1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "vnc.h"
29#include "vnc-jobs.h"
30#include "trace.h"
31#include "sysemu/sysemu.h"
32#include "qemu/error-report.h"
33#include "qemu/sockets.h"
34#include "qemu/timer.h"
35#include "qemu/acl.h"
36#include "qemu/config-file.h"
37#include "qapi/qmp/qerror.h"
38#include "qapi/qmp/types.h"
39#include "qmp-commands.h"
40#include "ui/input.h"
41#include "qapi-event.h"
42#include "crypto/hash.h"
43#include "crypto/tlscredsanon.h"
44#include "crypto/tlscredsx509.h"
45#include "qom/object_interfaces.h"
46#include "qemu/cutils.h"
47#include "io/dns-resolver.h"
48
49#define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50#define VNC_REFRESH_INTERVAL_INC 50
51#define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55#include "vnc_keysym.h"
56#include "crypto/cipher.h"
57
58static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61static int vnc_cursor_define(VncState *vs);
62static void vnc_release_modifiers(VncState *vs);
63
64static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
65{
66#ifdef _VNC_DEBUG
67 static const char *mn[] = {
68 [0] = "undefined",
69 [VNC_SHARE_MODE_CONNECTING] = "connecting",
70 [VNC_SHARE_MODE_SHARED] = "shared",
71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
73 };
74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
75 vs->ioc, mn[vs->share_mode], mn[mode]);
76#endif
77
78 switch (vs->share_mode) {
79 case VNC_SHARE_MODE_CONNECTING:
80 vs->vd->num_connecting--;
81 break;
82 case VNC_SHARE_MODE_SHARED:
83 vs->vd->num_shared--;
84 break;
85 case VNC_SHARE_MODE_EXCLUSIVE:
86 vs->vd->num_exclusive--;
87 break;
88 default:
89 break;
90 }
91
92 vs->share_mode = mode;
93
94 switch (vs->share_mode) {
95 case VNC_SHARE_MODE_CONNECTING:
96 vs->vd->num_connecting++;
97 break;
98 case VNC_SHARE_MODE_SHARED:
99 vs->vd->num_shared++;
100 break;
101 case VNC_SHARE_MODE_EXCLUSIVE:
102 vs->vd->num_exclusive++;
103 break;
104 default:
105 break;
106 }
107}
108
109
110static void vnc_init_basic_info(SocketAddress *addr,
111 VncBasicInfo *info,
112 Error **errp)
113{
114 switch (addr->type) {
115 case SOCKET_ADDRESS_TYPE_INET:
116 info->host = g_strdup(addr->u.inet.host);
117 info->service = g_strdup(addr->u.inet.port);
118 if (addr->u.inet.ipv6) {
119 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
120 } else {
121 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
122 }
123 break;
124
125 case SOCKET_ADDRESS_TYPE_UNIX:
126 info->host = g_strdup("");
127 info->service = g_strdup(addr->u.q_unix.path);
128 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
129 break;
130
131 case SOCKET_ADDRESS_TYPE_VSOCK:
132 case SOCKET_ADDRESS_TYPE_FD:
133 error_setg(errp, "Unsupported socket address type %s",
134 SocketAddressType_lookup[addr->type]);
135 break;
136 default:
137 abort();
138 }
139
140 return;
141}
142
143static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
144 VncBasicInfo *info,
145 Error **errp)
146{
147 SocketAddress *addr = NULL;
148
149 if (!ioc) {
150 error_setg(errp, "No listener socket available");
151 return;
152 }
153
154 addr = qio_channel_socket_get_local_address(ioc, errp);
155 if (!addr) {
156 return;
157 }
158
159 vnc_init_basic_info(addr, info, errp);
160 qapi_free_SocketAddress(addr);
161}
162
163static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
164 VncBasicInfo *info,
165 Error **errp)
166{
167 SocketAddress *addr = NULL;
168
169 addr = qio_channel_socket_get_remote_address(ioc, errp);
170 if (!addr) {
171 return;
172 }
173
174 vnc_init_basic_info(addr, info, errp);
175 qapi_free_SocketAddress(addr);
176}
177
178static const char *vnc_auth_name(VncDisplay *vd) {
179 switch (vd->auth) {
180 case VNC_AUTH_INVALID:
181 return "invalid";
182 case VNC_AUTH_NONE:
183 return "none";
184 case VNC_AUTH_VNC:
185 return "vnc";
186 case VNC_AUTH_RA2:
187 return "ra2";
188 case VNC_AUTH_RA2NE:
189 return "ra2ne";
190 case VNC_AUTH_TIGHT:
191 return "tight";
192 case VNC_AUTH_ULTRA:
193 return "ultra";
194 case VNC_AUTH_TLS:
195 return "tls";
196 case VNC_AUTH_VENCRYPT:
197 switch (vd->subauth) {
198 case VNC_AUTH_VENCRYPT_PLAIN:
199 return "vencrypt+plain";
200 case VNC_AUTH_VENCRYPT_TLSNONE:
201 return "vencrypt+tls+none";
202 case VNC_AUTH_VENCRYPT_TLSVNC:
203 return "vencrypt+tls+vnc";
204 case VNC_AUTH_VENCRYPT_TLSPLAIN:
205 return "vencrypt+tls+plain";
206 case VNC_AUTH_VENCRYPT_X509NONE:
207 return "vencrypt+x509+none";
208 case VNC_AUTH_VENCRYPT_X509VNC:
209 return "vencrypt+x509+vnc";
210 case VNC_AUTH_VENCRYPT_X509PLAIN:
211 return "vencrypt+x509+plain";
212 case VNC_AUTH_VENCRYPT_TLSSASL:
213 return "vencrypt+tls+sasl";
214 case VNC_AUTH_VENCRYPT_X509SASL:
215 return "vencrypt+x509+sasl";
216 default:
217 return "vencrypt";
218 }
219 case VNC_AUTH_SASL:
220 return "sasl";
221 }
222 return "unknown";
223}
224
225static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
226{
227 VncServerInfo *info;
228 Error *err = NULL;
229
230 if (!vd->nlsock) {
231 return NULL;
232 }
233
234 info = g_malloc0(sizeof(*info));
235 vnc_init_basic_info_from_server_addr(vd->lsock[0],
236 qapi_VncServerInfo_base(info), &err);
237 info->has_auth = true;
238 info->auth = g_strdup(vnc_auth_name(vd));
239 if (err) {
240 qapi_free_VncServerInfo(info);
241 info = NULL;
242 error_free(err);
243 }
244 return info;
245}
246
247static void vnc_client_cache_auth(VncState *client)
248{
249 if (!client->info) {
250 return;
251 }
252
253 if (client->tls) {
254 client->info->x509_dname =
255 qcrypto_tls_session_get_peer_name(client->tls);
256 client->info->has_x509_dname =
257 client->info->x509_dname != NULL;
258 }
259#ifdef CONFIG_VNC_SASL
260 if (client->sasl.conn &&
261 client->sasl.username) {
262 client->info->has_sasl_username = true;
263 client->info->sasl_username = g_strdup(client->sasl.username);
264 }
265#endif
266}
267
268static void vnc_client_cache_addr(VncState *client)
269{
270 Error *err = NULL;
271
272 client->info = g_malloc0(sizeof(*client->info));
273 vnc_init_basic_info_from_remote_addr(client->sioc,
274 qapi_VncClientInfo_base(client->info),
275 &err);
276 if (err) {
277 qapi_free_VncClientInfo(client->info);
278 client->info = NULL;
279 error_free(err);
280 }
281}
282
283static void vnc_qmp_event(VncState *vs, QAPIEvent event)
284{
285 VncServerInfo *si;
286
287 if (!vs->info) {
288 return;
289 }
290
291 si = vnc_server_info_get(vs->vd);
292 if (!si) {
293 return;
294 }
295
296 switch (event) {
297 case QAPI_EVENT_VNC_CONNECTED:
298 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
299 &error_abort);
300 break;
301 case QAPI_EVENT_VNC_INITIALIZED:
302 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
303 break;
304 case QAPI_EVENT_VNC_DISCONNECTED:
305 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
306 break;
307 default:
308 break;
309 }
310
311 qapi_free_VncServerInfo(si);
312}
313
314static VncClientInfo *qmp_query_vnc_client(const VncState *client)
315{
316 VncClientInfo *info;
317 Error *err = NULL;
318
319 info = g_malloc0(sizeof(*info));
320
321 vnc_init_basic_info_from_remote_addr(client->sioc,
322 qapi_VncClientInfo_base(info),
323 &err);
324 if (err) {
325 error_free(err);
326 qapi_free_VncClientInfo(info);
327 return NULL;
328 }
329
330 info->websocket = client->websocket;
331
332 if (client->tls) {
333 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
334 info->has_x509_dname = info->x509_dname != NULL;
335 }
336#ifdef CONFIG_VNC_SASL
337 if (client->sasl.conn && client->sasl.username) {
338 info->has_sasl_username = true;
339 info->sasl_username = g_strdup(client->sasl.username);
340 }
341#endif
342
343 return info;
344}
345
346static VncDisplay *vnc_display_find(const char *id)
347{
348 VncDisplay *vd;
349
350 if (id == NULL) {
351 return QTAILQ_FIRST(&vnc_displays);
352 }
353 QTAILQ_FOREACH(vd, &vnc_displays, next) {
354 if (strcmp(id, vd->id) == 0) {
355 return vd;
356 }
357 }
358 return NULL;
359}
360
361static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
362{
363 VncClientInfoList *cinfo, *prev = NULL;
364 VncState *client;
365
366 QTAILQ_FOREACH(client, &vd->clients, next) {
367 cinfo = g_new0(VncClientInfoList, 1);
368 cinfo->value = qmp_query_vnc_client(client);
369 cinfo->next = prev;
370 prev = cinfo;
371 }
372 return prev;
373}
374
375VncInfo *qmp_query_vnc(Error **errp)
376{
377 VncInfo *info = g_malloc0(sizeof(*info));
378 VncDisplay *vd = vnc_display_find(NULL);
379 SocketAddress *addr = NULL;
380
381 if (vd == NULL || !vd->nlsock) {
382 info->enabled = false;
383 } else {
384 info->enabled = true;
385
386
387 info->has_clients = true;
388 info->clients = qmp_query_client_list(vd);
389
390 if (vd->lsock == NULL) {
391 return info;
392 }
393
394 addr = qio_channel_socket_get_local_address(vd->lsock[0], errp);
395 if (!addr) {
396 goto out_error;
397 }
398
399 switch (addr->type) {
400 case SOCKET_ADDRESS_TYPE_INET:
401 info->host = g_strdup(addr->u.inet.host);
402 info->service = g_strdup(addr->u.inet.port);
403 if (addr->u.inet.ipv6) {
404 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
405 } else {
406 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
407 }
408 break;
409
410 case SOCKET_ADDRESS_TYPE_UNIX:
411 info->host = g_strdup("");
412 info->service = g_strdup(addr->u.q_unix.path);
413 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
414 break;
415
416 case SOCKET_ADDRESS_TYPE_VSOCK:
417 case SOCKET_ADDRESS_TYPE_FD:
418 error_setg(errp, "Unsupported socket address type %s",
419 SocketAddressType_lookup[addr->type]);
420 goto out_error;
421 default:
422 abort();
423 }
424
425 info->has_host = true;
426 info->has_service = true;
427 info->has_family = true;
428
429 info->has_auth = true;
430 info->auth = g_strdup(vnc_auth_name(vd));
431 }
432
433 qapi_free_SocketAddress(addr);
434 return info;
435
436out_error:
437 qapi_free_SocketAddress(addr);
438 qapi_free_VncInfo(info);
439 return NULL;
440}
441
442
443static void qmp_query_auth(int auth, int subauth,
444 VncPrimaryAuth *qmp_auth,
445 VncVencryptSubAuth *qmp_vencrypt,
446 bool *qmp_has_vencrypt);
447
448static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
449 bool websocket,
450 int auth,
451 int subauth,
452 VncServerInfo2List *prev)
453{
454 VncServerInfo2List *list;
455 VncServerInfo2 *info;
456 Error *err = NULL;
457 SocketAddress *addr;
458
459 addr = qio_channel_socket_get_local_address(ioc, &err);
460 if (!addr) {
461 error_free(err);
462 return prev;
463 }
464
465 info = g_new0(VncServerInfo2, 1);
466 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
467 qapi_free_SocketAddress(addr);
468 if (err) {
469 qapi_free_VncServerInfo2(info);
470 error_free(err);
471 return prev;
472 }
473 info->websocket = websocket;
474
475 qmp_query_auth(auth, subauth, &info->auth,
476 &info->vencrypt, &info->has_vencrypt);
477
478 list = g_new0(VncServerInfo2List, 1);
479 list->value = info;
480 list->next = prev;
481 return list;
482}
483
484static void qmp_query_auth(int auth, int subauth,
485 VncPrimaryAuth *qmp_auth,
486 VncVencryptSubAuth *qmp_vencrypt,
487 bool *qmp_has_vencrypt)
488{
489 switch (auth) {
490 case VNC_AUTH_VNC:
491 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
492 break;
493 case VNC_AUTH_RA2:
494 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
495 break;
496 case VNC_AUTH_RA2NE:
497 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
498 break;
499 case VNC_AUTH_TIGHT:
500 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
501 break;
502 case VNC_AUTH_ULTRA:
503 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
504 break;
505 case VNC_AUTH_TLS:
506 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
507 break;
508 case VNC_AUTH_VENCRYPT:
509 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
510 *qmp_has_vencrypt = true;
511 switch (subauth) {
512 case VNC_AUTH_VENCRYPT_PLAIN:
513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
514 break;
515 case VNC_AUTH_VENCRYPT_TLSNONE:
516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
517 break;
518 case VNC_AUTH_VENCRYPT_TLSVNC:
519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
520 break;
521 case VNC_AUTH_VENCRYPT_TLSPLAIN:
522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
523 break;
524 case VNC_AUTH_VENCRYPT_X509NONE:
525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
526 break;
527 case VNC_AUTH_VENCRYPT_X509VNC:
528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
529 break;
530 case VNC_AUTH_VENCRYPT_X509PLAIN:
531 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
532 break;
533 case VNC_AUTH_VENCRYPT_TLSSASL:
534 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
535 break;
536 case VNC_AUTH_VENCRYPT_X509SASL:
537 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
538 break;
539 default:
540 *qmp_has_vencrypt = false;
541 break;
542 }
543 break;
544 case VNC_AUTH_SASL:
545 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
546 break;
547 case VNC_AUTH_NONE:
548 default:
549 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
550 break;
551 }
552}
553
554VncInfo2List *qmp_query_vnc_servers(Error **errp)
555{
556 VncInfo2List *item, *prev = NULL;
557 VncInfo2 *info;
558 VncDisplay *vd;
559 DeviceState *dev;
560 size_t i;
561
562 QTAILQ_FOREACH(vd, &vnc_displays, next) {
563 info = g_new0(VncInfo2, 1);
564 info->id = g_strdup(vd->id);
565 info->clients = qmp_query_client_list(vd);
566 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
567 &info->vencrypt, &info->has_vencrypt);
568 if (vd->dcl.con) {
569 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
570 "device", NULL));
571 info->has_display = true;
572 info->display = g_strdup(dev->id);
573 }
574 for (i = 0; i < vd->nlsock; i++) {
575 info->server = qmp_query_server_entry(
576 vd->lsock[i], false, vd->auth, vd->subauth, info->server);
577 }
578 for (i = 0; i < vd->nlwebsock; i++) {
579 info->server = qmp_query_server_entry(
580 vd->lwebsock[i], true, vd->ws_auth,
581 vd->ws_subauth, info->server);
582 }
583
584 item = g_new0(VncInfo2List, 1);
585 item->value = info;
586 item->next = prev;
587 prev = item;
588 }
589 return prev;
590}
591
592
593
594
595
596
597
598
599static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
600static void vnc_disconnect_start(VncState *vs);
601
602static void vnc_colordepth(VncState *vs);
603static void framebuffer_update_request(VncState *vs, int incremental,
604 int x_position, int y_position,
605 int w, int h);
606static void vnc_refresh(DisplayChangeListener *dcl);
607static int vnc_refresh_server_surface(VncDisplay *vd);
608
609static int vnc_width(VncDisplay *vd)
610{
611 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
612 VNC_DIRTY_PIXELS_PER_BIT));
613}
614
615static int vnc_height(VncDisplay *vd)
616{
617 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
618}
619
620static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
621 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
622 VncDisplay *vd,
623 int x, int y, int w, int h)
624{
625 int width = vnc_width(vd);
626 int height = vnc_height(vd);
627
628
629
630 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
631 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
632
633 x = MIN(x, width);
634 y = MIN(y, height);
635 w = MIN(x + w, width) - x;
636 h = MIN(y + h, height);
637
638 for (; y < h; y++) {
639 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
640 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
641 }
642}
643
644static void vnc_dpy_update(DisplayChangeListener *dcl,
645 int x, int y, int w, int h)
646{
647 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
648 struct VncSurface *s = &vd->guest;
649
650 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
651}
652
653void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
654 int32_t encoding)
655{
656 vnc_write_u16(vs, x);
657 vnc_write_u16(vs, y);
658 vnc_write_u16(vs, w);
659 vnc_write_u16(vs, h);
660
661 vnc_write_s32(vs, encoding);
662}
663
664
665static void vnc_desktop_resize(VncState *vs)
666{
667 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
668 return;
669 }
670 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
671 vs->client_height == pixman_image_get_height(vs->vd->server)) {
672 return;
673 }
674 vs->client_width = pixman_image_get_width(vs->vd->server);
675 vs->client_height = pixman_image_get_height(vs->vd->server);
676 vnc_lock_output(vs);
677 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
678 vnc_write_u8(vs, 0);
679 vnc_write_u16(vs, 1);
680 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
681 VNC_ENCODING_DESKTOPRESIZE);
682 vnc_unlock_output(vs);
683 vnc_flush(vs);
684}
685
686static void vnc_abort_display_jobs(VncDisplay *vd)
687{
688 VncState *vs;
689
690 QTAILQ_FOREACH(vs, &vd->clients, next) {
691 vnc_lock_output(vs);
692 vs->abort = true;
693 vnc_unlock_output(vs);
694 }
695 QTAILQ_FOREACH(vs, &vd->clients, next) {
696 vnc_jobs_join(vs);
697 }
698 QTAILQ_FOREACH(vs, &vd->clients, next) {
699 vnc_lock_output(vs);
700 vs->abort = false;
701 vnc_unlock_output(vs);
702 }
703}
704
705int vnc_server_fb_stride(VncDisplay *vd)
706{
707 return pixman_image_get_stride(vd->server);
708}
709
710void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
711{
712 uint8_t *ptr;
713
714 ptr = (uint8_t *)pixman_image_get_data(vd->server);
715 ptr += y * vnc_server_fb_stride(vd);
716 ptr += x * VNC_SERVER_FB_BYTES;
717 return ptr;
718}
719
720static void vnc_update_server_surface(VncDisplay *vd)
721{
722 int width, height;
723
724 qemu_pixman_image_unref(vd->server);
725 vd->server = NULL;
726
727 if (QTAILQ_EMPTY(&vd->clients)) {
728 return;
729 }
730
731 width = vnc_width(vd);
732 height = vnc_height(vd);
733 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
734 width, height,
735 NULL, 0);
736
737 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
738 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
739 width, height);
740}
741
742static void vnc_dpy_switch(DisplayChangeListener *dcl,
743 DisplaySurface *surface)
744{
745 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
746 VncState *vs;
747
748 vnc_abort_display_jobs(vd);
749 vd->ds = surface;
750
751
752 vnc_update_server_surface(vd);
753
754
755 qemu_pixman_image_unref(vd->guest.fb);
756 vd->guest.fb = pixman_image_ref(surface->image);
757 vd->guest.format = surface->format;
758
759 QTAILQ_FOREACH(vs, &vd->clients, next) {
760 vnc_colordepth(vs);
761 vnc_desktop_resize(vs);
762 if (vs->vd->cursor) {
763 vnc_cursor_define(vs);
764 }
765 memset(vs->dirty, 0x00, sizeof(vs->dirty));
766 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
767 vnc_width(vd),
768 vnc_height(vd));
769 }
770}
771
772
773static void vnc_write_pixels_copy(VncState *vs,
774 void *pixels, int size)
775{
776 vnc_write(vs, pixels, size);
777}
778
779
780void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
781{
782 uint8_t r, g, b;
783
784#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
785 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
786 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
787 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
788#else
789# error need some bits here if you change VNC_SERVER_FB_FORMAT
790#endif
791 v = (r << vs->client_pf.rshift) |
792 (g << vs->client_pf.gshift) |
793 (b << vs->client_pf.bshift);
794 switch (vs->client_pf.bytes_per_pixel) {
795 case 1:
796 buf[0] = v;
797 break;
798 case 2:
799 if (vs->client_be) {
800 buf[0] = v >> 8;
801 buf[1] = v;
802 } else {
803 buf[1] = v >> 8;
804 buf[0] = v;
805 }
806 break;
807 default:
808 case 4:
809 if (vs->client_be) {
810 buf[0] = v >> 24;
811 buf[1] = v >> 16;
812 buf[2] = v >> 8;
813 buf[3] = v;
814 } else {
815 buf[3] = v >> 24;
816 buf[2] = v >> 16;
817 buf[1] = v >> 8;
818 buf[0] = v;
819 }
820 break;
821 }
822}
823
824static void vnc_write_pixels_generic(VncState *vs,
825 void *pixels1, int size)
826{
827 uint8_t buf[4];
828
829 if (VNC_SERVER_FB_BYTES == 4) {
830 uint32_t *pixels = pixels1;
831 int n, i;
832 n = size >> 2;
833 for (i = 0; i < n; i++) {
834 vnc_convert_pixel(vs, buf, pixels[i]);
835 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
836 }
837 }
838}
839
840int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
841{
842 int i;
843 uint8_t *row;
844 VncDisplay *vd = vs->vd;
845
846 row = vnc_server_fb_ptr(vd, x, y);
847 for (i = 0; i < h; i++) {
848 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
849 row += vnc_server_fb_stride(vd);
850 }
851 return 1;
852}
853
854int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
855{
856 int n = 0;
857 bool encode_raw = false;
858 size_t saved_offs = vs->output.offset;
859
860 switch(vs->vnc_encoding) {
861 case VNC_ENCODING_ZLIB:
862 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
863 break;
864 case VNC_ENCODING_HEXTILE:
865 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
866 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
867 break;
868 case VNC_ENCODING_TIGHT:
869 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
870 break;
871 case VNC_ENCODING_TIGHT_PNG:
872 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
873 break;
874 case VNC_ENCODING_ZRLE:
875 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
876 break;
877 case VNC_ENCODING_ZYWRLE:
878 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
879 break;
880 default:
881 encode_raw = true;
882 break;
883 }
884
885
886
887
888 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
889 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
890 vs->output.offset = saved_offs;
891 encode_raw = true;
892 }
893
894 if (encode_raw) {
895 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
896 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
897 }
898
899 return n;
900}
901
902static void vnc_mouse_set(DisplayChangeListener *dcl,
903 int x, int y, int visible)
904{
905
906}
907
908static int vnc_cursor_define(VncState *vs)
909{
910 QEMUCursor *c = vs->vd->cursor;
911 int isize;
912
913 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
914 vnc_lock_output(vs);
915 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
916 vnc_write_u8(vs, 0);
917 vnc_write_u16(vs, 1);
918 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
919 VNC_ENCODING_RICH_CURSOR);
920 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
921 vnc_write_pixels_generic(vs, c->data, isize);
922 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
923 vnc_unlock_output(vs);
924 return 0;
925 }
926 return -1;
927}
928
929static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
930 QEMUCursor *c)
931{
932 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
933 VncState *vs;
934
935 cursor_put(vd->cursor);
936 g_free(vd->cursor_mask);
937
938 vd->cursor = c;
939 cursor_get(vd->cursor);
940 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
941 vd->cursor_mask = g_malloc0(vd->cursor_msize);
942 cursor_get_mono_mask(c, 0, vd->cursor_mask);
943
944 QTAILQ_FOREACH(vs, &vd->clients, next) {
945 vnc_cursor_define(vs);
946 }
947}
948
949static int find_and_clear_dirty_height(VncState *vs,
950 int y, int last_x, int x, int height)
951{
952 int h;
953
954 for (h = 1; h < (height - y); h++) {
955 if (!test_bit(last_x, vs->dirty[y + h])) {
956 break;
957 }
958 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
959 }
960
961 return h;
962}
963
964static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
965{
966 if (vs->disconnecting) {
967 vnc_disconnect_finish(vs);
968 return 0;
969 }
970
971 vs->has_dirty += has_dirty;
972 if (vs->need_update && !vs->disconnecting) {
973 VncDisplay *vd = vs->vd;
974 VncJob *job;
975 int y;
976 int height, width;
977 int n = 0;
978
979 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
980
981 return 0;
982
983 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
984 return 0;
985
986
987
988
989
990
991
992 job = vnc_job_new(vs);
993
994 height = pixman_image_get_height(vd->server);
995 width = pixman_image_get_width(vd->server);
996
997 y = 0;
998 for (;;) {
999 int x, h;
1000 unsigned long x2;
1001 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1002 height * VNC_DIRTY_BPL(vs),
1003 y * VNC_DIRTY_BPL(vs));
1004 if (offset == height * VNC_DIRTY_BPL(vs)) {
1005
1006 break;
1007 }
1008 y = offset / VNC_DIRTY_BPL(vs);
1009 x = offset % VNC_DIRTY_BPL(vs);
1010 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1011 VNC_DIRTY_BPL(vs), x);
1012 bitmap_clear(vs->dirty[y], x, x2 - x);
1013 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1014 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1015 if (x2 > x) {
1016 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1017 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1018 }
1019 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1020 y += h;
1021 if (y == height) {
1022 break;
1023 }
1024 }
1025 }
1026
1027 vnc_job_push(job);
1028 if (sync) {
1029 vnc_jobs_join(vs);
1030 }
1031 vs->force_update = 0;
1032 vs->has_dirty = 0;
1033 return n;
1034 }
1035
1036 if (vs->disconnecting) {
1037 vnc_disconnect_finish(vs);
1038 } else if (sync) {
1039 vnc_jobs_join(vs);
1040 }
1041
1042 return 0;
1043}
1044
1045
1046static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1047{
1048 VncState *vs = opaque;
1049
1050 switch (cmd) {
1051 case AUD_CNOTIFY_DISABLE:
1052 vnc_lock_output(vs);
1053 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1054 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1055 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1056 vnc_unlock_output(vs);
1057 vnc_flush(vs);
1058 break;
1059
1060 case AUD_CNOTIFY_ENABLE:
1061 vnc_lock_output(vs);
1062 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1063 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1064 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1065 vnc_unlock_output(vs);
1066 vnc_flush(vs);
1067 break;
1068 }
1069}
1070
1071static void audio_capture_destroy(void *opaque)
1072{
1073}
1074
1075static void audio_capture(void *opaque, void *buf, int size)
1076{
1077 VncState *vs = opaque;
1078
1079 vnc_lock_output(vs);
1080 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1081 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1082 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1083 vnc_write_u32(vs, size);
1084 vnc_write(vs, buf, size);
1085 vnc_unlock_output(vs);
1086 vnc_flush(vs);
1087}
1088
1089static void audio_add(VncState *vs)
1090{
1091 struct audio_capture_ops ops;
1092
1093 if (vs->audio_cap) {
1094 error_report("audio already running");
1095 return;
1096 }
1097
1098 ops.notify = audio_capture_notify;
1099 ops.destroy = audio_capture_destroy;
1100 ops.capture = audio_capture;
1101
1102 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1103 if (!vs->audio_cap) {
1104 error_report("Failed to add audio capture");
1105 }
1106}
1107
1108static void audio_del(VncState *vs)
1109{
1110 if (vs->audio_cap) {
1111 AUD_del_capture(vs->audio_cap, vs);
1112 vs->audio_cap = NULL;
1113 }
1114}
1115
1116static void vnc_disconnect_start(VncState *vs)
1117{
1118 if (vs->disconnecting) {
1119 return;
1120 }
1121 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1122 if (vs->ioc_tag) {
1123 g_source_remove(vs->ioc_tag);
1124 }
1125 qio_channel_close(vs->ioc, NULL);
1126 vs->disconnecting = TRUE;
1127}
1128
1129void vnc_disconnect_finish(VncState *vs)
1130{
1131 int i;
1132
1133 vnc_jobs_join(vs);
1134
1135 vnc_lock_output(vs);
1136 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1137
1138 buffer_free(&vs->input);
1139 buffer_free(&vs->output);
1140
1141 qapi_free_VncClientInfo(vs->info);
1142
1143 vnc_zlib_clear(vs);
1144 vnc_tight_clear(vs);
1145 vnc_zrle_clear(vs);
1146
1147#ifdef CONFIG_VNC_SASL
1148 vnc_sasl_client_cleanup(vs);
1149#endif
1150 audio_del(vs);
1151 vnc_release_modifiers(vs);
1152
1153 if (vs->mouse_mode_notifier.notify != NULL) {
1154 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1155 }
1156 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1157 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1158
1159 vnc_update_server_surface(vs->vd);
1160 }
1161
1162 vnc_unlock_output(vs);
1163
1164 qemu_mutex_destroy(&vs->output_mutex);
1165 if (vs->bh != NULL) {
1166 qemu_bh_delete(vs->bh);
1167 }
1168 buffer_free(&vs->jobs_buffer);
1169
1170 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1171 g_free(vs->lossy_rect[i]);
1172 }
1173 g_free(vs->lossy_rect);
1174
1175 object_unref(OBJECT(vs->ioc));
1176 vs->ioc = NULL;
1177 object_unref(OBJECT(vs->sioc));
1178 vs->sioc = NULL;
1179 g_free(vs);
1180}
1181
1182ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1183{
1184 if (ret <= 0) {
1185 if (ret == 0) {
1186 VNC_DEBUG("Closing down client sock: EOF\n");
1187 vnc_disconnect_start(vs);
1188 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1189 VNC_DEBUG("Closing down client sock: ret %zd (%s)\n",
1190 ret, errp ? error_get_pretty(*errp) : "Unknown");
1191 vnc_disconnect_start(vs);
1192 }
1193
1194 if (errp) {
1195 error_free(*errp);
1196 *errp = NULL;
1197 }
1198 return 0;
1199 }
1200 return ret;
1201}
1202
1203
1204void vnc_client_error(VncState *vs)
1205{
1206 VNC_DEBUG("Closing down client sock: protocol error\n");
1207 vnc_disconnect_start(vs);
1208}
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1227{
1228 Error *err = NULL;
1229 ssize_t ret;
1230 ret = qio_channel_write(
1231 vs->ioc, (const char *)data, datalen, &err);
1232 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1233 return vnc_client_io_error(vs, ret, &err);
1234}
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247static ssize_t vnc_client_write_plain(VncState *vs)
1248{
1249 ssize_t ret;
1250
1251#ifdef CONFIG_VNC_SASL
1252 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1253 vs->output.buffer, vs->output.capacity, vs->output.offset,
1254 vs->sasl.waitWriteSSF);
1255
1256 if (vs->sasl.conn &&
1257 vs->sasl.runSSF &&
1258 vs->sasl.waitWriteSSF) {
1259 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1260 if (ret)
1261 vs->sasl.waitWriteSSF -= ret;
1262 } else
1263#endif
1264 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1265 if (!ret)
1266 return 0;
1267
1268 buffer_advance(&vs->output, ret);
1269
1270 if (vs->output.offset == 0) {
1271 if (vs->ioc_tag) {
1272 g_source_remove(vs->ioc_tag);
1273 }
1274 vs->ioc_tag = qio_channel_add_watch(
1275 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1276 }
1277
1278 return ret;
1279}
1280
1281
1282
1283
1284
1285
1286
1287static void vnc_client_write_locked(VncState *vs)
1288{
1289#ifdef CONFIG_VNC_SASL
1290 if (vs->sasl.conn &&
1291 vs->sasl.runSSF &&
1292 !vs->sasl.waitWriteSSF) {
1293 vnc_client_write_sasl(vs);
1294 } else
1295#endif
1296 {
1297 vnc_client_write_plain(vs);
1298 }
1299}
1300
1301static void vnc_client_write(VncState *vs)
1302{
1303
1304 vnc_lock_output(vs);
1305 if (vs->output.offset) {
1306 vnc_client_write_locked(vs);
1307 } else if (vs->ioc != NULL) {
1308 if (vs->ioc_tag) {
1309 g_source_remove(vs->ioc_tag);
1310 }
1311 vs->ioc_tag = qio_channel_add_watch(
1312 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1313 }
1314 vnc_unlock_output(vs);
1315}
1316
1317void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1318{
1319 vs->read_handler = func;
1320 vs->read_handler_expect = expecting;
1321}
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1340{
1341 ssize_t ret;
1342 Error *err = NULL;
1343 ret = qio_channel_read(
1344 vs->ioc, (char *)data, datalen, &err);
1345 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1346 return vnc_client_io_error(vs, ret, &err);
1347}
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358static ssize_t vnc_client_read_plain(VncState *vs)
1359{
1360 ssize_t ret;
1361 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1362 vs->input.buffer, vs->input.capacity, vs->input.offset);
1363 buffer_reserve(&vs->input, 4096);
1364 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1365 if (!ret)
1366 return 0;
1367 vs->input.offset += ret;
1368 return ret;
1369}
1370
1371static void vnc_jobs_bh(void *opaque)
1372{
1373 VncState *vs = opaque;
1374
1375 vnc_jobs_consume_buffer(vs);
1376}
1377
1378
1379
1380
1381
1382
1383
1384static int vnc_client_read(VncState *vs)
1385{
1386 ssize_t ret;
1387
1388#ifdef CONFIG_VNC_SASL
1389 if (vs->sasl.conn && vs->sasl.runSSF)
1390 ret = vnc_client_read_sasl(vs);
1391 else
1392#endif
1393 ret = vnc_client_read_plain(vs);
1394 if (!ret) {
1395 if (vs->disconnecting) {
1396 vnc_disconnect_finish(vs);
1397 return -1;
1398 }
1399 return 0;
1400 }
1401
1402 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1403 size_t len = vs->read_handler_expect;
1404 int ret;
1405
1406 ret = vs->read_handler(vs, vs->input.buffer, len);
1407 if (vs->disconnecting) {
1408 vnc_disconnect_finish(vs);
1409 return -1;
1410 }
1411
1412 if (!ret) {
1413 buffer_advance(&vs->input, len);
1414 } else {
1415 vs->read_handler_expect = ret;
1416 }
1417 }
1418 return 0;
1419}
1420
1421gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1422 GIOCondition condition, void *opaque)
1423{
1424 VncState *vs = opaque;
1425 if (condition & G_IO_IN) {
1426 if (vnc_client_read(vs) < 0) {
1427 return TRUE;
1428 }
1429 }
1430 if (condition & G_IO_OUT) {
1431 vnc_client_write(vs);
1432 }
1433 return TRUE;
1434}
1435
1436
1437void vnc_write(VncState *vs, const void *data, size_t len)
1438{
1439 buffer_reserve(&vs->output, len);
1440
1441 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1442 if (vs->ioc_tag) {
1443 g_source_remove(vs->ioc_tag);
1444 }
1445 vs->ioc_tag = qio_channel_add_watch(
1446 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1447 }
1448
1449 buffer_append(&vs->output, data, len);
1450}
1451
1452void vnc_write_s32(VncState *vs, int32_t value)
1453{
1454 vnc_write_u32(vs, *(uint32_t *)&value);
1455}
1456
1457void vnc_write_u32(VncState *vs, uint32_t value)
1458{
1459 uint8_t buf[4];
1460
1461 buf[0] = (value >> 24) & 0xFF;
1462 buf[1] = (value >> 16) & 0xFF;
1463 buf[2] = (value >> 8) & 0xFF;
1464 buf[3] = value & 0xFF;
1465
1466 vnc_write(vs, buf, 4);
1467}
1468
1469void vnc_write_u16(VncState *vs, uint16_t value)
1470{
1471 uint8_t buf[2];
1472
1473 buf[0] = (value >> 8) & 0xFF;
1474 buf[1] = value & 0xFF;
1475
1476 vnc_write(vs, buf, 2);
1477}
1478
1479void vnc_write_u8(VncState *vs, uint8_t value)
1480{
1481 vnc_write(vs, (char *)&value, 1);
1482}
1483
1484void vnc_flush(VncState *vs)
1485{
1486 vnc_lock_output(vs);
1487 if (vs->ioc != NULL && vs->output.offset) {
1488 vnc_client_write_locked(vs);
1489 }
1490 vnc_unlock_output(vs);
1491}
1492
1493static uint8_t read_u8(uint8_t *data, size_t offset)
1494{
1495 return data[offset];
1496}
1497
1498static uint16_t read_u16(uint8_t *data, size_t offset)
1499{
1500 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1501}
1502
1503static int32_t read_s32(uint8_t *data, size_t offset)
1504{
1505 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1506 (data[offset + 2] << 8) | data[offset + 3]);
1507}
1508
1509uint32_t read_u32(uint8_t *data, size_t offset)
1510{
1511 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1512 (data[offset + 2] << 8) | data[offset + 3]);
1513}
1514
1515static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1516{
1517}
1518
1519static void check_pointer_type_change(Notifier *notifier, void *data)
1520{
1521 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1522 int absolute = qemu_input_is_absolute();
1523
1524 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1525 vnc_lock_output(vs);
1526 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1527 vnc_write_u8(vs, 0);
1528 vnc_write_u16(vs, 1);
1529 vnc_framebuffer_update(vs, absolute, 0,
1530 pixman_image_get_width(vs->vd->server),
1531 pixman_image_get_height(vs->vd->server),
1532 VNC_ENCODING_POINTER_TYPE_CHANGE);
1533 vnc_unlock_output(vs);
1534 vnc_flush(vs);
1535 }
1536 vs->absolute = absolute;
1537}
1538
1539static void pointer_event(VncState *vs, int button_mask, int x, int y)
1540{
1541 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1542 [INPUT_BUTTON_LEFT] = 0x01,
1543 [INPUT_BUTTON_MIDDLE] = 0x02,
1544 [INPUT_BUTTON_RIGHT] = 0x04,
1545 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1546 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1547 };
1548 QemuConsole *con = vs->vd->dcl.con;
1549 int width = pixman_image_get_width(vs->vd->server);
1550 int height = pixman_image_get_height(vs->vd->server);
1551
1552 if (vs->last_bmask != button_mask) {
1553 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1554 vs->last_bmask = button_mask;
1555 }
1556
1557 if (vs->absolute) {
1558 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1559 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1560 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1561 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1562 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1563 } else {
1564 if (vs->last_x != -1) {
1565 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1566 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1567 }
1568 vs->last_x = x;
1569 vs->last_y = y;
1570 }
1571 qemu_input_event_sync();
1572}
1573
1574static void reset_keys(VncState *vs)
1575{
1576 int i;
1577 for(i = 0; i < 256; i++) {
1578 if (vs->modifiers_state[i]) {
1579 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1580 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1581 vs->modifiers_state[i] = 0;
1582 }
1583 }
1584}
1585
1586static void press_key(VncState *vs, int keysym)
1587{
1588 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1589 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1590 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1591 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1592 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1593}
1594
1595static void vnc_led_state_change(VncState *vs)
1596{
1597 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1598 return;
1599 }
1600
1601 vnc_lock_output(vs);
1602 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1603 vnc_write_u8(vs, 0);
1604 vnc_write_u16(vs, 1);
1605 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1606 vnc_write_u8(vs, vs->vd->ledstate);
1607 vnc_unlock_output(vs);
1608 vnc_flush(vs);
1609}
1610
1611static void kbd_leds(void *opaque, int ledstate)
1612{
1613 VncDisplay *vd = opaque;
1614 VncState *client;
1615
1616 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1617 (ledstate & QEMU_NUM_LOCK_LED),
1618 (ledstate & QEMU_SCROLL_LOCK_LED));
1619
1620 if (ledstate == vd->ledstate) {
1621 return;
1622 }
1623
1624 vd->ledstate = ledstate;
1625
1626 QTAILQ_FOREACH(client, &vd->clients, next) {
1627 vnc_led_state_change(client);
1628 }
1629}
1630
1631static void do_key_event(VncState *vs, int down, int keycode, int sym)
1632{
1633
1634 switch(keycode) {
1635 case 0x2a:
1636 case 0x36:
1637 case 0x1d:
1638 case 0x9d:
1639 case 0x38:
1640 case 0xb8:
1641 if (down)
1642 vs->modifiers_state[keycode] = 1;
1643 else
1644 vs->modifiers_state[keycode] = 0;
1645 break;
1646 case 0x02 ... 0x0a:
1647 if (vs->vd->dcl.con == NULL &&
1648 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1649
1650 reset_keys(vs);
1651 console_select(keycode - 0x02);
1652 return;
1653 }
1654 break;
1655 case 0x3a:
1656 case 0x45:
1657 if (down)
1658 vs->modifiers_state[keycode] ^= 1;
1659 break;
1660 }
1661
1662
1663
1664
1665 if (down && vs->vd->lock_key_sync &&
1666 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1667 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1668
1669
1670
1671
1672 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1673 if (!vs->modifiers_state[0x45]) {
1674 trace_vnc_key_sync_numlock(true);
1675 vs->modifiers_state[0x45] = 1;
1676 press_key(vs, 0xff7f);
1677 }
1678 } else {
1679 if (vs->modifiers_state[0x45]) {
1680 trace_vnc_key_sync_numlock(false);
1681 vs->modifiers_state[0x45] = 0;
1682 press_key(vs, 0xff7f);
1683 }
1684 }
1685 }
1686
1687 if (down && vs->vd->lock_key_sync &&
1688 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1689 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1690
1691
1692
1693
1694 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1695 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1696 int capslock = !!(vs->modifiers_state[0x3a]);
1697 if (capslock) {
1698 if (uppercase == shift) {
1699 trace_vnc_key_sync_capslock(false);
1700 vs->modifiers_state[0x3a] = 0;
1701 press_key(vs, 0xffe5);
1702 }
1703 } else {
1704 if (uppercase != shift) {
1705 trace_vnc_key_sync_capslock(true);
1706 vs->modifiers_state[0x3a] = 1;
1707 press_key(vs, 0xffe5);
1708 }
1709 }
1710 }
1711
1712 if (qemu_console_is_graphic(NULL)) {
1713 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1714 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1715 } else {
1716 bool numlock = vs->modifiers_state[0x45];
1717 bool control = (vs->modifiers_state[0x1d] ||
1718 vs->modifiers_state[0x9d]);
1719
1720 if (down) {
1721 switch (keycode) {
1722 case 0x2a:
1723 case 0x36:
1724 case 0x1d:
1725 case 0x9d:
1726 case 0x38:
1727 case 0xb8:
1728 break;
1729 case 0xc8:
1730 kbd_put_keysym(QEMU_KEY_UP);
1731 break;
1732 case 0xd0:
1733 kbd_put_keysym(QEMU_KEY_DOWN);
1734 break;
1735 case 0xcb:
1736 kbd_put_keysym(QEMU_KEY_LEFT);
1737 break;
1738 case 0xcd:
1739 kbd_put_keysym(QEMU_KEY_RIGHT);
1740 break;
1741 case 0xd3:
1742 kbd_put_keysym(QEMU_KEY_DELETE);
1743 break;
1744 case 0xc7:
1745 kbd_put_keysym(QEMU_KEY_HOME);
1746 break;
1747 case 0xcf:
1748 kbd_put_keysym(QEMU_KEY_END);
1749 break;
1750 case 0xc9:
1751 kbd_put_keysym(QEMU_KEY_PAGEUP);
1752 break;
1753 case 0xd1:
1754 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1755 break;
1756
1757 case 0x47:
1758 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1759 break;
1760 case 0x48:
1761 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1762 break;
1763 case 0x49:
1764 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1765 break;
1766 case 0x4b:
1767 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1768 break;
1769 case 0x4c:
1770 kbd_put_keysym('5');
1771 break;
1772 case 0x4d:
1773 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1774 break;
1775 case 0x4f:
1776 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1777 break;
1778 case 0x50:
1779 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1780 break;
1781 case 0x51:
1782 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1783 break;
1784 case 0x52:
1785 kbd_put_keysym('0');
1786 break;
1787 case 0x53:
1788 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1789 break;
1790
1791 case 0xb5:
1792 kbd_put_keysym('/');
1793 break;
1794 case 0x37:
1795 kbd_put_keysym('*');
1796 break;
1797 case 0x4a:
1798 kbd_put_keysym('-');
1799 break;
1800 case 0x4e:
1801 kbd_put_keysym('+');
1802 break;
1803 case 0x9c:
1804 kbd_put_keysym('\n');
1805 break;
1806
1807 default:
1808 if (control) {
1809 kbd_put_keysym(sym & 0x1f);
1810 } else {
1811 kbd_put_keysym(sym);
1812 }
1813 break;
1814 }
1815 }
1816 }
1817}
1818
1819static void vnc_release_modifiers(VncState *vs)
1820{
1821 static const int keycodes[] = {
1822
1823 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1824 };
1825 int i, keycode;
1826
1827 if (!qemu_console_is_graphic(NULL)) {
1828 return;
1829 }
1830 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1831 keycode = keycodes[i];
1832 if (!vs->modifiers_state[keycode]) {
1833 continue;
1834 }
1835 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1836 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1837 }
1838}
1839
1840static const char *code2name(int keycode)
1841{
1842 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
1843}
1844
1845static void key_event(VncState *vs, int down, uint32_t sym)
1846{
1847 int keycode;
1848 int lsym = sym;
1849
1850 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1851 lsym = lsym - 'A' + 'a';
1852 }
1853
1854 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1855 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1856 do_key_event(vs, down, keycode, sym);
1857}
1858
1859static void ext_key_event(VncState *vs, int down,
1860 uint32_t sym, uint16_t keycode)
1861{
1862
1863 if (keyboard_layout) {
1864 key_event(vs, down, sym);
1865 } else {
1866 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1867 do_key_event(vs, down, keycode, sym);
1868 }
1869}
1870
1871static void framebuffer_update_request(VncState *vs, int incremental,
1872 int x, int y, int w, int h)
1873{
1874 vs->need_update = 1;
1875
1876 if (incremental) {
1877 return;
1878 }
1879
1880 vs->force_update = 1;
1881 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1882}
1883
1884static void send_ext_key_event_ack(VncState *vs)
1885{
1886 vnc_lock_output(vs);
1887 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1888 vnc_write_u8(vs, 0);
1889 vnc_write_u16(vs, 1);
1890 vnc_framebuffer_update(vs, 0, 0,
1891 pixman_image_get_width(vs->vd->server),
1892 pixman_image_get_height(vs->vd->server),
1893 VNC_ENCODING_EXT_KEY_EVENT);
1894 vnc_unlock_output(vs);
1895 vnc_flush(vs);
1896}
1897
1898static void send_ext_audio_ack(VncState *vs)
1899{
1900 vnc_lock_output(vs);
1901 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1902 vnc_write_u8(vs, 0);
1903 vnc_write_u16(vs, 1);
1904 vnc_framebuffer_update(vs, 0, 0,
1905 pixman_image_get_width(vs->vd->server),
1906 pixman_image_get_height(vs->vd->server),
1907 VNC_ENCODING_AUDIO);
1908 vnc_unlock_output(vs);
1909 vnc_flush(vs);
1910}
1911
1912static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1913{
1914 int i;
1915 unsigned int enc = 0;
1916
1917 vs->features = 0;
1918 vs->vnc_encoding = 0;
1919 vs->tight.compression = 9;
1920 vs->tight.quality = -1;
1921 vs->absolute = -1;
1922
1923
1924
1925
1926
1927
1928 for (i = n_encodings - 1; i >= 0; i--) {
1929 enc = encodings[i];
1930 switch (enc) {
1931 case VNC_ENCODING_RAW:
1932 vs->vnc_encoding = enc;
1933 break;
1934 case VNC_ENCODING_COPYRECT:
1935 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1936 break;
1937 case VNC_ENCODING_HEXTILE:
1938 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1939 vs->vnc_encoding = enc;
1940 break;
1941 case VNC_ENCODING_TIGHT:
1942 vs->features |= VNC_FEATURE_TIGHT_MASK;
1943 vs->vnc_encoding = enc;
1944 break;
1945#ifdef CONFIG_VNC_PNG
1946 case VNC_ENCODING_TIGHT_PNG:
1947 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1948 vs->vnc_encoding = enc;
1949 break;
1950#endif
1951 case VNC_ENCODING_ZLIB:
1952 vs->features |= VNC_FEATURE_ZLIB_MASK;
1953 vs->vnc_encoding = enc;
1954 break;
1955 case VNC_ENCODING_ZRLE:
1956 vs->features |= VNC_FEATURE_ZRLE_MASK;
1957 vs->vnc_encoding = enc;
1958 break;
1959 case VNC_ENCODING_ZYWRLE:
1960 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1961 vs->vnc_encoding = enc;
1962 break;
1963 case VNC_ENCODING_DESKTOPRESIZE:
1964 vs->features |= VNC_FEATURE_RESIZE_MASK;
1965 break;
1966 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1967 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1968 break;
1969 case VNC_ENCODING_RICH_CURSOR:
1970 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1971 if (vs->vd->cursor) {
1972 vnc_cursor_define(vs);
1973 }
1974 break;
1975 case VNC_ENCODING_EXT_KEY_EVENT:
1976 send_ext_key_event_ack(vs);
1977 break;
1978 case VNC_ENCODING_AUDIO:
1979 send_ext_audio_ack(vs);
1980 break;
1981 case VNC_ENCODING_WMVi:
1982 vs->features |= VNC_FEATURE_WMVI_MASK;
1983 break;
1984 case VNC_ENCODING_LED_STATE:
1985 vs->features |= VNC_FEATURE_LED_STATE_MASK;
1986 break;
1987 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1988 vs->tight.compression = (enc & 0x0F);
1989 break;
1990 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1991 if (vs->vd->lossy) {
1992 vs->tight.quality = (enc & 0x0F);
1993 }
1994 break;
1995 default:
1996 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1997 break;
1998 }
1999 }
2000 vnc_desktop_resize(vs);
2001 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2002 vnc_led_state_change(vs);
2003}
2004
2005static void set_pixel_conversion(VncState *vs)
2006{
2007 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2008
2009 if (fmt == VNC_SERVER_FB_FORMAT) {
2010 vs->write_pixels = vnc_write_pixels_copy;
2011 vnc_hextile_set_pixel_conversion(vs, 0);
2012 } else {
2013 vs->write_pixels = vnc_write_pixels_generic;
2014 vnc_hextile_set_pixel_conversion(vs, 1);
2015 }
2016}
2017
2018static void send_color_map(VncState *vs)
2019{
2020 int i;
2021
2022 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2023 vnc_write_u8(vs, 0);
2024 vnc_write_u16(vs, 0);
2025 vnc_write_u16(vs, 256);
2026
2027 for (i = 0; i < 256; i++) {
2028 PixelFormat *pf = &vs->client_pf;
2029
2030 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2031 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2032 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2033 }
2034}
2035
2036static void set_pixel_format(VncState *vs, int bits_per_pixel,
2037 int big_endian_flag, int true_color_flag,
2038 int red_max, int green_max, int blue_max,
2039 int red_shift, int green_shift, int blue_shift)
2040{
2041 if (!true_color_flag) {
2042
2043 bits_per_pixel = 8;
2044 red_max = 7;
2045 green_max = 7;
2046 blue_max = 3;
2047 red_shift = 0;
2048 green_shift = 3;
2049 blue_shift = 6;
2050 }
2051
2052 switch (bits_per_pixel) {
2053 case 8:
2054 case 16:
2055 case 32:
2056 break;
2057 default:
2058 vnc_client_error(vs);
2059 return;
2060 }
2061
2062 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2063 vs->client_pf.rbits = ctpopl(red_max);
2064 vs->client_pf.rshift = red_shift;
2065 vs->client_pf.rmask = red_max << red_shift;
2066 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2067 vs->client_pf.gbits = ctpopl(green_max);
2068 vs->client_pf.gshift = green_shift;
2069 vs->client_pf.gmask = green_max << green_shift;
2070 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2071 vs->client_pf.bbits = ctpopl(blue_max);
2072 vs->client_pf.bshift = blue_shift;
2073 vs->client_pf.bmask = blue_max << blue_shift;
2074 vs->client_pf.bits_per_pixel = bits_per_pixel;
2075 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2076 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2077 vs->client_be = big_endian_flag;
2078
2079 if (!true_color_flag) {
2080 send_color_map(vs);
2081 }
2082
2083 set_pixel_conversion(vs);
2084
2085 graphic_hw_invalidate(vs->vd->dcl.con);
2086 graphic_hw_update(vs->vd->dcl.con);
2087}
2088
2089static void pixel_format_message (VncState *vs) {
2090 char pad[3] = { 0, 0, 0 };
2091
2092 vs->client_pf = qemu_default_pixelformat(32);
2093
2094 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
2095 vnc_write_u8(vs, vs->client_pf.depth);
2096
2097#ifdef HOST_WORDS_BIGENDIAN
2098 vnc_write_u8(vs, 1);
2099#else
2100 vnc_write_u8(vs, 0);
2101#endif
2102 vnc_write_u8(vs, 1);
2103 vnc_write_u16(vs, vs->client_pf.rmax);
2104 vnc_write_u16(vs, vs->client_pf.gmax);
2105 vnc_write_u16(vs, vs->client_pf.bmax);
2106 vnc_write_u8(vs, vs->client_pf.rshift);
2107 vnc_write_u8(vs, vs->client_pf.gshift);
2108 vnc_write_u8(vs, vs->client_pf.bshift);
2109 vnc_write(vs, pad, 3);
2110
2111 vnc_hextile_set_pixel_conversion(vs, 0);
2112 vs->write_pixels = vnc_write_pixels_copy;
2113}
2114
2115static void vnc_colordepth(VncState *vs)
2116{
2117 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2118
2119 vnc_lock_output(vs);
2120 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2121 vnc_write_u8(vs, 0);
2122 vnc_write_u16(vs, 1);
2123 vnc_framebuffer_update(vs, 0, 0,
2124 pixman_image_get_width(vs->vd->server),
2125 pixman_image_get_height(vs->vd->server),
2126 VNC_ENCODING_WMVi);
2127 pixel_format_message(vs);
2128 vnc_unlock_output(vs);
2129 vnc_flush(vs);
2130 } else {
2131 set_pixel_conversion(vs);
2132 }
2133}
2134
2135static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2136{
2137 int i;
2138 uint16_t limit;
2139 VncDisplay *vd = vs->vd;
2140
2141 if (data[0] > 3) {
2142 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2143 }
2144
2145 switch (data[0]) {
2146 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2147 if (len == 1)
2148 return 20;
2149
2150 set_pixel_format(vs, read_u8(data, 4),
2151 read_u8(data, 6), read_u8(data, 7),
2152 read_u16(data, 8), read_u16(data, 10),
2153 read_u16(data, 12), read_u8(data, 14),
2154 read_u8(data, 15), read_u8(data, 16));
2155 break;
2156 case VNC_MSG_CLIENT_SET_ENCODINGS:
2157 if (len == 1)
2158 return 4;
2159
2160 if (len == 4) {
2161 limit = read_u16(data, 2);
2162 if (limit > 0)
2163 return 4 + (limit * 4);
2164 } else
2165 limit = read_u16(data, 2);
2166
2167 for (i = 0; i < limit; i++) {
2168 int32_t val = read_s32(data, 4 + (i * 4));
2169 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2170 }
2171
2172 set_encodings(vs, (int32_t *)(data + 4), limit);
2173 break;
2174 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2175 if (len == 1)
2176 return 10;
2177
2178 framebuffer_update_request(vs,
2179 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2180 read_u16(data, 6), read_u16(data, 8));
2181 break;
2182 case VNC_MSG_CLIENT_KEY_EVENT:
2183 if (len == 1)
2184 return 8;
2185
2186 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2187 break;
2188 case VNC_MSG_CLIENT_POINTER_EVENT:
2189 if (len == 1)
2190 return 6;
2191
2192 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2193 break;
2194 case VNC_MSG_CLIENT_CUT_TEXT:
2195 if (len == 1) {
2196 return 8;
2197 }
2198 if (len == 8) {
2199 uint32_t dlen = read_u32(data, 4);
2200 if (dlen > (1 << 20)) {
2201 error_report("vnc: client_cut_text msg payload has %u bytes"
2202 " which exceeds our limit of 1MB.", dlen);
2203 vnc_client_error(vs);
2204 break;
2205 }
2206 if (dlen > 0) {
2207 return 8 + dlen;
2208 }
2209 }
2210
2211 client_cut_text(vs, read_u32(data, 4), data + 8);
2212 break;
2213 case VNC_MSG_CLIENT_QEMU:
2214 if (len == 1)
2215 return 2;
2216
2217 switch (read_u8(data, 1)) {
2218 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2219 if (len == 2)
2220 return 12;
2221
2222 ext_key_event(vs, read_u16(data, 2),
2223 read_u32(data, 4), read_u32(data, 8));
2224 break;
2225 case VNC_MSG_CLIENT_QEMU_AUDIO:
2226 if (len == 2)
2227 return 4;
2228
2229 switch (read_u16 (data, 2)) {
2230 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2231 audio_add(vs);
2232 break;
2233 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2234 audio_del(vs);
2235 break;
2236 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2237 if (len == 4)
2238 return 10;
2239 switch (read_u8(data, 4)) {
2240 case 0: vs->as.fmt = AUD_FMT_U8; break;
2241 case 1: vs->as.fmt = AUD_FMT_S8; break;
2242 case 2: vs->as.fmt = AUD_FMT_U16; break;
2243 case 3: vs->as.fmt = AUD_FMT_S16; break;
2244 case 4: vs->as.fmt = AUD_FMT_U32; break;
2245 case 5: vs->as.fmt = AUD_FMT_S32; break;
2246 default:
2247 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2248 vnc_client_error(vs);
2249 break;
2250 }
2251 vs->as.nchannels = read_u8(data, 5);
2252 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2253 VNC_DEBUG("Invalid audio channel coount %d\n",
2254 read_u8(data, 5));
2255 vnc_client_error(vs);
2256 break;
2257 }
2258 vs->as.freq = read_u32(data, 6);
2259 break;
2260 default:
2261 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2262 vnc_client_error(vs);
2263 break;
2264 }
2265 break;
2266
2267 default:
2268 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2269 vnc_client_error(vs);
2270 break;
2271 }
2272 break;
2273 default:
2274 VNC_DEBUG("Msg: %d\n", data[0]);
2275 vnc_client_error(vs);
2276 break;
2277 }
2278
2279 vnc_read_when(vs, protocol_client_msg, 1);
2280 return 0;
2281}
2282
2283static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2284{
2285 char buf[1024];
2286 VncShareMode mode;
2287 int size;
2288
2289 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2290 switch (vs->vd->share_policy) {
2291 case VNC_SHARE_POLICY_IGNORE:
2292
2293
2294
2295
2296
2297
2298
2299 break;
2300 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2311 VncState *client;
2312 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2313 if (vs == client) {
2314 continue;
2315 }
2316 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2317 client->share_mode != VNC_SHARE_MODE_SHARED) {
2318 continue;
2319 }
2320 vnc_disconnect_start(client);
2321 }
2322 }
2323 if (mode == VNC_SHARE_MODE_SHARED) {
2324 if (vs->vd->num_exclusive > 0) {
2325 vnc_disconnect_start(vs);
2326 return 0;
2327 }
2328 }
2329 break;
2330 case VNC_SHARE_POLICY_FORCE_SHARED:
2331
2332
2333
2334
2335
2336
2337
2338
2339 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2340 vnc_disconnect_start(vs);
2341 return 0;
2342 }
2343 break;
2344 }
2345 vnc_set_share_mode(vs, mode);
2346
2347 if (vs->vd->num_shared > vs->vd->connections_limit) {
2348 vnc_disconnect_start(vs);
2349 return 0;
2350 }
2351
2352 vs->client_width = pixman_image_get_width(vs->vd->server);
2353 vs->client_height = pixman_image_get_height(vs->vd->server);
2354 vnc_write_u16(vs, vs->client_width);
2355 vnc_write_u16(vs, vs->client_height);
2356
2357 pixel_format_message(vs);
2358
2359 if (qemu_name) {
2360 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2361 if (size > sizeof(buf)) {
2362 size = sizeof(buf);
2363 }
2364 } else {
2365 size = snprintf(buf, sizeof(buf), "QEMU");
2366 }
2367
2368 vnc_write_u32(vs, size);
2369 vnc_write(vs, buf, size);
2370 vnc_flush(vs);
2371
2372 vnc_client_cache_auth(vs);
2373 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2374
2375 vnc_read_when(vs, protocol_client_msg, 1);
2376
2377 return 0;
2378}
2379
2380void start_client_init(VncState *vs)
2381{
2382 vnc_read_when(vs, protocol_client_init, 1);
2383}
2384
2385static void make_challenge(VncState *vs)
2386{
2387 int i;
2388
2389 srand(time(NULL)+getpid()+getpid()*987654+rand());
2390
2391 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2392 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2393}
2394
2395static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2396{
2397 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2398 size_t i, pwlen;
2399 unsigned char key[8];
2400 time_t now = time(NULL);
2401 QCryptoCipher *cipher = NULL;
2402 Error *err = NULL;
2403
2404 if (!vs->vd->password) {
2405 VNC_DEBUG("No password configured on server");
2406 goto reject;
2407 }
2408 if (vs->vd->expires < now) {
2409 VNC_DEBUG("Password is expired");
2410 goto reject;
2411 }
2412
2413 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2414
2415
2416 pwlen = strlen(vs->vd->password);
2417 for (i=0; i<sizeof(key); i++)
2418 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2419
2420 cipher = qcrypto_cipher_new(
2421 QCRYPTO_CIPHER_ALG_DES_RFB,
2422 QCRYPTO_CIPHER_MODE_ECB,
2423 key, G_N_ELEMENTS(key),
2424 &err);
2425 if (!cipher) {
2426 VNC_DEBUG("Cannot initialize cipher %s",
2427 error_get_pretty(err));
2428 error_free(err);
2429 goto reject;
2430 }
2431
2432 if (qcrypto_cipher_encrypt(cipher,
2433 vs->challenge,
2434 response,
2435 VNC_AUTH_CHALLENGE_SIZE,
2436 &err) < 0) {
2437 VNC_DEBUG("Cannot encrypt challenge %s",
2438 error_get_pretty(err));
2439 error_free(err);
2440 goto reject;
2441 }
2442
2443
2444 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2445 VNC_DEBUG("Client challenge response did not match\n");
2446 goto reject;
2447 } else {
2448 VNC_DEBUG("Accepting VNC challenge response\n");
2449 vnc_write_u32(vs, 0);
2450 vnc_flush(vs);
2451
2452 start_client_init(vs);
2453 }
2454
2455 qcrypto_cipher_free(cipher);
2456 return 0;
2457
2458reject:
2459 vnc_write_u32(vs, 1);
2460 if (vs->minor >= 8) {
2461 static const char err[] = "Authentication failed";
2462 vnc_write_u32(vs, sizeof(err));
2463 vnc_write(vs, err, sizeof(err));
2464 }
2465 vnc_flush(vs);
2466 vnc_client_error(vs);
2467 qcrypto_cipher_free(cipher);
2468 return 0;
2469}
2470
2471void start_auth_vnc(VncState *vs)
2472{
2473 make_challenge(vs);
2474
2475 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2476 vnc_flush(vs);
2477
2478 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2479}
2480
2481
2482static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2483{
2484
2485
2486 if (data[0] != vs->auth) {
2487 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2488 vnc_write_u32(vs, 1);
2489 if (vs->minor >= 8) {
2490 static const char err[] = "Authentication failed";
2491 vnc_write_u32(vs, sizeof(err));
2492 vnc_write(vs, err, sizeof(err));
2493 }
2494 vnc_client_error(vs);
2495 } else {
2496 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2497 switch (vs->auth) {
2498 case VNC_AUTH_NONE:
2499 VNC_DEBUG("Accept auth none\n");
2500 if (vs->minor >= 8) {
2501 vnc_write_u32(vs, 0);
2502 vnc_flush(vs);
2503 }
2504 start_client_init(vs);
2505 break;
2506
2507 case VNC_AUTH_VNC:
2508 VNC_DEBUG("Start VNC auth\n");
2509 start_auth_vnc(vs);
2510 break;
2511
2512 case VNC_AUTH_VENCRYPT:
2513 VNC_DEBUG("Accept VeNCrypt auth\n");
2514 start_auth_vencrypt(vs);
2515 break;
2516
2517#ifdef CONFIG_VNC_SASL
2518 case VNC_AUTH_SASL:
2519 VNC_DEBUG("Accept SASL auth\n");
2520 start_auth_sasl(vs);
2521 break;
2522#endif
2523
2524 default:
2525 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2526 vnc_write_u8(vs, 1);
2527 if (vs->minor >= 8) {
2528 static const char err[] = "Authentication failed";
2529 vnc_write_u32(vs, sizeof(err));
2530 vnc_write(vs, err, sizeof(err));
2531 }
2532 vnc_client_error(vs);
2533 }
2534 }
2535 return 0;
2536}
2537
2538static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2539{
2540 char local[13];
2541
2542 memcpy(local, version, 12);
2543 local[12] = 0;
2544
2545 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2546 VNC_DEBUG("Malformed protocol version %s\n", local);
2547 vnc_client_error(vs);
2548 return 0;
2549 }
2550 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2551 if (vs->major != 3 ||
2552 (vs->minor != 3 &&
2553 vs->minor != 4 &&
2554 vs->minor != 5 &&
2555 vs->minor != 7 &&
2556 vs->minor != 8)) {
2557 VNC_DEBUG("Unsupported client version\n");
2558 vnc_write_u32(vs, VNC_AUTH_INVALID);
2559 vnc_flush(vs);
2560 vnc_client_error(vs);
2561 return 0;
2562 }
2563
2564
2565
2566 if (vs->minor == 4 || vs->minor == 5)
2567 vs->minor = 3;
2568
2569 if (vs->minor == 3) {
2570 if (vs->auth == VNC_AUTH_NONE) {
2571 VNC_DEBUG("Tell client auth none\n");
2572 vnc_write_u32(vs, vs->auth);
2573 vnc_flush(vs);
2574 start_client_init(vs);
2575 } else if (vs->auth == VNC_AUTH_VNC) {
2576 VNC_DEBUG("Tell client VNC auth\n");
2577 vnc_write_u32(vs, vs->auth);
2578 vnc_flush(vs);
2579 start_auth_vnc(vs);
2580 } else {
2581 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2582 vnc_write_u32(vs, VNC_AUTH_INVALID);
2583 vnc_flush(vs);
2584 vnc_client_error(vs);
2585 }
2586 } else {
2587 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2588 vnc_write_u8(vs, 1);
2589 vnc_write_u8(vs, vs->auth);
2590 vnc_read_when(vs, protocol_client_auth, 1);
2591 vnc_flush(vs);
2592 }
2593
2594 return 0;
2595}
2596
2597static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2598{
2599 struct VncSurface *vs = &vd->guest;
2600
2601 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2602}
2603
2604void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2605{
2606 int i, j;
2607
2608 w = (x + w) / VNC_STAT_RECT;
2609 h = (y + h) / VNC_STAT_RECT;
2610 x /= VNC_STAT_RECT;
2611 y /= VNC_STAT_RECT;
2612
2613 for (j = y; j <= h; j++) {
2614 for (i = x; i <= w; i++) {
2615 vs->lossy_rect[j][i] = 1;
2616 }
2617 }
2618}
2619
2620static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2621{
2622 VncState *vs;
2623 int sty = y / VNC_STAT_RECT;
2624 int stx = x / VNC_STAT_RECT;
2625 int has_dirty = 0;
2626
2627 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2628 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2629
2630 QTAILQ_FOREACH(vs, &vd->clients, next) {
2631 int j;
2632
2633
2634 if (vs->output.offset) {
2635 continue;
2636 }
2637
2638 if (!vs->lossy_rect[sty][stx]) {
2639 continue;
2640 }
2641
2642 vs->lossy_rect[sty][stx] = 0;
2643 for (j = 0; j < VNC_STAT_RECT; ++j) {
2644 bitmap_set(vs->dirty[y + j],
2645 x / VNC_DIRTY_PIXELS_PER_BIT,
2646 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2647 }
2648 has_dirty++;
2649 }
2650
2651 return has_dirty;
2652}
2653
2654static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2655{
2656 int width = MIN(pixman_image_get_width(vd->guest.fb),
2657 pixman_image_get_width(vd->server));
2658 int height = MIN(pixman_image_get_height(vd->guest.fb),
2659 pixman_image_get_height(vd->server));
2660 int x, y;
2661 struct timeval res;
2662 int has_dirty = 0;
2663
2664 for (y = 0; y < height; y += VNC_STAT_RECT) {
2665 for (x = 0; x < width; x += VNC_STAT_RECT) {
2666 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2667
2668 rect->updated = false;
2669 }
2670 }
2671
2672 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2673
2674 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2675 return has_dirty;
2676 }
2677 vd->guest.last_freq_check = *tv;
2678
2679 for (y = 0; y < height; y += VNC_STAT_RECT) {
2680 for (x = 0; x < width; x += VNC_STAT_RECT) {
2681 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2682 int count = ARRAY_SIZE(rect->times);
2683 struct timeval min, max;
2684
2685 if (!timerisset(&rect->times[count - 1])) {
2686 continue ;
2687 }
2688
2689 max = rect->times[(rect->idx + count - 1) % count];
2690 qemu_timersub(tv, &max, &res);
2691
2692 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2693 rect->freq = 0;
2694 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2695 memset(rect->times, 0, sizeof (rect->times));
2696 continue ;
2697 }
2698
2699 min = rect->times[rect->idx];
2700 max = rect->times[(rect->idx + count - 1) % count];
2701 qemu_timersub(&max, &min, &res);
2702
2703 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2704 rect->freq /= count;
2705 rect->freq = 1. / rect->freq;
2706 }
2707 }
2708 return has_dirty;
2709}
2710
2711double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2712{
2713 int i, j;
2714 double total = 0;
2715 int num = 0;
2716
2717 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2718 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2719
2720 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2721 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2722 total += vnc_stat_rect(vs->vd, i, j)->freq;
2723 num++;
2724 }
2725 }
2726
2727 if (num) {
2728 return total / num;
2729 } else {
2730 return 0;
2731 }
2732}
2733
2734static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2735{
2736 VncRectStat *rect;
2737
2738 rect = vnc_stat_rect(vd, x, y);
2739 if (rect->updated) {
2740 return ;
2741 }
2742 rect->times[rect->idx] = *tv;
2743 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2744 rect->updated = true;
2745}
2746
2747static int vnc_refresh_server_surface(VncDisplay *vd)
2748{
2749 int width = MIN(pixman_image_get_width(vd->guest.fb),
2750 pixman_image_get_width(vd->server));
2751 int height = MIN(pixman_image_get_height(vd->guest.fb),
2752 pixman_image_get_height(vd->server));
2753 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2754 uint8_t *guest_row0 = NULL, *server_row0;
2755 VncState *vs;
2756 int has_dirty = 0;
2757 pixman_image_t *tmpbuf = NULL;
2758
2759 struct timeval tv = { 0, 0 };
2760
2761 if (!vd->non_adaptive) {
2762 gettimeofday(&tv, NULL);
2763 has_dirty = vnc_update_stats(vd, &tv);
2764 }
2765
2766
2767
2768
2769
2770
2771 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2772 server_stride = guest_stride = guest_ll =
2773 pixman_image_get_stride(vd->server);
2774 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2775 server_stride);
2776 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2777 int width = pixman_image_get_width(vd->server);
2778 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2779 } else {
2780 int guest_bpp =
2781 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2782 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2783 guest_stride = pixman_image_get_stride(vd->guest.fb);
2784 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
2785 }
2786 line_bytes = MIN(server_stride, guest_ll);
2787
2788 for (;;) {
2789 int x;
2790 uint8_t *guest_ptr, *server_ptr;
2791 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2792 height * VNC_DIRTY_BPL(&vd->guest),
2793 y * VNC_DIRTY_BPL(&vd->guest));
2794 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2795
2796 break;
2797 }
2798 y = offset / VNC_DIRTY_BPL(&vd->guest);
2799 x = offset % VNC_DIRTY_BPL(&vd->guest);
2800
2801 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2802
2803 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2804 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2805 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2806 } else {
2807 guest_ptr = guest_row0 + y * guest_stride;
2808 }
2809 guest_ptr += x * cmp_bytes;
2810
2811 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2812 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2813 int _cmp_bytes = cmp_bytes;
2814 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2815 continue;
2816 }
2817 if ((x + 1) * cmp_bytes > line_bytes) {
2818 _cmp_bytes = line_bytes - x * cmp_bytes;
2819 }
2820 assert(_cmp_bytes >= 0);
2821 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2822 continue;
2823 }
2824 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2825 if (!vd->non_adaptive) {
2826 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2827 y, &tv);
2828 }
2829 QTAILQ_FOREACH(vs, &vd->clients, next) {
2830 set_bit(x, vs->dirty[y]);
2831 }
2832 has_dirty++;
2833 }
2834
2835 y++;
2836 }
2837 qemu_pixman_image_unref(tmpbuf);
2838 return has_dirty;
2839}
2840
2841static void vnc_refresh(DisplayChangeListener *dcl)
2842{
2843 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2844 VncState *vs, *vn;
2845 int has_dirty, rects = 0;
2846
2847 if (QTAILQ_EMPTY(&vd->clients)) {
2848 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2849 return;
2850 }
2851
2852 graphic_hw_update(vd->dcl.con);
2853
2854 if (vnc_trylock_display(vd)) {
2855 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2856 return;
2857 }
2858
2859 has_dirty = vnc_refresh_server_surface(vd);
2860 vnc_unlock_display(vd);
2861
2862 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2863 rects += vnc_update_client(vs, has_dirty, false);
2864
2865 }
2866
2867 if (has_dirty && rects) {
2868 vd->dcl.update_interval /= 2;
2869 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2870 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2871 }
2872 } else {
2873 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2874 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2875 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2876 }
2877 }
2878}
2879
2880static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2881 bool skipauth, bool websocket)
2882{
2883 VncState *vs = g_new0(VncState, 1);
2884 bool first_client = QTAILQ_EMPTY(&vd->clients);
2885 int i;
2886
2887 vs->sioc = sioc;
2888 object_ref(OBJECT(vs->sioc));
2889 vs->ioc = QIO_CHANNEL(sioc);
2890 object_ref(OBJECT(vs->ioc));
2891 vs->vd = vd;
2892
2893 buffer_init(&vs->input, "vnc-input/%p", sioc);
2894 buffer_init(&vs->output, "vnc-output/%p", sioc);
2895 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2896
2897 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2898 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2899 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2900#ifdef CONFIG_VNC_JPEG
2901 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2902#endif
2903#ifdef CONFIG_VNC_PNG
2904 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2905#endif
2906 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2907 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
2908 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
2909 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
2910
2911 if (skipauth) {
2912 vs->auth = VNC_AUTH_NONE;
2913 vs->subauth = VNC_AUTH_INVALID;
2914 } else {
2915 if (websocket) {
2916 vs->auth = vd->ws_auth;
2917 vs->subauth = VNC_AUTH_INVALID;
2918 } else {
2919 vs->auth = vd->auth;
2920 vs->subauth = vd->subauth;
2921 }
2922 }
2923 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
2924 sioc, websocket, vs->auth, vs->subauth);
2925
2926 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2927 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2928 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
2929 }
2930
2931 VNC_DEBUG("New client on socket %p\n", vs->sioc);
2932 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2933 qio_channel_set_blocking(vs->ioc, false, NULL);
2934 if (websocket) {
2935 vs->websocket = 1;
2936 if (vd->tlscreds) {
2937 vs->ioc_tag = qio_channel_add_watch(
2938 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
2939 } else {
2940 vs->ioc_tag = qio_channel_add_watch(
2941 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
2942 }
2943 } else {
2944 vs->ioc_tag = qio_channel_add_watch(
2945 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
2946 }
2947
2948 vnc_client_cache_addr(vs);
2949 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
2950 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2951
2952 vs->last_x = -1;
2953 vs->last_y = -1;
2954
2955 vs->as.freq = 44100;
2956 vs->as.nchannels = 2;
2957 vs->as.fmt = AUD_FMT_S16;
2958 vs->as.endianness = 0;
2959
2960 qemu_mutex_init(&vs->output_mutex);
2961 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2962
2963 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
2964 if (first_client) {
2965 vnc_update_server_surface(vd);
2966 }
2967
2968 graphic_hw_update(vd->dcl.con);
2969
2970 if (!vs->websocket) {
2971 vnc_start_protocol(vs);
2972 }
2973
2974 if (vd->num_connecting > vd->connections_limit) {
2975 QTAILQ_FOREACH(vs, &vd->clients, next) {
2976 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
2977 vnc_disconnect_start(vs);
2978 return;
2979 }
2980 }
2981 }
2982}
2983
2984void vnc_start_protocol(VncState *vs)
2985{
2986 vnc_write(vs, "RFB 003.008\n", 12);
2987 vnc_flush(vs);
2988 vnc_read_when(vs, protocol_version, 12);
2989
2990 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2991 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2992}
2993
2994static gboolean vnc_listen_io(QIOChannel *ioc,
2995 GIOCondition condition,
2996 void *opaque)
2997{
2998 VncDisplay *vd = opaque;
2999 QIOChannelSocket *sioc = NULL;
3000 Error *err = NULL;
3001 bool isWebsock = false;
3002 size_t i;
3003
3004 for (i = 0; i < vd->nlwebsock; i++) {
3005 if (ioc == QIO_CHANNEL(vd->lwebsock[i])) {
3006 isWebsock = true;
3007 break;
3008 }
3009 }
3010
3011 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3012 if (sioc != NULL) {
3013 qio_channel_set_name(QIO_CHANNEL(sioc),
3014 isWebsock ? "vnc-ws-server" : "vnc-server");
3015 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3016 vnc_connect(vd, sioc, false, isWebsock);
3017 object_unref(OBJECT(sioc));
3018 } else {
3019
3020 error_free(err);
3021 }
3022
3023 return TRUE;
3024}
3025
3026static const DisplayChangeListenerOps dcl_ops = {
3027 .dpy_name = "vnc",
3028 .dpy_refresh = vnc_refresh,
3029 .dpy_gfx_update = vnc_dpy_update,
3030 .dpy_gfx_switch = vnc_dpy_switch,
3031 .dpy_gfx_check_format = qemu_pixman_check_format,
3032 .dpy_mouse_set = vnc_mouse_set,
3033 .dpy_cursor_define = vnc_dpy_cursor_define,
3034};
3035
3036void vnc_display_init(const char *id)
3037{
3038 VncDisplay *vd;
3039
3040 if (vnc_display_find(id) != NULL) {
3041 return;
3042 }
3043 vd = g_malloc0(sizeof(*vd));
3044
3045 vd->id = strdup(id);
3046 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3047
3048 QTAILQ_INIT(&vd->clients);
3049 vd->expires = TIME_MAX;
3050
3051 if (keyboard_layout) {
3052 trace_vnc_key_map_init(keyboard_layout);
3053 vd->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3054 } else {
3055 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3056 }
3057
3058 if (!vd->kbd_layout) {
3059 exit(1);
3060 }
3061
3062 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3063 vd->connections_limit = 32;
3064
3065 qemu_mutex_init(&vd->mutex);
3066 vnc_start_worker_thread();
3067
3068 vd->dcl.ops = &dcl_ops;
3069 register_displaychangelistener(&vd->dcl);
3070}
3071
3072
3073static void vnc_display_close(VncDisplay *vd)
3074{
3075 size_t i;
3076 if (!vd) {
3077 return;
3078 }
3079 vd->is_unix = false;
3080 for (i = 0; i < vd->nlsock; i++) {
3081 if (vd->lsock_tag[i]) {
3082 g_source_remove(vd->lsock_tag[i]);
3083 }
3084 object_unref(OBJECT(vd->lsock[i]));
3085 }
3086 g_free(vd->lsock);
3087 g_free(vd->lsock_tag);
3088 vd->lsock = NULL;
3089 vd->lsock_tag = NULL;
3090 vd->nlsock = 0;
3091
3092 for (i = 0; i < vd->nlwebsock; i++) {
3093 if (vd->lwebsock_tag[i]) {
3094 g_source_remove(vd->lwebsock_tag[i]);
3095 }
3096 object_unref(OBJECT(vd->lwebsock[i]));
3097 }
3098 g_free(vd->lwebsock);
3099 g_free(vd->lwebsock_tag);
3100 vd->lwebsock = NULL;
3101 vd->lwebsock_tag = NULL;
3102 vd->nlwebsock = 0;
3103
3104 vd->auth = VNC_AUTH_INVALID;
3105 vd->subauth = VNC_AUTH_INVALID;
3106 if (vd->tlscreds) {
3107 object_unparent(OBJECT(vd->tlscreds));
3108 vd->tlscreds = NULL;
3109 }
3110 g_free(vd->tlsaclname);
3111 vd->tlsaclname = NULL;
3112 if (vd->lock_key_sync) {
3113 qemu_remove_led_event_handler(vd->led);
3114 vd->led = NULL;
3115 }
3116}
3117
3118int vnc_display_password(const char *id, const char *password)
3119{
3120 VncDisplay *vd = vnc_display_find(id);
3121
3122 if (!vd) {
3123 return -EINVAL;
3124 }
3125 if (vd->auth == VNC_AUTH_NONE) {
3126 error_printf_unless_qmp("If you want use passwords please enable "
3127 "password auth using '-vnc ${dpy},password'.\n");
3128 return -EINVAL;
3129 }
3130
3131 g_free(vd->password);
3132 vd->password = g_strdup(password);
3133
3134 return 0;
3135}
3136
3137int vnc_display_pw_expire(const char *id, time_t expires)
3138{
3139 VncDisplay *vd = vnc_display_find(id);
3140
3141 if (!vd) {
3142 return -EINVAL;
3143 }
3144
3145 vd->expires = expires;
3146 return 0;
3147}
3148
3149static void vnc_display_print_local_addr(VncDisplay *vd)
3150{
3151 SocketAddress *addr;
3152 Error *err = NULL;
3153
3154 if (!vd->nlsock) {
3155 return;
3156 }
3157
3158 addr = qio_channel_socket_get_local_address(vd->lsock[0], &err);
3159 if (!addr) {
3160 return;
3161 }
3162
3163 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3164 qapi_free_SocketAddress(addr);
3165 return;
3166 }
3167 error_printf_unless_qmp("VNC server running on %s:%s\n",
3168 addr->u.inet.host,
3169 addr->u.inet.port);
3170 qapi_free_SocketAddress(addr);
3171}
3172
3173static QemuOptsList qemu_vnc_opts = {
3174 .name = "vnc",
3175 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3176 .implied_opt_name = "vnc",
3177 .desc = {
3178 {
3179 .name = "vnc",
3180 .type = QEMU_OPT_STRING,
3181 },{
3182 .name = "websocket",
3183 .type = QEMU_OPT_STRING,
3184 },{
3185 .name = "tls-creds",
3186 .type = QEMU_OPT_STRING,
3187 },{
3188
3189 .name = "x509",
3190 .type = QEMU_OPT_STRING,
3191 },{
3192 .name = "share",
3193 .type = QEMU_OPT_STRING,
3194 },{
3195 .name = "display",
3196 .type = QEMU_OPT_STRING,
3197 },{
3198 .name = "head",
3199 .type = QEMU_OPT_NUMBER,
3200 },{
3201 .name = "connections",
3202 .type = QEMU_OPT_NUMBER,
3203 },{
3204 .name = "to",
3205 .type = QEMU_OPT_NUMBER,
3206 },{
3207 .name = "ipv4",
3208 .type = QEMU_OPT_BOOL,
3209 },{
3210 .name = "ipv6",
3211 .type = QEMU_OPT_BOOL,
3212 },{
3213 .name = "password",
3214 .type = QEMU_OPT_BOOL,
3215 },{
3216 .name = "reverse",
3217 .type = QEMU_OPT_BOOL,
3218 },{
3219 .name = "lock-key-sync",
3220 .type = QEMU_OPT_BOOL,
3221 },{
3222 .name = "key-delay-ms",
3223 .type = QEMU_OPT_NUMBER,
3224 },{
3225 .name = "sasl",
3226 .type = QEMU_OPT_BOOL,
3227 },{
3228
3229 .name = "tls",
3230 .type = QEMU_OPT_BOOL,
3231 },{
3232
3233 .name = "x509verify",
3234 .type = QEMU_OPT_STRING,
3235 },{
3236 .name = "acl",
3237 .type = QEMU_OPT_BOOL,
3238 },{
3239 .name = "lossy",
3240 .type = QEMU_OPT_BOOL,
3241 },{
3242 .name = "non-adaptive",
3243 .type = QEMU_OPT_BOOL,
3244 },
3245 { }
3246 },
3247};
3248
3249
3250static int
3251vnc_display_setup_auth(int *auth,
3252 int *subauth,
3253 QCryptoTLSCreds *tlscreds,
3254 bool password,
3255 bool sasl,
3256 bool websocket,
3257 Error **errp)
3258{
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306 if (websocket || !tlscreds) {
3307 if (password) {
3308 VNC_DEBUG("Initializing VNC server with password auth\n");
3309 *auth = VNC_AUTH_VNC;
3310 } else if (sasl) {
3311 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3312 *auth = VNC_AUTH_SASL;
3313 } else {
3314 VNC_DEBUG("Initializing VNC server with no auth\n");
3315 *auth = VNC_AUTH_NONE;
3316 }
3317 *subauth = VNC_AUTH_INVALID;
3318 } else {
3319 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3320 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3321 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3322 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3323
3324 if (!is_x509 && !is_anon) {
3325 error_setg(errp,
3326 "Unsupported TLS cred type %s",
3327 object_get_typename(OBJECT(tlscreds)));
3328 return -1;
3329 }
3330 *auth = VNC_AUTH_VENCRYPT;
3331 if (password) {
3332 if (is_x509) {
3333 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3334 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3335 } else {
3336 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3337 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3338 }
3339
3340 } else if (sasl) {
3341 if (is_x509) {
3342 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3343 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3344 } else {
3345 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3346 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3347 }
3348 } else {
3349 if (is_x509) {
3350 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3351 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3352 } else {
3353 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3354 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3355 }
3356 }
3357 }
3358 return 0;
3359}
3360
3361
3362
3363
3364
3365
3366static QCryptoTLSCreds *
3367vnc_display_create_creds(bool x509,
3368 bool x509verify,
3369 const char *dir,
3370 const char *id,
3371 Error **errp)
3372{
3373 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3374 Object *parent = object_get_objects_root();
3375 Object *creds;
3376 Error *err = NULL;
3377
3378 if (x509) {
3379 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3380 parent,
3381 credsid,
3382 &err,
3383 "endpoint", "server",
3384 "dir", dir,
3385 "verify-peer", x509verify ? "yes" : "no",
3386 NULL);
3387 } else {
3388 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3389 parent,
3390 credsid,
3391 &err,
3392 "endpoint", "server",
3393 NULL);
3394 }
3395
3396 g_free(credsid);
3397
3398 if (err) {
3399 error_propagate(errp, err);
3400 return NULL;
3401 }
3402
3403 return QCRYPTO_TLS_CREDS(creds);
3404}
3405
3406
3407static int vnc_display_get_address(const char *addrstr,
3408 bool websocket,
3409 bool reverse,
3410 int displaynum,
3411 int to,
3412 bool has_ipv4,
3413 bool has_ipv6,
3414 bool ipv4,
3415 bool ipv6,
3416 SocketAddress **retaddr,
3417 Error **errp)
3418{
3419 int ret = -1;
3420 SocketAddress *addr = NULL;
3421
3422 addr = g_new0(SocketAddress, 1);
3423
3424 if (strncmp(addrstr, "unix:", 5) == 0) {
3425 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3426 addr->u.q_unix.path = g_strdup(addrstr + 5);
3427
3428 if (websocket) {
3429 error_setg(errp, "UNIX sockets not supported with websock");
3430 goto cleanup;
3431 }
3432
3433 if (to) {
3434 error_setg(errp, "Port range not support with UNIX socket");
3435 goto cleanup;
3436 }
3437 ret = 0;
3438 } else {
3439 const char *port;
3440 size_t hostlen;
3441 unsigned long long baseport = 0;
3442 InetSocketAddress *inet;
3443
3444 port = strrchr(addrstr, ':');
3445 if (!port) {
3446 if (websocket) {
3447 hostlen = 0;
3448 port = addrstr;
3449 } else {
3450 error_setg(errp, "no vnc port specified");
3451 goto cleanup;
3452 }
3453 } else {
3454 hostlen = port - addrstr;
3455 port++;
3456 if (*port == '\0') {
3457 error_setg(errp, "vnc port cannot be empty");
3458 goto cleanup;
3459 }
3460 }
3461
3462 addr->type = SOCKET_ADDRESS_TYPE_INET;
3463 inet = &addr->u.inet;
3464 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3465 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3466 } else {
3467 inet->host = g_strndup(addrstr, hostlen);
3468 }
3469
3470
3471 if (websocket) {
3472 if (g_str_equal(addrstr, "") ||
3473 g_str_equal(addrstr, "on")) {
3474 if (displaynum == -1) {
3475 error_setg(errp, "explicit websocket port is required");
3476 goto cleanup;
3477 }
3478 inet->port = g_strdup_printf(
3479 "%d", displaynum + 5700);
3480 if (to) {
3481 inet->has_to = true;
3482 inet->to = to + 5700;
3483 }
3484 } else {
3485 inet->port = g_strdup(port);
3486 }
3487 } else {
3488 int offset = reverse ? 0 : 5900;
3489 if (parse_uint_full(port, &baseport, 10) < 0) {
3490 error_setg(errp, "can't convert to a number: %s", port);
3491 goto cleanup;
3492 }
3493 if (baseport > 65535 ||
3494 baseport + offset > 65535) {
3495 error_setg(errp, "port %s out of range", port);
3496 goto cleanup;
3497 }
3498 inet->port = g_strdup_printf(
3499 "%d", (int)baseport + offset);
3500
3501 if (to) {
3502 inet->has_to = true;
3503 inet->to = to + offset;
3504 }
3505 }
3506
3507 inet->ipv4 = ipv4;
3508 inet->has_ipv4 = has_ipv4;
3509 inet->ipv6 = ipv6;
3510 inet->has_ipv6 = has_ipv6;
3511
3512 ret = baseport;
3513 }
3514
3515 *retaddr = addr;
3516
3517 cleanup:
3518 if (ret < 0) {
3519 qapi_free_SocketAddress(addr);
3520 }
3521 return ret;
3522}
3523
3524static void vnc_free_addresses(SocketAddress ***retsaddr,
3525 size_t *retnsaddr)
3526{
3527 size_t i;
3528
3529 for (i = 0; i < *retnsaddr; i++) {
3530 qapi_free_SocketAddress((*retsaddr)[i]);
3531 }
3532 g_free(*retsaddr);
3533
3534 *retsaddr = NULL;
3535 *retnsaddr = 0;
3536}
3537
3538static int vnc_display_get_addresses(QemuOpts *opts,
3539 bool reverse,
3540 SocketAddress ***retsaddr,
3541 size_t *retnsaddr,
3542 SocketAddress ***retwsaddr,
3543 size_t *retnwsaddr,
3544 Error **errp)
3545{
3546 SocketAddress *saddr = NULL;
3547 SocketAddress *wsaddr = NULL;
3548 QemuOptsIter addriter;
3549 const char *addr;
3550 int to = qemu_opt_get_number(opts, "to", 0);
3551 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3552 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3553 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3554 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3555 int displaynum = -1;
3556 int ret = -1;
3557
3558 *retsaddr = NULL;
3559 *retnsaddr = 0;
3560 *retwsaddr = NULL;
3561 *retnwsaddr = 0;
3562
3563 addr = qemu_opt_get(opts, "vnc");
3564 if (addr == NULL || g_str_equal(addr, "none")) {
3565 ret = 0;
3566 goto cleanup;
3567 }
3568 if (qemu_opt_get(opts, "websocket") &&
3569 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3570 error_setg(errp,
3571 "SHA1 hash support is required for websockets");
3572 goto cleanup;
3573 }
3574
3575 qemu_opt_iter_init(&addriter, opts, "vnc");
3576 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3577 int rv;
3578 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3579 has_ipv4, has_ipv6,
3580 ipv4, ipv6,
3581 &saddr, errp);
3582 if (rv < 0) {
3583 goto cleanup;
3584 }
3585
3586
3587
3588 if (displaynum == -1) {
3589 displaynum = rv;
3590 }
3591 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3592 (*retsaddr)[(*retnsaddr)++] = saddr;
3593 }
3594
3595
3596
3597 if (*retnsaddr > 1) {
3598 displaynum = -1;
3599 }
3600
3601 qemu_opt_iter_init(&addriter, opts, "websocket");
3602 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3603 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3604 has_ipv4, has_ipv6,
3605 ipv4, ipv6,
3606 &wsaddr, errp) < 0) {
3607 goto cleanup;
3608 }
3609
3610
3611
3612
3613
3614 if (*retnsaddr == 1 &&
3615 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3616 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3617 g_str_equal(wsaddr->u.inet.host, "") &&
3618 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3619 g_free(wsaddr->u.inet.host);
3620 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3621 }
3622
3623 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3624 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3625 }
3626
3627 ret = 0;
3628 cleanup:
3629 if (ret < 0) {
3630 vnc_free_addresses(retsaddr, retnsaddr);
3631 vnc_free_addresses(retwsaddr, retnwsaddr);
3632 }
3633 return ret;
3634}
3635
3636static int vnc_display_connect(VncDisplay *vd,
3637 SocketAddress **saddr,
3638 size_t nsaddr,
3639 SocketAddress **wsaddr,
3640 size_t nwsaddr,
3641 Error **errp)
3642{
3643
3644 QIOChannelSocket *sioc = NULL;
3645 if (nwsaddr != 0) {
3646 error_setg(errp, "Cannot use websockets in reverse mode");
3647 return -1;
3648 }
3649 if (nsaddr != 1) {
3650 error_setg(errp, "Expected a single address in reverse mode");
3651 return -1;
3652 }
3653
3654 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3655 sioc = qio_channel_socket_new();
3656 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3657 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3658 return -1;
3659 }
3660 vnc_connect(vd, sioc, false, false);
3661 object_unref(OBJECT(sioc));
3662 return 0;
3663}
3664
3665
3666static int vnc_display_listen_addr(VncDisplay *vd,
3667 SocketAddress *addr,
3668 const char *name,
3669 QIOChannelSocket ***lsock,
3670 guint **lsock_tag,
3671 size_t *nlsock,
3672 Error **errp)
3673{
3674 QIODNSResolver *resolver = qio_dns_resolver_get_instance();
3675 SocketAddress **rawaddrs = NULL;
3676 size_t nrawaddrs = 0;
3677 Error *listenerr = NULL;
3678 bool listening = false;
3679 size_t i;
3680
3681 if (qio_dns_resolver_lookup_sync(resolver, addr, &nrawaddrs,
3682 &rawaddrs, errp) < 0) {
3683 return -1;
3684 }
3685
3686 for (i = 0; i < nrawaddrs; i++) {
3687 QIOChannelSocket *sioc = qio_channel_socket_new();
3688
3689 qio_channel_set_name(QIO_CHANNEL(sioc), name);
3690 if (qio_channel_socket_listen_sync(
3691 sioc, rawaddrs[i], listenerr == NULL ? &listenerr : NULL) < 0) {
3692 object_unref(OBJECT(sioc));
3693 continue;
3694 }
3695 listening = true;
3696 (*nlsock)++;
3697 *lsock = g_renew(QIOChannelSocket *, *lsock, *nlsock);
3698 *lsock_tag = g_renew(guint, *lsock_tag, *nlsock);
3699
3700 (*lsock)[*nlsock - 1] = sioc;
3701 (*lsock_tag)[*nlsock - 1] = 0;
3702 }
3703
3704 for (i = 0; i < nrawaddrs; i++) {
3705 qapi_free_SocketAddress(rawaddrs[i]);
3706 }
3707 g_free(rawaddrs);
3708
3709 if (listenerr) {
3710 if (!listening) {
3711 error_propagate(errp, listenerr);
3712 return -1;
3713 } else {
3714 error_free(listenerr);
3715 }
3716 }
3717
3718 for (i = 0; i < *nlsock; i++) {
3719 (*lsock_tag)[i] = qio_channel_add_watch(
3720 QIO_CHANNEL((*lsock)[i]),
3721 G_IO_IN, vnc_listen_io, vd, NULL);
3722 }
3723
3724 return 0;
3725}
3726
3727
3728static int vnc_display_listen(VncDisplay *vd,
3729 SocketAddress **saddr,
3730 size_t nsaddr,
3731 SocketAddress **wsaddr,
3732 size_t nwsaddr,
3733 Error **errp)
3734{
3735 size_t i;
3736
3737 for (i = 0; i < nsaddr; i++) {
3738 if (vnc_display_listen_addr(vd, saddr[i],
3739 "vnc-listen",
3740 &vd->lsock,
3741 &vd->lsock_tag,
3742 &vd->nlsock,
3743 errp) < 0) {
3744 return -1;
3745 }
3746 }
3747 for (i = 0; i < nwsaddr; i++) {
3748 if (vnc_display_listen_addr(vd, wsaddr[i],
3749 "vnc-ws-listen",
3750 &vd->lwebsock,
3751 &vd->lwebsock_tag,
3752 &vd->nlwebsock,
3753 errp) < 0) {
3754 return -1;
3755 }
3756 }
3757
3758 return 0;
3759}
3760
3761
3762void vnc_display_open(const char *id, Error **errp)
3763{
3764 VncDisplay *vd = vnc_display_find(id);
3765 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3766 SocketAddress **saddr = NULL, **wsaddr = NULL;
3767 size_t nsaddr, nwsaddr;
3768 const char *share, *device_id;
3769 QemuConsole *con;
3770 bool password = false;
3771 bool reverse = false;
3772 const char *credid;
3773 bool sasl = false;
3774#ifdef CONFIG_VNC_SASL
3775 int saslErr;
3776#endif
3777 int acl = 0;
3778 int lock_key_sync = 1;
3779 int key_delay_ms;
3780
3781 if (!vd) {
3782 error_setg(errp, "VNC display not active");
3783 return;
3784 }
3785 vnc_display_close(vd);
3786
3787 if (!opts) {
3788 return;
3789 }
3790
3791 reverse = qemu_opt_get_bool(opts, "reverse", false);
3792 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3793 &wsaddr, &nwsaddr, errp) < 0) {
3794 goto fail;
3795 }
3796
3797 password = qemu_opt_get_bool(opts, "password", false);
3798 if (password) {
3799 if (fips_get_state()) {
3800 error_setg(errp,
3801 "VNC password auth disabled due to FIPS mode, "
3802 "consider using the VeNCrypt or SASL authentication "
3803 "methods as an alternative");
3804 goto fail;
3805 }
3806 if (!qcrypto_cipher_supports(
3807 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3808 error_setg(errp,
3809 "Cipher backend does not support DES RFB algorithm");
3810 goto fail;
3811 }
3812 }
3813
3814 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3815 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3816 sasl = qemu_opt_get_bool(opts, "sasl", false);
3817#ifndef CONFIG_VNC_SASL
3818 if (sasl) {
3819 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3820 goto fail;
3821 }
3822#endif
3823 credid = qemu_opt_get(opts, "tls-creds");
3824 if (credid) {
3825 Object *creds;
3826 if (qemu_opt_get(opts, "tls") ||
3827 qemu_opt_get(opts, "x509") ||
3828 qemu_opt_get(opts, "x509verify")) {
3829 error_setg(errp,
3830 "'tls-creds' parameter is mutually exclusive with "
3831 "'tls', 'x509' and 'x509verify' parameters");
3832 goto fail;
3833 }
3834
3835 creds = object_resolve_path_component(
3836 object_get_objects_root(), credid);
3837 if (!creds) {
3838 error_setg(errp, "No TLS credentials with id '%s'",
3839 credid);
3840 goto fail;
3841 }
3842 vd->tlscreds = (QCryptoTLSCreds *)
3843 object_dynamic_cast(creds,
3844 TYPE_QCRYPTO_TLS_CREDS);
3845 if (!vd->tlscreds) {
3846 error_setg(errp, "Object with id '%s' is not TLS credentials",
3847 credid);
3848 goto fail;
3849 }
3850 object_ref(OBJECT(vd->tlscreds));
3851
3852 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3853 error_setg(errp,
3854 "Expecting TLS credentials with a server endpoint");
3855 goto fail;
3856 }
3857 } else {
3858 const char *path;
3859 bool tls = false, x509 = false, x509verify = false;
3860 tls = qemu_opt_get_bool(opts, "tls", false);
3861 if (tls) {
3862 path = qemu_opt_get(opts, "x509");
3863
3864 if (path) {
3865 x509 = true;
3866 } else {
3867 path = qemu_opt_get(opts, "x509verify");
3868 if (path) {
3869 x509 = true;
3870 x509verify = true;
3871 }
3872 }
3873 vd->tlscreds = vnc_display_create_creds(x509,
3874 x509verify,
3875 path,
3876 vd->id,
3877 errp);
3878 if (!vd->tlscreds) {
3879 goto fail;
3880 }
3881 }
3882 }
3883 acl = qemu_opt_get_bool(opts, "acl", false);
3884
3885 share = qemu_opt_get(opts, "share");
3886 if (share) {
3887 if (strcmp(share, "ignore") == 0) {
3888 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3889 } else if (strcmp(share, "allow-exclusive") == 0) {
3890 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3891 } else if (strcmp(share, "force-shared") == 0) {
3892 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3893 } else {
3894 error_setg(errp, "unknown vnc share= option");
3895 goto fail;
3896 }
3897 } else {
3898 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3899 }
3900 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3901
3902#ifdef CONFIG_VNC_JPEG
3903 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3904#endif
3905 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3906
3907
3908
3909 if (!vd->lossy) {
3910 vd->non_adaptive = true;
3911 }
3912
3913 if (acl) {
3914 if (strcmp(vd->id, "default") == 0) {
3915 vd->tlsaclname = g_strdup("vnc.x509dname");
3916 } else {
3917 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id);
3918 }
3919 qemu_acl_init(vd->tlsaclname);
3920 }
3921#ifdef CONFIG_VNC_SASL
3922 if (acl && sasl) {
3923 char *aclname;
3924
3925 if (strcmp(vd->id, "default") == 0) {
3926 aclname = g_strdup("vnc.username");
3927 } else {
3928 aclname = g_strdup_printf("vnc.%s.username", vd->id);
3929 }
3930 vd->sasl.acl = qemu_acl_init(aclname);
3931 g_free(aclname);
3932 }
3933#endif
3934
3935 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
3936 vd->tlscreds, password,
3937 sasl, false, errp) < 0) {
3938 goto fail;
3939 }
3940
3941 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
3942 vd->tlscreds, password,
3943 sasl, true, errp) < 0) {
3944 goto fail;
3945 }
3946
3947#ifdef CONFIG_VNC_SASL
3948 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3949 error_setg(errp, "Failed to initialize SASL auth: %s",
3950 sasl_errstring(saslErr, NULL, NULL));
3951 goto fail;
3952 }
3953#endif
3954 vd->lock_key_sync = lock_key_sync;
3955 if (lock_key_sync) {
3956 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
3957 }
3958 vd->ledstate = 0;
3959 vd->key_delay_ms = key_delay_ms;
3960
3961 device_id = qemu_opt_get(opts, "display");
3962 if (device_id) {
3963 int head = qemu_opt_get_number(opts, "head", 0);
3964 Error *err = NULL;
3965
3966 con = qemu_console_lookup_by_device_name(device_id, head, &err);
3967 if (err) {
3968 error_propagate(errp, err);
3969 goto fail;
3970 }
3971 } else {
3972 con = NULL;
3973 }
3974
3975 if (con != vd->dcl.con) {
3976 unregister_displaychangelistener(&vd->dcl);
3977 vd->dcl.con = con;
3978 register_displaychangelistener(&vd->dcl);
3979 }
3980
3981 if (saddr == NULL) {
3982 goto cleanup;
3983 }
3984
3985 if (reverse) {
3986 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
3987 goto fail;
3988 }
3989 } else {
3990 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
3991 goto fail;
3992 }
3993 }
3994
3995 if (qemu_opt_get(opts, "to")) {
3996 vnc_display_print_local_addr(vd);
3997 }
3998
3999 cleanup:
4000 vnc_free_addresses(&saddr, &nsaddr);
4001 vnc_free_addresses(&wsaddr, &nwsaddr);
4002 return;
4003
4004fail:
4005 vnc_display_close(vd);
4006 goto cleanup;
4007}
4008
4009void vnc_display_add_client(const char *id, int csock, bool skipauth)
4010{
4011 VncDisplay *vd = vnc_display_find(id);
4012 QIOChannelSocket *sioc;
4013
4014 if (!vd) {
4015 return;
4016 }
4017
4018 sioc = qio_channel_socket_new_fd(csock, NULL);
4019 if (sioc) {
4020 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4021 vnc_connect(vd, sioc, skipauth, false);
4022 object_unref(OBJECT(sioc));
4023 }
4024}
4025
4026static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4027{
4028 int i = 2;
4029 char *id;
4030
4031 id = g_strdup("default");
4032 while (qemu_opts_find(olist, id)) {
4033 g_free(id);
4034 id = g_strdup_printf("vnc%d", i++);
4035 }
4036 qemu_opts_set_id(opts, id);
4037}
4038
4039QemuOpts *vnc_parse(const char *str, Error **errp)
4040{
4041 QemuOptsList *olist = qemu_find_opts("vnc");
4042 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4043 const char *id;
4044
4045 if (!opts) {
4046 return NULL;
4047 }
4048
4049 id = qemu_opts_id(opts);
4050 if (!id) {
4051
4052 vnc_auto_assign_id(olist, opts);
4053 }
4054 return opts;
4055}
4056
4057int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4058{
4059 Error *local_err = NULL;
4060 char *id = (char *)qemu_opts_id(opts);
4061
4062 assert(id);
4063 vnc_display_init(id);
4064 vnc_display_open(id, &local_err);
4065 if (local_err != NULL) {
4066 error_reportf_err(local_err, "Failed to start VNC server: ");
4067 exit(1);
4068 }
4069 return 0;
4070}
4071
4072static void vnc_register_config(void)
4073{
4074 qemu_add_opts(&qemu_vnc_opts);
4075}
4076opts_init(vnc_register_config);
4077