search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add a new qmp command to do checkpoint, query xen replication status
[qemu/ar7.git] / ui / vnc.c
blob51f4b309596e1a8f0fa6123be6c1cac33e327ab3
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
36 #include "qemu/acl.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qmp/qerror.h"
39 #include "qapi/qmp/types.h"
40 #include "qmp-commands.h"
41 #include "ui/input.h"
42 #include "qapi-event.h"
43 #include "crypto/hash.h"
44 #include "crypto/tlscredsanon.h"
45 #include "crypto/tlscredsx509.h"
46 #include "qom/object_interfaces.h"
47 #include "qemu/cutils.h"
48 #include "io/dns-resolver.h"
49
50 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
51 #define VNC_REFRESH_INTERVAL_INC 50
52 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
53 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
54 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
55
56 #include "vnc_keysym.h"
57 #include "crypto/cipher.h"
58
59 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
60 QTAILQ_HEAD_INITIALIZER(vnc_displays);
61
62 static int vnc_cursor_define(VncState *vs);
63 static void vnc_release_modifiers(VncState *vs);
64
65 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
66 {
67 #ifdef _VNC_DEBUG
68 static const char *mn[] = {
69 [0] = "undefined",
70 [VNC_SHARE_MODE_CONNECTING] = "connecting",
71 [VNC_SHARE_MODE_SHARED] = "shared",
72 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
73 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
74 };
75 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
76 vs->ioc, mn[vs->share_mode], mn[mode]);
77 #endif
78
79 switch (vs->share_mode) {
80 case VNC_SHARE_MODE_CONNECTING:
81 vs->vd->num_connecting--;
82 break;
83 case VNC_SHARE_MODE_SHARED:
84 vs->vd->num_shared--;
85 break;
86 case VNC_SHARE_MODE_EXCLUSIVE:
87 vs->vd->num_exclusive--;
88 break;
89 default:
90 break;
91 }
92
93 vs->share_mode = mode;
94
95 switch (vs->share_mode) {
96 case VNC_SHARE_MODE_CONNECTING:
97 vs->vd->num_connecting++;
98 break;
99 case VNC_SHARE_MODE_SHARED:
100 vs->vd->num_shared++;
101 break;
102 case VNC_SHARE_MODE_EXCLUSIVE:
103 vs->vd->num_exclusive++;
104 break;
105 default:
106 break;
107 }
108 }
109
110
111 static void vnc_init_basic_info(SocketAddress *addr,
112 VncBasicInfo *info,
113 Error **errp)
114 {
115 switch (addr->type) {
116 case SOCKET_ADDRESS_KIND_INET:
117 info->host = g_strdup(addr->u.inet.data->host);
118 info->service = g_strdup(addr->u.inet.data->port);
119 if (addr->u.inet.data->ipv6) {
120 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
121 } else {
122 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
123 }
124 break;
125
126 case SOCKET_ADDRESS_KIND_UNIX:
127 info->host = g_strdup("");
128 info->service = g_strdup(addr->u.q_unix.data->path);
129 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
130 break;
131
132 default:
133 error_setg(errp, "Unsupported socket kind %d",
134 addr->type);
135 break;
136 }
137
138 return;
139 }
140
141 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
142 VncBasicInfo *info,
143 Error **errp)
144 {
145 SocketAddress *addr = NULL;
146
147 if (!ioc) {
148 error_setg(errp, "No listener socket available");
149 return;
150 }
151
152 addr = qio_channel_socket_get_local_address(ioc, errp);
153 if (!addr) {
154 return;
155 }
156
157 vnc_init_basic_info(addr, info, errp);
158 qapi_free_SocketAddress(addr);
159 }
160
161 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
162 VncBasicInfo *info,
163 Error **errp)
164 {
165 SocketAddress *addr = NULL;
166
167 addr = qio_channel_socket_get_remote_address(ioc, errp);
168 if (!addr) {
169 return;
170 }
171
172 vnc_init_basic_info(addr, info, errp);
173 qapi_free_SocketAddress(addr);
174 }
175
176 static const char *vnc_auth_name(VncDisplay *vd) {
177 switch (vd->auth) {
178 case VNC_AUTH_INVALID:
179 return "invalid";
180 case VNC_AUTH_NONE:
181 return "none";
182 case VNC_AUTH_VNC:
183 return "vnc";
184 case VNC_AUTH_RA2:
185 return "ra2";
186 case VNC_AUTH_RA2NE:
187 return "ra2ne";
188 case VNC_AUTH_TIGHT:
189 return "tight";
190 case VNC_AUTH_ULTRA:
191 return "ultra";
192 case VNC_AUTH_TLS:
193 return "tls";
194 case VNC_AUTH_VENCRYPT:
195 switch (vd->subauth) {
196 case VNC_AUTH_VENCRYPT_PLAIN:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL:
213 return "vencrypt+x509+sasl";
214 default:
215 return "vencrypt";
216 }
217 case VNC_AUTH_SASL:
218 return "sasl";
219 }
220 return "unknown";
221 }
222
223 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
224 {
225 VncServerInfo *info;
226 Error *err = NULL;
227
228 if (!vd->nlsock) {
229 return NULL;
230 }
231
232 info = g_malloc0(sizeof(*info));
233 vnc_init_basic_info_from_server_addr(vd->lsock[0],
234 qapi_VncServerInfo_base(info), &err);
235 info->has_auth = true;
236 info->auth = g_strdup(vnc_auth_name(vd));
237 if (err) {
238 qapi_free_VncServerInfo(info);
239 info = NULL;
240 error_free(err);
241 }
242 return info;
243 }
244
245 static void vnc_client_cache_auth(VncState *client)
246 {
247 if (!client->info) {
248 return;
249 }
250
251 if (client->tls) {
252 client->info->x509_dname =
253 qcrypto_tls_session_get_peer_name(client->tls);
254 client->info->has_x509_dname =
255 client->info->x509_dname != NULL;
256 }
257 #ifdef CONFIG_VNC_SASL
258 if (client->sasl.conn &&
259 client->sasl.username) {
260 client->info->has_sasl_username = true;
261 client->info->sasl_username = g_strdup(client->sasl.username);
262 }
263 #endif
264 }
265
266 static void vnc_client_cache_addr(VncState *client)
267 {
268 Error *err = NULL;
269
270 client->info = g_malloc0(sizeof(*client->info));
271 vnc_init_basic_info_from_remote_addr(client->sioc,
272 qapi_VncClientInfo_base(client->info),
273 &err);
274 if (err) {
275 qapi_free_VncClientInfo(client->info);
276 client->info = NULL;
277 error_free(err);
278 }
279 }
280
281 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
282 {
283 VncServerInfo *si;
284
285 if (!vs->info) {
286 return;
287 }
288
289 si = vnc_server_info_get(vs->vd);
290 if (!si) {
291 return;
292 }
293
294 switch (event) {
295 case QAPI_EVENT_VNC_CONNECTED:
296 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
297 &error_abort);
298 break;
299 case QAPI_EVENT_VNC_INITIALIZED:
300 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
301 break;
302 case QAPI_EVENT_VNC_DISCONNECTED:
303 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
304 break;
305 default:
306 break;
307 }
308
309 qapi_free_VncServerInfo(si);
310 }
311
312 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
313 {
314 VncClientInfo *info;
315 Error *err = NULL;
316
317 info = g_malloc0(sizeof(*info));
318
319 vnc_init_basic_info_from_remote_addr(client->sioc,
320 qapi_VncClientInfo_base(info),
321 &err);
322 if (err) {
323 error_free(err);
324 qapi_free_VncClientInfo(info);
325 return NULL;
326 }
327
328 info->websocket = client->websocket;
329
330 if (client->tls) {
331 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
332 info->has_x509_dname = info->x509_dname != NULL;
333 }
334 #ifdef CONFIG_VNC_SASL
335 if (client->sasl.conn && client->sasl.username) {
336 info->has_sasl_username = true;
337 info->sasl_username = g_strdup(client->sasl.username);
338 }
339 #endif
340
341 return info;
342 }
343
344 static VncDisplay *vnc_display_find(const char *id)
345 {
346 VncDisplay *vd;
347
348 if (id == NULL) {
349 return QTAILQ_FIRST(&vnc_displays);
350 }
351 QTAILQ_FOREACH(vd, &vnc_displays, next) {
352 if (strcmp(id, vd->id) == 0) {
353 return vd;
354 }
355 }
356 return NULL;
357 }
358
359 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
360 {
361 VncClientInfoList *cinfo, *prev = NULL;
362 VncState *client;
363
364 QTAILQ_FOREACH(client, &vd->clients, next) {
365 cinfo = g_new0(VncClientInfoList, 1);
366 cinfo->value = qmp_query_vnc_client(client);
367 cinfo->next = prev;
368 prev = cinfo;
369 }
370 return prev;
371 }
372
373 VncInfo *qmp_query_vnc(Error **errp)
374 {
375 VncInfo *info = g_malloc0(sizeof(*info));
376 VncDisplay *vd = vnc_display_find(NULL);
377 SocketAddress *addr = NULL;
378
379 if (vd == NULL || !vd->nlsock) {
380 info->enabled = false;
381 } else {
382 info->enabled = true;
383
384 /* for compatibility with the original command */
385 info->has_clients = true;
386 info->clients = qmp_query_client_list(vd);
387
388 if (vd->lsock == NULL) {
389 return info;
390 }
391
392 addr = qio_channel_socket_get_local_address(vd->lsock[0], errp);
393 if (!addr) {
394 goto out_error;
395 }
396
397 switch (addr->type) {
398 case SOCKET_ADDRESS_KIND_INET:
399 info->host = g_strdup(addr->u.inet.data->host);
400 info->service = g_strdup(addr->u.inet.data->port);
401 if (addr->u.inet.data->ipv6) {
402 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
403 } else {
404 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
405 }
406 break;
407
408 case SOCKET_ADDRESS_KIND_UNIX:
409 info->host = g_strdup("");
410 info->service = g_strdup(addr->u.q_unix.data->path);
411 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
412 break;
413
414 default:
415 error_setg(errp, "Unsupported socket kind %d",
416 addr->type);
417 goto out_error;
418 }
419
420 info->has_host = true;
421 info->has_service = true;
422 info->has_family = true;
423
424 info->has_auth = true;
425 info->auth = g_strdup(vnc_auth_name(vd));
426 }
427
428 qapi_free_SocketAddress(addr);
429 return info;
430
431 out_error:
432 qapi_free_SocketAddress(addr);
433 qapi_free_VncInfo(info);
434 return NULL;
435 }
436
437
438 static void qmp_query_auth(int auth, int subauth,
439 VncPrimaryAuth *qmp_auth,
440 VncVencryptSubAuth *qmp_vencrypt,
441 bool *qmp_has_vencrypt);
442
443 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
444 bool websocket,
445 int auth,
446 int subauth,
447 VncServerInfo2List *prev)
448 {
449 VncServerInfo2List *list;
450 VncServerInfo2 *info;
451 Error *err = NULL;
452 SocketAddress *addr;
453
454 addr = qio_channel_socket_get_local_address(ioc, &err);
455 if (!addr) {
456 error_free(err);
457 return prev;
458 }
459
460 info = g_new0(VncServerInfo2, 1);
461 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
462 qapi_free_SocketAddress(addr);
463 if (err) {
464 qapi_free_VncServerInfo2(info);
465 error_free(err);
466 return prev;
467 }
468 info->websocket = websocket;
469
470 qmp_query_auth(auth, subauth, &info->auth,
471 &info->vencrypt, &info->has_vencrypt);
472
473 list = g_new0(VncServerInfo2List, 1);
474 list->value = info;
475 list->next = prev;
476 return list;
477 }
478
479 static void qmp_query_auth(int auth, int subauth,
480 VncPrimaryAuth *qmp_auth,
481 VncVencryptSubAuth *qmp_vencrypt,
482 bool *qmp_has_vencrypt)
483 {
484 switch (auth) {
485 case VNC_AUTH_VNC:
486 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
487 break;
488 case VNC_AUTH_RA2:
489 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
490 break;
491 case VNC_AUTH_RA2NE:
492 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
493 break;
494 case VNC_AUTH_TIGHT:
495 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
496 break;
497 case VNC_AUTH_ULTRA:
498 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
499 break;
500 case VNC_AUTH_TLS:
501 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
502 break;
503 case VNC_AUTH_VENCRYPT:
504 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
505 *qmp_has_vencrypt = true;
506 switch (subauth) {
507 case VNC_AUTH_VENCRYPT_PLAIN:
508 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
509 break;
510 case VNC_AUTH_VENCRYPT_TLSNONE:
511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
512 break;
513 case VNC_AUTH_VENCRYPT_TLSVNC:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
515 break;
516 case VNC_AUTH_VENCRYPT_TLSPLAIN:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
518 break;
519 case VNC_AUTH_VENCRYPT_X509NONE:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
521 break;
522 case VNC_AUTH_VENCRYPT_X509VNC:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
524 break;
525 case VNC_AUTH_VENCRYPT_X509PLAIN:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
527 break;
528 case VNC_AUTH_VENCRYPT_TLSSASL:
529 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
530 break;
531 case VNC_AUTH_VENCRYPT_X509SASL:
532 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
533 break;
534 default:
535 *qmp_has_vencrypt = false;
536 break;
537 }
538 break;
539 case VNC_AUTH_SASL:
540 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
541 break;
542 case VNC_AUTH_NONE:
543 default:
544 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
545 break;
546 }
547 }
548
549 VncInfo2List *qmp_query_vnc_servers(Error **errp)
550 {
551 VncInfo2List *item, *prev = NULL;
552 VncInfo2 *info;
553 VncDisplay *vd;
554 DeviceState *dev;
555 size_t i;
556
557 QTAILQ_FOREACH(vd, &vnc_displays, next) {
558 info = g_new0(VncInfo2, 1);
559 info->id = g_strdup(vd->id);
560 info->clients = qmp_query_client_list(vd);
561 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
562 &info->vencrypt, &info->has_vencrypt);
563 if (vd->dcl.con) {
564 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
565 "device", NULL));
566 info->has_display = true;
567 info->display = g_strdup(dev->id);
568 }
569 for (i = 0; i < vd->nlsock; i++) {
570 info->server = qmp_query_server_entry(
571 vd->lsock[i], false, vd->auth, vd->subauth, info->server);
572 }
573 for (i = 0; i < vd->nlwebsock; i++) {
574 info->server = qmp_query_server_entry(
575 vd->lwebsock[i], true, vd->ws_auth,
576 vd->ws_subauth, info->server);
577 }
578
579 item = g_new0(VncInfo2List, 1);
580 item->value = info;
581 item->next = prev;
582 prev = item;
583 }
584 return prev;
585 }
586
587 /* TODO
588 1) Get the queue working for IO.
589 2) there is some weirdness when using the -S option (the screen is grey
590 and not totally invalidated
591 3) resolutions > 1024
592 */
593
594 static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
595 static void vnc_disconnect_start(VncState *vs);
596
597 static void vnc_colordepth(VncState *vs);
598 static void framebuffer_update_request(VncState *vs, int incremental,
599 int x_position, int y_position,
600 int w, int h);
601 static void vnc_refresh(DisplayChangeListener *dcl);
602 static int vnc_refresh_server_surface(VncDisplay *vd);
603
604 static int vnc_width(VncDisplay *vd)
605 {
606 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
607 VNC_DIRTY_PIXELS_PER_BIT));
608 }
609
610 static int vnc_height(VncDisplay *vd)
611 {
612 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
613 }
614
615 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
616 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
617 VncDisplay *vd,
618 int x, int y, int w, int h)
619 {
620 int width = vnc_width(vd);
621 int height = vnc_height(vd);
622
623 /* this is needed this to ensure we updated all affected
624 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
625 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
626 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
627
628 x = MIN(x, width);
629 y = MIN(y, height);
630 w = MIN(x + w, width) - x;
631 h = MIN(y + h, height);
632
633 for (; y < h; y++) {
634 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
635 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
636 }
637 }
638
639 static void vnc_dpy_update(DisplayChangeListener *dcl,
640 int x, int y, int w, int h)
641 {
642 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
643 struct VncSurface *s = &vd->guest;
644
645 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
646 }
647
648 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
649 int32_t encoding)
650 {
651 vnc_write_u16(vs, x);
652 vnc_write_u16(vs, y);
653 vnc_write_u16(vs, w);
654 vnc_write_u16(vs, h);
655
656 vnc_write_s32(vs, encoding);
657 }
658
659
660 static void vnc_desktop_resize(VncState *vs)
661 {
662 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
663 return;
664 }
665 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
666 vs->client_height == pixman_image_get_height(vs->vd->server)) {
667 return;
668 }
669 vs->client_width = pixman_image_get_width(vs->vd->server);
670 vs->client_height = pixman_image_get_height(vs->vd->server);
671 vnc_lock_output(vs);
672 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
673 vnc_write_u8(vs, 0);
674 vnc_write_u16(vs, 1); /* number of rects */
675 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
676 VNC_ENCODING_DESKTOPRESIZE);
677 vnc_unlock_output(vs);
678 vnc_flush(vs);
679 }
680
681 static void vnc_abort_display_jobs(VncDisplay *vd)
682 {
683 VncState *vs;
684
685 QTAILQ_FOREACH(vs, &vd->clients, next) {
686 vnc_lock_output(vs);
687 vs->abort = true;
688 vnc_unlock_output(vs);
689 }
690 QTAILQ_FOREACH(vs, &vd->clients, next) {
691 vnc_jobs_join(vs);
692 }
693 QTAILQ_FOREACH(vs, &vd->clients, next) {
694 vnc_lock_output(vs);
695 vs->abort = false;
696 vnc_unlock_output(vs);
697 }
698 }
699
700 int vnc_server_fb_stride(VncDisplay *vd)
701 {
702 return pixman_image_get_stride(vd->server);
703 }
704
705 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
706 {
707 uint8_t *ptr;
708
709 ptr = (uint8_t *)pixman_image_get_data(vd->server);
710 ptr += y * vnc_server_fb_stride(vd);
711 ptr += x * VNC_SERVER_FB_BYTES;
712 return ptr;
713 }
714
715 static void vnc_update_server_surface(VncDisplay *vd)
716 {
717 int width, height;
718
719 qemu_pixman_image_unref(vd->server);
720 vd->server = NULL;
721
722 if (QTAILQ_EMPTY(&vd->clients)) {
723 return;
724 }
725
726 width = vnc_width(vd);
727 height = vnc_height(vd);
728 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
729 width, height,
730 NULL, 0);
731
732 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
733 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
734 width, height);
735 }
736
737 static void vnc_dpy_switch(DisplayChangeListener *dcl,
738 DisplaySurface *surface)
739 {
740 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
741 VncState *vs;
742
743 vnc_abort_display_jobs(vd);
744 vd->ds = surface;
745
746 /* server surface */
747 vnc_update_server_surface(vd);
748
749 /* guest surface */
750 qemu_pixman_image_unref(vd->guest.fb);
751 vd->guest.fb = pixman_image_ref(surface->image);
752 vd->guest.format = surface->format;
753
754 QTAILQ_FOREACH(vs, &vd->clients, next) {
755 vnc_colordepth(vs);
756 vnc_desktop_resize(vs);
757 if (vs->vd->cursor) {
758 vnc_cursor_define(vs);
759 }
760 memset(vs->dirty, 0x00, sizeof(vs->dirty));
761 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
762 vnc_width(vd),
763 vnc_height(vd));
764 }
765 }
766
767 /* fastest code */
768 static void vnc_write_pixels_copy(VncState *vs,
769 void *pixels, int size)
770 {
771 vnc_write(vs, pixels, size);
772 }
773
774 /* slowest but generic code. */
775 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
776 {
777 uint8_t r, g, b;
778
779 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
780 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
781 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
782 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
783 #else
784 # error need some bits here if you change VNC_SERVER_FB_FORMAT
785 #endif
786 v = (r << vs->client_pf.rshift) |
787 (g << vs->client_pf.gshift) |
788 (b << vs->client_pf.bshift);
789 switch (vs->client_pf.bytes_per_pixel) {
790 case 1:
791 buf[0] = v;
792 break;
793 case 2:
794 if (vs->client_be) {
795 buf[0] = v >> 8;
796 buf[1] = v;
797 } else {
798 buf[1] = v >> 8;
799 buf[0] = v;
800 }
801 break;
802 default:
803 case 4:
804 if (vs->client_be) {
805 buf[0] = v >> 24;
806 buf[1] = v >> 16;
807 buf[2] = v >> 8;
808 buf[3] = v;
809 } else {
810 buf[3] = v >> 24;
811 buf[2] = v >> 16;
812 buf[1] = v >> 8;
813 buf[0] = v;
814 }
815 break;
816 }
817 }
818
819 static void vnc_write_pixels_generic(VncState *vs,
820 void *pixels1, int size)
821 {
822 uint8_t buf[4];
823
824 if (VNC_SERVER_FB_BYTES == 4) {
825 uint32_t *pixels = pixels1;
826 int n, i;
827 n = size >> 2;
828 for (i = 0; i < n; i++) {
829 vnc_convert_pixel(vs, buf, pixels[i]);
830 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
831 }
832 }
833 }
834
835 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
836 {
837 int i;
838 uint8_t *row;
839 VncDisplay *vd = vs->vd;
840
841 row = vnc_server_fb_ptr(vd, x, y);
842 for (i = 0; i < h; i++) {
843 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
844 row += vnc_server_fb_stride(vd);
845 }
846 return 1;
847 }
848
849 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
850 {
851 int n = 0;
852 bool encode_raw = false;
853 size_t saved_offs = vs->output.offset;
854
855 switch(vs->vnc_encoding) {
856 case VNC_ENCODING_ZLIB:
857 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
858 break;
859 case VNC_ENCODING_HEXTILE:
860 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
861 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
862 break;
863 case VNC_ENCODING_TIGHT:
864 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
865 break;
866 case VNC_ENCODING_TIGHT_PNG:
867 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
868 break;
869 case VNC_ENCODING_ZRLE:
870 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
871 break;
872 case VNC_ENCODING_ZYWRLE:
873 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
874 break;
875 default:
876 encode_raw = true;
877 break;
878 }
879
880 /* If the client has the same pixel format as our internal buffer and
881 * a RAW encoding would need less space fall back to RAW encoding to
882 * save bandwidth and processing power in the client. */
883 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
884 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
885 vs->output.offset = saved_offs;
886 encode_raw = true;
887 }
888
889 if (encode_raw) {
890 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
891 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
892 }
893
894 return n;
895 }
896
897 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
898 {
899 /* send bitblit op to the vnc client */
900 vnc_lock_output(vs);
901 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
902 vnc_write_u8(vs, 0);
903 vnc_write_u16(vs, 1); /* number of rects */
904 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
905 vnc_write_u16(vs, src_x);
906 vnc_write_u16(vs, src_y);
907 vnc_unlock_output(vs);
908 vnc_flush(vs);
909 }
910
911 static void vnc_dpy_copy(DisplayChangeListener *dcl,
912 int src_x, int src_y,
913 int dst_x, int dst_y, int w, int h)
914 {
915 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
916 VncState *vs, *vn;
917 uint8_t *src_row;
918 uint8_t *dst_row;
919 int i, x, y, pitch, inc, w_lim, s;
920 int cmp_bytes;
921
922 if (!vd->server) {
923 /* no client connected */
924 return;
925 }
926
927 vnc_refresh_server_surface(vd);
928 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
929 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
930 vs->force_update = 1;
931 vnc_update_client(vs, 1, true);
932 /* vs might be free()ed here */
933 }
934 }
935
936 if (!vd->server) {
937 /* no client connected */
938 return;
939 }
940 /* do bitblit op on the local surface too */
941 pitch = vnc_server_fb_stride(vd);
942 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
943 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
944 y = dst_y;
945 inc = 1;
946 if (dst_y > src_y) {
947 /* copy backwards */
948 src_row += pitch * (h-1);
949 dst_row += pitch * (h-1);
950 pitch = -pitch;
951 y = dst_y + h - 1;
952 inc = -1;
953 }
954 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
955 if (w_lim < 0) {
956 w_lim = w;
957 } else {
958 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT);
959 }
960 for (i = 0; i < h; i++) {
961 for (x = 0; x <= w_lim;
962 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
963 if (x == w_lim) {
964 if ((s = w - w_lim) == 0)
965 break;
966 } else if (!x) {
967 s = (VNC_DIRTY_PIXELS_PER_BIT -
968 (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
969 s = MIN(s, w_lim);
970 } else {
971 s = VNC_DIRTY_PIXELS_PER_BIT;
972 }
973 cmp_bytes = s * VNC_SERVER_FB_BYTES;
974 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
975 continue;
976 memmove(dst_row, src_row, cmp_bytes);
977 QTAILQ_FOREACH(vs, &vd->clients, next) {
978 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
979 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT),
980 vs->dirty[y]);
981 }
982 }
983 }
984 src_row += pitch - w * VNC_SERVER_FB_BYTES;
985 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
986 y += inc;
987 }
988
989 QTAILQ_FOREACH(vs, &vd->clients, next) {
990 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
991 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
992 }
993 }
994 }
995
996 static void vnc_mouse_set(DisplayChangeListener *dcl,
997 int x, int y, int visible)
998 {
999 /* can we ask the client(s) to move the pointer ??? */
1000 }
1001
1002 static int vnc_cursor_define(VncState *vs)
1003 {
1004 QEMUCursor *c = vs->vd->cursor;
1005 int isize;
1006
1007 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1008 vnc_lock_output(vs);
1009 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1010 vnc_write_u8(vs, 0); /* padding */
1011 vnc_write_u16(vs, 1); /* # of rects */
1012 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1013 VNC_ENCODING_RICH_CURSOR);
1014 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1015 vnc_write_pixels_generic(vs, c->data, isize);
1016 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1017 vnc_unlock_output(vs);
1018 return 0;
1019 }
1020 return -1;
1021 }
1022
1023 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1024 QEMUCursor *c)
1025 {
1026 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1027 VncState *vs;
1028
1029 cursor_put(vd->cursor);
1030 g_free(vd->cursor_mask);
1031
1032 vd->cursor = c;
1033 cursor_get(vd->cursor);
1034 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1035 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1036 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1037
1038 QTAILQ_FOREACH(vs, &vd->clients, next) {
1039 vnc_cursor_define(vs);
1040 }
1041 }
1042
1043 static int find_and_clear_dirty_height(VncState *vs,
1044 int y, int last_x, int x, int height)
1045 {
1046 int h;
1047
1048 for (h = 1; h < (height - y); h++) {
1049 if (!test_bit(last_x, vs->dirty[y + h])) {
1050 break;
1051 }
1052 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1053 }
1054
1055 return h;
1056 }
1057
1058 static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
1059 {
1060 if (vs->disconnecting) {
1061 vnc_disconnect_finish(vs);
1062 return 0;
1063 }
1064
1065 vs->has_dirty += has_dirty;
1066 if (vs->need_update && !vs->disconnecting) {
1067 VncDisplay *vd = vs->vd;
1068 VncJob *job;
1069 int y;
1070 int height, width;
1071 int n = 0;
1072
1073 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
1074 /* kernel send buffers are full -> drop frames to throttle */
1075 return 0;
1076
1077 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
1078 return 0;
1079
1080 /*
1081 * Send screen updates to the vnc client using the server
1082 * surface and server dirty map. guest surface updates
1083 * happening in parallel don't disturb us, the next pass will
1084 * send them to the client.
1085 */
1086 job = vnc_job_new(vs);
1087
1088 height = pixman_image_get_height(vd->server);
1089 width = pixman_image_get_width(vd->server);
1090
1091 y = 0;
1092 for (;;) {
1093 int x, h;
1094 unsigned long x2;
1095 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1096 height * VNC_DIRTY_BPL(vs),
1097 y * VNC_DIRTY_BPL(vs));
1098 if (offset == height * VNC_DIRTY_BPL(vs)) {
1099 /* no more dirty bits */
1100 break;
1101 }
1102 y = offset / VNC_DIRTY_BPL(vs);
1103 x = offset % VNC_DIRTY_BPL(vs);
1104 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1105 VNC_DIRTY_BPL(vs), x);
1106 bitmap_clear(vs->dirty[y], x, x2 - x);
1107 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1108 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1109 if (x2 > x) {
1110 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1111 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1112 }
1113 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1114 y += h;
1115 if (y == height) {
1116 break;
1117 }
1118 }
1119 }
1120
1121 vnc_job_push(job);
1122 if (sync) {
1123 vnc_jobs_join(vs);
1124 }
1125 vs->force_update = 0;
1126 vs->has_dirty = 0;
1127 return n;
1128 }
1129
1130 if (vs->disconnecting) {
1131 vnc_disconnect_finish(vs);
1132 } else if (sync) {
1133 vnc_jobs_join(vs);
1134 }
1135
1136 return 0;
1137 }
1138
1139 /* audio */
1140 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1141 {
1142 VncState *vs = opaque;
1143
1144 switch (cmd) {
1145 case AUD_CNOTIFY_DISABLE:
1146 vnc_lock_output(vs);
1147 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1148 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1149 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1150 vnc_unlock_output(vs);
1151 vnc_flush(vs);
1152 break;
1153
1154 case AUD_CNOTIFY_ENABLE:
1155 vnc_lock_output(vs);
1156 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1157 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1158 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1159 vnc_unlock_output(vs);
1160 vnc_flush(vs);
1161 break;
1162 }
1163 }
1164
1165 static void audio_capture_destroy(void *opaque)
1166 {
1167 }
1168
1169 static void audio_capture(void *opaque, void *buf, int size)
1170 {
1171 VncState *vs = opaque;
1172
1173 vnc_lock_output(vs);
1174 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1175 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1176 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1177 vnc_write_u32(vs, size);
1178 vnc_write(vs, buf, size);
1179 vnc_unlock_output(vs);
1180 vnc_flush(vs);
1181 }
1182
1183 static void audio_add(VncState *vs)
1184 {
1185 struct audio_capture_ops ops;
1186
1187 if (vs->audio_cap) {
1188 error_report("audio already running");
1189 return;
1190 }
1191
1192 ops.notify = audio_capture_notify;
1193 ops.destroy = audio_capture_destroy;
1194 ops.capture = audio_capture;
1195
1196 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1197 if (!vs->audio_cap) {
1198 error_report("Failed to add audio capture");
1199 }
1200 }
1201
1202 static void audio_del(VncState *vs)
1203 {
1204 if (vs->audio_cap) {
1205 AUD_del_capture(vs->audio_cap, vs);
1206 vs->audio_cap = NULL;
1207 }
1208 }
1209
1210 static void vnc_disconnect_start(VncState *vs)
1211 {
1212 if (vs->disconnecting) {
1213 return;
1214 }
1215 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1216 if (vs->ioc_tag) {
1217 g_source_remove(vs->ioc_tag);
1218 }
1219 qio_channel_close(vs->ioc, NULL);
1220 vs->disconnecting = TRUE;
1221 }
1222
1223 void vnc_disconnect_finish(VncState *vs)
1224 {
1225 int i;
1226
1227 vnc_jobs_join(vs); /* Wait encoding jobs */
1228
1229 vnc_lock_output(vs);
1230 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1231
1232 buffer_free(&vs->input);
1233 buffer_free(&vs->output);
1234
1235 qapi_free_VncClientInfo(vs->info);
1236
1237 vnc_zlib_clear(vs);
1238 vnc_tight_clear(vs);
1239 vnc_zrle_clear(vs);
1240
1241 #ifdef CONFIG_VNC_SASL
1242 vnc_sasl_client_cleanup(vs);
1243 #endif /* CONFIG_VNC_SASL */
1244 audio_del(vs);
1245 vnc_release_modifiers(vs);
1246
1247 if (vs->mouse_mode_notifier.notify != NULL) {
1248 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1249 }
1250 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1251 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1252 /* last client gone */
1253 vnc_update_server_surface(vs->vd);
1254 }
1255
1256 vnc_unlock_output(vs);
1257
1258 qemu_mutex_destroy(&vs->output_mutex);
1259 if (vs->bh != NULL) {
1260 qemu_bh_delete(vs->bh);
1261 }
1262 buffer_free(&vs->jobs_buffer);
1263
1264 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1265 g_free(vs->lossy_rect[i]);
1266 }
1267 g_free(vs->lossy_rect);
1268
1269 object_unref(OBJECT(vs->ioc));
1270 vs->ioc = NULL;
1271 object_unref(OBJECT(vs->sioc));
1272 vs->sioc = NULL;
1273 g_free(vs);
1274 }
1275
1276 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1277 {
1278 if (ret <= 0) {
1279 if (ret == 0) {
1280 VNC_DEBUG("Closing down client sock: EOF\n");
1281 vnc_disconnect_start(vs);
1282 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1283 VNC_DEBUG("Closing down client sock: ret %zd (%s)\n",
1284 ret, errp ? error_get_pretty(*errp) : "Unknown");
1285 vnc_disconnect_start(vs);
1286 }
1287
1288 if (errp) {
1289 error_free(*errp);
1290 *errp = NULL;
1291 }
1292 return 0;
1293 }
1294 return ret;
1295 }
1296
1297
1298 void vnc_client_error(VncState *vs)
1299 {
1300 VNC_DEBUG("Closing down client sock: protocol error\n");
1301 vnc_disconnect_start(vs);
1302 }
1303
1304
1305 /*
1306 * Called to write a chunk of data to the client socket. The data may
1307 * be the raw data, or may have already been encoded by SASL.
1308 * The data will be written either straight onto the socket, or
1309 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1310 *
1311 * NB, it is theoretically possible to have 2 layers of encryption,
1312 * both SASL, and this TLS layer. It is highly unlikely in practice
1313 * though, since SASL encryption will typically be a no-op if TLS
1314 * is active
1315 *
1316 * Returns the number of bytes written, which may be less than
1317 * the requested 'datalen' if the socket would block. Returns
1318 * -1 on error, and disconnects the client socket.
1319 */
1320 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1321 {
1322 Error *err = NULL;
1323 ssize_t ret;
1324 ret = qio_channel_write(
1325 vs->ioc, (const char *)data, datalen, &err);
1326 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1327 return vnc_client_io_error(vs, ret, &err);
1328 }
1329
1330
1331 /*
1332 * Called to write buffered data to the client socket, when not
1333 * using any SASL SSF encryption layers. Will write as much data
1334 * as possible without blocking. If all buffered data is written,
1335 * will switch the FD poll() handler back to read monitoring.
1336 *
1337 * Returns the number of bytes written, which may be less than
1338 * the buffered output data if the socket would block. Returns
1339 * -1 on error, and disconnects the client socket.
1340 */
1341 static ssize_t vnc_client_write_plain(VncState *vs)
1342 {
1343 ssize_t ret;
1344
1345 #ifdef CONFIG_VNC_SASL
1346 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1347 vs->output.buffer, vs->output.capacity, vs->output.offset,
1348 vs->sasl.waitWriteSSF);
1349
1350 if (vs->sasl.conn &&
1351 vs->sasl.runSSF &&
1352 vs->sasl.waitWriteSSF) {
1353 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1354 if (ret)
1355 vs->sasl.waitWriteSSF -= ret;
1356 } else
1357 #endif /* CONFIG_VNC_SASL */
1358 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1359 if (!ret)
1360 return 0;
1361
1362 buffer_advance(&vs->output, ret);
1363
1364 if (vs->output.offset == 0) {
1365 if (vs->ioc_tag) {
1366 g_source_remove(vs->ioc_tag);
1367 }
1368 vs->ioc_tag = qio_channel_add_watch(
1369 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1370 }
1371
1372 return ret;
1373 }
1374
1375
1376 /*
1377 * First function called whenever there is data to be written to
1378 * the client socket. Will delegate actual work according to whether
1379 * SASL SSF layers are enabled (thus requiring encryption calls)
1380 */
1381 static void vnc_client_write_locked(VncState *vs)
1382 {
1383 #ifdef CONFIG_VNC_SASL
1384 if (vs->sasl.conn &&
1385 vs->sasl.runSSF &&
1386 !vs->sasl.waitWriteSSF) {
1387 vnc_client_write_sasl(vs);
1388 } else
1389 #endif /* CONFIG_VNC_SASL */
1390 {
1391 vnc_client_write_plain(vs);
1392 }
1393 }
1394
1395 static void vnc_client_write(VncState *vs)
1396 {
1397
1398 vnc_lock_output(vs);
1399 if (vs->output.offset) {
1400 vnc_client_write_locked(vs);
1401 } else if (vs->ioc != NULL) {
1402 if (vs->ioc_tag) {
1403 g_source_remove(vs->ioc_tag);
1404 }
1405 vs->ioc_tag = qio_channel_add_watch(
1406 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1407 }
1408 vnc_unlock_output(vs);
1409 }
1410
1411 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1412 {
1413 vs->read_handler = func;
1414 vs->read_handler_expect = expecting;
1415 }
1416
1417
1418 /*
1419 * Called to read a chunk of data from the client socket. The data may
1420 * be the raw data, or may need to be further decoded by SASL.
1421 * The data will be read either straight from to the socket, or
1422 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1423 *
1424 * NB, it is theoretically possible to have 2 layers of encryption,
1425 * both SASL, and this TLS layer. It is highly unlikely in practice
1426 * though, since SASL encryption will typically be a no-op if TLS
1427 * is active
1428 *
1429 * Returns the number of bytes read, which may be less than
1430 * the requested 'datalen' if the socket would block. Returns
1431 * -1 on error, and disconnects the client socket.
1432 */
1433 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1434 {
1435 ssize_t ret;
1436 Error *err = NULL;
1437 ret = qio_channel_read(
1438 vs->ioc, (char *)data, datalen, &err);
1439 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1440 return vnc_client_io_error(vs, ret, &err);
1441 }
1442
1443
1444 /*
1445 * Called to read data from the client socket to the input buffer,
1446 * when not using any SASL SSF encryption layers. Will read as much
1447 * data as possible without blocking.
1448 *
1449 * Returns the number of bytes read. Returns -1 on error, and
1450 * disconnects the client socket.
1451 */
1452 static ssize_t vnc_client_read_plain(VncState *vs)
1453 {
1454 ssize_t ret;
1455 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1456 vs->input.buffer, vs->input.capacity, vs->input.offset);
1457 buffer_reserve(&vs->input, 4096);
1458 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1459 if (!ret)
1460 return 0;
1461 vs->input.offset += ret;
1462 return ret;
1463 }
1464
1465 static void vnc_jobs_bh(void *opaque)
1466 {
1467 VncState *vs = opaque;
1468
1469 vnc_jobs_consume_buffer(vs);
1470 }
1471
1472 /*
1473 * First function called whenever there is more data to be read from
1474 * the client socket. Will delegate actual work according to whether
1475 * SASL SSF layers are enabled (thus requiring decryption calls)
1476 * Returns 0 on success, -1 if client disconnected
1477 */
1478 static int vnc_client_read(VncState *vs)
1479 {
1480 ssize_t ret;
1481
1482 #ifdef CONFIG_VNC_SASL
1483 if (vs->sasl.conn && vs->sasl.runSSF)
1484 ret = vnc_client_read_sasl(vs);
1485 else
1486 #endif /* CONFIG_VNC_SASL */
1487 ret = vnc_client_read_plain(vs);
1488 if (!ret) {
1489 if (vs->disconnecting) {
1490 vnc_disconnect_finish(vs);
1491 return -1;
1492 }
1493 return 0;
1494 }
1495
1496 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1497 size_t len = vs->read_handler_expect;
1498 int ret;
1499
1500 ret = vs->read_handler(vs, vs->input.buffer, len);
1501 if (vs->disconnecting) {
1502 vnc_disconnect_finish(vs);
1503 return -1;
1504 }
1505
1506 if (!ret) {
1507 buffer_advance(&vs->input, len);
1508 } else {
1509 vs->read_handler_expect = ret;
1510 }
1511 }
1512 return 0;
1513 }
1514
1515 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1516 GIOCondition condition, void *opaque)
1517 {
1518 VncState *vs = opaque;
1519 if (condition & G_IO_IN) {
1520 if (vnc_client_read(vs) < 0) {
1521 return TRUE;
1522 }
1523 }
1524 if (condition & G_IO_OUT) {
1525 vnc_client_write(vs);
1526 }
1527 return TRUE;
1528 }
1529
1530
1531 void vnc_write(VncState *vs, const void *data, size_t len)
1532 {
1533 buffer_reserve(&vs->output, len);
1534
1535 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1536 if (vs->ioc_tag) {
1537 g_source_remove(vs->ioc_tag);
1538 }
1539 vs->ioc_tag = qio_channel_add_watch(
1540 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1541 }
1542
1543 buffer_append(&vs->output, data, len);
1544 }
1545
1546 void vnc_write_s32(VncState *vs, int32_t value)
1547 {
1548 vnc_write_u32(vs, *(uint32_t *)&value);
1549 }
1550
1551 void vnc_write_u32(VncState *vs, uint32_t value)
1552 {
1553 uint8_t buf[4];
1554
1555 buf[0] = (value >> 24) & 0xFF;
1556 buf[1] = (value >> 16) & 0xFF;
1557 buf[2] = (value >> 8) & 0xFF;
1558 buf[3] = value & 0xFF;
1559
1560 vnc_write(vs, buf, 4);
1561 }
1562
1563 void vnc_write_u16(VncState *vs, uint16_t value)
1564 {
1565 uint8_t buf[2];
1566
1567 buf[0] = (value >> 8) & 0xFF;
1568 buf[1] = value & 0xFF;
1569
1570 vnc_write(vs, buf, 2);
1571 }
1572
1573 void vnc_write_u8(VncState *vs, uint8_t value)
1574 {
1575 vnc_write(vs, (char *)&value, 1);
1576 }
1577
1578 void vnc_flush(VncState *vs)
1579 {
1580 vnc_lock_output(vs);
1581 if (vs->ioc != NULL && vs->output.offset) {
1582 vnc_client_write_locked(vs);
1583 }
1584 vnc_unlock_output(vs);
1585 }
1586
1587 static uint8_t read_u8(uint8_t *data, size_t offset)
1588 {
1589 return data[offset];
1590 }
1591
1592 static uint16_t read_u16(uint8_t *data, size_t offset)
1593 {
1594 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1595 }
1596
1597 static int32_t read_s32(uint8_t *data, size_t offset)
1598 {
1599 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1600 (data[offset + 2] << 8) | data[offset + 3]);
1601 }
1602
1603 uint32_t read_u32(uint8_t *data, size_t offset)
1604 {
1605 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1606 (data[offset + 2] << 8) | data[offset + 3]);
1607 }
1608
1609 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1610 {
1611 }
1612
1613 static void check_pointer_type_change(Notifier *notifier, void *data)
1614 {
1615 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1616 int absolute = qemu_input_is_absolute();
1617
1618 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1619 vnc_lock_output(vs);
1620 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1621 vnc_write_u8(vs, 0);
1622 vnc_write_u16(vs, 1);
1623 vnc_framebuffer_update(vs, absolute, 0,
1624 pixman_image_get_width(vs->vd->server),
1625 pixman_image_get_height(vs->vd->server),
1626 VNC_ENCODING_POINTER_TYPE_CHANGE);
1627 vnc_unlock_output(vs);
1628 vnc_flush(vs);
1629 }
1630 vs->absolute = absolute;
1631 }
1632
1633 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1634 {
1635 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1636 [INPUT_BUTTON_LEFT] = 0x01,
1637 [INPUT_BUTTON_MIDDLE] = 0x02,
1638 [INPUT_BUTTON_RIGHT] = 0x04,
1639 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1640 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1641 };
1642 QemuConsole *con = vs->vd->dcl.con;
1643 int width = pixman_image_get_width(vs->vd->server);
1644 int height = pixman_image_get_height(vs->vd->server);
1645
1646 if (vs->last_bmask != button_mask) {
1647 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1648 vs->last_bmask = button_mask;
1649 }
1650
1651 if (vs->absolute) {
1652 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width);
1653 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height);
1654 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1655 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1656 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1657 } else {
1658 if (vs->last_x != -1) {
1659 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1660 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1661 }
1662 vs->last_x = x;
1663 vs->last_y = y;
1664 }
1665 qemu_input_event_sync();
1666 }
1667
1668 static void reset_keys(VncState *vs)
1669 {
1670 int i;
1671 for(i = 0; i < 256; i++) {
1672 if (vs->modifiers_state[i]) {
1673 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1674 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1675 vs->modifiers_state[i] = 0;
1676 }
1677 }
1678 }
1679
1680 static void press_key(VncState *vs, int keysym)
1681 {
1682 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1683 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1684 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1685 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1686 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1687 }
1688
1689 static void vnc_led_state_change(VncState *vs)
1690 {
1691 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1692 return;
1693 }
1694
1695 vnc_lock_output(vs);
1696 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1697 vnc_write_u8(vs, 0);
1698 vnc_write_u16(vs, 1);
1699 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1700 vnc_write_u8(vs, vs->vd->ledstate);
1701 vnc_unlock_output(vs);
1702 vnc_flush(vs);
1703 }
1704
1705 static void kbd_leds(void *opaque, int ledstate)
1706 {
1707 VncDisplay *vd = opaque;
1708 VncState *client;
1709
1710 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1711 (ledstate & QEMU_NUM_LOCK_LED),
1712 (ledstate & QEMU_SCROLL_LOCK_LED));
1713
1714 if (ledstate == vd->ledstate) {
1715 return;
1716 }
1717
1718 vd->ledstate = ledstate;
1719
1720 QTAILQ_FOREACH(client, &vd->clients, next) {
1721 vnc_led_state_change(client);
1722 }
1723 }
1724
1725 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1726 {
1727 /* QEMU console switch */
1728 switch(keycode) {
1729 case 0x2a: /* Left Shift */
1730 case 0x36: /* Right Shift */
1731 case 0x1d: /* Left CTRL */
1732 case 0x9d: /* Right CTRL */
1733 case 0x38: /* Left ALT */
1734 case 0xb8: /* Right ALT */
1735 if (down)
1736 vs->modifiers_state[keycode] = 1;
1737 else
1738 vs->modifiers_state[keycode] = 0;
1739 break;
1740 case 0x02 ... 0x0a: /* '1' to '9' keys */
1741 if (vs->vd->dcl.con == NULL &&
1742 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1743 /* Reset the modifiers sent to the current console */
1744 reset_keys(vs);
1745 console_select(keycode - 0x02);
1746 return;
1747 }
1748 break;
1749 case 0x3a: /* CapsLock */
1750 case 0x45: /* NumLock */
1751 if (down)
1752 vs->modifiers_state[keycode] ^= 1;
1753 break;
1754 }
1755
1756 /* Turn off the lock state sync logic if the client support the led
1757 state extension.
1758 */
1759 if (down && vs->vd->lock_key_sync &&
1760 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1761 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1762 /* If the numlock state needs to change then simulate an additional
1763 keypress before sending this one. This will happen if the user
1764 toggles numlock away from the VNC window.
1765 */
1766 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1767 if (!vs->modifiers_state[0x45]) {
1768 trace_vnc_key_sync_numlock(true);
1769 vs->modifiers_state[0x45] = 1;
1770 press_key(vs, 0xff7f);
1771 }
1772 } else {
1773 if (vs->modifiers_state[0x45]) {
1774 trace_vnc_key_sync_numlock(false);
1775 vs->modifiers_state[0x45] = 0;
1776 press_key(vs, 0xff7f);
1777 }
1778 }
1779 }
1780
1781 if (down && vs->vd->lock_key_sync &&
1782 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1783 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1784 /* If the capslock state needs to change then simulate an additional
1785 keypress before sending this one. This will happen if the user
1786 toggles capslock away from the VNC window.
1787 */
1788 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1789 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1790 int capslock = !!(vs->modifiers_state[0x3a]);
1791 if (capslock) {
1792 if (uppercase == shift) {
1793 trace_vnc_key_sync_capslock(false);
1794 vs->modifiers_state[0x3a] = 0;
1795 press_key(vs, 0xffe5);
1796 }
1797 } else {
1798 if (uppercase != shift) {
1799 trace_vnc_key_sync_capslock(true);
1800 vs->modifiers_state[0x3a] = 1;
1801 press_key(vs, 0xffe5);
1802 }
1803 }
1804 }
1805
1806 if (qemu_console_is_graphic(NULL)) {
1807 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1808 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1809 } else {
1810 bool numlock = vs->modifiers_state[0x45];
1811 bool control = (vs->modifiers_state[0x1d] ||
1812 vs->modifiers_state[0x9d]);
1813 /* QEMU console emulation */
1814 if (down) {
1815 switch (keycode) {
1816 case 0x2a: /* Left Shift */
1817 case 0x36: /* Right Shift */
1818 case 0x1d: /* Left CTRL */
1819 case 0x9d: /* Right CTRL */
1820 case 0x38: /* Left ALT */
1821 case 0xb8: /* Right ALT */
1822 break;
1823 case 0xc8:
1824 kbd_put_keysym(QEMU_KEY_UP);
1825 break;
1826 case 0xd0:
1827 kbd_put_keysym(QEMU_KEY_DOWN);
1828 break;
1829 case 0xcb:
1830 kbd_put_keysym(QEMU_KEY_LEFT);
1831 break;
1832 case 0xcd:
1833 kbd_put_keysym(QEMU_KEY_RIGHT);
1834 break;
1835 case 0xd3:
1836 kbd_put_keysym(QEMU_KEY_DELETE);
1837 break;
1838 case 0xc7:
1839 kbd_put_keysym(QEMU_KEY_HOME);
1840 break;
1841 case 0xcf:
1842 kbd_put_keysym(QEMU_KEY_END);
1843 break;
1844 case 0xc9:
1845 kbd_put_keysym(QEMU_KEY_PAGEUP);
1846 break;
1847 case 0xd1:
1848 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1849 break;
1850
1851 case 0x47:
1852 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1853 break;
1854 case 0x48:
1855 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1856 break;
1857 case 0x49:
1858 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1859 break;
1860 case 0x4b:
1861 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1862 break;
1863 case 0x4c:
1864 kbd_put_keysym('5');
1865 break;
1866 case 0x4d:
1867 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1868 break;
1869 case 0x4f:
1870 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1871 break;
1872 case 0x50:
1873 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1874 break;
1875 case 0x51:
1876 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1877 break;
1878 case 0x52:
1879 kbd_put_keysym('0');
1880 break;
1881 case 0x53:
1882 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1883 break;
1884
1885 case 0xb5:
1886 kbd_put_keysym('/');
1887 break;
1888 case 0x37:
1889 kbd_put_keysym('*');
1890 break;
1891 case 0x4a:
1892 kbd_put_keysym('-');
1893 break;
1894 case 0x4e:
1895 kbd_put_keysym('+');
1896 break;
1897 case 0x9c:
1898 kbd_put_keysym('\n');
1899 break;
1900
1901 default:
1902 if (control) {
1903 kbd_put_keysym(sym & 0x1f);
1904 } else {
1905 kbd_put_keysym(sym);
1906 }
1907 break;
1908 }
1909 }
1910 }
1911 }
1912
1913 static void vnc_release_modifiers(VncState *vs)
1914 {
1915 static const int keycodes[] = {
1916 /* shift, control, alt keys, both left & right */
1917 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1918 };
1919 int i, keycode;
1920
1921 if (!qemu_console_is_graphic(NULL)) {
1922 return;
1923 }
1924 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1925 keycode = keycodes[i];
1926 if (!vs->modifiers_state[keycode]) {
1927 continue;
1928 }
1929 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1930 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1931 }
1932 }
1933
1934 static const char *code2name(int keycode)
1935 {
1936 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
1937 }
1938
1939 static void key_event(VncState *vs, int down, uint32_t sym)
1940 {
1941 int keycode;
1942 int lsym = sym;
1943
1944 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1945 lsym = lsym - 'A' + 'a';
1946 }
1947
1948 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1949 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1950 do_key_event(vs, down, keycode, sym);
1951 }
1952
1953 static void ext_key_event(VncState *vs, int down,
1954 uint32_t sym, uint16_t keycode)
1955 {
1956 /* if the user specifies a keyboard layout, always use it */
1957 if (keyboard_layout) {
1958 key_event(vs, down, sym);
1959 } else {
1960 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1961 do_key_event(vs, down, keycode, sym);
1962 }
1963 }
1964
1965 static void framebuffer_update_request(VncState *vs, int incremental,
1966 int x, int y, int w, int h)
1967 {
1968 vs->need_update = 1;
1969
1970 if (incremental) {
1971 return;
1972 }
1973
1974 vs->force_update = 1;
1975 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1976 }
1977
1978 static void send_ext_key_event_ack(VncState *vs)
1979 {
1980 vnc_lock_output(vs);
1981 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1982 vnc_write_u8(vs, 0);
1983 vnc_write_u16(vs, 1);
1984 vnc_framebuffer_update(vs, 0, 0,
1985 pixman_image_get_width(vs->vd->server),
1986 pixman_image_get_height(vs->vd->server),
1987 VNC_ENCODING_EXT_KEY_EVENT);
1988 vnc_unlock_output(vs);
1989 vnc_flush(vs);
1990 }
1991
1992 static void send_ext_audio_ack(VncState *vs)
1993 {
1994 vnc_lock_output(vs);
1995 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1996 vnc_write_u8(vs, 0);
1997 vnc_write_u16(vs, 1);
1998 vnc_framebuffer_update(vs, 0, 0,
1999 pixman_image_get_width(vs->vd->server),
2000 pixman_image_get_height(vs->vd->server),
2001 VNC_ENCODING_AUDIO);
2002 vnc_unlock_output(vs);
2003 vnc_flush(vs);
2004 }
2005
2006 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2007 {
2008 int i;
2009 unsigned int enc = 0;
2010
2011 vs->features = 0;
2012 vs->vnc_encoding = 0;
2013 vs->tight.compression = 9;
2014 vs->tight.quality = -1; /* Lossless by default */
2015 vs->absolute = -1;
2016
2017 /*
2018 * Start from the end because the encodings are sent in order of preference.
2019 * This way the preferred encoding (first encoding defined in the array)
2020 * will be set at the end of the loop.
2021 */
2022 for (i = n_encodings - 1; i >= 0; i--) {
2023 enc = encodings[i];
2024 switch (enc) {
2025 case VNC_ENCODING_RAW:
2026 vs->vnc_encoding = enc;
2027 break;
2028 case VNC_ENCODING_COPYRECT:
2029 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2030 break;
2031 case VNC_ENCODING_HEXTILE:
2032 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2033 vs->vnc_encoding = enc;
2034 break;
2035 case VNC_ENCODING_TIGHT:
2036 vs->features |= VNC_FEATURE_TIGHT_MASK;
2037 vs->vnc_encoding = enc;
2038 break;
2039 #ifdef CONFIG_VNC_PNG
2040 case VNC_ENCODING_TIGHT_PNG:
2041 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2042 vs->vnc_encoding = enc;
2043 break;
2044 #endif
2045 case VNC_ENCODING_ZLIB:
2046 vs->features |= VNC_FEATURE_ZLIB_MASK;
2047 vs->vnc_encoding = enc;
2048 break;
2049 case VNC_ENCODING_ZRLE:
2050 vs->features |= VNC_FEATURE_ZRLE_MASK;
2051 vs->vnc_encoding = enc;
2052 break;
2053 case VNC_ENCODING_ZYWRLE:
2054 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2055 vs->vnc_encoding = enc;
2056 break;
2057 case VNC_ENCODING_DESKTOPRESIZE:
2058 vs->features |= VNC_FEATURE_RESIZE_MASK;
2059 break;
2060 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2061 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2062 break;
2063 case VNC_ENCODING_RICH_CURSOR:
2064 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2065 if (vs->vd->cursor) {
2066 vnc_cursor_define(vs);
2067 }
2068 break;
2069 case VNC_ENCODING_EXT_KEY_EVENT:
2070 send_ext_key_event_ack(vs);
2071 break;
2072 case VNC_ENCODING_AUDIO:
2073 send_ext_audio_ack(vs);
2074 break;
2075 case VNC_ENCODING_WMVi:
2076 vs->features |= VNC_FEATURE_WMVI_MASK;
2077 break;
2078 case VNC_ENCODING_LED_STATE:
2079 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2080 break;
2081 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2082 vs->tight.compression = (enc & 0x0F);
2083 break;
2084 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2085 if (vs->vd->lossy) {
2086 vs->tight.quality = (enc & 0x0F);
2087 }
2088 break;
2089 default:
2090 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2091 break;
2092 }
2093 }
2094 vnc_desktop_resize(vs);
2095 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2096 vnc_led_state_change(vs);
2097 }
2098
2099 static void set_pixel_conversion(VncState *vs)
2100 {
2101 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2102
2103 if (fmt == VNC_SERVER_FB_FORMAT) {
2104 vs->write_pixels = vnc_write_pixels_copy;
2105 vnc_hextile_set_pixel_conversion(vs, 0);
2106 } else {
2107 vs->write_pixels = vnc_write_pixels_generic;
2108 vnc_hextile_set_pixel_conversion(vs, 1);
2109 }
2110 }
2111
2112 static void send_color_map(VncState *vs)
2113 {
2114 int i;
2115
2116 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2117 vnc_write_u8(vs, 0); /* padding */
2118 vnc_write_u16(vs, 0); /* first color */
2119 vnc_write_u16(vs, 256); /* # of colors */
2120
2121 for (i = 0; i < 256; i++) {
2122 PixelFormat *pf = &vs->client_pf;
2123
2124 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2125 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2126 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2127 }
2128 }
2129
2130 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2131 int big_endian_flag, int true_color_flag,
2132 int red_max, int green_max, int blue_max,
2133 int red_shift, int green_shift, int blue_shift)
2134 {
2135 if (!true_color_flag) {
2136 /* Expose a reasonable default 256 color map */
2137 bits_per_pixel = 8;
2138 red_max = 7;
2139 green_max = 7;
2140 blue_max = 3;
2141 red_shift = 0;
2142 green_shift = 3;
2143 blue_shift = 6;
2144 }
2145
2146 switch (bits_per_pixel) {
2147 case 8:
2148 case 16:
2149 case 32:
2150 break;
2151 default:
2152 vnc_client_error(vs);
2153 return;
2154 }
2155
2156 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2157 vs->client_pf.rbits = hweight_long(red_max);
2158 vs->client_pf.rshift = red_shift;
2159 vs->client_pf.rmask = red_max << red_shift;
2160 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2161 vs->client_pf.gbits = hweight_long(green_max);
2162 vs->client_pf.gshift = green_shift;
2163 vs->client_pf.gmask = green_max << green_shift;
2164 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2165 vs->client_pf.bbits = hweight_long(blue_max);
2166 vs->client_pf.bshift = blue_shift;
2167 vs->client_pf.bmask = blue_max << blue_shift;
2168 vs->client_pf.bits_per_pixel = bits_per_pixel;
2169 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2170 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2171 vs->client_be = big_endian_flag;
2172
2173 if (!true_color_flag) {
2174 send_color_map(vs);
2175 }
2176
2177 set_pixel_conversion(vs);
2178
2179 graphic_hw_invalidate(vs->vd->dcl.con);
2180 graphic_hw_update(vs->vd->dcl.con);
2181 }
2182
2183 static void pixel_format_message (VncState *vs) {
2184 char pad[3] = { 0, 0, 0 };
2185
2186 vs->client_pf = qemu_default_pixelformat(32);
2187
2188 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2189 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2190
2191 #ifdef HOST_WORDS_BIGENDIAN
2192 vnc_write_u8(vs, 1); /* big-endian-flag */
2193 #else
2194 vnc_write_u8(vs, 0); /* big-endian-flag */
2195 #endif
2196 vnc_write_u8(vs, 1); /* true-color-flag */
2197 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2198 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2199 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2200 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2201 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2202 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2203 vnc_write(vs, pad, 3); /* padding */
2204
2205 vnc_hextile_set_pixel_conversion(vs, 0);
2206 vs->write_pixels = vnc_write_pixels_copy;
2207 }
2208
2209 static void vnc_colordepth(VncState *vs)
2210 {
2211 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2212 /* Sending a WMVi message to notify the client*/
2213 vnc_lock_output(vs);
2214 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2215 vnc_write_u8(vs, 0);
2216 vnc_write_u16(vs, 1); /* number of rects */
2217 vnc_framebuffer_update(vs, 0, 0,
2218 pixman_image_get_width(vs->vd->server),
2219 pixman_image_get_height(vs->vd->server),
2220 VNC_ENCODING_WMVi);
2221 pixel_format_message(vs);
2222 vnc_unlock_output(vs);
2223 vnc_flush(vs);
2224 } else {
2225 set_pixel_conversion(vs);
2226 }
2227 }
2228
2229 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2230 {
2231 int i;
2232 uint16_t limit;
2233 VncDisplay *vd = vs->vd;
2234
2235 if (data[0] > 3) {
2236 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2237 }
2238
2239 switch (data[0]) {
2240 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2241 if (len == 1)
2242 return 20;
2243
2244 set_pixel_format(vs, read_u8(data, 4),
2245 read_u8(data, 6), read_u8(data, 7),
2246 read_u16(data, 8), read_u16(data, 10),
2247 read_u16(data, 12), read_u8(data, 14),
2248 read_u8(data, 15), read_u8(data, 16));
2249 break;
2250 case VNC_MSG_CLIENT_SET_ENCODINGS:
2251 if (len == 1)
2252 return 4;
2253
2254 if (len == 4) {
2255 limit = read_u16(data, 2);
2256 if (limit > 0)
2257 return 4 + (limit * 4);
2258 } else
2259 limit = read_u16(data, 2);
2260
2261 for (i = 0; i < limit; i++) {
2262 int32_t val = read_s32(data, 4 + (i * 4));
2263 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2264 }
2265
2266 set_encodings(vs, (int32_t *)(data + 4), limit);
2267 break;
2268 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2269 if (len == 1)
2270 return 10;
2271
2272 framebuffer_update_request(vs,
2273 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2274 read_u16(data, 6), read_u16(data, 8));
2275 break;
2276 case VNC_MSG_CLIENT_KEY_EVENT:
2277 if (len == 1)
2278 return 8;
2279
2280 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2281 break;
2282 case VNC_MSG_CLIENT_POINTER_EVENT:
2283 if (len == 1)
2284 return 6;
2285
2286 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2287 break;
2288 case VNC_MSG_CLIENT_CUT_TEXT:
2289 if (len == 1) {
2290 return 8;
2291 }
2292 if (len == 8) {
2293 uint32_t dlen = read_u32(data, 4);
2294 if (dlen > (1 << 20)) {
2295 error_report("vnc: client_cut_text msg payload has %u bytes"
2296 " which exceeds our limit of 1MB.", dlen);
2297 vnc_client_error(vs);
2298 break;
2299 }
2300 if (dlen > 0) {
2301 return 8 + dlen;
2302 }
2303 }
2304
2305 client_cut_text(vs, read_u32(data, 4), data + 8);
2306 break;
2307 case VNC_MSG_CLIENT_QEMU:
2308 if (len == 1)
2309 return 2;
2310
2311 switch (read_u8(data, 1)) {
2312 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2313 if (len == 2)
2314 return 12;
2315
2316 ext_key_event(vs, read_u16(data, 2),
2317 read_u32(data, 4), read_u32(data, 8));
2318 break;
2319 case VNC_MSG_CLIENT_QEMU_AUDIO:
2320 if (len == 2)
2321 return 4;
2322
2323 switch (read_u16 (data, 2)) {
2324 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2325 audio_add(vs);
2326 break;
2327 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2328 audio_del(vs);
2329 break;
2330 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2331 if (len == 4)
2332 return 10;
2333 switch (read_u8(data, 4)) {
2334 case 0: vs->as.fmt = AUD_FMT_U8; break;
2335 case 1: vs->as.fmt = AUD_FMT_S8; break;
2336 case 2: vs->as.fmt = AUD_FMT_U16; break;
2337 case 3: vs->as.fmt = AUD_FMT_S16; break;
2338 case 4: vs->as.fmt = AUD_FMT_U32; break;
2339 case 5: vs->as.fmt = AUD_FMT_S32; break;
2340 default:
2341 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2342 vnc_client_error(vs);
2343 break;
2344 }
2345 vs->as.nchannels = read_u8(data, 5);
2346 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2347 VNC_DEBUG("Invalid audio channel coount %d\n",
2348 read_u8(data, 5));
2349 vnc_client_error(vs);
2350 break;
2351 }
2352 vs->as.freq = read_u32(data, 6);
2353 break;
2354 default:
2355 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2356 vnc_client_error(vs);
2357 break;
2358 }
2359 break;
2360
2361 default:
2362 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2363 vnc_client_error(vs);
2364 break;
2365 }
2366 break;
2367 default:
2368 VNC_DEBUG("Msg: %d\n", data[0]);
2369 vnc_client_error(vs);
2370 break;
2371 }
2372
2373 vnc_read_when(vs, protocol_client_msg, 1);
2374 return 0;
2375 }
2376
2377 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2378 {
2379 char buf[1024];
2380 VncShareMode mode;
2381 int size;
2382
2383 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2384 switch (vs->vd->share_policy) {
2385 case VNC_SHARE_POLICY_IGNORE:
2386 /*
2387 * Ignore the shared flag. Nothing to do here.
2388 *
2389 * Doesn't conform to the rfb spec but is traditional qemu
2390 * behavior, thus left here as option for compatibility
2391 * reasons.
2392 */
2393 break;
2394 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2395 /*
2396 * Policy: Allow clients ask for exclusive access.
2397 *
2398 * Implementation: When a client asks for exclusive access,
2399 * disconnect all others. Shared connects are allowed as long
2400 * as no exclusive connection exists.
2401 *
2402 * This is how the rfb spec suggests to handle the shared flag.
2403 */
2404 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2405 VncState *client;
2406 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2407 if (vs == client) {
2408 continue;
2409 }
2410 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2411 client->share_mode != VNC_SHARE_MODE_SHARED) {
2412 continue;
2413 }
2414 vnc_disconnect_start(client);
2415 }
2416 }
2417 if (mode == VNC_SHARE_MODE_SHARED) {
2418 if (vs->vd->num_exclusive > 0) {
2419 vnc_disconnect_start(vs);
2420 return 0;
2421 }
2422 }
2423 break;
2424 case VNC_SHARE_POLICY_FORCE_SHARED:
2425 /*
2426 * Policy: Shared connects only.
2427 * Implementation: Disallow clients asking for exclusive access.
2428 *
2429 * Useful for shared desktop sessions where you don't want
2430 * someone forgetting to say -shared when running the vnc
2431 * client disconnect everybody else.
2432 */
2433 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2434 vnc_disconnect_start(vs);
2435 return 0;
2436 }
2437 break;
2438 }
2439 vnc_set_share_mode(vs, mode);
2440
2441 if (vs->vd->num_shared > vs->vd->connections_limit) {
2442 vnc_disconnect_start(vs);
2443 return 0;
2444 }
2445
2446 vs->client_width = pixman_image_get_width(vs->vd->server);
2447 vs->client_height = pixman_image_get_height(vs->vd->server);
2448 vnc_write_u16(vs, vs->client_width);
2449 vnc_write_u16(vs, vs->client_height);
2450
2451 pixel_format_message(vs);
2452
2453 if (qemu_name) {
2454 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2455 if (size > sizeof(buf)) {
2456 size = sizeof(buf);
2457 }
2458 } else {
2459 size = snprintf(buf, sizeof(buf), "QEMU");
2460 }
2461
2462 vnc_write_u32(vs, size);
2463 vnc_write(vs, buf, size);
2464 vnc_flush(vs);
2465
2466 vnc_client_cache_auth(vs);
2467 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2468
2469 vnc_read_when(vs, protocol_client_msg, 1);
2470
2471 return 0;
2472 }
2473
2474 void start_client_init(VncState *vs)
2475 {
2476 vnc_read_when(vs, protocol_client_init, 1);
2477 }
2478
2479 static void make_challenge(VncState *vs)
2480 {
2481 int i;
2482
2483 srand(time(NULL)+getpid()+getpid()*987654+rand());
2484
2485 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2486 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2487 }
2488
2489 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2490 {
2491 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2492 size_t i, pwlen;
2493 unsigned char key[8];
2494 time_t now = time(NULL);
2495 QCryptoCipher *cipher = NULL;
2496 Error *err = NULL;
2497
2498 if (!vs->vd->password) {
2499 VNC_DEBUG("No password configured on server");
2500 goto reject;
2501 }
2502 if (vs->vd->expires < now) {
2503 VNC_DEBUG("Password is expired");
2504 goto reject;
2505 }
2506
2507 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2508
2509 /* Calculate the expected challenge response */
2510 pwlen = strlen(vs->vd->password);
2511 for (i=0; i<sizeof(key); i++)
2512 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2513
2514 cipher = qcrypto_cipher_new(
2515 QCRYPTO_CIPHER_ALG_DES_RFB,
2516 QCRYPTO_CIPHER_MODE_ECB,
2517 key, G_N_ELEMENTS(key),
2518 &err);
2519 if (!cipher) {
2520 VNC_DEBUG("Cannot initialize cipher %s",
2521 error_get_pretty(err));
2522 error_free(err);
2523 goto reject;
2524 }
2525
2526 if (qcrypto_cipher_encrypt(cipher,
2527 vs->challenge,
2528 response,
2529 VNC_AUTH_CHALLENGE_SIZE,
2530 &err) < 0) {
2531 VNC_DEBUG("Cannot encrypt challenge %s",
2532 error_get_pretty(err));
2533 error_free(err);
2534 goto reject;
2535 }
2536
2537 /* Compare expected vs actual challenge response */
2538 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2539 VNC_DEBUG("Client challenge response did not match\n");
2540 goto reject;
2541 } else {
2542 VNC_DEBUG("Accepting VNC challenge response\n");
2543 vnc_write_u32(vs, 0); /* Accept auth */
2544 vnc_flush(vs);
2545
2546 start_client_init(vs);
2547 }
2548
2549 qcrypto_cipher_free(cipher);
2550 return 0;
2551
2552 reject:
2553 vnc_write_u32(vs, 1); /* Reject auth */
2554 if (vs->minor >= 8) {
2555 static const char err[] = "Authentication failed";
2556 vnc_write_u32(vs, sizeof(err));
2557 vnc_write(vs, err, sizeof(err));
2558 }
2559 vnc_flush(vs);
2560 vnc_client_error(vs);
2561 qcrypto_cipher_free(cipher);
2562 return 0;
2563 }
2564
2565 void start_auth_vnc(VncState *vs)
2566 {
2567 make_challenge(vs);
2568 /* Send client a 'random' challenge */
2569 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2570 vnc_flush(vs);
2571
2572 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2573 }
2574
2575
2576 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2577 {
2578 /* We only advertise 1 auth scheme at a time, so client
2579 * must pick the one we sent. Verify this */
2580 if (data[0] != vs->auth) { /* Reject auth */
2581 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2582 vnc_write_u32(vs, 1);
2583 if (vs->minor >= 8) {
2584 static const char err[] = "Authentication failed";
2585 vnc_write_u32(vs, sizeof(err));
2586 vnc_write(vs, err, sizeof(err));
2587 }
2588 vnc_client_error(vs);
2589 } else { /* Accept requested auth */
2590 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2591 switch (vs->auth) {
2592 case VNC_AUTH_NONE:
2593 VNC_DEBUG("Accept auth none\n");
2594 if (vs->minor >= 8) {
2595 vnc_write_u32(vs, 0); /* Accept auth completion */
2596 vnc_flush(vs);
2597 }
2598 start_client_init(vs);
2599 break;
2600
2601 case VNC_AUTH_VNC:
2602 VNC_DEBUG("Start VNC auth\n");
2603 start_auth_vnc(vs);
2604 break;
2605
2606 case VNC_AUTH_VENCRYPT:
2607 VNC_DEBUG("Accept VeNCrypt auth\n");
2608 start_auth_vencrypt(vs);
2609 break;
2610
2611 #ifdef CONFIG_VNC_SASL
2612 case VNC_AUTH_SASL:
2613 VNC_DEBUG("Accept SASL auth\n");
2614 start_auth_sasl(vs);
2615 break;
2616 #endif /* CONFIG_VNC_SASL */
2617
2618 default: /* Should not be possible, but just in case */
2619 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2620 vnc_write_u8(vs, 1);
2621 if (vs->minor >= 8) {
2622 static const char err[] = "Authentication failed";
2623 vnc_write_u32(vs, sizeof(err));
2624 vnc_write(vs, err, sizeof(err));
2625 }
2626 vnc_client_error(vs);
2627 }
2628 }
2629 return 0;
2630 }
2631
2632 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2633 {
2634 char local[13];
2635
2636 memcpy(local, version, 12);
2637 local[12] = 0;
2638
2639 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2640 VNC_DEBUG("Malformed protocol version %s\n", local);
2641 vnc_client_error(vs);
2642 return 0;
2643 }
2644 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2645 if (vs->major != 3 ||
2646 (vs->minor != 3 &&
2647 vs->minor != 4 &&
2648 vs->minor != 5 &&
2649 vs->minor != 7 &&
2650 vs->minor != 8)) {
2651 VNC_DEBUG("Unsupported client version\n");
2652 vnc_write_u32(vs, VNC_AUTH_INVALID);
2653 vnc_flush(vs);
2654 vnc_client_error(vs);
2655 return 0;
2656 }
2657 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2658 * as equivalent to v3.3 by servers
2659 */
2660 if (vs->minor == 4 || vs->minor == 5)
2661 vs->minor = 3;
2662
2663 if (vs->minor == 3) {
2664 if (vs->auth == VNC_AUTH_NONE) {
2665 VNC_DEBUG("Tell client auth none\n");
2666 vnc_write_u32(vs, vs->auth);
2667 vnc_flush(vs);
2668 start_client_init(vs);
2669 } else if (vs->auth == VNC_AUTH_VNC) {
2670 VNC_DEBUG("Tell client VNC auth\n");
2671 vnc_write_u32(vs, vs->auth);
2672 vnc_flush(vs);
2673 start_auth_vnc(vs);
2674 } else {
2675 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2676 vnc_write_u32(vs, VNC_AUTH_INVALID);
2677 vnc_flush(vs);
2678 vnc_client_error(vs);
2679 }
2680 } else {
2681 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2682 vnc_write_u8(vs, 1); /* num auth */
2683 vnc_write_u8(vs, vs->auth);
2684 vnc_read_when(vs, protocol_client_auth, 1);
2685 vnc_flush(vs);
2686 }
2687
2688 return 0;
2689 }
2690
2691 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2692 {
2693 struct VncSurface *vs = &vd->guest;
2694
2695 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2696 }
2697
2698 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2699 {
2700 int i, j;
2701
2702 w = (x + w) / VNC_STAT_RECT;
2703 h = (y + h) / VNC_STAT_RECT;
2704 x /= VNC_STAT_RECT;
2705 y /= VNC_STAT_RECT;
2706
2707 for (j = y; j <= h; j++) {
2708 for (i = x; i <= w; i++) {
2709 vs->lossy_rect[j][i] = 1;
2710 }
2711 }
2712 }
2713
2714 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2715 {
2716 VncState *vs;
2717 int sty = y / VNC_STAT_RECT;
2718 int stx = x / VNC_STAT_RECT;
2719 int has_dirty = 0;
2720
2721 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2722 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2723
2724 QTAILQ_FOREACH(vs, &vd->clients, next) {
2725 int j;
2726
2727 /* kernel send buffers are full -> refresh later */
2728 if (vs->output.offset) {
2729 continue;
2730 }
2731
2732 if (!vs->lossy_rect[sty][stx]) {
2733 continue;
2734 }
2735
2736 vs->lossy_rect[sty][stx] = 0;
2737 for (j = 0; j < VNC_STAT_RECT; ++j) {
2738 bitmap_set(vs->dirty[y + j],
2739 x / VNC_DIRTY_PIXELS_PER_BIT,
2740 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2741 }
2742 has_dirty++;
2743 }
2744
2745 return has_dirty;
2746 }
2747
2748 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2749 {
2750 int width = MIN(pixman_image_get_width(vd->guest.fb),
2751 pixman_image_get_width(vd->server));
2752 int height = MIN(pixman_image_get_height(vd->guest.fb),
2753 pixman_image_get_height(vd->server));
2754 int x, y;
2755 struct timeval res;
2756 int has_dirty = 0;
2757
2758 for (y = 0; y < height; y += VNC_STAT_RECT) {
2759 for (x = 0; x < width; x += VNC_STAT_RECT) {
2760 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2761
2762 rect->updated = false;
2763 }
2764 }
2765
2766 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2767
2768 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2769 return has_dirty;
2770 }
2771 vd->guest.last_freq_check = *tv;
2772
2773 for (y = 0; y < height; y += VNC_STAT_RECT) {
2774 for (x = 0; x < width; x += VNC_STAT_RECT) {
2775 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2776 int count = ARRAY_SIZE(rect->times);
2777 struct timeval min, max;
2778
2779 if (!timerisset(&rect->times[count - 1])) {
2780 continue ;
2781 }
2782
2783 max = rect->times[(rect->idx + count - 1) % count];
2784 qemu_timersub(tv, &max, &res);
2785
2786 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2787 rect->freq = 0;
2788 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2789 memset(rect->times, 0, sizeof (rect->times));
2790 continue ;
2791 }
2792
2793 min = rect->times[rect->idx];
2794 max = rect->times[(rect->idx + count - 1) % count];
2795 qemu_timersub(&max, &min, &res);
2796
2797 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2798 rect->freq /= count;
2799 rect->freq = 1. / rect->freq;
2800 }
2801 }
2802 return has_dirty;
2803 }
2804
2805 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2806 {
2807 int i, j;
2808 double total = 0;
2809 int num = 0;
2810
2811 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2812 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2813
2814 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2815 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2816 total += vnc_stat_rect(vs->vd, i, j)->freq;
2817 num++;
2818 }
2819 }
2820
2821 if (num) {
2822 return total / num;
2823 } else {
2824 return 0;
2825 }
2826 }
2827
2828 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2829 {
2830 VncRectStat *rect;
2831
2832 rect = vnc_stat_rect(vd, x, y);
2833 if (rect->updated) {
2834 return ;
2835 }
2836 rect->times[rect->idx] = *tv;
2837 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2838 rect->updated = true;
2839 }
2840
2841 static int vnc_refresh_server_surface(VncDisplay *vd)
2842 {
2843 int width = MIN(pixman_image_get_width(vd->guest.fb),
2844 pixman_image_get_width(vd->server));
2845 int height = MIN(pixman_image_get_height(vd->guest.fb),
2846 pixman_image_get_height(vd->server));
2847 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2848 uint8_t *guest_row0 = NULL, *server_row0;
2849 VncState *vs;
2850 int has_dirty = 0;
2851 pixman_image_t *tmpbuf = NULL;
2852
2853 struct timeval tv = { 0, 0 };
2854
2855 if (!vd->non_adaptive) {
2856 gettimeofday(&tv, NULL);
2857 has_dirty = vnc_update_stats(vd, &tv);
2858 }
2859
2860 /*
2861 * Walk through the guest dirty map.
2862 * Check and copy modified bits from guest to server surface.
2863 * Update server dirty map.
2864 */
2865 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2866 server_stride = guest_stride = guest_ll =
2867 pixman_image_get_stride(vd->server);
2868 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2869 server_stride);
2870 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2871 int width = pixman_image_get_width(vd->server);
2872 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2873 } else {
2874 int guest_bpp =
2875 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2876 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2877 guest_stride = pixman_image_get_stride(vd->guest.fb);
2878 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
2879 }
2880 line_bytes = MIN(server_stride, guest_ll);
2881
2882 for (;;) {
2883 int x;
2884 uint8_t *guest_ptr, *server_ptr;
2885 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2886 height * VNC_DIRTY_BPL(&vd->guest),
2887 y * VNC_DIRTY_BPL(&vd->guest));
2888 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2889 /* no more dirty bits */
2890 break;
2891 }
2892 y = offset / VNC_DIRTY_BPL(&vd->guest);
2893 x = offset % VNC_DIRTY_BPL(&vd->guest);
2894
2895 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2896
2897 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2898 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2899 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2900 } else {
2901 guest_ptr = guest_row0 + y * guest_stride;
2902 }
2903 guest_ptr += x * cmp_bytes;
2904
2905 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2906 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2907 int _cmp_bytes = cmp_bytes;
2908 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2909 continue;
2910 }
2911 if ((x + 1) * cmp_bytes > line_bytes) {
2912 _cmp_bytes = line_bytes - x * cmp_bytes;
2913 }
2914 assert(_cmp_bytes >= 0);
2915 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2916 continue;
2917 }
2918 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2919 if (!vd->non_adaptive) {
2920 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2921 y, &tv);
2922 }
2923 QTAILQ_FOREACH(vs, &vd->clients, next) {
2924 set_bit(x, vs->dirty[y]);
2925 }
2926 has_dirty++;
2927 }
2928
2929 y++;
2930 }
2931 qemu_pixman_image_unref(tmpbuf);
2932 return has_dirty;
2933 }
2934
2935 static void vnc_refresh(DisplayChangeListener *dcl)
2936 {
2937 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2938 VncState *vs, *vn;
2939 int has_dirty, rects = 0;
2940
2941 if (QTAILQ_EMPTY(&vd->clients)) {
2942 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2943 return;
2944 }
2945
2946 graphic_hw_update(vd->dcl.con);
2947
2948 if (vnc_trylock_display(vd)) {
2949 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2950 return;
2951 }
2952
2953 has_dirty = vnc_refresh_server_surface(vd);
2954 vnc_unlock_display(vd);
2955
2956 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2957 rects += vnc_update_client(vs, has_dirty, false);
2958 /* vs might be free()ed here */
2959 }
2960
2961 if (has_dirty && rects) {
2962 vd->dcl.update_interval /= 2;
2963 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2964 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2965 }
2966 } else {
2967 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2968 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2969 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2970 }
2971 }
2972 }
2973
2974 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2975 bool skipauth, bool websocket)
2976 {
2977 VncState *vs = g_new0(VncState, 1);
2978 bool first_client = QTAILQ_EMPTY(&vd->clients);
2979 int i;
2980
2981 vs->sioc = sioc;
2982 object_ref(OBJECT(vs->sioc));
2983 vs->ioc = QIO_CHANNEL(sioc);
2984 object_ref(OBJECT(vs->ioc));
2985 vs->vd = vd;
2986
2987 buffer_init(&vs->input, "vnc-input/%p", sioc);
2988 buffer_init(&vs->output, "vnc-output/%p", sioc);
2989 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2990
2991 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2992 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2993 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2994 #ifdef CONFIG_VNC_JPEG
2995 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2996 #endif
2997 #ifdef CONFIG_VNC_PNG
2998 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2999 #endif
3000 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3001 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
3002 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
3003 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
3004
3005 if (skipauth) {
3006 vs->auth = VNC_AUTH_NONE;
3007 vs->subauth = VNC_AUTH_INVALID;
3008 } else {
3009 if (websocket) {
3010 vs->auth = vd->ws_auth;
3011 vs->subauth = VNC_AUTH_INVALID;
3012 } else {
3013 vs->auth = vd->auth;
3014 vs->subauth = vd->subauth;
3015 }
3016 }
3017 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3018 sioc, websocket, vs->auth, vs->subauth);
3019
3020 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3021 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3022 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3023 }
3024
3025 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3026 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3027 qio_channel_set_blocking(vs->ioc, false, NULL);
3028 if (websocket) {
3029 vs->websocket = 1;
3030 if (vd->tlscreds) {
3031 vs->ioc_tag = qio_channel_add_watch(
3032 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3033 } else {
3034 vs->ioc_tag = qio_channel_add_watch(
3035 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3036 }
3037 } else {
3038 vs->ioc_tag = qio_channel_add_watch(
3039 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3040 }
3041
3042 vnc_client_cache_addr(vs);
3043 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3044 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3045
3046 vs->last_x = -1;
3047 vs->last_y = -1;
3048
3049 vs->as.freq = 44100;
3050 vs->as.nchannels = 2;
3051 vs->as.fmt = AUD_FMT_S16;
3052 vs->as.endianness = 0;
3053
3054 qemu_mutex_init(&vs->output_mutex);
3055 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3056
3057 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3058 if (first_client) {
3059 vnc_update_server_surface(vd);
3060 }
3061
3062 graphic_hw_update(vd->dcl.con);
3063
3064 if (!vs->websocket) {
3065 vnc_start_protocol(vs);
3066 }
3067
3068 if (vd->num_connecting > vd->connections_limit) {
3069 QTAILQ_FOREACH(vs, &vd->clients, next) {
3070 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3071 vnc_disconnect_start(vs);
3072 return;
3073 }
3074 }
3075 }
3076 }
3077
3078 void vnc_start_protocol(VncState *vs)
3079 {
3080 vnc_write(vs, "RFB 003.008\n", 12);
3081 vnc_flush(vs);
3082 vnc_read_when(vs, protocol_version, 12);
3083
3084 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3085 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3086 }
3087
3088 static gboolean vnc_listen_io(QIOChannel *ioc,
3089 GIOCondition condition,
3090 void *opaque)
3091 {
3092 VncDisplay *vd = opaque;
3093 QIOChannelSocket *sioc = NULL;
3094 Error *err = NULL;
3095 bool isWebsock = false;
3096 size_t i;
3097
3098 for (i = 0; i < vd->nlwebsock; i++) {
3099 if (ioc == QIO_CHANNEL(vd->lwebsock[i])) {
3100 isWebsock = true;
3101 break;
3102 }
3103 }
3104
3105 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3106 if (sioc != NULL) {
3107 qio_channel_set_name(QIO_CHANNEL(sioc),
3108 isWebsock ? "vnc-ws-server" : "vnc-server");
3109 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3110 vnc_connect(vd, sioc, false, isWebsock);
3111 object_unref(OBJECT(sioc));
3112 } else {
3113 /* client probably closed connection before we got there */
3114 error_free(err);
3115 }
3116
3117 return TRUE;
3118 }
3119
3120 static const DisplayChangeListenerOps dcl_ops = {
3121 .dpy_name = "vnc",
3122 .dpy_refresh = vnc_refresh,
3123 .dpy_gfx_copy = vnc_dpy_copy,
3124 .dpy_gfx_update = vnc_dpy_update,
3125 .dpy_gfx_switch = vnc_dpy_switch,
3126 .dpy_gfx_check_format = qemu_pixman_check_format,
3127 .dpy_mouse_set = vnc_mouse_set,
3128 .dpy_cursor_define = vnc_dpy_cursor_define,
3129 };
3130
3131 void vnc_display_init(const char *id)
3132 {
3133 VncDisplay *vd;
3134
3135 if (vnc_display_find(id) != NULL) {
3136 return;
3137 }
3138 vd = g_malloc0(sizeof(*vd));
3139
3140 vd->id = strdup(id);
3141 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3142
3143 QTAILQ_INIT(&vd->clients);
3144 vd->expires = TIME_MAX;
3145
3146 if (keyboard_layout) {
3147 trace_vnc_key_map_init(keyboard_layout);
3148 vd->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3149 } else {
3150 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3151 }
3152
3153 if (!vd->kbd_layout) {
3154 exit(1);
3155 }
3156
3157 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3158 vd->connections_limit = 32;
3159
3160 qemu_mutex_init(&vd->mutex);
3161 vnc_start_worker_thread();
3162
3163 vd->dcl.ops = &dcl_ops;
3164 register_displaychangelistener(&vd->dcl);
3165 }
3166
3167
3168 static void vnc_display_close(VncDisplay *vd)
3169 {
3170 size_t i;
3171 if (!vd) {
3172 return;
3173 }
3174 vd->is_unix = false;
3175 for (i = 0; i < vd->nlsock; i++) {
3176 if (vd->lsock_tag[i]) {
3177 g_source_remove(vd->lsock_tag[i]);
3178 }
3179 object_unref(OBJECT(vd->lsock[i]));
3180 }
3181 g_free(vd->lsock);
3182 g_free(vd->lsock_tag);
3183 vd->lsock = NULL;
3184 vd->lsock_tag = NULL;
3185 vd->nlsock = 0;
3186
3187 for (i = 0; i < vd->nlwebsock; i++) {
3188 if (vd->lwebsock_tag[i]) {
3189 g_source_remove(vd->lwebsock_tag[i]);
3190 }
3191 object_unref(OBJECT(vd->lwebsock[i]));
3192 }
3193 g_free(vd->lwebsock);
3194 g_free(vd->lwebsock_tag);
3195 vd->lwebsock = NULL;
3196 vd->lwebsock_tag = NULL;
3197 vd->nlwebsock = 0;
3198
3199 vd->auth = VNC_AUTH_INVALID;
3200 vd->subauth = VNC_AUTH_INVALID;
3201 if (vd->tlscreds) {
3202 object_unparent(OBJECT(vd->tlscreds));
3203 vd->tlscreds = NULL;
3204 }
3205 g_free(vd->tlsaclname);
3206 vd->tlsaclname = NULL;
3207 if (vd->lock_key_sync) {
3208 qemu_remove_led_event_handler(vd->led);
3209 vd->led = NULL;
3210 }
3211 }
3212
3213 int vnc_display_password(const char *id, const char *password)
3214 {
3215 VncDisplay *vd = vnc_display_find(id);
3216
3217 if (!vd) {
3218 return -EINVAL;
3219 }
3220 if (vd->auth == VNC_AUTH_NONE) {
3221 error_printf_unless_qmp("If you want use passwords please enable "
3222 "password auth using '-vnc ${dpy},password'.\n");
3223 return -EINVAL;
3224 }
3225
3226 g_free(vd->password);
3227 vd->password = g_strdup(password);
3228
3229 return 0;
3230 }
3231
3232 int vnc_display_pw_expire(const char *id, time_t expires)
3233 {
3234 VncDisplay *vd = vnc_display_find(id);
3235
3236 if (!vd) {
3237 return -EINVAL;
3238 }
3239
3240 vd->expires = expires;
3241 return 0;
3242 }
3243
3244 static void vnc_display_print_local_addr(VncDisplay *vd)
3245 {
3246 SocketAddress *addr;
3247 Error *err = NULL;
3248
3249 if (!vd->nlsock) {
3250 return;
3251 }
3252
3253 addr = qio_channel_socket_get_local_address(vd->lsock[0], &err);
3254 if (!addr) {
3255 return;
3256 }
3257
3258 if (addr->type != SOCKET_ADDRESS_KIND_INET) {
3259 qapi_free_SocketAddress(addr);
3260 return;
3261 }
3262 error_printf_unless_qmp("VNC server running on %s:%s\n",
3263 addr->u.inet.data->host,
3264 addr->u.inet.data->port);
3265 qapi_free_SocketAddress(addr);
3266 }
3267
3268 static QemuOptsList qemu_vnc_opts = {
3269 .name = "vnc",
3270 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3271 .implied_opt_name = "vnc",
3272 .desc = {
3273 {
3274 .name = "vnc",
3275 .type = QEMU_OPT_STRING,
3276 },{
3277 .name = "websocket",
3278 .type = QEMU_OPT_STRING,
3279 },{
3280 .name = "tls-creds",
3281 .type = QEMU_OPT_STRING,
3282 },{
3283 /* Deprecated in favour of tls-creds */
3284 .name = "x509",
3285 .type = QEMU_OPT_STRING,
3286 },{
3287 .name = "share",
3288 .type = QEMU_OPT_STRING,
3289 },{
3290 .name = "display",
3291 .type = QEMU_OPT_STRING,
3292 },{
3293 .name = "head",
3294 .type = QEMU_OPT_NUMBER,
3295 },{
3296 .name = "connections",
3297 .type = QEMU_OPT_NUMBER,
3298 },{
3299 .name = "to",
3300 .type = QEMU_OPT_NUMBER,
3301 },{
3302 .name = "ipv4",
3303 .type = QEMU_OPT_BOOL,
3304 },{
3305 .name = "ipv6",
3306 .type = QEMU_OPT_BOOL,
3307 },{
3308 .name = "password",
3309 .type = QEMU_OPT_BOOL,
3310 },{
3311 .name = "reverse",
3312 .type = QEMU_OPT_BOOL,
3313 },{
3314 .name = "lock-key-sync",
3315 .type = QEMU_OPT_BOOL,
3316 },{
3317 .name = "key-delay-ms",
3318 .type = QEMU_OPT_NUMBER,
3319 },{
3320 .name = "sasl",
3321 .type = QEMU_OPT_BOOL,
3322 },{
3323 /* Deprecated in favour of tls-creds */
3324 .name = "tls",
3325 .type = QEMU_OPT_BOOL,
3326 },{
3327 /* Deprecated in favour of tls-creds */
3328 .name = "x509verify",
3329 .type = QEMU_OPT_STRING,
3330 },{
3331 .name = "acl",
3332 .type = QEMU_OPT_BOOL,
3333 },{
3334 .name = "lossy",
3335 .type = QEMU_OPT_BOOL,
3336 },{
3337 .name = "non-adaptive",
3338 .type = QEMU_OPT_BOOL,
3339 },
3340 { /* end of list */ }
3341 },
3342 };
3343
3344
3345 static int
3346 vnc_display_setup_auth(int *auth,
3347 int *subauth,
3348 QCryptoTLSCreds *tlscreds,
3349 bool password,
3350 bool sasl,
3351 bool websocket,
3352 Error **errp)
3353 {
3354 /*
3355 * We have a choice of 3 authentication options
3356 *
3357 * 1. none
3358 * 2. vnc
3359 * 3. sasl
3360 *
3361 * The channel can be run in 2 modes
3362 *
3363 * 1. clear
3364 * 2. tls
3365 *
3366 * And TLS can use 2 types of credentials
3367 *
3368 * 1. anon
3369 * 2. x509
3370 *
3371 * We thus have 9 possible logical combinations
3372 *
3373 * 1. clear + none
3374 * 2. clear + vnc
3375 * 3. clear + sasl
3376 * 4. tls + anon + none
3377 * 5. tls + anon + vnc
3378 * 6. tls + anon + sasl
3379 * 7. tls + x509 + none
3380 * 8. tls + x509 + vnc
3381 * 9. tls + x509 + sasl
3382 *
3383 * These need to be mapped into the VNC auth schemes
3384 * in an appropriate manner. In regular VNC, all the
3385 * TLS options get mapped into VNC_AUTH_VENCRYPT
3386 * sub-auth types.
3387 *
3388 * In websockets, the https:// protocol already provides
3389 * TLS support, so there is no need to make use of the
3390 * VeNCrypt extension. Furthermore, websockets browser
3391 * clients could not use VeNCrypt even if they wanted to,
3392 * as they cannot control when the TLS handshake takes
3393 * place. Thus there is no option but to rely on https://,
3394 * meaning combinations 4->6 and 7->9 will be mapped to
3395 * VNC auth schemes in the same way as combos 1->3.
3396 *
3397 * Regardless of fact that we have a different mapping to
3398 * VNC auth mechs for plain VNC vs websockets VNC, the end
3399 * result has the same security characteristics.
3400 */
3401 if (websocket || !tlscreds) {
3402 if (password) {
3403 VNC_DEBUG("Initializing VNC server with password auth\n");
3404 *auth = VNC_AUTH_VNC;
3405 } else if (sasl) {
3406 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3407 *auth = VNC_AUTH_SASL;
3408 } else {
3409 VNC_DEBUG("Initializing VNC server with no auth\n");
3410 *auth = VNC_AUTH_NONE;
3411 }
3412 *subauth = VNC_AUTH_INVALID;
3413 } else {
3414 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3415 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3416 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3417 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3418
3419 if (!is_x509 && !is_anon) {
3420 error_setg(errp,
3421 "Unsupported TLS cred type %s",
3422 object_get_typename(OBJECT(tlscreds)));
3423 return -1;
3424 }
3425 *auth = VNC_AUTH_VENCRYPT;
3426 if (password) {
3427 if (is_x509) {
3428 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3429 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3430 } else {
3431 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3432 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3433 }
3434
3435 } else if (sasl) {
3436 if (is_x509) {
3437 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3438 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3439 } else {
3440 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3441 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3442 }
3443 } else {
3444 if (is_x509) {
3445 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3446 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3447 } else {
3448 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3449 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3450 }
3451 }
3452 }
3453 return 0;
3454 }
3455
3456
3457 /*
3458 * Handle back compat with old CLI syntax by creating some
3459 * suitable QCryptoTLSCreds objects
3460 */
3461 static QCryptoTLSCreds *
3462 vnc_display_create_creds(bool x509,
3463 bool x509verify,
3464 const char *dir,
3465 const char *id,
3466 Error **errp)
3467 {
3468 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3469 Object *parent = object_get_objects_root();
3470 Object *creds;
3471 Error *err = NULL;
3472
3473 if (x509) {
3474 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3475 parent,
3476 credsid,
3477 &err,
3478 "endpoint", "server",
3479 "dir", dir,
3480 "verify-peer", x509verify ? "yes" : "no",
3481 NULL);
3482 } else {
3483 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3484 parent,
3485 credsid,
3486 &err,
3487 "endpoint", "server",
3488 NULL);
3489 }
3490
3491 g_free(credsid);
3492
3493 if (err) {
3494 error_propagate(errp, err);
3495 return NULL;
3496 }
3497
3498 return QCRYPTO_TLS_CREDS(creds);
3499 }
3500
3501
3502 static int vnc_display_get_address(const char *addrstr,
3503 bool websocket,
3504 int displaynum,
3505 int to,
3506 bool has_ipv4,
3507 bool has_ipv6,
3508 bool ipv4,
3509 bool ipv6,
3510 SocketAddress **retaddr,
3511 Error **errp)
3512 {
3513 int ret = -1;
3514 SocketAddress *addr = NULL;
3515
3516 addr = g_new0(SocketAddress, 1);
3517
3518 if (strncmp(addrstr, "unix:", 5) == 0) {
3519 addr->type = SOCKET_ADDRESS_KIND_UNIX;
3520 addr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
3521 addr->u.q_unix.data->path = g_strdup(addrstr + 5);
3522
3523 if (websocket) {
3524 error_setg(errp, "UNIX sockets not supported with websock");
3525 goto cleanup;
3526 }
3527
3528 if (to) {
3529 error_setg(errp, "Port range not support with UNIX socket");
3530 goto cleanup;
3531 }
3532 ret = 0;
3533 } else {
3534 const char *port;
3535 size_t hostlen;
3536 unsigned long long baseport = 0;
3537 InetSocketAddress *inet;
3538
3539 port = strrchr(addrstr, ':');
3540 if (!port) {
3541 if (websocket) {
3542 hostlen = 0;
3543 port = addrstr;
3544 } else {
3545 error_setg(errp, "no vnc port specified");
3546 goto cleanup;
3547 }
3548 } else {
3549 hostlen = port - addrstr;
3550 port++;
3551 if (*port == '\0') {
3552 error_setg(errp, "vnc port cannot be empty");
3553 goto cleanup;
3554 }
3555 }
3556
3557 addr->type = SOCKET_ADDRESS_KIND_INET;
3558 inet = addr->u.inet.data = g_new0(InetSocketAddress, 1);
3559 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3560 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3561 } else {
3562 inet->host = g_strndup(addrstr, hostlen);
3563 }
3564 /* plain VNC port is just an offset, for websocket
3565 * port is absolute */
3566 if (websocket) {
3567 if (g_str_equal(addrstr, "") ||
3568 g_str_equal(addrstr, "on")) {
3569 if (displaynum == -1) {
3570 error_setg(errp, "explicit websocket port is required");
3571 goto cleanup;
3572 }
3573 inet->port = g_strdup_printf(
3574 "%d", displaynum + 5700);
3575 if (to) {
3576 inet->has_to = true;
3577 inet->to = to + 5700;
3578 }
3579 } else {
3580 inet->port = g_strdup(port);
3581 }
3582 } else {
3583 if (parse_uint_full(port, &baseport, 10) < 0) {
3584 error_setg(errp, "can't convert to a number: %s", port);
3585 goto cleanup;
3586 }
3587 if (baseport > 65535 ||
3588 baseport + 5900 > 65535) {
3589 error_setg(errp, "port %s out of range", port);
3590 goto cleanup;
3591 }
3592 inet->port = g_strdup_printf(
3593 "%d", (int)baseport + 5900);
3594
3595 if (to) {
3596 inet->has_to = true;
3597 inet->to = to + 5900;
3598 }
3599 }
3600
3601 inet->ipv4 = ipv4;
3602 inet->has_ipv4 = has_ipv4;
3603 inet->ipv6 = ipv6;
3604 inet->has_ipv6 = has_ipv6;
3605
3606 ret = baseport;
3607 }
3608
3609 *retaddr = addr;
3610
3611 cleanup:
3612 if (ret < 0) {
3613 qapi_free_SocketAddress(addr);
3614 }
3615 return ret;
3616 }
3617
3618 static int vnc_display_get_addresses(QemuOpts *opts,
3619 SocketAddress ***retsaddr,
3620 size_t *retnsaddr,
3621 SocketAddress ***retwsaddr,
3622 size_t *retnwsaddr,
3623 Error **errp)
3624 {
3625 SocketAddress *saddr = NULL;
3626 SocketAddress *wsaddr = NULL;
3627 QemuOptsIter addriter;
3628 const char *addr;
3629 int to = qemu_opt_get_number(opts, "to", 0);
3630 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3631 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3632 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3633 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3634 size_t i;
3635 int displaynum = -1;
3636 int ret = -1;
3637
3638 *retsaddr = NULL;
3639 *retnsaddr = 0;
3640 *retwsaddr = NULL;
3641 *retnwsaddr = 0;
3642
3643 addr = qemu_opt_get(opts, "vnc");
3644 if (addr == NULL || g_str_equal(addr, "none")) {
3645 ret = 0;
3646 goto cleanup;
3647 }
3648 if (qemu_opt_get(opts, "websocket") &&
3649 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3650 error_setg(errp,
3651 "SHA1 hash support is required for websockets");
3652 goto cleanup;
3653 }
3654
3655 qemu_opt_iter_init(&addriter, opts, "vnc");
3656 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3657 int rv;
3658 rv = vnc_display_get_address(addr, false, 0, to,
3659 has_ipv4, has_ipv6,
3660 ipv4, ipv6,
3661 &saddr, errp);
3662 if (rv < 0) {
3663 goto cleanup;
3664 }
3665 /* Historical compat - first listen address can be used
3666 * to set the default websocket port
3667 */
3668 if (displaynum == -1) {
3669 displaynum = rv;
3670 }
3671 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3672 (*retsaddr)[(*retnsaddr)++] = saddr;
3673 }
3674
3675 /* If we had multiple primary displays, we don't do defaults
3676 * for websocket, and require explicit config instead. */
3677 if (*retnsaddr > 1) {
3678 displaynum = -1;
3679 }
3680
3681 qemu_opt_iter_init(&addriter, opts, "websocket");
3682 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3683 if (vnc_display_get_address(addr, true, displaynum, to,
3684 has_ipv4, has_ipv6,
3685 ipv4, ipv6,
3686 &wsaddr, errp) < 0) {
3687 goto cleanup;
3688 }
3689
3690 /* Historical compat - if only a single listen address was
3691 * provided, then this is used to set the default listen
3692 * address for websocket too
3693 */
3694 if (*retnsaddr == 1 &&
3695 (*retsaddr)[0]->type == SOCKET_ADDRESS_KIND_INET &&
3696 wsaddr->type == SOCKET_ADDRESS_KIND_INET &&
3697 g_str_equal(wsaddr->u.inet.data->host, "") &&
3698 !g_str_equal((*retsaddr)[0]->u.inet.data->host, "")) {
3699 g_free(wsaddr->u.inet.data->host);
3700 wsaddr->u.inet.data->host =
3701 g_strdup((*retsaddr)[0]->u.inet.data->host);
3702 }
3703
3704 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3705 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3706 }
3707
3708 ret = 0;
3709 cleanup:
3710 if (ret < 0) {
3711 for (i = 0; i < *retnsaddr; i++) {
3712 qapi_free_SocketAddress((*retsaddr)[i]);
3713 }
3714 g_free(*retsaddr);
3715 for (i = 0; i < *retnwsaddr; i++) {
3716 qapi_free_SocketAddress((*retwsaddr)[i]);
3717 }
3718 g_free(*retwsaddr);
3719 *retsaddr = *retwsaddr = NULL;
3720 *retnsaddr = *retnwsaddr = 0;
3721 }
3722 return ret;
3723 }
3724
3725 static int vnc_display_connect(VncDisplay *vd,
3726 SocketAddress **saddr,
3727 size_t nsaddr,
3728 SocketAddress **wsaddr,
3729 size_t nwsaddr,
3730 Error **errp)
3731 {
3732 /* connect to viewer */
3733 QIOChannelSocket *sioc = NULL;
3734 if (nwsaddr != 0) {
3735 error_setg(errp, "Cannot use websockets in reverse mode");
3736 return -1;
3737 }
3738 if (nsaddr != 1) {
3739 error_setg(errp, "Expected a single address in reverse mode");
3740 return -1;
3741 }
3742 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_KIND_UNIX;
3743 sioc = qio_channel_socket_new();
3744 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3745 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3746 return -1;
3747 }
3748 vnc_connect(vd, sioc, false, false);
3749 object_unref(OBJECT(sioc));
3750 return 0;
3751 }
3752
3753
3754 static int vnc_display_listen_addr(VncDisplay *vd,
3755 SocketAddress *addr,
3756 const char *name,
3757 QIOChannelSocket ***lsock,
3758 guint **lsock_tag,
3759 size_t *nlsock,
3760 Error **errp)
3761 {
3762 QIODNSResolver *resolver = qio_dns_resolver_get_instance();
3763 SocketAddress **rawaddrs = NULL;
3764 size_t nrawaddrs = 0;
3765 Error *listenerr = NULL;
3766 bool listening = false;
3767 size_t i;
3768
3769 if (qio_dns_resolver_lookup_sync(resolver, addr, &nrawaddrs,
3770 &rawaddrs, errp) < 0) {
3771 return -1;
3772 }
3773
3774 for (i = 0; i < nrawaddrs; i++) {
3775 QIOChannelSocket *sioc = qio_channel_socket_new();
3776
3777 qio_channel_set_name(QIO_CHANNEL(sioc), name);
3778 if (qio_channel_socket_listen_sync(
3779 sioc, rawaddrs[i], listenerr == NULL ? &listenerr : NULL) < 0) {
3780 continue;
3781 }
3782 listening = true;
3783 (*nlsock)++;
3784 *lsock = g_renew(QIOChannelSocket *, *lsock, *nlsock);
3785 *lsock_tag = g_renew(guint, *lsock_tag, *nlsock);
3786
3787 (*lsock)[*nlsock - 1] = sioc;
3788 (*lsock_tag)[*nlsock - 1] = 0;
3789 }
3790
3791 for (i = 0; i < nrawaddrs; i++) {
3792 qapi_free_SocketAddress(rawaddrs[i]);
3793 }
3794 g_free(rawaddrs);
3795
3796 if (listenerr) {
3797 if (!listening) {
3798 error_propagate(errp, listenerr);
3799 return -1;
3800 } else {
3801 error_free(listenerr);
3802 }
3803 }
3804
3805 for (i = 0; i < *nlsock; i++) {
3806 (*lsock_tag)[i] = qio_channel_add_watch(
3807 QIO_CHANNEL((*lsock)[i]),
3808 G_IO_IN, vnc_listen_io, vd, NULL);
3809 }
3810
3811 return 0;
3812 }
3813
3814
3815 static int vnc_display_listen(VncDisplay *vd,
3816 SocketAddress **saddr,
3817 size_t nsaddr,
3818 SocketAddress **wsaddr,
3819 size_t nwsaddr,
3820 Error **errp)
3821 {
3822 size_t i;
3823
3824 for (i = 0; i < nsaddr; i++) {
3825 if (vnc_display_listen_addr(vd, saddr[i],
3826 "vnc-listen",
3827 &vd->lsock,
3828 &vd->lsock_tag,
3829 &vd->nlsock,
3830 errp) < 0) {
3831 return -1;
3832 }
3833 }
3834 for (i = 0; i < nwsaddr; i++) {
3835 if (vnc_display_listen_addr(vd, wsaddr[i],
3836 "vnc-ws-listen",
3837 &vd->lwebsock,
3838 &vd->lwebsock_tag,
3839 &vd->nlwebsock,
3840 errp) < 0) {
3841 return -1;
3842 }
3843 }
3844
3845 return 0;
3846 }
3847
3848
3849 void vnc_display_open(const char *id, Error **errp)
3850 {
3851 VncDisplay *vd = vnc_display_find(id);
3852 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3853 SocketAddress **saddr = NULL, **wsaddr = NULL;
3854 size_t nsaddr, nwsaddr;
3855 const char *share, *device_id;
3856 QemuConsole *con;
3857 bool password = false;
3858 bool reverse = false;
3859 const char *credid;
3860 bool sasl = false;
3861 #ifdef CONFIG_VNC_SASL
3862 int saslErr;
3863 #endif
3864 int acl = 0;
3865 int lock_key_sync = 1;
3866 int key_delay_ms;
3867 size_t i;
3868
3869 if (!vd) {
3870 error_setg(errp, "VNC display not active");
3871 return;
3872 }
3873 vnc_display_close(vd);
3874
3875 if (!opts) {
3876 return;
3877 }
3878
3879 if (vnc_display_get_addresses(opts, &saddr, &nsaddr,
3880 &wsaddr, &nwsaddr, errp) < 0) {
3881 goto fail;
3882 }
3883
3884 if (saddr == NULL) {
3885 return;
3886 }
3887
3888 password = qemu_opt_get_bool(opts, "password", false);
3889 if (password) {
3890 if (fips_get_state()) {
3891 error_setg(errp,
3892 "VNC password auth disabled due to FIPS mode, "
3893 "consider using the VeNCrypt or SASL authentication "
3894 "methods as an alternative");
3895 goto fail;
3896 }
3897 if (!qcrypto_cipher_supports(
3898 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3899 error_setg(errp,
3900 "Cipher backend does not support DES RFB algorithm");
3901 goto fail;
3902 }
3903 }
3904
3905 reverse = qemu_opt_get_bool(opts, "reverse", false);
3906 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3907 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 1);
3908 sasl = qemu_opt_get_bool(opts, "sasl", false);
3909 #ifndef CONFIG_VNC_SASL
3910 if (sasl) {
3911 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3912 goto fail;
3913 }
3914 #endif /* CONFIG_VNC_SASL */
3915 credid = qemu_opt_get(opts, "tls-creds");
3916 if (credid) {
3917 Object *creds;
3918 if (qemu_opt_get(opts, "tls") ||
3919 qemu_opt_get(opts, "x509") ||
3920 qemu_opt_get(opts, "x509verify")) {
3921 error_setg(errp,
3922 "'tls-creds' parameter is mutually exclusive with "
3923 "'tls', 'x509' and 'x509verify' parameters");
3924 goto fail;
3925 }
3926
3927 creds = object_resolve_path_component(
3928 object_get_objects_root(), credid);
3929 if (!creds) {
3930 error_setg(errp, "No TLS credentials with id '%s'",
3931 credid);
3932 goto fail;
3933 }
3934 vd->tlscreds = (QCryptoTLSCreds *)
3935 object_dynamic_cast(creds,
3936 TYPE_QCRYPTO_TLS_CREDS);
3937 if (!vd->tlscreds) {
3938 error_setg(errp, "Object with id '%s' is not TLS credentials",
3939 credid);
3940 goto fail;
3941 }
3942 object_ref(OBJECT(vd->tlscreds));
3943
3944 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3945 error_setg(errp,
3946 "Expecting TLS credentials with a server endpoint");
3947 goto fail;
3948 }
3949 } else {
3950 const char *path;
3951 bool tls = false, x509 = false, x509verify = false;
3952 tls = qemu_opt_get_bool(opts, "tls", false);
3953 if (tls) {
3954 path = qemu_opt_get(opts, "x509");
3955
3956 if (path) {
3957 x509 = true;
3958 } else {
3959 path = qemu_opt_get(opts, "x509verify");
3960 if (path) {
3961 x509 = true;
3962 x509verify = true;
3963 }
3964 }
3965 vd->tlscreds = vnc_display_create_creds(x509,
3966 x509verify,
3967 path,
3968 vd->id,
3969 errp);
3970 if (!vd->tlscreds) {
3971 goto fail;
3972 }
3973 }
3974 }
3975 acl = qemu_opt_get_bool(opts, "acl", false);
3976
3977 share = qemu_opt_get(opts, "share");
3978 if (share) {
3979 if (strcmp(share, "ignore") == 0) {
3980 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3981 } else if (strcmp(share, "allow-exclusive") == 0) {
3982 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3983 } else if (strcmp(share, "force-shared") == 0) {
3984 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3985 } else {
3986 error_setg(errp, "unknown vnc share= option");
3987 goto fail;
3988 }
3989 } else {
3990 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3991 }
3992 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3993
3994 #ifdef CONFIG_VNC_JPEG
3995 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3996 #endif
3997 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3998 /* adaptive updates are only used with tight encoding and
3999 * if lossy updates are enabled so we can disable all the
4000 * calculations otherwise */
4001 if (!vd->lossy) {
4002 vd->non_adaptive = true;
4003 }
4004
4005 if (acl) {
4006 if (strcmp(vd->id, "default") == 0) {
4007 vd->tlsaclname = g_strdup("vnc.x509dname");
4008 } else {
4009 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id);
4010 }
4011 qemu_acl_init(vd->tlsaclname);
4012 }
4013 #ifdef CONFIG_VNC_SASL
4014 if (acl && sasl) {
4015 char *aclname;
4016
4017 if (strcmp(vd->id, "default") == 0) {
4018 aclname = g_strdup("vnc.username");
4019 } else {
4020 aclname = g_strdup_printf("vnc.%s.username", vd->id);
4021 }
4022 vd->sasl.acl = qemu_acl_init(aclname);
4023 g_free(aclname);
4024 }
4025 #endif
4026
4027 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4028 vd->tlscreds, password,
4029 sasl, false, errp) < 0) {
4030 goto fail;
4031 }
4032
4033 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4034 vd->tlscreds, password,
4035 sasl, true, errp) < 0) {
4036 goto fail;
4037 }
4038
4039 #ifdef CONFIG_VNC_SASL
4040 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
4041 error_setg(errp, "Failed to initialize SASL auth: %s",
4042 sasl_errstring(saslErr, NULL, NULL));
4043 goto fail;
4044 }
4045 #endif
4046 vd->lock_key_sync = lock_key_sync;
4047 if (lock_key_sync) {
4048 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4049 }
4050 vd->ledstate = 0;
4051 vd->key_delay_ms = key_delay_ms;
4052
4053 device_id = qemu_opt_get(opts, "display");
4054 if (device_id) {
4055 int head = qemu_opt_get_number(opts, "head", 0);
4056 Error *err = NULL;
4057
4058 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4059 if (err) {
4060 error_propagate(errp, err);
4061 goto fail;
4062 }
4063 } else {
4064 con = NULL;
4065 }
4066
4067 if (con != vd->dcl.con) {
4068 unregister_displaychangelistener(&vd->dcl);
4069 vd->dcl.con = con;
4070 register_displaychangelistener(&vd->dcl);
4071 }
4072
4073 if (reverse) {
4074 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4075 goto fail;
4076 }
4077 } else {
4078 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4079 goto fail;
4080 }
4081 }
4082
4083 if (qemu_opt_get(opts, "to")) {
4084 vnc_display_print_local_addr(vd);
4085 }
4086
4087 cleanup:
4088 for (i = 0; i < nsaddr; i++) {
4089 qapi_free_SocketAddress(saddr[i]);
4090 }
4091 for (i = 0; i < nwsaddr; i++) {
4092 qapi_free_SocketAddress(wsaddr[i]);
4093 }
4094 return;
4095
4096 fail:
4097 vnc_display_close(vd);
4098 goto cleanup;
4099 }
4100
4101 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4102 {
4103 VncDisplay *vd = vnc_display_find(id);
4104 QIOChannelSocket *sioc;
4105
4106 if (!vd) {
4107 return;
4108 }
4109
4110 sioc = qio_channel_socket_new_fd(csock, NULL);
4111 if (sioc) {
4112 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4113 vnc_connect(vd, sioc, skipauth, false);
4114 object_unref(OBJECT(sioc));
4115 }
4116 }
4117
4118 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4119 {
4120 int i = 2;
4121 char *id;
4122
4123 id = g_strdup("default");
4124 while (qemu_opts_find(olist, id)) {
4125 g_free(id);
4126 id = g_strdup_printf("vnc%d", i++);
4127 }
4128 qemu_opts_set_id(opts, id);
4129 }
4130
4131 QemuOpts *vnc_parse(const char *str, Error **errp)
4132 {
4133 QemuOptsList *olist = qemu_find_opts("vnc");
4134 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4135 const char *id;
4136
4137 if (!opts) {
4138 return NULL;
4139 }
4140
4141 id = qemu_opts_id(opts);
4142 if (!id) {
4143 /* auto-assign id if not present */
4144 vnc_auto_assign_id(olist, opts);
4145 }
4146 return opts;
4147 }
4148
4149 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4150 {
4151 Error *local_err = NULL;
4152 char *id = (char *)qemu_opts_id(opts);
4153
4154 assert(id);
4155 vnc_display_init(id);
4156 vnc_display_open(id, &local_err);
4157 if (local_err != NULL) {
4158 error_reportf_err(local_err, "Failed to start VNC server: ");
4159 exit(1);
4160 }
4161 return 0;
4162 }
4163
4164 static void vnc_register_config(void)
4165 {
4166 qemu_add_opts(&qemu_vnc_opts);
4167 }
4168 opts_init(vnc_register_config);
AR7 emulation for QEMU