347 }
2348 }
2349
2350 client_cut_text(vs, read_u32(data, 4), data + 8);
2351 break;
2352 case VNC_MSG_CLIENT_QEMU:
2353 if (len == 1)
2354 return 2;
2355
2356 switch (read_u8(data, 1)) {
2357 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2358 if (len == 2)
2359 return 12;
2360
2361 ext_key_event(vs, read_u16(data, 2),
2362 read_u32(data, 4), read_u32(data, 8));
2363 break;
2364 case VNC_MSG_CLIENT_QEMU_AUDIO:
2365 if (len == 2)
2366 return 4;
2367
2368 switch (read_u16 (data, 2)) {
2369 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2370 audio_add(vs);
2371 break;
2372 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2373 audio_del(vs);
2374 break;
2375 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2376 if (len == 4)
2377 return 10;
2378 switch (read_u8(data, 4)) {
2379 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2380 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2381 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2382 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2383 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2384 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2385 default:
2386 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2387 vnc_client_error(vs);
2388 break;
2389 }
2390 vs->as.nchannels = read_u8(data, 5);
2391 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2392 VNC_DEBUG("Invalid audio channel count %d\n",
2393 read_u8(data, 5));
2394 vnc_client_error(vs);
2395 break;
2396 }
2397 freq = read_u32(data, 6);
2398 /* No official limit for protocol, but 48khz is a sensible
2399 * upper bound for trustworthy clients, and this limit
2400 * protects calculations involving 'vs->as.freq' later.
2401 */
2402 if (freq > 48000) {
2403 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2404 vnc_client_error(vs);
2405 break;
2406 }
2407 vs->as.freq = freq;
2408 break;
2409 default:
2410 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2411 vnc_client_error(vs);
2412 break;
2413 }
2414 break;
2415
2416 default:
2417 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2418 vnc_client_error(vs);
2419 break;
2420 }
2421 break;
2422 default:
2423 VNC_DEBUG("Msg: %d\n", data[0]);
2424 vnc_client_error(vs);
2425 break;
2426 }
2427
2428 vnc_update_throttle_offset(vs);
2429 vnc_read_when(vs, protocol_client_msg, 1);
2430 return 0;
2431 }
2432
2433 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2434 {
2435 char buf[1024];
2436 VncShareMode mode;
2437 int size;
2438
2439 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2440 switch (vs->vd->share_policy) {
2441 case VNC_SHARE_POLICY_IGNORE:
2442 /*
2443 * Ignore the shared flag. Nothing to do here.
2444 *
2445 * Doesn't conform to the rfb spec but is traditional qemu
2446 * behavior, thus left here as option for compatibility
2447 * reasons.
2448 */
2449 break;
2450 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2451 /*
2452 * Policy: Allow clients ask for exclusive access.
2453 *
2454 * Implementation: When a client asks for exclusive access,
2455 * disconnect all others. Shared connects are allowed as long
2456 * as no exclusive connection exists.
2457 *
2458 * This is how the rfb spec suggests to handle the shared flag.
2459 */
2460 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2461 VncState *client;
2462 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2463 if (vs == client) {
2464 continue;
2465 }
2466 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2467 client->share_mode != VNC_SHARE_MODE_SHARED) {
2468 continue;
2469 }
2470 vnc_disconnect_start(client);
2471 }
2472 }
2473 if (mode == VNC_SHARE_MODE_SHARED) {
2474 if (vs->vd->num_exclusive > 0) {
2475 vnc_disconnect_start(vs);
2476 return 0;
2477 }
2478 }
2479 break;
2480 case VNC_SHARE_POLICY_FORCE_SHARED:
2481 /*
2482 * Policy: Shared connects only.
2483 * Implementation: Disallow clients asking for exclusive access.
2484 *
2485 * Useful for shared desktop sessions where you don't want
2486 * someone forgetting to say -shared when running the vnc
2487 * client disconnect everybody else.
2488 */
2489 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2490 vnc_disconnect_start(vs);
2491 return 0;
2492 }
2493 break;
2494 }
2495 vnc_set_share_mode(vs, mode);
2496
2497 if (vs->vd->num_shared > vs->vd->connections_limit) {
2498 vnc_disconnect_start(vs);
2499 return 0;
2500 }
2501
2502 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2503 pixman_image_get_width(vs->vd->server) >= 0);
2504 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2505 pixman_image_get_height(vs->vd->server) >= 0);
2506 vs->client_width = pixman_image_get_width(vs->vd->server);
2507 vs->client_height = pixman_image_get_height(vs->vd->server);
2508 vnc_write_u16(vs, vs->client_width);
2509 vnc_write_u16(vs, vs->client_height);
2510
2511 pixel_format_message(vs);
2512
2513 if (qemu_name) {
2514 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2515 if (size > sizeof(buf)) {
2516 size = sizeof(buf);
2517 }
2518 } else {
2519 size = snprintf(buf, sizeof(buf), "QEMU");
2520 }
2521
2522 vnc_write_u32(vs, size);
2523 vnc_write(vs, buf, size);
2524 vnc_flush(vs);
2525
2526 vnc_client_cache_auth(vs);
2527 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2528
2529 vnc_read_when(vs, protocol_client_msg, 1);
2530
2531 return 0;
2532 }
2533
2534 void start_client_init(VncState *vs)
2535 {
2536 vnc_read_when(vs, protocol_client_init, 1);
2537 }
2538
2539 static void authentication_failed(VncState *vs)
2540 {
2541 vnc_write_u32(vs, 1); /* Reject auth */
2542 if (vs->minor >= 8) {
2543 static const char err[] = "Authentication failed";
2544 vnc_write_u32(vs, sizeof(err));
2545 vnc_write(vs, err, sizeof(err));
2546 }
2547 vnc_flush(vs);
2548 vnc_client_error(vs);
2549 }
2550
2551 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2552 {
2553 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2554 size_t i, pwlen;
2555 unsigned char key[8];
2556 time_t now = time(NULL);
2557 QCryptoCipher *cipher = NULL;
2558 Error *err = NULL;
2559
2560 if (!vs->vd->password) {
2561 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2562 goto reject;
2563 }
2564 if (vs->vd->expires < now) {
2565 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2566 goto reject;
2567 }
2568
2569 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2570
2571 /* Calculate the expected challenge response */
2572 pwlen = strlen(vs->vd->password);
2573 for (i=0; i<sizeof(key); i++)
2574 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2575
2576 cipher = qcrypto_cipher_new(
2577 QCRYPTO_CIPHER_ALG_DES_RFB,
2578 QCRYPTO_CIPHER_MODE_ECB,
2579 key, G_N_ELEMENTS(key),
2580 &err);
2581 if (!cipher) {
2582 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2583 error_get_pretty(err));
2584 error_free(err);
2585 goto reject;
2586 }
2587
2588 if (qcrypto_cipher_encrypt(cipher,
2589 vs->challenge,
2590 response,
2591 VNC_AUTH_CHALLENGE_SIZE,
2592 &err) < 0) {
2593 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2594 error_get_pretty(err));
2595 error_free(err);
2596 goto reject;
2597 }
2598
2599 /* Compare expected vs actual challenge response */
2600 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2601 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2602 goto reject;
2603 } else {
2604 trace_vnc_auth_pass(vs, vs->auth);
2605 vnc_write_u32(vs, 0); /* Accept auth */
2606 vnc_flush(vs);
2607
2608 start_client_init(vs);
2609 }
2610
2611 qcrypto_cipher_free(cipher);
2612 return 0;
2613
2614 reject:
2615 authentication_failed(vs);
2616 qcrypto_cipher_free(cipher);
2617 return 0;
2618 }
2619
2620 void start_auth_vnc(VncState *vs)
2621 {
2622 Error *err = NULL;
2623
2624 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2625 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2626 error_get_pretty(err));
2627 error_free(err);
2628 authentication_failed(vs);
2629 return;
2630 }
2631
2632 /* Send client a 'random' challenge */
2633 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2634 vnc_flush(vs);
2635
2636 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2637 }
2638
2639
2640 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2641 {
2642 /* We only advertise 1 auth scheme at a time, so client
2643 * must pick the one we sent. Verify this */
2644 if (data[0] != vs->auth) { /* Reject auth */
2645 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2646 authentication_failed(vs);
2647 } else { /* Accept requested auth */
2648 trace_vnc_auth_start(vs, vs->auth);
2649 switch (vs->auth) {
2650 case VNC_AUTH_NONE:
2651 if (vs->minor >= 8) {
2652 vnc_write_u32(vs, 0); /* Accept auth completion */
2653 vnc_flush(vs);
2654 }
2655 trace_vnc_auth_pass(vs, vs->auth);
2656 start_client_init(vs);
2657 break;
2658
2659 case VNC_AUTH_VNC:
2660 start_auth_vnc(vs);
2661 break;
2662
2663 case VNC_AUTH_VENCRYPT:
2664 start_auth_vencrypt(vs);
2665 break;
2666
2667 #ifdef CONFIG_VNC_SASL
2668 case VNC_AUTH_SASL:
2669 start_auth_sasl(vs);
2670 break;
2671 #endif /* CONFIG_VNC_SASL */
2672
2673 default: /* Should not be possible, but just in case */
2674 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2675 authentication_failed(vs);
2676 }
2677 }
2678 return 0;
2679 }
2680
2681 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2682 {
2683 char local[13];
2684
2685 memcpy(local, version, 12);
2686 local[12] = 0;
2687
2688 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2689 VNC_DEBUG("Malformed protocol version %s\n", local);
2690 vnc_client_error(vs);
2691 return 0;
2692 }
2693 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2694 if (vs->major != 3 ||
2695 (vs->minor != 3 &&
2696 vs->minor != 4 &&
2697 vs->minor != 5 &&
2698 vs->minor != 7 &&
2699 vs->minor != 8)) {
2700 VNC_DEBUG("Unsupported client version\n");
2701 vnc_write_u32(vs, VNC_AUTH_INVALID);
2702 vnc_flush(vs);
2703 vnc_client_error(vs);
2704 return 0;
2705 }
2706 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2707 * as equivalent to v3.3 by servers
2708 */
2709 if (vs->minor == 4 || vs->minor == 5)
2710 vs->minor = 3;
2711
2712 if (vs->minor == 3) {
2713 trace_vnc_auth_start(vs, vs->auth);
2714 if (vs->auth == VNC_AUTH_NONE) {
2715 vnc_write_u32(vs, vs->auth);
2716 vnc_flush(vs);
2717 trace_vnc_auth_pass(vs, vs->auth);
2718 start_client_init(vs);
2719 } else if (vs->auth == VNC_AUTH_VNC) {
2720 VNC_DEBUG("Tell client VNC auth\n");
2721 vnc_write_u32(vs, vs->auth);
2722 vnc_flush(vs);
2723 start_auth_vnc(vs);
2724 } else {
2725 trace_vnc_auth_fail(vs, vs->auth,
2726 "Unsupported auth method for v3.3", "");
2727 vnc_write_u32(vs, VNC_AUTH_INVALID);
2728 vnc_flush(vs);
2729 vnc_client_error(vs);
2730 }
2731 } else {
2732 vnc_write_u8(vs, 1); /* num auth */
2733 vnc_write_u8(vs, vs->auth);
2734 vnc_read_when(vs, protocol_client_auth, 1);
2735 vnc_flush(vs);
2736 }
2737
2738 return 0;
2739 }
2740
2741 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2742 {
2743 struct VncSurface *vs = &vd->guest;
2744
2745 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2746 }
2747
2748 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2749 {
2750 int i, j;
2751
2752 w = (x + w) / VNC_STAT_RECT;
2753 h = (y + h) / VNC_STAT_RECT;
2754 x /= VNC_STAT_RECT;
2755 y /= VNC_STAT_RECT;
2756
2757 for (j = y; j <= h; j++) {
2758 for (i = x; i <= w; i++) {
2759 vs->lossy_rect[j][i] = 1;
2760 }
2761 }
2762 }
2763
2764 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2765 {
2766 VncState *vs;
2767 int sty = y / VNC_STAT_RECT;
2768 int stx = x / VNC_STAT_RECT;
2769 int has_dirty = 0;
2770
2771 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2772 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2773
2774 QTAILQ_FOREACH(vs, &vd->clients, next) {
2775 int j;
2776
2777 /* kernel send buffers are full -> refresh later */
2778 if (vs->output.offset) {
2779 continue;
2780 }
2781
2782 if (!vs->lossy_rect[sty][stx]) {
2783 continue;
2784 }
2785
2786 vs->lossy_rect[sty][stx] = 0;
2787 for (j = 0; j < VNC_STAT_RECT; ++j) {
2788 bitmap_set(vs->dirty[y + j],
2789 x / VNC_DIRTY_PIXELS_PER_BIT,
2790 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2791 }
2792 has_dirty++;
2793 }
2794
2795 return has_dirty;
2796 }
2797
2798 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2799 {
2800 int width = MIN(pixman_image_get_width(vd->guest.fb),
2801 pixman_image_get_width(vd->server));
2802 int height = MIN(pixman_image_get_height(vd->guest.fb),
2803 pixman_image_get_height(vd->server));
2804 int x, y;
2805 struct timeval res;
2806 int has_dirty = 0;
2807
2808 for (y = 0; y < height; y += VNC_STAT_RECT) {
2809 for (x = 0; x < width; x += VNC_STAT_RECT) {
2810 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2811
2812 rect->updated = false;
2813 }
2814 }
2815
2816 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2817
2818 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2819 return has_dirty;
2820 }
2821 vd->guest.last_freq_check = *tv;
2822
2823 for (y = 0; y < height; y += VNC_STAT_RECT) {
2824 for (x = 0; x < width; x += VNC_STAT_RECT) {
2825 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2826 int count = ARRAY_SIZE(rect->times);
2827 struct timeval min, max;
2828
2829 if (!timerisset(&rect->times[count - 1])) {
2830 continue ;
2831 }
2832
2833 max = rect->times[(rect->idx + count - 1) % count];
2834 qemu_timersub(tv, &max, &res);
2835
2836 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2837 rect->freq = 0;
2838 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2839 memset(rect->times, 0, sizeof (rect->times));
2840 continue ;
2841 }
2842
2843 min = rect->times[rect->idx];
2844 max = rect->times[(rect->idx + count - 1) % count];
2845 qemu_timersub(&max, &min, &res);
2846
2847 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2848 rect->freq /= count;
2849 rect->freq = 1. / rect->freq;
2850 }
2851 }
2852 return has_dirty;
2853 }
2854
2855 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2856 {
2857 int i, j;
2858 double total = 0;
2859 int num = 0;
2860
2861 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2862 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2863
2864 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2865 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2866 total += vnc_stat_rect(vs->vd, i, j)->freq;
2867 num++;
2868 }
2869 }
2870
2871 if (num) {
2872 return total / num;
2873 } else {
2874 return 0;
2875 }
2876 }
2877
2878 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2879 {
2880 VncRectStat *rect;
2881
2882 rect = vnc_stat_rect(vd, x, y);
2883 if (rect->updated) {
2884 return ;
2885 }
2886 rect->times[rect->idx] = *tv;
2887 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2888 rect->updated = true;
2889 }
2890
2891 static int vnc_refresh_server_surface(VncDisplay *vd)
2892 {
2893 int width = MIN(pixman_image_get_width(vd->guest.fb),
2894 pixman_image_get_width(vd->server));
2895 int height = MIN(pixman_image_get_height(vd->guest.fb),
2896 pixman_image_get_height(vd->server));
2897 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2898 uint8_t *guest_row0 = NULL, *server_row0;
2899 VncState *vs;
2900 int has_dirty = 0;
2901 pixman_image_t *tmpbuf = NULL;
2902
2903 struct timeval tv = { 0, 0 };
2904
2905 if (!vd->non_adaptive) {
2906 gettimeofday(&tv, NULL);
2907 has_dirty = vnc_update_stats(vd, &tv);
2908 }
2909
2910 /*
2911 * Walk through the guest dirty map.
2912 * Check and copy modified bits from guest to server surface.
2913 * Update server dirty map.
2914 */
2915 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2916 server_stride = guest_stride = guest_ll =
2917 pixman_image_get_stride(vd->server);
2918 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2919 server_stride);
2920 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2921 int width = pixman_image_get_width(vd->server);
2922 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2923 } else {
2924 int guest_bpp =
2925 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2926 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2927 guest_stride = pixman_image_get_stride(vd->guest.fb);
2928 guest_ll = pixman_image_get_width(vd->guest.fb)
2929 * DIV_ROUND_UP(guest_bpp, 8);
2930 }
2931 line_bytes = MIN(server_stride, guest_ll);
2932
2933 for (;;) {
2934 int x;
2935 uint8_t *guest_ptr, *server_ptr;
2936 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2937 height * VNC_DIRTY_BPL(&vd->guest),
2938 y * VNC_DIRTY_BPL(&vd->guest));
2939 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2940 /* no more dirty bits */
2941 break;
2942 }
2943 y = offset / VNC_DIRTY_BPL(&vd->guest);
2944 x = offset % VNC_DIRTY_BPL(&vd->guest);
2945
2946 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2947
2948 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2949 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2950 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2951 } else {
2952 guest_ptr = guest_row0 + y * guest_stride;
2953 }
2954 guest_ptr += x * cmp_bytes;
2955
2956 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2957 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2958 int _cmp_bytes = cmp_bytes;
2959 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2960 continue;
2961 }
2962 if ((x + 1) * cmp_bytes > line_bytes) {
2963 _cmp_bytes = line_bytes - x * cmp_bytes;
2964 }
2965 assert(_cmp_bytes >= 0);
2966 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2967 continue;
2968 }
2969 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2970 if (!vd->non_adaptive) {
2971 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2972 y, &tv);
2973 }
2974 QTAILQ_FOREACH(vs, &vd->clients, next) {
2975 set_bit(x, vs->dirty[y]);
2976 }
2977 has_dirty++;
2978 }
2979
2980 y++;
2981 }
2982 qemu_pixman_image_unref(tmpbuf);
2983 return has_dirty;
2984 }
2985
2986 static void vnc_refresh(DisplayChangeListener *dcl)
2987 {
2988 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2989 VncState *vs, *vn;
2990 int has_dirty, rects = 0;
2991
2992 if (QTAILQ_EMPTY(&vd->clients)) {
2993 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2994 return;
2995 }
2996
2997 graphic_hw_update(vd->dcl.con);
2998
2999 if (vnc_trylock_display(vd)) {
3000 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3001 return;
3002 }
3003
3004 has_dirty = vnc_refresh_server_surface(vd);
3005 vnc_unlock_display(vd);
3006
3007 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3008 rects += vnc_update_client(vs, has_dirty);
3009 /* vs might be free()ed here */
3010 }
3011
3012 if (has_dirty && rects) {
3013 vd->dcl.update_interval /= 2;
3014 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3015 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3016 }
3017 } else {
3018 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3019 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3020 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3021 }
3022 }
3023 }
3024
3025 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3026 bool skipauth, bool websocket)
3027 {
3028 VncState *vs = g_new0(VncState, 1);
3029 bool first_client = QTAILQ_EMPTY(&vd->clients);
3030 int i;
3031
3032 trace_vnc_client_connect(vs, sioc);
3033 vs->zrle = g_new0(VncZrle, 1);
3034 vs->tight = g_new0(VncTight, 1);
3035 vs->magic = VNC_MAGIC;
3036 vs->sioc = sioc;
3037 object_ref(OBJECT(vs->sioc));
3038 vs->ioc = QIO_CHANNEL(sioc);
3039 object_ref(OBJECT(vs->ioc));
3040 vs->vd = vd;
3041
3042 buffer_init(&vs->input, "vnc-input/%p", sioc);
3043 buffer_init(&vs->output, "vnc-output/%p", sioc);
3044 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3045
3046 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3047 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3048 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3049 #ifdef CONFIG_VNC_JPEG
3050 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3051 #endif
3052 #ifdef CONFIG_VNC_PNG
3053 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3054 #endif
3055 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3056 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3057 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3058 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3059
3060 if (skipauth) {
3061 vs->auth = VNC_AUTH_NONE;
3062 vs->subauth = VNC_AUTH_INVALID;
3063 } else {
3064 if (websocket) {
3065 vs->auth = vd->ws_auth;
3066 vs->subauth = VNC_AUTH_INVALID;
3067 } else {
3068 vs->auth = vd->auth;
3069 vs->subauth = vd->subauth;
3070 }
3071 }
3072 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3073 sioc, websocket, vs->auth, vs->subauth);
3074
3075 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3076 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3077 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3078 }
3079
3080 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3081 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3082 qio_channel_set_blocking(vs->ioc, false, NULL);
3083 if (vs->ioc_tag) {
3084 g_source_remove(vs->ioc_tag);
3085 }
3086 if (websocket) {
3087 vs->websocket = 1;
3088 if (vd->tlscreds) {
3089 vs->ioc_tag = qio_channel_add_watch(
3090 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3091 } else {
3092 vs->ioc_tag = qio_channel_add_watch(
3093 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3094 }
3095 } else {
3096 vs->ioc_tag = qio_channel_add_watch(
3097 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3098 }
3099
3100 vnc_client_cache_addr(vs);
3101 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3102 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3103
3104 vs->last_x = -1;
3105 vs->last_y = -1;
3106
3107 vs->as.freq = 44100;
3108 vs->as.nchannels = 2;
3109 vs->as.fmt = AUDIO_FORMAT_S16;
3110 vs->as.endianness = 0;
3111
3112 qemu_mutex_init(&vs->output_mutex);
3113 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3114
3115 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3116 if (first_client) {
3117 vnc_update_server_surface(vd);
3118 }
3119
3120 graphic_hw_update(vd->dcl.con);
3121
3122 if (!vs->websocket) {
3123 vnc_start_protocol(vs);
3124 }
3125
3126 if (vd->num_connecting > vd->connections_limit) {
3127 QTAILQ_FOREACH(vs, &vd->clients, next) {
3128 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3129 vnc_disconnect_start(vs);
3130 return;
3131 }
3132 }
3133 }
3134 }
3135
3136 void vnc_start_protocol(VncState *vs)
3137 {
3138 vnc_write(vs, "RFB 003.008\n", 12);
3139 vnc_flush(vs);
3140 vnc_read_when(vs, protocol_version, 12);
3141
3142 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3143 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3144 }
3145
3146 static void vnc_listen_io(QIONetListener *listener,
3147 QIOChannelSocket *cioc,
3148 void *opaque)
3149 {
3150 VncDisplay *vd = opaque;
3151 bool isWebsock = listener == vd->wslistener;
3152
3153 qio_channel_set_name(QIO_CHANNEL(cioc),
3154 isWebsock ? "vnc-ws-server" : "vnc-server");
3155 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3156 vnc_connect(vd, cioc, false, isWebsock);
3157 }
3158
3159 static const DisplayChangeListenerOps dcl_ops = {
3160 .dpy_name = "vnc",
3161 .dpy_refresh = vnc_refresh,
3162 .dpy_gfx_update = vnc_dpy_update,
3163 .dpy_gfx_switch = vnc_dpy_switch,
3164 .dpy_gfx_check_format = qemu_pixman_check_format,
3165 .dpy_mouse_set = vnc_mouse_set,
3166 .dpy_cursor_define = vnc_dpy_cursor_define,
3167 };
3168
3169 void vnc_display_init(const char *id, Error **errp)
3170 {
3171 VncDisplay *vd;
3172
3173 if (vnc_display_find(id) != NULL) {
3174 return;
3175 }
3176 vd = g_malloc0(sizeof(*vd));
3177
3178 vd->id = strdup(id);
3179 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3180
3181 QTAILQ_INIT(&vd->clients);
3182 vd->expires = TIME_MAX;
3183
3184 if (keyboard_layout) {
3185 trace_vnc_key_map_init(keyboard_layout);
3186 vd->kbd_layout = init_keyboard_layout(name2keysym,
3187 keyboard_layout, errp);
3188 } else {
3189 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3190 }
3191
3192 if (!vd->kbd_layout) {
3193 return;
3194 }
3195
3196 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3197 vd->connections_limit = 32;
3198
3199 qemu_mutex_init(&vd->mutex);
3200 vnc_start_worker_thread();
3201
3202 vd->dcl.ops = &dcl_ops;
3203 register_displaychangelistener(&vd->dcl);
3204 vd->kbd = qkbd_state_init(vd->dcl.con);
3205 }
3206
3207
3208 static void vnc_display_close(VncDisplay *vd)
3209 {
3210 if (!vd) {
3211 return;
3212 }
3213 vd->is_unix = false;
3214
3215 if (vd->listener) {
3216 qio_net_listener_disconnect(vd->listener);
3217 object_unref(OBJECT(vd->listener));
3218 }
3219 vd->listener = NULL;
3220
3221 if (vd->wslistener) {
3222 qio_net_listener_disconnect(vd->wslistener);
3223 object_unref(OBJECT(vd->wslistener));
3224 }
3225 vd->wslistener = NULL;
3226
3227 vd->auth = VNC_AUTH_INVALID;
3228 vd->subauth = VNC_AUTH_INVALID;
3229 if (vd->tlscreds) {
3230 object_unparent(OBJECT(vd->tlscreds));
3231 vd->tlscreds = NULL;
3232 }
3233 if (vd->tlsauthz) {
3234 object_unparent(OBJECT(vd->tlsauthz));
3235 vd->tlsauthz = NULL;
3236 }
3237 g_free(vd->tlsauthzid);
3238 vd->tlsauthzid = NULL;
3239 if (vd->lock_key_sync) {
3240 qemu_remove_led_event_handler(vd->led);
3241 vd->led = NULL;
3242 }
3243 #ifdef CONFIG_VNC_SASL
3244 if (vd->sasl.authz) {
3245 object_unparent(OBJECT(vd->sasl.authz));
3246 vd->sasl.authz = NULL;
3247 }
3248 g_free(vd->sasl.authzid);
3249 vd->sasl.authzid = NULL;
3250 #endif
3251 }
3252
3253 int vnc_display_password(const char *id, const char *password)
3254 {
3255 VncDisplay *vd = vnc_display_find(id);
3256
3257 if (!vd) {
3258 return -EINVAL;
3259 }
3260 if (vd->auth == VNC_AUTH_NONE) {
3261 error_printf_unless_qmp("If you want use passwords please enable "
3262 "password auth using '-vnc ${dpy},password'.\n");
3263 return -EINVAL;
3264 }
3265
3266 g_free(vd->password);
3267 vd->password = g_strdup(password);
3268
3269 return 0;
3270 }
3271
3272 int vnc_display_pw_expire(const char *id, time_t expires)
3273 {
3274 VncDisplay *vd = vnc_display_find(id);
3275
3276 if (!vd) {
3277 return -EINVAL;
3278 }
3279
3280 vd->expires = expires;
3281 return 0;
3282 }
3283
3284 static void vnc_display_print_local_addr(VncDisplay *vd)
3285 {
3286 SocketAddress *addr;
3287 Error *err = NULL;
3288
3289 if (!vd->listener || !vd->listener->nsioc) {
3290 return;
3291 }
3292
3293 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], &err);
3294 if (!addr) {
3295 return;
3296 }
3297
3298 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3299 qapi_free_SocketAddress(addr);
3300 return;
3301 }
3302 error_printf_unless_qmp("VNC server running on %s:%s\n",
3303 addr->u.inet.host,
3304 addr->u.inet.port);
3305 qapi_free_SocketAddress(addr);
3306 }
3307
3308 static QemuOptsList qemu_vnc_opts = {
3309 .name = "vnc",
3310 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3311 .implied_opt_name = "vnc",
3312 .desc = {
3313 {
3314 .name = "vnc",
3315 .type = QEMU_OPT_STRING,
3316 },{
3317 .name = "websocket",
3318 .type = QEMU_OPT_STRING,
3319 },{
3320 .name = "tls-creds",
3321 .type = QEMU_OPT_STRING,
3322 },{
3323 .name = "share",
3324 .type = QEMU_OPT_STRING,
3325 },{
3326 .name = "display",
3327 .type = QEMU_OPT_STRING,
3328 },{
3329 .name = "head",
3330 .type = QEMU_OPT_NUMBER,
3331 },{
3332 .name = "connections",
3333 .type = QEMU_OPT_NUMBER,
3334 },{
3335 .name = "to",
3336 .type = QEMU_OPT_NUMBER,
3337 },{
3338 .name = "ipv4",
3339 .type = QEMU_OPT_BOOL,
3340 },{
3341 .name = "ipv6",
3342 .type = QEMU_OPT_BOOL,
3343 },{
3344 .name = "password",
3345 .type = QEMU_OPT_BOOL,
3346 },{
3347 .name = "reverse",
3348 .type = QEMU_OPT_BOOL,
3349 },{
3350 .name = "lock-key-sync",
3351 .type = QEMU_OPT_BOOL,
3352 },{
3353 .name = "key-delay-ms",
3354 .type = QEMU_OPT_NUMBER,
3355 },{
3356 .name = "sasl",
3357 .type = QEMU_OPT_BOOL,
3358 },{
3359 .name = "acl",
3360 .type = QEMU_OPT_BOOL,
3361 },{
3362 .name = "tls-authz",
3363 .type = QEMU_OPT_STRING,
3364 },{
3365 .name = "sasl-authz",
3366 .type = QEMU_OPT_STRING,
3367 },{
3368 .name = "lossy",
3369 .type = QEMU_OPT_BOOL,
3370 },{
3371 .name = "non-adaptive",
3372 .type = QEMU_OPT_BOOL,
3373 },{
3374 .name = "audiodev",
3375 .type = QEMU_OPT_STRING,
3376 },
3377 { /* end of list */ }
3378 },
3379 };
3380
3381
3382 static int
3383 vnc_display_setup_auth(int *auth,
3384 int *subauth,
3385 QCryptoTLSCreds *tlscreds,
3386 bool password,
3387 bool sasl,
3388 bool websocket,
3389 Error **errp)
3390 {
3391 /*
3392 * We have a choice of 3 authentication options
3393 *
3394 * 1. none
3395 * 2. vnc
3396 * 3. sasl
3397 *
3398 * The channel can be run in 2 modes
3399 *
3400 * 1. clear
3401 * 2. tls
3402 *
3403 * And TLS can use 2 types of credentials
3404 *
3405 * 1. anon
3406 * 2. x509
3407 *
3408 * We thus have 9 possible logical combinations
3409 *
3410 * 1. clear + none
3411 * 2. clear + vnc
3412 * 3. clear + sasl
3413 * 4. tls + anon + none
3414 * 5. tls + anon + vnc
3415 * 6. tls + anon + sasl
3416 * 7. tls + x509 + none
3417 * 8. tls + x509 + vnc
3418 * 9. tls + x509 + sasl
3419 *
3420 * These need to be mapped into the VNC auth schemes
3421 * in an appropriate manner. In regular VNC, all the
3422 * TLS options get mapped into VNC_AUTH_VENCRYPT
3423 * sub-auth types.
3424 *
3425 * In websockets, the https:// protocol already provides
3426 * TLS support, so there is no need to make use of the
3427 * VeNCrypt extension. Furthermore, websockets browser
3428 * clients could not use VeNCrypt even if they wanted to,
3429 * as they cannot control when the TLS handshake takes
3430 * place. Thus there is no option but to rely on https://,
3431 * meaning combinations 4->6 and 7->9 will be mapped to
3432 * VNC auth schemes in the same way as combos 1->3.
3433 *
3434 * Regardless of fact that we have a different mapping to
3435 * VNC auth mechs for plain VNC vs websockets VNC, the end
3436 * result has the same security characteristics.
3437 */
3438 if (websocket || !tlscreds) {
3439 if (password) {
3440 VNC_DEBUG("Initializing VNC server with password auth\n");
3441 *auth = VNC_AUTH_VNC;
3442 } else if (sasl) {
3443 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3444 *auth = VNC_AUTH_SASL;
3445 } else {
3446 VNC_DEBUG("Initializing VNC server with no auth\n");
3447 *auth = VNC_AUTH_NONE;
3448 }
3449 *subauth = VNC_AUTH_INVALID;
3450 } else {
3451 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3452 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3453 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3454 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3455
3456 if (!is_x509 && !is_anon) {
3457 error_setg(errp,
3458 "Unsupported TLS cred type %s",
3459 object_get_typename(OBJECT(tlscreds)));
3460 return -1;
3461 }
3462 *auth = VNC_AUTH_VENCRYPT;
3463 if (password) {
3464 if (is_x509) {
3465 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3466 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3467 } else {
3468 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3469 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3470 }
3471
3472 } else if (sasl) {
3473 if (is_x509) {
3474 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3475 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3476 } else {
3477 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3478 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3479 }
3480 } else {
3481 if (is_x509) {
3482 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3483 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3484 } else {
3485 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3486 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3487 }
3488 }
3489 }
3490 return 0;
3491 }
3492
3493
3494 static int vnc_display_get_address(const char *addrstr,
3495 bool websocket,
3496 bool reverse,
3497 int displaynum,
3498 int to,
3499 bool has_ipv4,
3500 bool has_ipv6,
3501 bool ipv4,
3502 bool ipv6,
3503 SocketAddress **retaddr,
3504 Error **errp)
3505 {
3506 int ret = -1;
3507 SocketAddress *addr = NULL;
3508
3509 addr = g_new0(SocketAddress, 1);
3510
3511 if (strncmp(addrstr, "unix:", 5) == 0) {
3512 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3513 addr->u.q_unix.path = g_strdup(addrstr + 5);
3514
3515 if (websocket) {
3516 error_setg(errp, "UNIX sockets not supported with websock");
3517 goto cleanup;
3518 }
3519
3520 if (to) {
3521 error_setg(errp, "Port range not support with UNIX socket");
3522 goto cleanup;
3523 }
3524 ret = 0;
3525 } else {
3526 const char *port;
3527 size_t hostlen;
3528 unsigned long long baseport = 0;
3529 InetSocketAddress *inet;
3530
3531 port = strrchr(addrstr, ':');
3532 if (!port) {
3533 if (websocket) {
3534 hostlen = 0;
3535 port = addrstr;
3536 } else {
3537 error_setg(errp, "no vnc port specified");
3538 goto cleanup;
3539 }
3540 } else {
3541 hostlen = port - addrstr;
3542 port++;
3543 if (*port == '\0') {
3544 error_setg(errp, "vnc port cannot be empty");
3545 goto cleanup;
3546 }
3547 }
3548
3549 addr->type = SOCKET_ADDRESS_TYPE_INET;
3550 inet = &addr->u.inet;
3551 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3552 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3553 } else {
3554 inet->host = g_strndup(addrstr, hostlen);
3555 }
3556 /* plain VNC port is just an offset, for websocket
3557 * port is absolute */
3558 if (websocket) {
3559 if (g_str_equal(addrstr, "") ||
3560 g_str_equal(addrstr, "on")) {
3561 if (displaynum == -1) {
3562 error_setg(errp, "explicit websocket port is required");
3563 goto cleanup;
3564 }
3565 inet->port = g_strdup_printf(
3566 "%d", displaynum + 5700);
3567 if (to) {
3568 inet->has_to = true;
3569 inet->to = to + 5700;
3570 }
3571 } else {
3572 inet->port = g_strdup(port);
3573 }
3574 } else {
3575 int offset = reverse ? 0 : 5900;
3576 if (parse_uint_full(port, &baseport, 10) < 0) {
3577 error_setg(errp, "can't convert to a number: %s", port);
3578 goto cleanup;
3579 }
3580 if (baseport > 65535 ||
3581 baseport + offset > 65535) {
3582 error_setg(errp, "port %s out of range", port);
3583 goto cleanup;
3584 }
3585 inet->port = g_strdup_printf(
3586 "%d", (int)baseport + offset);
3587
3588 if (to) {
3589 inet->has_to = true;
3590 inet->to = to + offset;
3591 }
3592 }
3593
3594 inet->ipv4 = ipv4;
3595 inet->has_ipv4 = has_ipv4;
3596 inet->ipv6 = ipv6;
3597 inet->has_ipv6 = has_ipv6;
3598
3599 ret = baseport;
3600 }
3601
3602 *retaddr = addr;
3603
3604 cleanup:
3605 if (ret < 0) {
3606 qapi_free_SocketAddress(addr);
3607 }
3608 return ret;
3609 }
3610
3611 static void vnc_free_addresses(SocketAddress ***retsaddr,
3612 size_t *retnsaddr)
3613 {
3614 size_t i;
3615
3616 for (i = 0; i < *retnsaddr; i++) {
3617 qapi_free_SocketAddress((*retsaddr)[i]);
3618 }
3619 g_free(*retsaddr);
3620
3621 *retsaddr = NULL;
3622 *retnsaddr = 0;
3623 }
3624
3625 static int vnc_display_get_addresses(QemuOpts *opts,
3626 bool reverse,
3627 SocketAddress ***retsaddr,
3628 size_t *retnsaddr,
3629 SocketAddress ***retwsaddr,
3630 size_t *retnwsaddr,
3631 Error **errp)
3632 {
3633 SocketAddress *saddr = NULL;
3634 SocketAddress *wsaddr = NULL;
3635 QemuOptsIter addriter;
3636 const char *addr;
3637 int to = qemu_opt_get_number(opts, "to", 0);
3638 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3639 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3640 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3641 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3642 int displaynum = -1;
3643 int ret = -1;
3644
3645 *retsaddr = NULL;
3646 *retnsaddr = 0;
3647 *retwsaddr = NULL;
3648 *retnwsaddr = 0;
3649
3650 addr = qemu_opt_get(opts, "vnc");
3651 if (addr == NULL || g_str_equal(addr, "none")) {
3652 ret = 0;
3653 goto cleanup;
3654 }
3655 if (qemu_opt_get(opts, "websocket") &&
3656 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3657 error_setg(errp,
3658 "SHA1 hash support is required for websockets");
3659 goto cleanup;
3660 }
3661
3662 qemu_opt_iter_init(&addriter, opts, "vnc");
3663 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3664 int rv;
3665 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3666 has_ipv4, has_ipv6,
3667 ipv4, ipv6,
3668 &saddr, errp);
3669 if (rv < 0) {
3670 goto cleanup;
3671 }
3672 /* Historical compat - first listen address can be used
3673 * to set the default websocket port
3674 */
3675 if (displaynum == -1) {
3676 displaynum = rv;
3677 }
3678 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3679 (*retsaddr)[(*retnsaddr)++] = saddr;
3680 }
3681
3682 /* If we had multiple primary displays, we don't do defaults
3683 * for websocket, and require explicit config instead. */
3684 if (*retnsaddr > 1) {
3685 displaynum = -1;
3686 }
3687
3688 qemu_opt_iter_init(&addriter, opts, "websocket");
3689 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3690 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3691 has_ipv4, has_ipv6,
3692 ipv4, ipv6,
3693 &wsaddr, errp) < 0) {
3694 goto cleanup;
3695 }
3696
3697 /* Historical compat - if only a single listen address was
3698 * provided, then this is used to set the default listen
3699 * address for websocket too
3700 */
3701 if (*retnsaddr == 1 &&
3702 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3703 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3704 g_str_equal(wsaddr->u.inet.host, "") &&
3705 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3706 g_free(wsaddr->u.inet.host);
3707 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3708 }
3709
3710 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3711 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3712 }
3713
3714 ret = 0;
3715 cleanup:
3716 if (ret < 0) {
3717 vnc_free_addresses(retsaddr, retnsaddr);
3718 vnc_free_addresses(retwsaddr, retnwsaddr);
3719 }
3720 return ret;
3721 }
3722
3723 static int vnc_display_connect(VncDisplay *vd,
3724 SocketAddress **saddr,
3725 size_t nsaddr,
3726 SocketAddress **wsaddr,
3727 size_t nwsaddr,
3728 Error **errp)
3729 {
3730 /* connect to viewer */
3731 QIOChannelSocket *sioc = NULL;
3732 if (nwsaddr != 0) {
3733 error_setg(errp, "Cannot use websockets in reverse mode");
3734 return -1;
3735 }
3736 if (nsaddr != 1) {
3737 error_setg(errp, "Expected a single address in reverse mode");
3738 return -1;
3739 }
3740 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3741 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3742 sioc = qio_channel_socket_new();
3743 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3744 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3745 return -1;
3746 }
3747 vnc_connect(vd, sioc, false, false);
3748 object_unref(OBJECT(sioc));
3749 return 0;
3750 }
3751
3752
3753 static int vnc_display_listen(VncDisplay *vd,
3754 SocketAddress **saddr,
3755 size_t nsaddr,
3756 SocketAddress **wsaddr,
3757 size_t nwsaddr,
3758 Error **errp)
3759 {
3760 size_t i;
3761
3762 if (nsaddr) {
3763 vd->listener = qio_net_listener_new();
3764 qio_net_listener_set_name(vd->listener, "vnc-listen");
3765 for (i = 0; i < nsaddr; i++) {
3766 if (qio_net_listener_open_sync(vd->listener,
3767 saddr[i], 1,
3768 errp) < 0) {
3769 return -1;
3770 }
3771 }
3772
3773 qio_net_listener_set_client_func(vd->listener,
3774 vnc_listen_io, vd, NULL);
3775 }
3776
3777 if (nwsaddr) {
3778 vd->wslistener = qio_net_listener_new();
3779 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3780 for (i = 0; i < nwsaddr; i++) {
3781 if (qio_net_listener_open_sync(vd->wslistener,
3782 wsaddr[i], 1,
3783 errp) < 0) {
3784 return -1;
3785 }
3786 }
3787
3788 qio_net_listener_set_client_func(vd->wslistener,
3789 vnc_listen_io, vd, NULL);
3790 }
3791
3792 return 0;
3793 }
3794
3795
3796 void vnc_display_open(const char *id, Error **errp)
3797 {
3798 VncDisplay *vd = vnc_display_find(id);
3799 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3800 SocketAddress **saddr = NULL, **wsaddr = NULL;
3801 size_t nsaddr, nwsaddr;
3802 const char *share, *device_id;
3803 QemuConsole *con;
3804 bool password = false;
3805 bool reverse = false;
3806 const char *credid;
3807 bool sasl = false;
3808 int acl = 0;
3809 const char *tlsauthz;
3810 const char *saslauthz;
3811 int lock_key_sync = 1;
3812 int key_delay_ms;
3813 const char *audiodev;
3814
3815 if (!vd) {
3816 error_setg(errp, "VNC display not active");
3817 return;
3818 }
3819 vnc_display_close(vd);
3820
3821 if (!opts) {
3822 return;
3823 }
3824
3825 reverse = qemu_opt_get_bool(opts, "reverse", false);
3826 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3827 &wsaddr, &nwsaddr, errp) < 0) {
3828 goto fail;
3829 }
3830
3831 password = qemu_opt_get_bool(opts, "password", false);
3832 if (password) {
3833 if (fips_get_state()) {
3834 error_setg(errp,
3835 "VNC password auth disabled due to FIPS mode, "
3836 "consider using the VeNCrypt or SASL authentication "
3837 "methods as an alternative");
3838 goto fail;
3839 }
3840 if (!qcrypto_cipher_supports(
3841 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3842 error_setg(errp,
3843 "Cipher backend does not support DES RFB algorithm");
3844 goto fail;
3845 }
3846 }
3847
3848 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3849 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3850 sasl = qemu_opt_get_bool(opts, "sasl", false);
3851 #ifndef CONFIG_VNC_SASL
3852 if (sasl) {
3853 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3854 goto fail;
3855 }
3856 #endif /* CONFIG_VNC_SASL */
3857 credid = qemu_opt_get(opts, "tls-creds");
3858 if (credid) {
3859 Object *creds;
3860 creds = object_resolve_path_component(
3861 object_get_objects_root(), credid);
3862 if (!creds) {
3863 error_setg(errp, "No TLS credentials with id '%s'",
3864 credid);
3865 goto fail;
3866 }
3867 vd->tlscreds = (QCryptoTLSCreds *)
3868 object_dynamic_cast(creds,
3869 TYPE_QCRYPTO_TLS_CREDS);
3870 if (!vd->tlscreds) {
3871 error_setg(errp, "Object with id '%s' is not TLS credentials",
3872 credid);
3873 goto fail;
3874 }
3875 object_ref(OBJECT(vd->tlscreds));
3876
3877 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3878 error_setg(errp,
3879 "Expecting TLS credentials with a server endpoint");
3880 goto fail;
3881 }
3882 }
3883 if (qemu_opt_get(opts, "acl")) {
3884 error_report("The 'acl' option to -vnc is deprecated. "
3885 "Please use the 'tls-authz' and 'sasl-authz' "
3886 "options instead");
3887 }
3888 acl = qemu_opt_get_bool(opts, "acl", false);
3889 tlsauthz = qemu_opt_get(opts, "tls-authz");
3890 if (acl && tlsauthz) {
3891 error_setg(errp, "'acl' option is mutually exclusive with the "
3892 "'tls-authz' option");
3893 goto fail;
3894 }
3895 if (tlsauthz && !vd->tlscreds) {
3896 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
3897 goto fail;
3898 }
3899
3900 saslauthz = qemu_opt_get(opts, "sasl-authz");
3901 if (acl && saslauthz) {
3902 error_setg(errp, "'acl' option is mutually exclusive with the "
3903 "'sasl-authz' option");
3904 goto fail;
3905 }
3906 if (saslauthz && !sasl) {
3907 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
3908 goto fail;
3909 }
3910
3911 share = qemu_opt_get(opts, "share");
3912 if (share) {
3913 if (strcmp(share, "ignore") == 0) {
3914 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3915 } else if (strcmp(share, "allow-exclusive") == 0) {
3916 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3917 } else if (strcmp(share, "force-shared") == 0) {
3918 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3919 } else {
3920 error_setg(errp, "unknown vnc share= option");
3921 goto fail;
3922 }
3923 } else {
3924 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3925 }
3926 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3927
3928 #ifdef CONFIG_VNC_JPEG
3929 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3930 #endif
3931 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3932 /* adaptive updates are only used with tight encoding and
3933 * if lossy updates are enabled so we can disable all the
3934 * calculations otherwise */
3935 if (!vd->lossy) {
3936 vd->non_adaptive = true;
3937 }
3938
3939 if (tlsauthz) {
3940 vd->tlsauthzid = g_strdup(tlsauthz);
3941 } else if (acl) {
3942 if (strcmp(vd->id, "default") == 0) {
3943 vd->tlsauthzid = g_strdup("vnc.x509dname");
3944 } else {
3945 vd->tlsauthzid = g_strdup_printf("vnc.%s.x509dname", vd->id);
3946 }
3947 vd->tlsauthz = QAUTHZ(qauthz_list_new(vd->tlsauthzid,
3948 QAUTHZ_LIST_POLICY_DENY,
3949 &error_abort));
3950 }
3951 #ifdef CONFIG_VNC_SASL
3952 if (sasl) {
3953 if (saslauthz) {
3954 vd->sasl.authzid = g_strdup(saslauthz);
3955 } else if (acl) {
3956 if (strcmp(vd->id, "default") == 0) {
3957 vd->sasl.authzid = g_strdup("vnc.username");
3958 } else {
3959 vd->sasl.authzid = g_strdup_printf("vnc.%s.username", vd->id);
3960 }
3961 vd->sasl.authz = QAUTHZ(qauthz_list_new(vd->sasl.authzid,
3962 QAUTHZ_LIST_POLICY_DENY,
3963 &error_abort));
3964 }
3965 }
3966 #endif
3967
3968 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
3969 vd->tlscreds, password,
3970 sasl, false, errp) < 0) {
3971 goto fail;
3972 }
3973 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
3974
3975 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
3976 vd->tlscreds, password,
3977 sasl, true, errp) < 0) {
3978 goto fail;
3979 }
3980 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
3981
3982 #ifdef CONFIG_VNC_SASL
3983 if (sasl) {
3984 int saslErr = sasl_server_init(NULL, "qemu");
3985
3986 if (saslErr != SASL_OK) {
3987 error_setg(errp, "Failed to initialize SASL auth: %s",
3988 sasl_errstring(saslErr, NULL, NULL));
3989 goto fail;
3990 }
3991 }
3992 #endif
3993 vd->lock_key_sync = lock_key_sync;
3994 if (lock_key_sync) {
3995 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
3996 }
3997 vd->ledstate = 0;
3998
3999 audiodev = qemu_opt_get(opts, "audiodev");
4000 if (audiodev) {
4001 vd->audio_state = audio_state_by_name(audiodev);
4002 if (!vd->audio_state) {
4003 error_setg(errp, "Audiodev '%s' not found", audiodev);
4004 goto fail;
4005 }
4006 }
4007
4008 device_id = qemu_opt_get(opts, "display");
4009 if (device_id) {
4010 int head = qemu_opt_get_number(opts, "head", 0);
4011 Error *err = NULL;
4012
4013 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4014 if (err) {
4015 error_propagate(errp, err);
4016 goto fail;
4017 }
4018 } else {
4019 con = NULL;
4020 }
4021
4022 if (con != vd->dcl.con) {
4023 qkbd_state_free(vd->kbd);
4024 unregister_displaychangelistener(&vd->dcl);
4025 vd->dcl.con = con;
4026 register_displaychangelistener(&vd->dcl);
4027 vd->kbd = qkbd_state_init(vd->dcl.con);
4028 }
4029 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4030
4031 if (saddr == NULL) {
4032 goto cleanup;
4033 }
4034
4035 if (reverse) {
4036 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4037 goto fail;
4038 }
4039 } else {
4040 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4041 goto fail;
4042 }
4043 }
4044
4045 if (qemu_opt_get(opts, "to")) {
4046 vnc_display_print_local_addr(vd);
4047 }
4048
4049 cleanup:
4050 vnc_free_addresses(&saddr, &nsaddr);
4051 vnc_free_addresses(&wsaddr, &nwsaddr);
4052 return;
4053
4054 fail:
4055 vnc_display_close(vd);
4056 goto cleanup;
4057 }
4058
4059 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4060 {
4061 VncDisplay *vd = vnc_display_find(id);
4062 QIOChannelSocket *sioc;
4063
4064 if (!vd) {
4065 return;
4066 }
4067
4068 sioc = qio_channel_socket_new_fd(csock, NULL);
4069 if (sioc) {
4070 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4071 vnc_connect(vd, sioc, skipauth, false);
4072 object_unref(OBJECT(sioc));
4073 }
4074 }
4075
4076 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4077 {
4078 int i = 2;
4079 char *id;
4080
4081 id = g_strdup("default");
4082 while (qemu_opts_find(olist, id)) {
4083 g_free(id);
4084 id = g_strdup_printf("vnc%d", i++);
4085 }
4086 qemu_opts_set_id(opts, id);
4087 }
4088
4089 QemuOpts *vnc_parse(const char *str, Error **errp)
4090 {
4091 QemuOptsList *olist = qemu_find_opts("vnc");
4092 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4093 const char *id;
4094
4095 if (!opts) {
4096 return NULL;
4097 }
4098
4099 id = qemu_opts_id(opts);
4100 if (!id) {
4101 /* auto-assign id if not present */
4102 vnc_auto_assign_id(olist, opts);
4103 }
4104 return opts;
4105 }
4106
4107 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4108 {
4109 Error *local_err = NULL;
4110 char *id = (char *)qemu_opts_id(opts);
4111
4112 assert(id);
4113 vnc_display_init(id, &local_err);
4114 if (local_err) {
4115 error_propagate(errp, local_err);
4116 return -1;
4117 }
4118 vnc_display_open(id, &local_err);
4119 if (local_err != NULL) {
4120 error_propagate(errp, local_err);
4121 return -1;
4122 }
4123 return 0;
4124 }
4125
4126 static void vnc_register_config(void)
4127 {
4128 qemu_add_opts(&qemu_vnc_opts);
4129 }
4130 opts_init(vnc_register_config);
AR7 emulation for QEMU