1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "vnc.h"
29#include "vnc-jobs.h"
30#include "trace.h"
31#include "sysemu/sysemu.h"
32#include "qemu/error-report.h"
33#include "qemu/sockets.h"
34#include "qemu/timer.h"
35#include "qemu/acl.h"
36#include "qemu/config-file.h"
37#include "qapi/qmp/qerror.h"
38#include "qapi/qmp/types.h"
39#include "qmp-commands.h"
40#include "ui/input.h"
41#include "qapi-event.h"
42#include "crypto/hash.h"
43#include "crypto/tlscredsanon.h"
44#include "crypto/tlscredsx509.h"
45#include "qom/object_interfaces.h"
46#include "qemu/cutils.h"
47#include "io/dns-resolver.h"
48
49#define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50#define VNC_REFRESH_INTERVAL_INC 50
51#define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55#include "vnc_keysym.h"
56#include "crypto/cipher.h"
57
58static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61static int vnc_cursor_define(VncState *vs);
62static void vnc_release_modifiers(VncState *vs);
63
64static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
65{
66#ifdef _VNC_DEBUG
67 static const char *mn[] = {
68 [0] = "undefined",
69 [VNC_SHARE_MODE_CONNECTING] = "connecting",
70 [VNC_SHARE_MODE_SHARED] = "shared",
71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
73 };
74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
75 vs->ioc, mn[vs->share_mode], mn[mode]);
76#endif
77
78 switch (vs->share_mode) {
79 case VNC_SHARE_MODE_CONNECTING:
80 vs->vd->num_connecting--;
81 break;
82 case VNC_SHARE_MODE_SHARED:
83 vs->vd->num_shared--;
84 break;
85 case VNC_SHARE_MODE_EXCLUSIVE:
86 vs->vd->num_exclusive--;
87 break;
88 default:
89 break;
90 }
91
92 vs->share_mode = mode;
93
94 switch (vs->share_mode) {
95 case VNC_SHARE_MODE_CONNECTING:
96 vs->vd->num_connecting++;
97 break;
98 case VNC_SHARE_MODE_SHARED:
99 vs->vd->num_shared++;
100 break;
101 case VNC_SHARE_MODE_EXCLUSIVE:
102 vs->vd->num_exclusive++;
103 break;
104 default:
105 break;
106 }
107}
108
109
110static void vnc_init_basic_info(SocketAddress *addr,
111 VncBasicInfo *info,
112 Error **errp)
113{
114 switch (addr->type) {
115 case SOCKET_ADDRESS_TYPE_INET:
116 info->host = g_strdup(addr->u.inet.host);
117 info->service = g_strdup(addr->u.inet.port);
118 if (addr->u.inet.ipv6) {
119 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
120 } else {
121 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
122 }
123 break;
124
125 case SOCKET_ADDRESS_TYPE_UNIX:
126 info->host = g_strdup("");
127 info->service = g_strdup(addr->u.q_unix.path);
128 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
129 break;
130
131 case SOCKET_ADDRESS_TYPE_VSOCK:
132 case SOCKET_ADDRESS_TYPE_FD:
133 error_setg(errp, "Unsupported socket address type %s",
134 SocketAddressType_str(addr->type));
135 break;
136 default:
137 abort();
138 }
139
140 return;
141}
142
143static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
144 VncBasicInfo *info,
145 Error **errp)
146{
147 SocketAddress *addr = NULL;
148
149 if (!ioc) {
150 error_setg(errp, "No listener socket available");
151 return;
152 }
153
154 addr = qio_channel_socket_get_local_address(ioc, errp);
155 if (!addr) {
156 return;
157 }
158
159 vnc_init_basic_info(addr, info, errp);
160 qapi_free_SocketAddress(addr);
161}
162
163static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
164 VncBasicInfo *info,
165 Error **errp)
166{
167 SocketAddress *addr = NULL;
168
169 addr = qio_channel_socket_get_remote_address(ioc, errp);
170 if (!addr) {
171 return;
172 }
173
174 vnc_init_basic_info(addr, info, errp);
175 qapi_free_SocketAddress(addr);
176}
177
178static const char *vnc_auth_name(VncDisplay *vd) {
179 switch (vd->auth) {
180 case VNC_AUTH_INVALID:
181 return "invalid";
182 case VNC_AUTH_NONE:
183 return "none";
184 case VNC_AUTH_VNC:
185 return "vnc";
186 case VNC_AUTH_RA2:
187 return "ra2";
188 case VNC_AUTH_RA2NE:
189 return "ra2ne";
190 case VNC_AUTH_TIGHT:
191 return "tight";
192 case VNC_AUTH_ULTRA:
193 return "ultra";
194 case VNC_AUTH_TLS:
195 return "tls";
196 case VNC_AUTH_VENCRYPT:
197 switch (vd->subauth) {
198 case VNC_AUTH_VENCRYPT_PLAIN:
199 return "vencrypt+plain";
200 case VNC_AUTH_VENCRYPT_TLSNONE:
201 return "vencrypt+tls+none";
202 case VNC_AUTH_VENCRYPT_TLSVNC:
203 return "vencrypt+tls+vnc";
204 case VNC_AUTH_VENCRYPT_TLSPLAIN:
205 return "vencrypt+tls+plain";
206 case VNC_AUTH_VENCRYPT_X509NONE:
207 return "vencrypt+x509+none";
208 case VNC_AUTH_VENCRYPT_X509VNC:
209 return "vencrypt+x509+vnc";
210 case VNC_AUTH_VENCRYPT_X509PLAIN:
211 return "vencrypt+x509+plain";
212 case VNC_AUTH_VENCRYPT_TLSSASL:
213 return "vencrypt+tls+sasl";
214 case VNC_AUTH_VENCRYPT_X509SASL:
215 return "vencrypt+x509+sasl";
216 default:
217 return "vencrypt";
218 }
219 case VNC_AUTH_SASL:
220 return "sasl";
221 }
222 return "unknown";
223}
224
225static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
226{
227 VncServerInfo *info;
228 Error *err = NULL;
229
230 if (!vd->nlsock) {
231 return NULL;
232 }
233
234 info = g_malloc0(sizeof(*info));
235 vnc_init_basic_info_from_server_addr(vd->lsock[0],
236 qapi_VncServerInfo_base(info), &err);
237 info->has_auth = true;
238 info->auth = g_strdup(vnc_auth_name(vd));
239 if (err) {
240 qapi_free_VncServerInfo(info);
241 info = NULL;
242 error_free(err);
243 }
244 return info;
245}
246
247static void vnc_client_cache_auth(VncState *client)
248{
249 if (!client->info) {
250 return;
251 }
252
253 if (client->tls) {
254 client->info->x509_dname =
255 qcrypto_tls_session_get_peer_name(client->tls);
256 client->info->has_x509_dname =
257 client->info->x509_dname != NULL;
258 }
259#ifdef CONFIG_VNC_SASL
260 if (client->sasl.conn &&
261 client->sasl.username) {
262 client->info->has_sasl_username = true;
263 client->info->sasl_username = g_strdup(client->sasl.username);
264 }
265#endif
266}
267
268static void vnc_client_cache_addr(VncState *client)
269{
270 Error *err = NULL;
271
272 client->info = g_malloc0(sizeof(*client->info));
273 vnc_init_basic_info_from_remote_addr(client->sioc,
274 qapi_VncClientInfo_base(client->info),
275 &err);
276 if (err) {
277 qapi_free_VncClientInfo(client->info);
278 client->info = NULL;
279 error_free(err);
280 }
281}
282
283static void vnc_qmp_event(VncState *vs, QAPIEvent event)
284{
285 VncServerInfo *si;
286
287 if (!vs->info) {
288 return;
289 }
290
291 si = vnc_server_info_get(vs->vd);
292 if (!si) {
293 return;
294 }
295
296 switch (event) {
297 case QAPI_EVENT_VNC_CONNECTED:
298 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
299 &error_abort);
300 break;
301 case QAPI_EVENT_VNC_INITIALIZED:
302 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
303 break;
304 case QAPI_EVENT_VNC_DISCONNECTED:
305 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
306 break;
307 default:
308 break;
309 }
310
311 qapi_free_VncServerInfo(si);
312}
313
314static VncClientInfo *qmp_query_vnc_client(const VncState *client)
315{
316 VncClientInfo *info;
317 Error *err = NULL;
318
319 info = g_malloc0(sizeof(*info));
320
321 vnc_init_basic_info_from_remote_addr(client->sioc,
322 qapi_VncClientInfo_base(info),
323 &err);
324 if (err) {
325 error_free(err);
326 qapi_free_VncClientInfo(info);
327 return NULL;
328 }
329
330 info->websocket = client->websocket;
331
332 if (client->tls) {
333 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
334 info->has_x509_dname = info->x509_dname != NULL;
335 }
336#ifdef CONFIG_VNC_SASL
337 if (client->sasl.conn && client->sasl.username) {
338 info->has_sasl_username = true;
339 info->sasl_username = g_strdup(client->sasl.username);
340 }
341#endif
342
343 return info;
344}
345
346static VncDisplay *vnc_display_find(const char *id)
347{
348 VncDisplay *vd;
349
350 if (id == NULL) {
351 return QTAILQ_FIRST(&vnc_displays);
352 }
353 QTAILQ_FOREACH(vd, &vnc_displays, next) {
354 if (strcmp(id, vd->id) == 0) {
355 return vd;
356 }
357 }
358 return NULL;
359}
360
361static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
362{
363 VncClientInfoList *cinfo, *prev = NULL;
364 VncState *client;
365
366 QTAILQ_FOREACH(client, &vd->clients, next) {
367 cinfo = g_new0(VncClientInfoList, 1);
368 cinfo->value = qmp_query_vnc_client(client);
369 cinfo->next = prev;
370 prev = cinfo;
371 }
372 return prev;
373}
374
375VncInfo *qmp_query_vnc(Error **errp)
376{
377 VncInfo *info = g_malloc0(sizeof(*info));
378 VncDisplay *vd = vnc_display_find(NULL);
379 SocketAddress *addr = NULL;
380
381 if (vd == NULL || !vd->nlsock) {
382 info->enabled = false;
383 } else {
384 info->enabled = true;
385
386
387 info->has_clients = true;
388 info->clients = qmp_query_client_list(vd);
389
390 if (vd->lsock == NULL) {
391 return info;
392 }
393
394 addr = qio_channel_socket_get_local_address(vd->lsock[0], errp);
395 if (!addr) {
396 goto out_error;
397 }
398
399 switch (addr->type) {
400 case SOCKET_ADDRESS_TYPE_INET:
401 info->host = g_strdup(addr->u.inet.host);
402 info->service = g_strdup(addr->u.inet.port);
403 if (addr->u.inet.ipv6) {
404 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
405 } else {
406 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
407 }
408 break;
409
410 case SOCKET_ADDRESS_TYPE_UNIX:
411 info->host = g_strdup("");
412 info->service = g_strdup(addr->u.q_unix.path);
413 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
414 break;
415
416 case SOCKET_ADDRESS_TYPE_VSOCK:
417 case SOCKET_ADDRESS_TYPE_FD:
418 error_setg(errp, "Unsupported socket address type %s",
419 SocketAddressType_str(addr->type));
420 goto out_error;
421 default:
422 abort();
423 }
424
425 info->has_host = true;
426 info->has_service = true;
427 info->has_family = true;
428
429 info->has_auth = true;
430 info->auth = g_strdup(vnc_auth_name(vd));
431 }
432
433 qapi_free_SocketAddress(addr);
434 return info;
435
436out_error:
437 qapi_free_SocketAddress(addr);
438 qapi_free_VncInfo(info);
439 return NULL;
440}
441
442
443static void qmp_query_auth(int auth, int subauth,
444 VncPrimaryAuth *qmp_auth,
445 VncVencryptSubAuth *qmp_vencrypt,
446 bool *qmp_has_vencrypt);
447
448static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
449 bool websocket,
450 int auth,
451 int subauth,
452 VncServerInfo2List *prev)
453{
454 VncServerInfo2List *list;
455 VncServerInfo2 *info;
456 Error *err = NULL;
457 SocketAddress *addr;
458
459 addr = qio_channel_socket_get_local_address(ioc, &err);
460 if (!addr) {
461 error_free(err);
462 return prev;
463 }
464
465 info = g_new0(VncServerInfo2, 1);
466 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
467 qapi_free_SocketAddress(addr);
468 if (err) {
469 qapi_free_VncServerInfo2(info);
470 error_free(err);
471 return prev;
472 }
473 info->websocket = websocket;
474
475 qmp_query_auth(auth, subauth, &info->auth,
476 &info->vencrypt, &info->has_vencrypt);
477
478 list = g_new0(VncServerInfo2List, 1);
479 list->value = info;
480 list->next = prev;
481 return list;
482}
483
484static void qmp_query_auth(int auth, int subauth,
485 VncPrimaryAuth *qmp_auth,
486 VncVencryptSubAuth *qmp_vencrypt,
487 bool *qmp_has_vencrypt)
488{
489 switch (auth) {
490 case VNC_AUTH_VNC:
491 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
492 break;
493 case VNC_AUTH_RA2:
494 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
495 break;
496 case VNC_AUTH_RA2NE:
497 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
498 break;
499 case VNC_AUTH_TIGHT:
500 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
501 break;
502 case VNC_AUTH_ULTRA:
503 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
504 break;
505 case VNC_AUTH_TLS:
506 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
507 break;
508 case VNC_AUTH_VENCRYPT:
509 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
510 *qmp_has_vencrypt = true;
511 switch (subauth) {
512 case VNC_AUTH_VENCRYPT_PLAIN:
513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
514 break;
515 case VNC_AUTH_VENCRYPT_TLSNONE:
516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
517 break;
518 case VNC_AUTH_VENCRYPT_TLSVNC:
519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
520 break;
521 case VNC_AUTH_VENCRYPT_TLSPLAIN:
522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
523 break;
524 case VNC_AUTH_VENCRYPT_X509NONE:
525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
526 break;
527 case VNC_AUTH_VENCRYPT_X509VNC:
528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
529 break;
530 case VNC_AUTH_VENCRYPT_X509PLAIN:
531 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
532 break;
533 case VNC_AUTH_VENCRYPT_TLSSASL:
534 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
535 break;
536 case VNC_AUTH_VENCRYPT_X509SASL:
537 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
538 break;
539 default:
540 *qmp_has_vencrypt = false;
541 break;
542 }
543 break;
544 case VNC_AUTH_SASL:
545 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
546 break;
547 case VNC_AUTH_NONE:
548 default:
549 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
550 break;
551 }
552}
553
554VncInfo2List *qmp_query_vnc_servers(Error **errp)
555{
556 VncInfo2List *item, *prev = NULL;
557 VncInfo2 *info;
558 VncDisplay *vd;
559 DeviceState *dev;
560 size_t i;
561
562 QTAILQ_FOREACH(vd, &vnc_displays, next) {
563 info = g_new0(VncInfo2, 1);
564 info->id = g_strdup(vd->id);
565 info->clients = qmp_query_client_list(vd);
566 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
567 &info->vencrypt, &info->has_vencrypt);
568 if (vd->dcl.con) {
569 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
570 "device", NULL));
571 info->has_display = true;
572 info->display = g_strdup(dev->id);
573 }
574 for (i = 0; i < vd->nlsock; i++) {
575 info->server = qmp_query_server_entry(
576 vd->lsock[i], false, vd->auth, vd->subauth, info->server);
577 }
578 for (i = 0; i < vd->nlwebsock; i++) {
579 info->server = qmp_query_server_entry(
580 vd->lwebsock[i], true, vd->ws_auth,
581 vd->ws_subauth, info->server);
582 }
583
584 item = g_new0(VncInfo2List, 1);
585 item->value = info;
586 item->next = prev;
587 prev = item;
588 }
589 return prev;
590}
591
592
593
594
595
596
597
598
599static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
600static void vnc_disconnect_start(VncState *vs);
601
602static void vnc_colordepth(VncState *vs);
603static void framebuffer_update_request(VncState *vs, int incremental,
604 int x_position, int y_position,
605 int w, int h);
606static void vnc_refresh(DisplayChangeListener *dcl);
607static int vnc_refresh_server_surface(VncDisplay *vd);
608
609static int vnc_width(VncDisplay *vd)
610{
611 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
612 VNC_DIRTY_PIXELS_PER_BIT));
613}
614
615static int vnc_height(VncDisplay *vd)
616{
617 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
618}
619
620static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
621 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
622 VncDisplay *vd,
623 int x, int y, int w, int h)
624{
625 int width = vnc_width(vd);
626 int height = vnc_height(vd);
627
628
629
630 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
631 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
632
633 x = MIN(x, width);
634 y = MIN(y, height);
635 w = MIN(x + w, width) - x;
636 h = MIN(y + h, height);
637
638 for (; y < h; y++) {
639 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
640 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
641 }
642}
643
644static void vnc_dpy_update(DisplayChangeListener *dcl,
645 int x, int y, int w, int h)
646{
647 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
648 struct VncSurface *s = &vd->guest;
649
650 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
651}
652
653void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
654 int32_t encoding)
655{
656 vnc_write_u16(vs, x);
657 vnc_write_u16(vs, y);
658 vnc_write_u16(vs, w);
659 vnc_write_u16(vs, h);
660
661 vnc_write_s32(vs, encoding);
662}
663
664
665static void vnc_desktop_resize(VncState *vs)
666{
667 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
668 return;
669 }
670 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
671 vs->client_height == pixman_image_get_height(vs->vd->server)) {
672 return;
673 }
674 vs->client_width = pixman_image_get_width(vs->vd->server);
675 vs->client_height = pixman_image_get_height(vs->vd->server);
676 vnc_lock_output(vs);
677 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
678 vnc_write_u8(vs, 0);
679 vnc_write_u16(vs, 1);
680 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
681 VNC_ENCODING_DESKTOPRESIZE);
682 vnc_unlock_output(vs);
683 vnc_flush(vs);
684}
685
686static void vnc_abort_display_jobs(VncDisplay *vd)
687{
688 VncState *vs;
689
690 QTAILQ_FOREACH(vs, &vd->clients, next) {
691 vnc_lock_output(vs);
692 vs->abort = true;
693 vnc_unlock_output(vs);
694 }
695 QTAILQ_FOREACH(vs, &vd->clients, next) {
696 vnc_jobs_join(vs);
697 }
698 QTAILQ_FOREACH(vs, &vd->clients, next) {
699 vnc_lock_output(vs);
700 vs->abort = false;
701 vnc_unlock_output(vs);
702 }
703}
704
705int vnc_server_fb_stride(VncDisplay *vd)
706{
707 return pixman_image_get_stride(vd->server);
708}
709
710void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
711{
712 uint8_t *ptr;
713
714 ptr = (uint8_t *)pixman_image_get_data(vd->server);
715 ptr += y * vnc_server_fb_stride(vd);
716 ptr += x * VNC_SERVER_FB_BYTES;
717 return ptr;
718}
719
720static void vnc_update_server_surface(VncDisplay *vd)
721{
722 int width, height;
723
724 qemu_pixman_image_unref(vd->server);
725 vd->server = NULL;
726
727 if (QTAILQ_EMPTY(&vd->clients)) {
728 return;
729 }
730
731 width = vnc_width(vd);
732 height = vnc_height(vd);
733 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
734 width, height,
735 NULL, 0);
736
737 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
738 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
739 width, height);
740}
741
742static void vnc_dpy_switch(DisplayChangeListener *dcl,
743 DisplaySurface *surface)
744{
745 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
746 VncState *vs;
747
748 vnc_abort_display_jobs(vd);
749 vd->ds = surface;
750
751
752 vnc_update_server_surface(vd);
753
754
755 qemu_pixman_image_unref(vd->guest.fb);
756 vd->guest.fb = pixman_image_ref(surface->image);
757 vd->guest.format = surface->format;
758
759 QTAILQ_FOREACH(vs, &vd->clients, next) {
760 vnc_colordepth(vs);
761 vnc_desktop_resize(vs);
762 if (vs->vd->cursor) {
763 vnc_cursor_define(vs);
764 }
765 memset(vs->dirty, 0x00, sizeof(vs->dirty));
766 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
767 vnc_width(vd),
768 vnc_height(vd));
769 }
770}
771
772
773static void vnc_write_pixels_copy(VncState *vs,
774 void *pixels, int size)
775{
776 vnc_write(vs, pixels, size);
777}
778
779
780void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
781{
782 uint8_t r, g, b;
783
784#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
785 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
786 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
787 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
788#else
789# error need some bits here if you change VNC_SERVER_FB_FORMAT
790#endif
791 v = (r << vs->client_pf.rshift) |
792 (g << vs->client_pf.gshift) |
793 (b << vs->client_pf.bshift);
794 switch (vs->client_pf.bytes_per_pixel) {
795 case 1:
796 buf[0] = v;
797 break;
798 case 2:
799 if (vs->client_be) {
800 buf[0] = v >> 8;
801 buf[1] = v;
802 } else {
803 buf[1] = v >> 8;
804 buf[0] = v;
805 }
806 break;
807 default:
808 case 4:
809 if (vs->client_be) {
810 buf[0] = v >> 24;
811 buf[1] = v >> 16;
812 buf[2] = v >> 8;
813 buf[3] = v;
814 } else {
815 buf[3] = v >> 24;
816 buf[2] = v >> 16;
817 buf[1] = v >> 8;
818 buf[0] = v;
819 }
820 break;
821 }
822}
823
824static void vnc_write_pixels_generic(VncState *vs,
825 void *pixels1, int size)
826{
827 uint8_t buf[4];
828
829 if (VNC_SERVER_FB_BYTES == 4) {
830 uint32_t *pixels = pixels1;
831 int n, i;
832 n = size >> 2;
833 for (i = 0; i < n; i++) {
834 vnc_convert_pixel(vs, buf, pixels[i]);
835 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
836 }
837 }
838}
839
840int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
841{
842 int i;
843 uint8_t *row;
844 VncDisplay *vd = vs->vd;
845
846 row = vnc_server_fb_ptr(vd, x, y);
847 for (i = 0; i < h; i++) {
848 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
849 row += vnc_server_fb_stride(vd);
850 }
851 return 1;
852}
853
854int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
855{
856 int n = 0;
857 bool encode_raw = false;
858 size_t saved_offs = vs->output.offset;
859
860 switch(vs->vnc_encoding) {
861 case VNC_ENCODING_ZLIB:
862 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
863 break;
864 case VNC_ENCODING_HEXTILE:
865 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
866 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
867 break;
868 case VNC_ENCODING_TIGHT:
869 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
870 break;
871 case VNC_ENCODING_TIGHT_PNG:
872 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
873 break;
874 case VNC_ENCODING_ZRLE:
875 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
876 break;
877 case VNC_ENCODING_ZYWRLE:
878 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
879 break;
880 default:
881 encode_raw = true;
882 break;
883 }
884
885
886
887
888 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
889 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
890 vs->output.offset = saved_offs;
891 encode_raw = true;
892 }
893
894 if (encode_raw) {
895 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
896 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
897 }
898
899 return n;
900}
901
902static void vnc_mouse_set(DisplayChangeListener *dcl,
903 int x, int y, int visible)
904{
905
906}
907
908static int vnc_cursor_define(VncState *vs)
909{
910 QEMUCursor *c = vs->vd->cursor;
911 int isize;
912
913 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
914 vnc_lock_output(vs);
915 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
916 vnc_write_u8(vs, 0);
917 vnc_write_u16(vs, 1);
918 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
919 VNC_ENCODING_RICH_CURSOR);
920 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
921 vnc_write_pixels_generic(vs, c->data, isize);
922 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
923 vnc_unlock_output(vs);
924 return 0;
925 }
926 return -1;
927}
928
929static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
930 QEMUCursor *c)
931{
932 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
933 VncState *vs;
934
935 cursor_put(vd->cursor);
936 g_free(vd->cursor_mask);
937
938 vd->cursor = c;
939 cursor_get(vd->cursor);
940 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
941 vd->cursor_mask = g_malloc0(vd->cursor_msize);
942 cursor_get_mono_mask(c, 0, vd->cursor_mask);
943
944 QTAILQ_FOREACH(vs, &vd->clients, next) {
945 vnc_cursor_define(vs);
946 }
947}
948
949static int find_and_clear_dirty_height(VncState *vs,
950 int y, int last_x, int x, int height)
951{
952 int h;
953
954 for (h = 1; h < (height - y); h++) {
955 if (!test_bit(last_x, vs->dirty[y + h])) {
956 break;
957 }
958 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
959 }
960
961 return h;
962}
963
964static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
965{
966 if (vs->disconnecting) {
967 vnc_disconnect_finish(vs);
968 return 0;
969 }
970
971 vs->has_dirty += has_dirty;
972 if (vs->need_update && !vs->disconnecting) {
973 VncDisplay *vd = vs->vd;
974 VncJob *job;
975 int y;
976 int height, width;
977 int n = 0;
978
979 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
980
981 return 0;
982
983 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
984 return 0;
985
986
987
988
989
990
991
992 job = vnc_job_new(vs);
993
994 height = pixman_image_get_height(vd->server);
995 width = pixman_image_get_width(vd->server);
996
997 y = 0;
998 for (;;) {
999 int x, h;
1000 unsigned long x2;
1001 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1002 height * VNC_DIRTY_BPL(vs),
1003 y * VNC_DIRTY_BPL(vs));
1004 if (offset == height * VNC_DIRTY_BPL(vs)) {
1005
1006 break;
1007 }
1008 y = offset / VNC_DIRTY_BPL(vs);
1009 x = offset % VNC_DIRTY_BPL(vs);
1010 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1011 VNC_DIRTY_BPL(vs), x);
1012 bitmap_clear(vs->dirty[y], x, x2 - x);
1013 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1014 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1015 if (x2 > x) {
1016 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1017 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1018 }
1019 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1020 y += h;
1021 if (y == height) {
1022 break;
1023 }
1024 }
1025 }
1026
1027 vnc_job_push(job);
1028 if (sync) {
1029 vnc_jobs_join(vs);
1030 }
1031 vs->force_update = 0;
1032 vs->has_dirty = 0;
1033 return n;
1034 }
1035
1036 if (vs->disconnecting) {
1037 vnc_disconnect_finish(vs);
1038 } else if (sync) {
1039 vnc_jobs_join(vs);
1040 }
1041
1042 return 0;
1043}
1044
1045
1046static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1047{
1048 VncState *vs = opaque;
1049
1050 switch (cmd) {
1051 case AUD_CNOTIFY_DISABLE:
1052 vnc_lock_output(vs);
1053 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1054 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1055 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1056 vnc_unlock_output(vs);
1057 vnc_flush(vs);
1058 break;
1059
1060 case AUD_CNOTIFY_ENABLE:
1061 vnc_lock_output(vs);
1062 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1063 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1064 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1065 vnc_unlock_output(vs);
1066 vnc_flush(vs);
1067 break;
1068 }
1069}
1070
1071static void audio_capture_destroy(void *opaque)
1072{
1073}
1074
1075static void audio_capture(void *opaque, void *buf, int size)
1076{
1077 VncState *vs = opaque;
1078
1079 vnc_lock_output(vs);
1080 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1081 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1082 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1083 vnc_write_u32(vs, size);
1084 vnc_write(vs, buf, size);
1085 vnc_unlock_output(vs);
1086 vnc_flush(vs);
1087}
1088
1089static void audio_add(VncState *vs)
1090{
1091 struct audio_capture_ops ops;
1092
1093 if (vs->audio_cap) {
1094 error_report("audio already running");
1095 return;
1096 }
1097
1098 ops.notify = audio_capture_notify;
1099 ops.destroy = audio_capture_destroy;
1100 ops.capture = audio_capture;
1101
1102 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1103 if (!vs->audio_cap) {
1104 error_report("Failed to add audio capture");
1105 }
1106}
1107
1108static void audio_del(VncState *vs)
1109{
1110 if (vs->audio_cap) {
1111 AUD_del_capture(vs->audio_cap, vs);
1112 vs->audio_cap = NULL;
1113 }
1114}
1115
1116static void vnc_disconnect_start(VncState *vs)
1117{
1118 if (vs->disconnecting) {
1119 return;
1120 }
1121 trace_vnc_client_disconnect_start(vs, vs->ioc);
1122 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1123 if (vs->ioc_tag) {
1124 g_source_remove(vs->ioc_tag);
1125 vs->ioc_tag = 0;
1126 }
1127 qio_channel_close(vs->ioc, NULL);
1128 vs->disconnecting = TRUE;
1129}
1130
1131void vnc_disconnect_finish(VncState *vs)
1132{
1133 int i;
1134
1135 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1136
1137 vnc_jobs_join(vs);
1138
1139 vnc_lock_output(vs);
1140 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1141
1142 buffer_free(&vs->input);
1143 buffer_free(&vs->output);
1144
1145 qapi_free_VncClientInfo(vs->info);
1146
1147 vnc_zlib_clear(vs);
1148 vnc_tight_clear(vs);
1149 vnc_zrle_clear(vs);
1150
1151#ifdef CONFIG_VNC_SASL
1152 vnc_sasl_client_cleanup(vs);
1153#endif
1154 audio_del(vs);
1155 vnc_release_modifiers(vs);
1156
1157 if (vs->mouse_mode_notifier.notify != NULL) {
1158 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1159 }
1160 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1161 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1162
1163 vnc_update_server_surface(vs->vd);
1164 }
1165
1166 vnc_unlock_output(vs);
1167
1168 qemu_mutex_destroy(&vs->output_mutex);
1169 if (vs->bh != NULL) {
1170 qemu_bh_delete(vs->bh);
1171 }
1172 buffer_free(&vs->jobs_buffer);
1173
1174 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1175 g_free(vs->lossy_rect[i]);
1176 }
1177 g_free(vs->lossy_rect);
1178
1179 object_unref(OBJECT(vs->ioc));
1180 vs->ioc = NULL;
1181 object_unref(OBJECT(vs->sioc));
1182 vs->sioc = NULL;
1183 g_free(vs);
1184}
1185
1186ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1187{
1188 if (ret <= 0) {
1189 if (ret == 0) {
1190 trace_vnc_client_eof(vs, vs->ioc);
1191 vnc_disconnect_start(vs);
1192 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1193 trace_vnc_client_io_error(vs, vs->ioc,
1194 errp ? error_get_pretty(*errp) :
1195 "Unknown");
1196 vnc_disconnect_start(vs);
1197 }
1198
1199 if (errp) {
1200 error_free(*errp);
1201 *errp = NULL;
1202 }
1203 return 0;
1204 }
1205 return ret;
1206}
1207
1208
1209void vnc_client_error(VncState *vs)
1210{
1211 VNC_DEBUG("Closing down client sock: protocol error\n");
1212 vnc_disconnect_start(vs);
1213}
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1232{
1233 Error *err = NULL;
1234 ssize_t ret;
1235 ret = qio_channel_write(
1236 vs->ioc, (const char *)data, datalen, &err);
1237 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1238 return vnc_client_io_error(vs, ret, &err);
1239}
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252static ssize_t vnc_client_write_plain(VncState *vs)
1253{
1254 ssize_t ret;
1255
1256#ifdef CONFIG_VNC_SASL
1257 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1258 vs->output.buffer, vs->output.capacity, vs->output.offset,
1259 vs->sasl.waitWriteSSF);
1260
1261 if (vs->sasl.conn &&
1262 vs->sasl.runSSF &&
1263 vs->sasl.waitWriteSSF) {
1264 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1265 if (ret)
1266 vs->sasl.waitWriteSSF -= ret;
1267 } else
1268#endif
1269 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1270 if (!ret)
1271 return 0;
1272
1273 buffer_advance(&vs->output, ret);
1274
1275 if (vs->output.offset == 0) {
1276 if (vs->ioc_tag) {
1277 g_source_remove(vs->ioc_tag);
1278 }
1279 vs->ioc_tag = qio_channel_add_watch(
1280 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1281 }
1282
1283 return ret;
1284}
1285
1286
1287
1288
1289
1290
1291
1292static void vnc_client_write_locked(VncState *vs)
1293{
1294#ifdef CONFIG_VNC_SASL
1295 if (vs->sasl.conn &&
1296 vs->sasl.runSSF &&
1297 !vs->sasl.waitWriteSSF) {
1298 vnc_client_write_sasl(vs);
1299 } else
1300#endif
1301 {
1302 vnc_client_write_plain(vs);
1303 }
1304}
1305
1306static void vnc_client_write(VncState *vs)
1307{
1308
1309 vnc_lock_output(vs);
1310 if (vs->output.offset) {
1311 vnc_client_write_locked(vs);
1312 } else if (vs->ioc != NULL) {
1313 if (vs->ioc_tag) {
1314 g_source_remove(vs->ioc_tag);
1315 }
1316 vs->ioc_tag = qio_channel_add_watch(
1317 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1318 }
1319 vnc_unlock_output(vs);
1320}
1321
1322void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1323{
1324 vs->read_handler = func;
1325 vs->read_handler_expect = expecting;
1326}
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1345{
1346 ssize_t ret;
1347 Error *err = NULL;
1348 ret = qio_channel_read(
1349 vs->ioc, (char *)data, datalen, &err);
1350 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1351 return vnc_client_io_error(vs, ret, &err);
1352}
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363static ssize_t vnc_client_read_plain(VncState *vs)
1364{
1365 ssize_t ret;
1366 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1367 vs->input.buffer, vs->input.capacity, vs->input.offset);
1368 buffer_reserve(&vs->input, 4096);
1369 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1370 if (!ret)
1371 return 0;
1372 vs->input.offset += ret;
1373 return ret;
1374}
1375
1376static void vnc_jobs_bh(void *opaque)
1377{
1378 VncState *vs = opaque;
1379
1380 vnc_jobs_consume_buffer(vs);
1381}
1382
1383
1384
1385
1386
1387
1388
1389static int vnc_client_read(VncState *vs)
1390{
1391 ssize_t ret;
1392
1393#ifdef CONFIG_VNC_SASL
1394 if (vs->sasl.conn && vs->sasl.runSSF)
1395 ret = vnc_client_read_sasl(vs);
1396 else
1397#endif
1398 ret = vnc_client_read_plain(vs);
1399 if (!ret) {
1400 if (vs->disconnecting) {
1401 vnc_disconnect_finish(vs);
1402 return -1;
1403 }
1404 return 0;
1405 }
1406
1407 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1408 size_t len = vs->read_handler_expect;
1409 int ret;
1410
1411 ret = vs->read_handler(vs, vs->input.buffer, len);
1412 if (vs->disconnecting) {
1413 vnc_disconnect_finish(vs);
1414 return -1;
1415 }
1416
1417 if (!ret) {
1418 buffer_advance(&vs->input, len);
1419 } else {
1420 vs->read_handler_expect = ret;
1421 }
1422 }
1423 return 0;
1424}
1425
1426gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1427 GIOCondition condition, void *opaque)
1428{
1429 VncState *vs = opaque;
1430 if (condition & G_IO_IN) {
1431 if (vnc_client_read(vs) < 0) {
1432 return TRUE;
1433 }
1434 }
1435 if (condition & G_IO_OUT) {
1436 vnc_client_write(vs);
1437 }
1438 return TRUE;
1439}
1440
1441
1442void vnc_write(VncState *vs, const void *data, size_t len)
1443{
1444 buffer_reserve(&vs->output, len);
1445
1446 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1447 if (vs->ioc_tag) {
1448 g_source_remove(vs->ioc_tag);
1449 }
1450 vs->ioc_tag = qio_channel_add_watch(
1451 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1452 }
1453
1454 buffer_append(&vs->output, data, len);
1455}
1456
1457void vnc_write_s32(VncState *vs, int32_t value)
1458{
1459 vnc_write_u32(vs, *(uint32_t *)&value);
1460}
1461
1462void vnc_write_u32(VncState *vs, uint32_t value)
1463{
1464 uint8_t buf[4];
1465
1466 buf[0] = (value >> 24) & 0xFF;
1467 buf[1] = (value >> 16) & 0xFF;
1468 buf[2] = (value >> 8) & 0xFF;
1469 buf[3] = value & 0xFF;
1470
1471 vnc_write(vs, buf, 4);
1472}
1473
1474void vnc_write_u16(VncState *vs, uint16_t value)
1475{
1476 uint8_t buf[2];
1477
1478 buf[0] = (value >> 8) & 0xFF;
1479 buf[1] = value & 0xFF;
1480
1481 vnc_write(vs, buf, 2);
1482}
1483
1484void vnc_write_u8(VncState *vs, uint8_t value)
1485{
1486 vnc_write(vs, (char *)&value, 1);
1487}
1488
1489void vnc_flush(VncState *vs)
1490{
1491 vnc_lock_output(vs);
1492 if (vs->ioc != NULL && vs->output.offset) {
1493 vnc_client_write_locked(vs);
1494 }
1495 vnc_unlock_output(vs);
1496}
1497
1498static uint8_t read_u8(uint8_t *data, size_t offset)
1499{
1500 return data[offset];
1501}
1502
1503static uint16_t read_u16(uint8_t *data, size_t offset)
1504{
1505 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1506}
1507
1508static int32_t read_s32(uint8_t *data, size_t offset)
1509{
1510 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1511 (data[offset + 2] << 8) | data[offset + 3]);
1512}
1513
1514uint32_t read_u32(uint8_t *data, size_t offset)
1515{
1516 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1517 (data[offset + 2] << 8) | data[offset + 3]);
1518}
1519
1520static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1521{
1522}
1523
1524static void check_pointer_type_change(Notifier *notifier, void *data)
1525{
1526 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1527 int absolute = qemu_input_is_absolute();
1528
1529 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1530 vnc_lock_output(vs);
1531 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1532 vnc_write_u8(vs, 0);
1533 vnc_write_u16(vs, 1);
1534 vnc_framebuffer_update(vs, absolute, 0,
1535 pixman_image_get_width(vs->vd->server),
1536 pixman_image_get_height(vs->vd->server),
1537 VNC_ENCODING_POINTER_TYPE_CHANGE);
1538 vnc_unlock_output(vs);
1539 vnc_flush(vs);
1540 }
1541 vs->absolute = absolute;
1542}
1543
1544static void pointer_event(VncState *vs, int button_mask, int x, int y)
1545{
1546 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1547 [INPUT_BUTTON_LEFT] = 0x01,
1548 [INPUT_BUTTON_MIDDLE] = 0x02,
1549 [INPUT_BUTTON_RIGHT] = 0x04,
1550 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1551 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1552 };
1553 QemuConsole *con = vs->vd->dcl.con;
1554 int width = pixman_image_get_width(vs->vd->server);
1555 int height = pixman_image_get_height(vs->vd->server);
1556
1557 if (vs->last_bmask != button_mask) {
1558 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1559 vs->last_bmask = button_mask;
1560 }
1561
1562 if (vs->absolute) {
1563 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1564 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1565 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1566 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1567 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1568 } else {
1569 if (vs->last_x != -1) {
1570 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1571 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1572 }
1573 vs->last_x = x;
1574 vs->last_y = y;
1575 }
1576 qemu_input_event_sync();
1577}
1578
1579static void reset_keys(VncState *vs)
1580{
1581 int i;
1582 for(i = 0; i < 256; i++) {
1583 if (vs->modifiers_state[i]) {
1584 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1585 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1586 vs->modifiers_state[i] = 0;
1587 }
1588 }
1589}
1590
1591static void press_key(VncState *vs, int keysym)
1592{
1593 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1594 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1595 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1596 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1597 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1598}
1599
1600static void vnc_led_state_change(VncState *vs)
1601{
1602 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1603 return;
1604 }
1605
1606 vnc_lock_output(vs);
1607 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1608 vnc_write_u8(vs, 0);
1609 vnc_write_u16(vs, 1);
1610 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1611 vnc_write_u8(vs, vs->vd->ledstate);
1612 vnc_unlock_output(vs);
1613 vnc_flush(vs);
1614}
1615
1616static void kbd_leds(void *opaque, int ledstate)
1617{
1618 VncDisplay *vd = opaque;
1619 VncState *client;
1620
1621 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1622 (ledstate & QEMU_NUM_LOCK_LED),
1623 (ledstate & QEMU_SCROLL_LOCK_LED));
1624
1625 if (ledstate == vd->ledstate) {
1626 return;
1627 }
1628
1629 vd->ledstate = ledstate;
1630
1631 QTAILQ_FOREACH(client, &vd->clients, next) {
1632 vnc_led_state_change(client);
1633 }
1634}
1635
1636static void do_key_event(VncState *vs, int down, int keycode, int sym)
1637{
1638
1639 switch(keycode) {
1640 case 0x2a:
1641 case 0x36:
1642 case 0x1d:
1643 case 0x9d:
1644 case 0x38:
1645 case 0xb8:
1646 if (down)
1647 vs->modifiers_state[keycode] = 1;
1648 else
1649 vs->modifiers_state[keycode] = 0;
1650 break;
1651 case 0x02 ... 0x0a:
1652 if (vs->vd->dcl.con == NULL &&
1653 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1654
1655 reset_keys(vs);
1656 console_select(keycode - 0x02);
1657 return;
1658 }
1659 break;
1660 case 0x3a:
1661 case 0x45:
1662 if (down)
1663 vs->modifiers_state[keycode] ^= 1;
1664 break;
1665 }
1666
1667
1668
1669
1670 if (down && vs->vd->lock_key_sync &&
1671 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1672 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1673
1674
1675
1676
1677 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1678 if (!vs->modifiers_state[0x45]) {
1679 trace_vnc_key_sync_numlock(true);
1680 vs->modifiers_state[0x45] = 1;
1681 press_key(vs, 0xff7f);
1682 }
1683 } else {
1684 if (vs->modifiers_state[0x45]) {
1685 trace_vnc_key_sync_numlock(false);
1686 vs->modifiers_state[0x45] = 0;
1687 press_key(vs, 0xff7f);
1688 }
1689 }
1690 }
1691
1692 if (down && vs->vd->lock_key_sync &&
1693 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1694 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1695
1696
1697
1698
1699 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1700 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1701 int capslock = !!(vs->modifiers_state[0x3a]);
1702 if (capslock) {
1703 if (uppercase == shift) {
1704 trace_vnc_key_sync_capslock(false);
1705 vs->modifiers_state[0x3a] = 0;
1706 press_key(vs, 0xffe5);
1707 }
1708 } else {
1709 if (uppercase != shift) {
1710 trace_vnc_key_sync_capslock(true);
1711 vs->modifiers_state[0x3a] = 1;
1712 press_key(vs, 0xffe5);
1713 }
1714 }
1715 }
1716
1717 if (qemu_console_is_graphic(NULL)) {
1718 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1719 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1720 } else {
1721 bool numlock = vs->modifiers_state[0x45];
1722 bool control = (vs->modifiers_state[0x1d] ||
1723 vs->modifiers_state[0x9d]);
1724
1725 if (down) {
1726 switch (keycode) {
1727 case 0x2a:
1728 case 0x36:
1729 case 0x1d:
1730 case 0x9d:
1731 case 0x38:
1732 case 0xb8:
1733 break;
1734 case 0xc8:
1735 kbd_put_keysym(QEMU_KEY_UP);
1736 break;
1737 case 0xd0:
1738 kbd_put_keysym(QEMU_KEY_DOWN);
1739 break;
1740 case 0xcb:
1741 kbd_put_keysym(QEMU_KEY_LEFT);
1742 break;
1743 case 0xcd:
1744 kbd_put_keysym(QEMU_KEY_RIGHT);
1745 break;
1746 case 0xd3:
1747 kbd_put_keysym(QEMU_KEY_DELETE);
1748 break;
1749 case 0xc7:
1750 kbd_put_keysym(QEMU_KEY_HOME);
1751 break;
1752 case 0xcf:
1753 kbd_put_keysym(QEMU_KEY_END);
1754 break;
1755 case 0xc9:
1756 kbd_put_keysym(QEMU_KEY_PAGEUP);
1757 break;
1758 case 0xd1:
1759 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1760 break;
1761
1762 case 0x47:
1763 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1764 break;
1765 case 0x48:
1766 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1767 break;
1768 case 0x49:
1769 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1770 break;
1771 case 0x4b:
1772 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1773 break;
1774 case 0x4c:
1775 kbd_put_keysym('5');
1776 break;
1777 case 0x4d:
1778 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1779 break;
1780 case 0x4f:
1781 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1782 break;
1783 case 0x50:
1784 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1785 break;
1786 case 0x51:
1787 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1788 break;
1789 case 0x52:
1790 kbd_put_keysym('0');
1791 break;
1792 case 0x53:
1793 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1794 break;
1795
1796 case 0xb5:
1797 kbd_put_keysym('/');
1798 break;
1799 case 0x37:
1800 kbd_put_keysym('*');
1801 break;
1802 case 0x4a:
1803 kbd_put_keysym('-');
1804 break;
1805 case 0x4e:
1806 kbd_put_keysym('+');
1807 break;
1808 case 0x9c:
1809 kbd_put_keysym('\n');
1810 break;
1811
1812 default:
1813 if (control) {
1814 kbd_put_keysym(sym & 0x1f);
1815 } else {
1816 kbd_put_keysym(sym);
1817 }
1818 break;
1819 }
1820 }
1821 }
1822}
1823
1824static void vnc_release_modifiers(VncState *vs)
1825{
1826 static const int keycodes[] = {
1827
1828 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1829 };
1830 int i, keycode;
1831
1832 if (!qemu_console_is_graphic(NULL)) {
1833 return;
1834 }
1835 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1836 keycode = keycodes[i];
1837 if (!vs->modifiers_state[keycode]) {
1838 continue;
1839 }
1840 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1841 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1842 }
1843}
1844
1845static const char *code2name(int keycode)
1846{
1847 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
1848}
1849
1850static void key_event(VncState *vs, int down, uint32_t sym)
1851{
1852 int keycode;
1853 int lsym = sym;
1854
1855 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1856 lsym = lsym - 'A' + 'a';
1857 }
1858
1859 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1860 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1861 do_key_event(vs, down, keycode, sym);
1862}
1863
1864static void ext_key_event(VncState *vs, int down,
1865 uint32_t sym, uint16_t keycode)
1866{
1867
1868 if (keyboard_layout) {
1869 key_event(vs, down, sym);
1870 } else {
1871 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1872 do_key_event(vs, down, keycode, sym);
1873 }
1874}
1875
1876static void framebuffer_update_request(VncState *vs, int incremental,
1877 int x, int y, int w, int h)
1878{
1879 vs->need_update = 1;
1880
1881 if (incremental) {
1882 return;
1883 }
1884
1885 vs->force_update = 1;
1886 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1887}
1888
1889static void send_ext_key_event_ack(VncState *vs)
1890{
1891 vnc_lock_output(vs);
1892 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1893 vnc_write_u8(vs, 0);
1894 vnc_write_u16(vs, 1);
1895 vnc_framebuffer_update(vs, 0, 0,
1896 pixman_image_get_width(vs->vd->server),
1897 pixman_image_get_height(vs->vd->server),
1898 VNC_ENCODING_EXT_KEY_EVENT);
1899 vnc_unlock_output(vs);
1900 vnc_flush(vs);
1901}
1902
1903static void send_ext_audio_ack(VncState *vs)
1904{
1905 vnc_lock_output(vs);
1906 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1907 vnc_write_u8(vs, 0);
1908 vnc_write_u16(vs, 1);
1909 vnc_framebuffer_update(vs, 0, 0,
1910 pixman_image_get_width(vs->vd->server),
1911 pixman_image_get_height(vs->vd->server),
1912 VNC_ENCODING_AUDIO);
1913 vnc_unlock_output(vs);
1914 vnc_flush(vs);
1915}
1916
1917static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1918{
1919 int i;
1920 unsigned int enc = 0;
1921
1922 vs->features = 0;
1923 vs->vnc_encoding = 0;
1924 vs->tight.compression = 9;
1925 vs->tight.quality = -1;
1926 vs->absolute = -1;
1927
1928
1929
1930
1931
1932
1933 for (i = n_encodings - 1; i >= 0; i--) {
1934 enc = encodings[i];
1935 switch (enc) {
1936 case VNC_ENCODING_RAW:
1937 vs->vnc_encoding = enc;
1938 break;
1939 case VNC_ENCODING_COPYRECT:
1940 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1941 break;
1942 case VNC_ENCODING_HEXTILE:
1943 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1944 vs->vnc_encoding = enc;
1945 break;
1946 case VNC_ENCODING_TIGHT:
1947 vs->features |= VNC_FEATURE_TIGHT_MASK;
1948 vs->vnc_encoding = enc;
1949 break;
1950#ifdef CONFIG_VNC_PNG
1951 case VNC_ENCODING_TIGHT_PNG:
1952 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1953 vs->vnc_encoding = enc;
1954 break;
1955#endif
1956 case VNC_ENCODING_ZLIB:
1957 vs->features |= VNC_FEATURE_ZLIB_MASK;
1958 vs->vnc_encoding = enc;
1959 break;
1960 case VNC_ENCODING_ZRLE:
1961 vs->features |= VNC_FEATURE_ZRLE_MASK;
1962 vs->vnc_encoding = enc;
1963 break;
1964 case VNC_ENCODING_ZYWRLE:
1965 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1966 vs->vnc_encoding = enc;
1967 break;
1968 case VNC_ENCODING_DESKTOPRESIZE:
1969 vs->features |= VNC_FEATURE_RESIZE_MASK;
1970 break;
1971 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1972 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1973 break;
1974 case VNC_ENCODING_RICH_CURSOR:
1975 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1976 if (vs->vd->cursor) {
1977 vnc_cursor_define(vs);
1978 }
1979 break;
1980 case VNC_ENCODING_EXT_KEY_EVENT:
1981 send_ext_key_event_ack(vs);
1982 break;
1983 case VNC_ENCODING_AUDIO:
1984 send_ext_audio_ack(vs);
1985 break;
1986 case VNC_ENCODING_WMVi:
1987 vs->features |= VNC_FEATURE_WMVI_MASK;
1988 break;
1989 case VNC_ENCODING_LED_STATE:
1990 vs->features |= VNC_FEATURE_LED_STATE_MASK;
1991 break;
1992 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1993 vs->tight.compression = (enc & 0x0F);
1994 break;
1995 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1996 if (vs->vd->lossy) {
1997 vs->tight.quality = (enc & 0x0F);
1998 }
1999 break;
2000 default:
2001 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2002 break;
2003 }
2004 }
2005 vnc_desktop_resize(vs);
2006 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2007 vnc_led_state_change(vs);
2008}
2009
2010static void set_pixel_conversion(VncState *vs)
2011{
2012 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2013
2014 if (fmt == VNC_SERVER_FB_FORMAT) {
2015 vs->write_pixels = vnc_write_pixels_copy;
2016 vnc_hextile_set_pixel_conversion(vs, 0);
2017 } else {
2018 vs->write_pixels = vnc_write_pixels_generic;
2019 vnc_hextile_set_pixel_conversion(vs, 1);
2020 }
2021}
2022
2023static void send_color_map(VncState *vs)
2024{
2025 int i;
2026
2027 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2028 vnc_write_u8(vs, 0);
2029 vnc_write_u16(vs, 0);
2030 vnc_write_u16(vs, 256);
2031
2032 for (i = 0; i < 256; i++) {
2033 PixelFormat *pf = &vs->client_pf;
2034
2035 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2036 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2037 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2038 }
2039}
2040
2041static void set_pixel_format(VncState *vs, int bits_per_pixel,
2042 int big_endian_flag, int true_color_flag,
2043 int red_max, int green_max, int blue_max,
2044 int red_shift, int green_shift, int blue_shift)
2045{
2046 if (!true_color_flag) {
2047
2048 bits_per_pixel = 8;
2049 red_max = 7;
2050 green_max = 7;
2051 blue_max = 3;
2052 red_shift = 0;
2053 green_shift = 3;
2054 blue_shift = 6;
2055 }
2056
2057 switch (bits_per_pixel) {
2058 case 8:
2059 case 16:
2060 case 32:
2061 break;
2062 default:
2063 vnc_client_error(vs);
2064 return;
2065 }
2066
2067 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2068 vs->client_pf.rbits = ctpopl(red_max);
2069 vs->client_pf.rshift = red_shift;
2070 vs->client_pf.rmask = red_max << red_shift;
2071 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2072 vs->client_pf.gbits = ctpopl(green_max);
2073 vs->client_pf.gshift = green_shift;
2074 vs->client_pf.gmask = green_max << green_shift;
2075 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2076 vs->client_pf.bbits = ctpopl(blue_max);
2077 vs->client_pf.bshift = blue_shift;
2078 vs->client_pf.bmask = blue_max << blue_shift;
2079 vs->client_pf.bits_per_pixel = bits_per_pixel;
2080 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2081 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2082 vs->client_be = big_endian_flag;
2083
2084 if (!true_color_flag) {
2085 send_color_map(vs);
2086 }
2087
2088 set_pixel_conversion(vs);
2089
2090 graphic_hw_invalidate(vs->vd->dcl.con);
2091 graphic_hw_update(vs->vd->dcl.con);
2092}
2093
2094static void pixel_format_message (VncState *vs) {
2095 char pad[3] = { 0, 0, 0 };
2096
2097 vs->client_pf = qemu_default_pixelformat(32);
2098
2099 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
2100 vnc_write_u8(vs, vs->client_pf.depth);
2101
2102#ifdef HOST_WORDS_BIGENDIAN
2103 vnc_write_u8(vs, 1);
2104#else
2105 vnc_write_u8(vs, 0);
2106#endif
2107 vnc_write_u8(vs, 1);
2108 vnc_write_u16(vs, vs->client_pf.rmax);
2109 vnc_write_u16(vs, vs->client_pf.gmax);
2110 vnc_write_u16(vs, vs->client_pf.bmax);
2111 vnc_write_u8(vs, vs->client_pf.rshift);
2112 vnc_write_u8(vs, vs->client_pf.gshift);
2113 vnc_write_u8(vs, vs->client_pf.bshift);
2114 vnc_write(vs, pad, 3);
2115
2116 vnc_hextile_set_pixel_conversion(vs, 0);
2117 vs->write_pixels = vnc_write_pixels_copy;
2118}
2119
2120static void vnc_colordepth(VncState *vs)
2121{
2122 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2123
2124 vnc_lock_output(vs);
2125 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2126 vnc_write_u8(vs, 0);
2127 vnc_write_u16(vs, 1);
2128 vnc_framebuffer_update(vs, 0, 0,
2129 pixman_image_get_width(vs->vd->server),
2130 pixman_image_get_height(vs->vd->server),
2131 VNC_ENCODING_WMVi);
2132 pixel_format_message(vs);
2133 vnc_unlock_output(vs);
2134 vnc_flush(vs);
2135 } else {
2136 set_pixel_conversion(vs);
2137 }
2138}
2139
2140static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2141{
2142 int i;
2143 uint16_t limit;
2144 VncDisplay *vd = vs->vd;
2145
2146 if (data[0] > 3) {
2147 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2148 }
2149
2150 switch (data[0]) {
2151 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2152 if (len == 1)
2153 return 20;
2154
2155 set_pixel_format(vs, read_u8(data, 4),
2156 read_u8(data, 6), read_u8(data, 7),
2157 read_u16(data, 8), read_u16(data, 10),
2158 read_u16(data, 12), read_u8(data, 14),
2159 read_u8(data, 15), read_u8(data, 16));
2160 break;
2161 case VNC_MSG_CLIENT_SET_ENCODINGS:
2162 if (len == 1)
2163 return 4;
2164
2165 if (len == 4) {
2166 limit = read_u16(data, 2);
2167 if (limit > 0)
2168 return 4 + (limit * 4);
2169 } else
2170 limit = read_u16(data, 2);
2171
2172 for (i = 0; i < limit; i++) {
2173 int32_t val = read_s32(data, 4 + (i * 4));
2174 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2175 }
2176
2177 set_encodings(vs, (int32_t *)(data + 4), limit);
2178 break;
2179 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2180 if (len == 1)
2181 return 10;
2182
2183 framebuffer_update_request(vs,
2184 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2185 read_u16(data, 6), read_u16(data, 8));
2186 break;
2187 case VNC_MSG_CLIENT_KEY_EVENT:
2188 if (len == 1)
2189 return 8;
2190
2191 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2192 break;
2193 case VNC_MSG_CLIENT_POINTER_EVENT:
2194 if (len == 1)
2195 return 6;
2196
2197 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2198 break;
2199 case VNC_MSG_CLIENT_CUT_TEXT:
2200 if (len == 1) {
2201 return 8;
2202 }
2203 if (len == 8) {
2204 uint32_t dlen = read_u32(data, 4);
2205 if (dlen > (1 << 20)) {
2206 error_report("vnc: client_cut_text msg payload has %u bytes"
2207 " which exceeds our limit of 1MB.", dlen);
2208 vnc_client_error(vs);
2209 break;
2210 }
2211 if (dlen > 0) {
2212 return 8 + dlen;
2213 }
2214 }
2215
2216 client_cut_text(vs, read_u32(data, 4), data + 8);
2217 break;
2218 case VNC_MSG_CLIENT_QEMU:
2219 if (len == 1)
2220 return 2;
2221
2222 switch (read_u8(data, 1)) {
2223 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2224 if (len == 2)
2225 return 12;
2226
2227 ext_key_event(vs, read_u16(data, 2),
2228 read_u32(data, 4), read_u32(data, 8));
2229 break;
2230 case VNC_MSG_CLIENT_QEMU_AUDIO:
2231 if (len == 2)
2232 return 4;
2233
2234 switch (read_u16 (data, 2)) {
2235 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2236 audio_add(vs);
2237 break;
2238 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2239 audio_del(vs);
2240 break;
2241 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2242 if (len == 4)
2243 return 10;
2244 switch (read_u8(data, 4)) {
2245 case 0: vs->as.fmt = AUD_FMT_U8; break;
2246 case 1: vs->as.fmt = AUD_FMT_S8; break;
2247 case 2: vs->as.fmt = AUD_FMT_U16; break;
2248 case 3: vs->as.fmt = AUD_FMT_S16; break;
2249 case 4: vs->as.fmt = AUD_FMT_U32; break;
2250 case 5: vs->as.fmt = AUD_FMT_S32; break;
2251 default:
2252 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2253 vnc_client_error(vs);
2254 break;
2255 }
2256 vs->as.nchannels = read_u8(data, 5);
2257 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2258 VNC_DEBUG("Invalid audio channel coount %d\n",
2259 read_u8(data, 5));
2260 vnc_client_error(vs);
2261 break;
2262 }
2263 vs->as.freq = read_u32(data, 6);
2264 break;
2265 default:
2266 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2267 vnc_client_error(vs);
2268 break;
2269 }
2270 break;
2271
2272 default:
2273 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2274 vnc_client_error(vs);
2275 break;
2276 }
2277 break;
2278 default:
2279 VNC_DEBUG("Msg: %d\n", data[0]);
2280 vnc_client_error(vs);
2281 break;
2282 }
2283
2284 vnc_read_when(vs, protocol_client_msg, 1);
2285 return 0;
2286}
2287
2288static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2289{
2290 char buf[1024];
2291 VncShareMode mode;
2292 int size;
2293
2294 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2295 switch (vs->vd->share_policy) {
2296 case VNC_SHARE_POLICY_IGNORE:
2297
2298
2299
2300
2301
2302
2303
2304 break;
2305 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2316 VncState *client;
2317 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2318 if (vs == client) {
2319 continue;
2320 }
2321 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2322 client->share_mode != VNC_SHARE_MODE_SHARED) {
2323 continue;
2324 }
2325 vnc_disconnect_start(client);
2326 }
2327 }
2328 if (mode == VNC_SHARE_MODE_SHARED) {
2329 if (vs->vd->num_exclusive > 0) {
2330 vnc_disconnect_start(vs);
2331 return 0;
2332 }
2333 }
2334 break;
2335 case VNC_SHARE_POLICY_FORCE_SHARED:
2336
2337
2338
2339
2340
2341
2342
2343
2344 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2345 vnc_disconnect_start(vs);
2346 return 0;
2347 }
2348 break;
2349 }
2350 vnc_set_share_mode(vs, mode);
2351
2352 if (vs->vd->num_shared > vs->vd->connections_limit) {
2353 vnc_disconnect_start(vs);
2354 return 0;
2355 }
2356
2357 vs->client_width = pixman_image_get_width(vs->vd->server);
2358 vs->client_height = pixman_image_get_height(vs->vd->server);
2359 vnc_write_u16(vs, vs->client_width);
2360 vnc_write_u16(vs, vs->client_height);
2361
2362 pixel_format_message(vs);
2363
2364 if (qemu_name) {
2365 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2366 if (size > sizeof(buf)) {
2367 size = sizeof(buf);
2368 }
2369 } else {
2370 size = snprintf(buf, sizeof(buf), "QEMU");
2371 }
2372
2373 vnc_write_u32(vs, size);
2374 vnc_write(vs, buf, size);
2375 vnc_flush(vs);
2376
2377 vnc_client_cache_auth(vs);
2378 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2379
2380 vnc_read_when(vs, protocol_client_msg, 1);
2381
2382 return 0;
2383}
2384
2385void start_client_init(VncState *vs)
2386{
2387 vnc_read_when(vs, protocol_client_init, 1);
2388}
2389
2390static void make_challenge(VncState *vs)
2391{
2392 int i;
2393
2394 srand(time(NULL)+getpid()+getpid()*987654+rand());
2395
2396 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2397 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2398}
2399
2400static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2401{
2402 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2403 size_t i, pwlen;
2404 unsigned char key[8];
2405 time_t now = time(NULL);
2406 QCryptoCipher *cipher = NULL;
2407 Error *err = NULL;
2408
2409 if (!vs->vd->password) {
2410 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2411 goto reject;
2412 }
2413 if (vs->vd->expires < now) {
2414 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2415 goto reject;
2416 }
2417
2418 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2419
2420
2421 pwlen = strlen(vs->vd->password);
2422 for (i=0; i<sizeof(key); i++)
2423 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2424
2425 cipher = qcrypto_cipher_new(
2426 QCRYPTO_CIPHER_ALG_DES_RFB,
2427 QCRYPTO_CIPHER_MODE_ECB,
2428 key, G_N_ELEMENTS(key),
2429 &err);
2430 if (!cipher) {
2431 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2432 error_get_pretty(err));
2433 error_free(err);
2434 goto reject;
2435 }
2436
2437 if (qcrypto_cipher_encrypt(cipher,
2438 vs->challenge,
2439 response,
2440 VNC_AUTH_CHALLENGE_SIZE,
2441 &err) < 0) {
2442 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2443 error_get_pretty(err));
2444 error_free(err);
2445 goto reject;
2446 }
2447
2448
2449 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2450 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2451 goto reject;
2452 } else {
2453 trace_vnc_auth_pass(vs, vs->auth);
2454 vnc_write_u32(vs, 0);
2455 vnc_flush(vs);
2456
2457 start_client_init(vs);
2458 }
2459
2460 qcrypto_cipher_free(cipher);
2461 return 0;
2462
2463reject:
2464 vnc_write_u32(vs, 1);
2465 if (vs->minor >= 8) {
2466 static const char err[] = "Authentication failed";
2467 vnc_write_u32(vs, sizeof(err));
2468 vnc_write(vs, err, sizeof(err));
2469 }
2470 vnc_flush(vs);
2471 vnc_client_error(vs);
2472 qcrypto_cipher_free(cipher);
2473 return 0;
2474}
2475
2476void start_auth_vnc(VncState *vs)
2477{
2478 make_challenge(vs);
2479
2480 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2481 vnc_flush(vs);
2482
2483 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2484}
2485
2486
2487static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2488{
2489
2490
2491 if (data[0] != vs->auth) {
2492 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2493 vnc_write_u32(vs, 1);
2494 if (vs->minor >= 8) {
2495 static const char err[] = "Authentication failed";
2496 vnc_write_u32(vs, sizeof(err));
2497 vnc_write(vs, err, sizeof(err));
2498 }
2499 vnc_client_error(vs);
2500 } else {
2501 trace_vnc_auth_start(vs, vs->auth);
2502 switch (vs->auth) {
2503 case VNC_AUTH_NONE:
2504 if (vs->minor >= 8) {
2505 vnc_write_u32(vs, 0);
2506 vnc_flush(vs);
2507 }
2508 trace_vnc_auth_pass(vs, vs->auth);
2509 start_client_init(vs);
2510 break;
2511
2512 case VNC_AUTH_VNC:
2513 start_auth_vnc(vs);
2514 break;
2515
2516 case VNC_AUTH_VENCRYPT:
2517 start_auth_vencrypt(vs);
2518 break;
2519
2520#ifdef CONFIG_VNC_SASL
2521 case VNC_AUTH_SASL:
2522 start_auth_sasl(vs);
2523 break;
2524#endif
2525
2526 default:
2527 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2528 vnc_write_u8(vs, 1);
2529 if (vs->minor >= 8) {
2530 static const char err[] = "Authentication failed";
2531 vnc_write_u32(vs, sizeof(err));
2532 vnc_write(vs, err, sizeof(err));
2533 }
2534 vnc_client_error(vs);
2535 }
2536 }
2537 return 0;
2538}
2539
2540static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2541{
2542 char local[13];
2543
2544 memcpy(local, version, 12);
2545 local[12] = 0;
2546
2547 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2548 VNC_DEBUG("Malformed protocol version %s\n", local);
2549 vnc_client_error(vs);
2550 return 0;
2551 }
2552 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2553 if (vs->major != 3 ||
2554 (vs->minor != 3 &&
2555 vs->minor != 4 &&
2556 vs->minor != 5 &&
2557 vs->minor != 7 &&
2558 vs->minor != 8)) {
2559 VNC_DEBUG("Unsupported client version\n");
2560 vnc_write_u32(vs, VNC_AUTH_INVALID);
2561 vnc_flush(vs);
2562 vnc_client_error(vs);
2563 return 0;
2564 }
2565
2566
2567
2568 if (vs->minor == 4 || vs->minor == 5)
2569 vs->minor = 3;
2570
2571 if (vs->minor == 3) {
2572 trace_vnc_auth_start(vs, vs->auth);
2573 if (vs->auth == VNC_AUTH_NONE) {
2574 vnc_write_u32(vs, vs->auth);
2575 vnc_flush(vs);
2576 trace_vnc_auth_pass(vs, vs->auth);
2577 start_client_init(vs);
2578 } else if (vs->auth == VNC_AUTH_VNC) {
2579 VNC_DEBUG("Tell client VNC auth\n");
2580 vnc_write_u32(vs, vs->auth);
2581 vnc_flush(vs);
2582 start_auth_vnc(vs);
2583 } else {
2584 trace_vnc_auth_fail(vs, vs->auth,
2585 "Unsupported auth method for v3.3", "");
2586 vnc_write_u32(vs, VNC_AUTH_INVALID);
2587 vnc_flush(vs);
2588 vnc_client_error(vs);
2589 }
2590 } else {
2591 vnc_write_u8(vs, 1);
2592 vnc_write_u8(vs, vs->auth);
2593 vnc_read_when(vs, protocol_client_auth, 1);
2594 vnc_flush(vs);
2595 }
2596
2597 return 0;
2598}
2599
2600static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2601{
2602 struct VncSurface *vs = &vd->guest;
2603
2604 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2605}
2606
2607void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2608{
2609 int i, j;
2610
2611 w = (x + w) / VNC_STAT_RECT;
2612 h = (y + h) / VNC_STAT_RECT;
2613 x /= VNC_STAT_RECT;
2614 y /= VNC_STAT_RECT;
2615
2616 for (j = y; j <= h; j++) {
2617 for (i = x; i <= w; i++) {
2618 vs->lossy_rect[j][i] = 1;
2619 }
2620 }
2621}
2622
2623static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2624{
2625 VncState *vs;
2626 int sty = y / VNC_STAT_RECT;
2627 int stx = x / VNC_STAT_RECT;
2628 int has_dirty = 0;
2629
2630 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2631 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2632
2633 QTAILQ_FOREACH(vs, &vd->clients, next) {
2634 int j;
2635
2636
2637 if (vs->output.offset) {
2638 continue;
2639 }
2640
2641 if (!vs->lossy_rect[sty][stx]) {
2642 continue;
2643 }
2644
2645 vs->lossy_rect[sty][stx] = 0;
2646 for (j = 0; j < VNC_STAT_RECT; ++j) {
2647 bitmap_set(vs->dirty[y + j],
2648 x / VNC_DIRTY_PIXELS_PER_BIT,
2649 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2650 }
2651 has_dirty++;
2652 }
2653
2654 return has_dirty;
2655}
2656
2657static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2658{
2659 int width = MIN(pixman_image_get_width(vd->guest.fb),
2660 pixman_image_get_width(vd->server));
2661 int height = MIN(pixman_image_get_height(vd->guest.fb),
2662 pixman_image_get_height(vd->server));
2663 int x, y;
2664 struct timeval res;
2665 int has_dirty = 0;
2666
2667 for (y = 0; y < height; y += VNC_STAT_RECT) {
2668 for (x = 0; x < width; x += VNC_STAT_RECT) {
2669 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2670
2671 rect->updated = false;
2672 }
2673 }
2674
2675 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2676
2677 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2678 return has_dirty;
2679 }
2680 vd->guest.last_freq_check = *tv;
2681
2682 for (y = 0; y < height; y += VNC_STAT_RECT) {
2683 for (x = 0; x < width; x += VNC_STAT_RECT) {
2684 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2685 int count = ARRAY_SIZE(rect->times);
2686 struct timeval min, max;
2687
2688 if (!timerisset(&rect->times[count - 1])) {
2689 continue ;
2690 }
2691
2692 max = rect->times[(rect->idx + count - 1) % count];
2693 qemu_timersub(tv, &max, &res);
2694
2695 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2696 rect->freq = 0;
2697 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2698 memset(rect->times, 0, sizeof (rect->times));
2699 continue ;
2700 }
2701
2702 min = rect->times[rect->idx];
2703 max = rect->times[(rect->idx + count - 1) % count];
2704 qemu_timersub(&max, &min, &res);
2705
2706 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2707 rect->freq /= count;
2708 rect->freq = 1. / rect->freq;
2709 }
2710 }
2711 return has_dirty;
2712}
2713
2714double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2715{
2716 int i, j;
2717 double total = 0;
2718 int num = 0;
2719
2720 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2721 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2722
2723 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2724 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2725 total += vnc_stat_rect(vs->vd, i, j)->freq;
2726 num++;
2727 }
2728 }
2729
2730 if (num) {
2731 return total / num;
2732 } else {
2733 return 0;
2734 }
2735}
2736
2737static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2738{
2739 VncRectStat *rect;
2740
2741 rect = vnc_stat_rect(vd, x, y);
2742 if (rect->updated) {
2743 return ;
2744 }
2745 rect->times[rect->idx] = *tv;
2746 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2747 rect->updated = true;
2748}
2749
2750static int vnc_refresh_server_surface(VncDisplay *vd)
2751{
2752 int width = MIN(pixman_image_get_width(vd->guest.fb),
2753 pixman_image_get_width(vd->server));
2754 int height = MIN(pixman_image_get_height(vd->guest.fb),
2755 pixman_image_get_height(vd->server));
2756 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2757 uint8_t *guest_row0 = NULL, *server_row0;
2758 VncState *vs;
2759 int has_dirty = 0;
2760 pixman_image_t *tmpbuf = NULL;
2761
2762 struct timeval tv = { 0, 0 };
2763
2764 if (!vd->non_adaptive) {
2765 gettimeofday(&tv, NULL);
2766 has_dirty = vnc_update_stats(vd, &tv);
2767 }
2768
2769
2770
2771
2772
2773
2774 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2775 server_stride = guest_stride = guest_ll =
2776 pixman_image_get_stride(vd->server);
2777 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2778 server_stride);
2779 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2780 int width = pixman_image_get_width(vd->server);
2781 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2782 } else {
2783 int guest_bpp =
2784 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2785 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2786 guest_stride = pixman_image_get_stride(vd->guest.fb);
2787 guest_ll = pixman_image_get_width(vd->guest.fb) * (DIV_ROUND_UP(guest_bpp, 8));
2788 }
2789 line_bytes = MIN(server_stride, guest_ll);
2790
2791 for (;;) {
2792 int x;
2793 uint8_t *guest_ptr, *server_ptr;
2794 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2795 height * VNC_DIRTY_BPL(&vd->guest),
2796 y * VNC_DIRTY_BPL(&vd->guest));
2797 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2798
2799 break;
2800 }
2801 y = offset / VNC_DIRTY_BPL(&vd->guest);
2802 x = offset % VNC_DIRTY_BPL(&vd->guest);
2803
2804 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2805
2806 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2807 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2808 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2809 } else {
2810 guest_ptr = guest_row0 + y * guest_stride;
2811 }
2812 guest_ptr += x * cmp_bytes;
2813
2814 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2815 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2816 int _cmp_bytes = cmp_bytes;
2817 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2818 continue;
2819 }
2820 if ((x + 1) * cmp_bytes > line_bytes) {
2821 _cmp_bytes = line_bytes - x * cmp_bytes;
2822 }
2823 assert(_cmp_bytes >= 0);
2824 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2825 continue;
2826 }
2827 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2828 if (!vd->non_adaptive) {
2829 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2830 y, &tv);
2831 }
2832 QTAILQ_FOREACH(vs, &vd->clients, next) {
2833 set_bit(x, vs->dirty[y]);
2834 }
2835 has_dirty++;
2836 }
2837
2838 y++;
2839 }
2840 qemu_pixman_image_unref(tmpbuf);
2841 return has_dirty;
2842}
2843
2844static void vnc_refresh(DisplayChangeListener *dcl)
2845{
2846 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2847 VncState *vs, *vn;
2848 int has_dirty, rects = 0;
2849
2850 if (QTAILQ_EMPTY(&vd->clients)) {
2851 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2852 return;
2853 }
2854
2855 graphic_hw_update(vd->dcl.con);
2856
2857 if (vnc_trylock_display(vd)) {
2858 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2859 return;
2860 }
2861
2862 has_dirty = vnc_refresh_server_surface(vd);
2863 vnc_unlock_display(vd);
2864
2865 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2866 rects += vnc_update_client(vs, has_dirty, false);
2867
2868 }
2869
2870 if (has_dirty && rects) {
2871 vd->dcl.update_interval /= 2;
2872 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2873 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2874 }
2875 } else {
2876 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2877 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2878 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2879 }
2880 }
2881}
2882
2883static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2884 bool skipauth, bool websocket)
2885{
2886 VncState *vs = g_new0(VncState, 1);
2887 bool first_client = QTAILQ_EMPTY(&vd->clients);
2888 int i;
2889
2890 trace_vnc_client_connect(vs, sioc);
2891 vs->sioc = sioc;
2892 object_ref(OBJECT(vs->sioc));
2893 vs->ioc = QIO_CHANNEL(sioc);
2894 object_ref(OBJECT(vs->ioc));
2895 vs->vd = vd;
2896
2897 buffer_init(&vs->input, "vnc-input/%p", sioc);
2898 buffer_init(&vs->output, "vnc-output/%p", sioc);
2899 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2900
2901 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2902 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2903 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2904#ifdef CONFIG_VNC_JPEG
2905 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2906#endif
2907#ifdef CONFIG_VNC_PNG
2908 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2909#endif
2910 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2911 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
2912 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
2913 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
2914
2915 if (skipauth) {
2916 vs->auth = VNC_AUTH_NONE;
2917 vs->subauth = VNC_AUTH_INVALID;
2918 } else {
2919 if (websocket) {
2920 vs->auth = vd->ws_auth;
2921 vs->subauth = VNC_AUTH_INVALID;
2922 } else {
2923 vs->auth = vd->auth;
2924 vs->subauth = vd->subauth;
2925 }
2926 }
2927 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
2928 sioc, websocket, vs->auth, vs->subauth);
2929
2930 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2931 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2932 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
2933 }
2934
2935 VNC_DEBUG("New client on socket %p\n", vs->sioc);
2936 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2937 qio_channel_set_blocking(vs->ioc, false, NULL);
2938 if (vs->ioc_tag) {
2939 g_source_remove(vs->ioc_tag);
2940 }
2941 if (websocket) {
2942 vs->websocket = 1;
2943 if (vd->tlscreds) {
2944 vs->ioc_tag = qio_channel_add_watch(
2945 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
2946 } else {
2947 vs->ioc_tag = qio_channel_add_watch(
2948 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
2949 }
2950 } else {
2951 vs->ioc_tag = qio_channel_add_watch(
2952 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
2953 }
2954
2955 vnc_client_cache_addr(vs);
2956 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
2957 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2958
2959 vs->last_x = -1;
2960 vs->last_y = -1;
2961
2962 vs->as.freq = 44100;
2963 vs->as.nchannels = 2;
2964 vs->as.fmt = AUD_FMT_S16;
2965 vs->as.endianness = 0;
2966
2967 qemu_mutex_init(&vs->output_mutex);
2968 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2969
2970 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
2971 if (first_client) {
2972 vnc_update_server_surface(vd);
2973 }
2974
2975 graphic_hw_update(vd->dcl.con);
2976
2977 if (!vs->websocket) {
2978 vnc_start_protocol(vs);
2979 }
2980
2981 if (vd->num_connecting > vd->connections_limit) {
2982 QTAILQ_FOREACH(vs, &vd->clients, next) {
2983 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
2984 vnc_disconnect_start(vs);
2985 return;
2986 }
2987 }
2988 }
2989}
2990
2991void vnc_start_protocol(VncState *vs)
2992{
2993 vnc_write(vs, "RFB 003.008\n", 12);
2994 vnc_flush(vs);
2995 vnc_read_when(vs, protocol_version, 12);
2996
2997 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2998 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2999}
3000
3001static gboolean vnc_listen_io(QIOChannel *ioc,
3002 GIOCondition condition,
3003 void *opaque)
3004{
3005 VncDisplay *vd = opaque;
3006 QIOChannelSocket *sioc = NULL;
3007 Error *err = NULL;
3008 bool isWebsock = false;
3009 size_t i;
3010
3011 for (i = 0; i < vd->nlwebsock; i++) {
3012 if (ioc == QIO_CHANNEL(vd->lwebsock[i])) {
3013 isWebsock = true;
3014 break;
3015 }
3016 }
3017
3018 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3019 if (sioc != NULL) {
3020 qio_channel_set_name(QIO_CHANNEL(sioc),
3021 isWebsock ? "vnc-ws-server" : "vnc-server");
3022 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3023 vnc_connect(vd, sioc, false, isWebsock);
3024 object_unref(OBJECT(sioc));
3025 } else {
3026
3027 error_free(err);
3028 }
3029
3030 return TRUE;
3031}
3032
3033static const DisplayChangeListenerOps dcl_ops = {
3034 .dpy_name = "vnc",
3035 .dpy_refresh = vnc_refresh,
3036 .dpy_gfx_update = vnc_dpy_update,
3037 .dpy_gfx_switch = vnc_dpy_switch,
3038 .dpy_gfx_check_format = qemu_pixman_check_format,
3039 .dpy_mouse_set = vnc_mouse_set,
3040 .dpy_cursor_define = vnc_dpy_cursor_define,
3041};
3042
3043void vnc_display_init(const char *id)
3044{
3045 VncDisplay *vd;
3046
3047 if (vnc_display_find(id) != NULL) {
3048 return;
3049 }
3050 vd = g_malloc0(sizeof(*vd));
3051
3052 vd->id = strdup(id);
3053 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3054
3055 QTAILQ_INIT(&vd->clients);
3056 vd->expires = TIME_MAX;
3057
3058 if (keyboard_layout) {
3059 trace_vnc_key_map_init(keyboard_layout);
3060 vd->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3061 } else {
3062 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3063 }
3064
3065 if (!vd->kbd_layout) {
3066 exit(1);
3067 }
3068
3069 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3070 vd->connections_limit = 32;
3071
3072 qemu_mutex_init(&vd->mutex);
3073 vnc_start_worker_thread();
3074
3075 vd->dcl.ops = &dcl_ops;
3076 register_displaychangelistener(&vd->dcl);
3077}
3078
3079
3080static void vnc_display_close(VncDisplay *vd)
3081{
3082 size_t i;
3083 if (!vd) {
3084 return;
3085 }
3086 vd->is_unix = false;
3087 for (i = 0; i < vd->nlsock; i++) {
3088 if (vd->lsock_tag[i]) {
3089 g_source_remove(vd->lsock_tag[i]);
3090 }
3091 object_unref(OBJECT(vd->lsock[i]));
3092 }
3093 g_free(vd->lsock);
3094 g_free(vd->lsock_tag);
3095 vd->lsock = NULL;
3096 vd->lsock_tag = NULL;
3097 vd->nlsock = 0;
3098
3099 for (i = 0; i < vd->nlwebsock; i++) {
3100 if (vd->lwebsock_tag[i]) {
3101 g_source_remove(vd->lwebsock_tag[i]);
3102 }
3103 object_unref(OBJECT(vd->lwebsock[i]));
3104 }
3105 g_free(vd->lwebsock);
3106 g_free(vd->lwebsock_tag);
3107 vd->lwebsock = NULL;
3108 vd->lwebsock_tag = NULL;
3109 vd->nlwebsock = 0;
3110
3111 vd->auth = VNC_AUTH_INVALID;
3112 vd->subauth = VNC_AUTH_INVALID;
3113 if (vd->tlscreds) {
3114 object_unparent(OBJECT(vd->tlscreds));
3115 vd->tlscreds = NULL;
3116 }
3117 g_free(vd->tlsaclname);
3118 vd->tlsaclname = NULL;
3119 if (vd->lock_key_sync) {
3120 qemu_remove_led_event_handler(vd->led);
3121 vd->led = NULL;
3122 }
3123}
3124
3125int vnc_display_password(const char *id, const char *password)
3126{
3127 VncDisplay *vd = vnc_display_find(id);
3128
3129 if (!vd) {
3130 return -EINVAL;
3131 }
3132 if (vd->auth == VNC_AUTH_NONE) {
3133 error_printf_unless_qmp("If you want use passwords please enable "
3134 "password auth using '-vnc ${dpy},password'.\n");
3135 return -EINVAL;
3136 }
3137
3138 g_free(vd->password);
3139 vd->password = g_strdup(password);
3140
3141 return 0;
3142}
3143
3144int vnc_display_pw_expire(const char *id, time_t expires)
3145{
3146 VncDisplay *vd = vnc_display_find(id);
3147
3148 if (!vd) {
3149 return -EINVAL;
3150 }
3151
3152 vd->expires = expires;
3153 return 0;
3154}
3155
3156static void vnc_display_print_local_addr(VncDisplay *vd)
3157{
3158 SocketAddress *addr;
3159 Error *err = NULL;
3160
3161 if (!vd->nlsock) {
3162 return;
3163 }
3164
3165 addr = qio_channel_socket_get_local_address(vd->lsock[0], &err);
3166 if (!addr) {
3167 return;
3168 }
3169
3170 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3171 qapi_free_SocketAddress(addr);
3172 return;
3173 }
3174 error_printf_unless_qmp("VNC server running on %s:%s\n",
3175 addr->u.inet.host,
3176 addr->u.inet.port);
3177 qapi_free_SocketAddress(addr);
3178}
3179
3180static QemuOptsList qemu_vnc_opts = {
3181 .name = "vnc",
3182 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3183 .implied_opt_name = "vnc",
3184 .desc = {
3185 {
3186 .name = "vnc",
3187 .type = QEMU_OPT_STRING,
3188 },{
3189 .name = "websocket",
3190 .type = QEMU_OPT_STRING,
3191 },{
3192 .name = "tls-creds",
3193 .type = QEMU_OPT_STRING,
3194 },{
3195
3196 .name = "x509",
3197 .type = QEMU_OPT_STRING,
3198 },{
3199 .name = "share",
3200 .type = QEMU_OPT_STRING,
3201 },{
3202 .name = "display",
3203 .type = QEMU_OPT_STRING,
3204 },{
3205 .name = "head",
3206 .type = QEMU_OPT_NUMBER,
3207 },{
3208 .name = "connections",
3209 .type = QEMU_OPT_NUMBER,
3210 },{
3211 .name = "to",
3212 .type = QEMU_OPT_NUMBER,
3213 },{
3214 .name = "ipv4",
3215 .type = QEMU_OPT_BOOL,
3216 },{
3217 .name = "ipv6",
3218 .type = QEMU_OPT_BOOL,
3219 },{
3220 .name = "password",
3221 .type = QEMU_OPT_BOOL,
3222 },{
3223 .name = "reverse",
3224 .type = QEMU_OPT_BOOL,
3225 },{
3226 .name = "lock-key-sync",
3227 .type = QEMU_OPT_BOOL,
3228 },{
3229 .name = "key-delay-ms",
3230 .type = QEMU_OPT_NUMBER,
3231 },{
3232 .name = "sasl",
3233 .type = QEMU_OPT_BOOL,
3234 },{
3235
3236 .name = "tls",
3237 .type = QEMU_OPT_BOOL,
3238 },{
3239
3240 .name = "x509verify",
3241 .type = QEMU_OPT_STRING,
3242 },{
3243 .name = "acl",
3244 .type = QEMU_OPT_BOOL,
3245 },{
3246 .name = "lossy",
3247 .type = QEMU_OPT_BOOL,
3248 },{
3249 .name = "non-adaptive",
3250 .type = QEMU_OPT_BOOL,
3251 },
3252 { }
3253 },
3254};
3255
3256
3257static int
3258vnc_display_setup_auth(int *auth,
3259 int *subauth,
3260 QCryptoTLSCreds *tlscreds,
3261 bool password,
3262 bool sasl,
3263 bool websocket,
3264 Error **errp)
3265{
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313 if (websocket || !tlscreds) {
3314 if (password) {
3315 VNC_DEBUG("Initializing VNC server with password auth\n");
3316 *auth = VNC_AUTH_VNC;
3317 } else if (sasl) {
3318 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3319 *auth = VNC_AUTH_SASL;
3320 } else {
3321 VNC_DEBUG("Initializing VNC server with no auth\n");
3322 *auth = VNC_AUTH_NONE;
3323 }
3324 *subauth = VNC_AUTH_INVALID;
3325 } else {
3326 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3327 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3328 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3329 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3330
3331 if (!is_x509 && !is_anon) {
3332 error_setg(errp,
3333 "Unsupported TLS cred type %s",
3334 object_get_typename(OBJECT(tlscreds)));
3335 return -1;
3336 }
3337 *auth = VNC_AUTH_VENCRYPT;
3338 if (password) {
3339 if (is_x509) {
3340 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3341 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3342 } else {
3343 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3344 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3345 }
3346
3347 } else if (sasl) {
3348 if (is_x509) {
3349 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3350 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3351 } else {
3352 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3353 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3354 }
3355 } else {
3356 if (is_x509) {
3357 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3358 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3359 } else {
3360 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3361 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3362 }
3363 }
3364 }
3365 return 0;
3366}
3367
3368
3369
3370
3371
3372
3373static QCryptoTLSCreds *
3374vnc_display_create_creds(bool x509,
3375 bool x509verify,
3376 const char *dir,
3377 const char *id,
3378 Error **errp)
3379{
3380 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3381 Object *parent = object_get_objects_root();
3382 Object *creds;
3383 Error *err = NULL;
3384
3385 if (x509) {
3386 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3387 parent,
3388 credsid,
3389 &err,
3390 "endpoint", "server",
3391 "dir", dir,
3392 "verify-peer", x509verify ? "yes" : "no",
3393 NULL);
3394 } else {
3395 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3396 parent,
3397 credsid,
3398 &err,
3399 "endpoint", "server",
3400 NULL);
3401 }
3402
3403 g_free(credsid);
3404
3405 if (err) {
3406 error_propagate(errp, err);
3407 return NULL;
3408 }
3409
3410 return QCRYPTO_TLS_CREDS(creds);
3411}
3412
3413
3414static int vnc_display_get_address(const char *addrstr,
3415 bool websocket,
3416 bool reverse,
3417 int displaynum,
3418 int to,
3419 bool has_ipv4,
3420 bool has_ipv6,
3421 bool ipv4,
3422 bool ipv6,
3423 SocketAddress **retaddr,
3424 Error **errp)
3425{
3426 int ret = -1;
3427 SocketAddress *addr = NULL;
3428
3429 addr = g_new0(SocketAddress, 1);
3430
3431 if (strncmp(addrstr, "unix:", 5) == 0) {
3432 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3433 addr->u.q_unix.path = g_strdup(addrstr + 5);
3434
3435 if (websocket) {
3436 error_setg(errp, "UNIX sockets not supported with websock");
3437 goto cleanup;
3438 }
3439
3440 if (to) {
3441 error_setg(errp, "Port range not support with UNIX socket");
3442 goto cleanup;
3443 }
3444 ret = 0;
3445 } else {
3446 const char *port;
3447 size_t hostlen;
3448 unsigned long long baseport = 0;
3449 InetSocketAddress *inet;
3450
3451 port = strrchr(addrstr, ':');
3452 if (!port) {
3453 if (websocket) {
3454 hostlen = 0;
3455 port = addrstr;
3456 } else {
3457 error_setg(errp, "no vnc port specified");
3458 goto cleanup;
3459 }
3460 } else {
3461 hostlen = port - addrstr;
3462 port++;
3463 if (*port == '\0') {
3464 error_setg(errp, "vnc port cannot be empty");
3465 goto cleanup;
3466 }
3467 }
3468
3469 addr->type = SOCKET_ADDRESS_TYPE_INET;
3470 inet = &addr->u.inet;
3471 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3472 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3473 } else {
3474 inet->host = g_strndup(addrstr, hostlen);
3475 }
3476
3477
3478 if (websocket) {
3479 if (g_str_equal(addrstr, "") ||
3480 g_str_equal(addrstr, "on")) {
3481 if (displaynum == -1) {
3482 error_setg(errp, "explicit websocket port is required");
3483 goto cleanup;
3484 }
3485 inet->port = g_strdup_printf(
3486 "%d", displaynum + 5700);
3487 if (to) {
3488 inet->has_to = true;
3489 inet->to = to + 5700;
3490 }
3491 } else {
3492 inet->port = g_strdup(port);
3493 }
3494 } else {
3495 int offset = reverse ? 0 : 5900;
3496 if (parse_uint_full(port, &baseport, 10) < 0) {
3497 error_setg(errp, "can't convert to a number: %s", port);
3498 goto cleanup;
3499 }
3500 if (baseport > 65535 ||
3501 baseport + offset > 65535) {
3502 error_setg(errp, "port %s out of range", port);
3503 goto cleanup;
3504 }
3505 inet->port = g_strdup_printf(
3506 "%d", (int)baseport + offset);
3507
3508 if (to) {
3509 inet->has_to = true;
3510 inet->to = to + offset;
3511 }
3512 }
3513
3514 inet->ipv4 = ipv4;
3515 inet->has_ipv4 = has_ipv4;
3516 inet->ipv6 = ipv6;
3517 inet->has_ipv6 = has_ipv6;
3518
3519 ret = baseport;
3520 }
3521
3522 *retaddr = addr;
3523
3524 cleanup:
3525 if (ret < 0) {
3526 qapi_free_SocketAddress(addr);
3527 }
3528 return ret;
3529}
3530
3531static void vnc_free_addresses(SocketAddress ***retsaddr,
3532 size_t *retnsaddr)
3533{
3534 size_t i;
3535
3536 for (i = 0; i < *retnsaddr; i++) {
3537 qapi_free_SocketAddress((*retsaddr)[i]);
3538 }
3539 g_free(*retsaddr);
3540
3541 *retsaddr = NULL;
3542 *retnsaddr = 0;
3543}
3544
3545static int vnc_display_get_addresses(QemuOpts *opts,
3546 bool reverse,
3547 SocketAddress ***retsaddr,
3548 size_t *retnsaddr,
3549 SocketAddress ***retwsaddr,
3550 size_t *retnwsaddr,
3551 Error **errp)
3552{
3553 SocketAddress *saddr = NULL;
3554 SocketAddress *wsaddr = NULL;
3555 QemuOptsIter addriter;
3556 const char *addr;
3557 int to = qemu_opt_get_number(opts, "to", 0);
3558 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3559 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3560 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3561 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3562 int displaynum = -1;
3563 int ret = -1;
3564
3565 *retsaddr = NULL;
3566 *retnsaddr = 0;
3567 *retwsaddr = NULL;
3568 *retnwsaddr = 0;
3569
3570 addr = qemu_opt_get(opts, "vnc");
3571 if (addr == NULL || g_str_equal(addr, "none")) {
3572 ret = 0;
3573 goto cleanup;
3574 }
3575 if (qemu_opt_get(opts, "websocket") &&
3576 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3577 error_setg(errp,
3578 "SHA1 hash support is required for websockets");
3579 goto cleanup;
3580 }
3581
3582 qemu_opt_iter_init(&addriter, opts, "vnc");
3583 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3584 int rv;
3585 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3586 has_ipv4, has_ipv6,
3587 ipv4, ipv6,
3588 &saddr, errp);
3589 if (rv < 0) {
3590 goto cleanup;
3591 }
3592
3593
3594
3595 if (displaynum == -1) {
3596 displaynum = rv;
3597 }
3598 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3599 (*retsaddr)[(*retnsaddr)++] = saddr;
3600 }
3601
3602
3603
3604 if (*retnsaddr > 1) {
3605 displaynum = -1;
3606 }
3607
3608 qemu_opt_iter_init(&addriter, opts, "websocket");
3609 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3610 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3611 has_ipv4, has_ipv6,
3612 ipv4, ipv6,
3613 &wsaddr, errp) < 0) {
3614 goto cleanup;
3615 }
3616
3617
3618
3619
3620
3621 if (*retnsaddr == 1 &&
3622 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3623 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3624 g_str_equal(wsaddr->u.inet.host, "") &&
3625 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3626 g_free(wsaddr->u.inet.host);
3627 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3628 }
3629
3630 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3631 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3632 }
3633
3634 ret = 0;
3635 cleanup:
3636 if (ret < 0) {
3637 vnc_free_addresses(retsaddr, retnsaddr);
3638 vnc_free_addresses(retwsaddr, retnwsaddr);
3639 }
3640 return ret;
3641}
3642
3643static int vnc_display_connect(VncDisplay *vd,
3644 SocketAddress **saddr,
3645 size_t nsaddr,
3646 SocketAddress **wsaddr,
3647 size_t nwsaddr,
3648 Error **errp)
3649{
3650
3651 QIOChannelSocket *sioc = NULL;
3652 if (nwsaddr != 0) {
3653 error_setg(errp, "Cannot use websockets in reverse mode");
3654 return -1;
3655 }
3656 if (nsaddr != 1) {
3657 error_setg(errp, "Expected a single address in reverse mode");
3658 return -1;
3659 }
3660
3661 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3662 sioc = qio_channel_socket_new();
3663 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3664 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3665 return -1;
3666 }
3667 vnc_connect(vd, sioc, false, false);
3668 object_unref(OBJECT(sioc));
3669 return 0;
3670}
3671
3672
3673static int vnc_display_listen_addr(VncDisplay *vd,
3674 SocketAddress *addr,
3675 const char *name,
3676 QIOChannelSocket ***lsock,
3677 guint **lsock_tag,
3678 size_t *nlsock,
3679 Error **errp)
3680{
3681 QIODNSResolver *resolver = qio_dns_resolver_get_instance();
3682 SocketAddress **rawaddrs = NULL;
3683 size_t nrawaddrs = 0;
3684 Error *listenerr = NULL;
3685 bool listening = false;
3686 size_t i;
3687
3688 if (qio_dns_resolver_lookup_sync(resolver, addr, &nrawaddrs,
3689 &rawaddrs, errp) < 0) {
3690 return -1;
3691 }
3692
3693 for (i = 0; i < nrawaddrs; i++) {
3694 QIOChannelSocket *sioc = qio_channel_socket_new();
3695
3696 qio_channel_set_name(QIO_CHANNEL(sioc), name);
3697 if (qio_channel_socket_listen_sync(
3698 sioc, rawaddrs[i], listenerr == NULL ? &listenerr : NULL) < 0) {
3699 object_unref(OBJECT(sioc));
3700 continue;
3701 }
3702 listening = true;
3703 (*nlsock)++;
3704 *lsock = g_renew(QIOChannelSocket *, *lsock, *nlsock);
3705 *lsock_tag = g_renew(guint, *lsock_tag, *nlsock);
3706
3707 (*lsock)[*nlsock - 1] = sioc;
3708 (*lsock_tag)[*nlsock - 1] = 0;
3709 }
3710
3711 for (i = 0; i < nrawaddrs; i++) {
3712 qapi_free_SocketAddress(rawaddrs[i]);
3713 }
3714 g_free(rawaddrs);
3715
3716 if (listenerr) {
3717 if (!listening) {
3718 error_propagate(errp, listenerr);
3719 return -1;
3720 } else {
3721 error_free(listenerr);
3722 }
3723 }
3724
3725 for (i = 0; i < *nlsock; i++) {
3726 (*lsock_tag)[i] = qio_channel_add_watch(
3727 QIO_CHANNEL((*lsock)[i]),
3728 G_IO_IN, vnc_listen_io, vd, NULL);
3729 }
3730
3731 return 0;
3732}
3733
3734
3735static int vnc_display_listen(VncDisplay *vd,
3736 SocketAddress **saddr,
3737 size_t nsaddr,
3738 SocketAddress **wsaddr,
3739 size_t nwsaddr,
3740 Error **errp)
3741{
3742 size_t i;
3743
3744 for (i = 0; i < nsaddr; i++) {
3745 if (vnc_display_listen_addr(vd, saddr[i],
3746 "vnc-listen",
3747 &vd->lsock,
3748 &vd->lsock_tag,
3749 &vd->nlsock,
3750 errp) < 0) {
3751 return -1;
3752 }
3753 }
3754 for (i = 0; i < nwsaddr; i++) {
3755 if (vnc_display_listen_addr(vd, wsaddr[i],
3756 "vnc-ws-listen",
3757 &vd->lwebsock,
3758 &vd->lwebsock_tag,
3759 &vd->nlwebsock,
3760 errp) < 0) {
3761 return -1;
3762 }
3763 }
3764
3765 return 0;
3766}
3767
3768
3769void vnc_display_open(const char *id, Error **errp)
3770{
3771 VncDisplay *vd = vnc_display_find(id);
3772 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3773 SocketAddress **saddr = NULL, **wsaddr = NULL;
3774 size_t nsaddr, nwsaddr;
3775 const char *share, *device_id;
3776 QemuConsole *con;
3777 bool password = false;
3778 bool reverse = false;
3779 const char *credid;
3780 bool sasl = false;
3781#ifdef CONFIG_VNC_SASL
3782 int saslErr;
3783#endif
3784 int acl = 0;
3785 int lock_key_sync = 1;
3786 int key_delay_ms;
3787
3788 if (!vd) {
3789 error_setg(errp, "VNC display not active");
3790 return;
3791 }
3792 vnc_display_close(vd);
3793
3794 if (!opts) {
3795 return;
3796 }
3797
3798 reverse = qemu_opt_get_bool(opts, "reverse", false);
3799 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3800 &wsaddr, &nwsaddr, errp) < 0) {
3801 goto fail;
3802 }
3803
3804 password = qemu_opt_get_bool(opts, "password", false);
3805 if (password) {
3806 if (fips_get_state()) {
3807 error_setg(errp,
3808 "VNC password auth disabled due to FIPS mode, "
3809 "consider using the VeNCrypt or SASL authentication "
3810 "methods as an alternative");
3811 goto fail;
3812 }
3813 if (!qcrypto_cipher_supports(
3814 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3815 error_setg(errp,
3816 "Cipher backend does not support DES RFB algorithm");
3817 goto fail;
3818 }
3819 }
3820
3821 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3822 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3823 sasl = qemu_opt_get_bool(opts, "sasl", false);
3824#ifndef CONFIG_VNC_SASL
3825 if (sasl) {
3826 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3827 goto fail;
3828 }
3829#endif
3830 credid = qemu_opt_get(opts, "tls-creds");
3831 if (credid) {
3832 Object *creds;
3833 if (qemu_opt_get(opts, "tls") ||
3834 qemu_opt_get(opts, "x509") ||
3835 qemu_opt_get(opts, "x509verify")) {
3836 error_setg(errp,
3837 "'tls-creds' parameter is mutually exclusive with "
3838 "'tls', 'x509' and 'x509verify' parameters");
3839 goto fail;
3840 }
3841
3842 creds = object_resolve_path_component(
3843 object_get_objects_root(), credid);
3844 if (!creds) {
3845 error_setg(errp, "No TLS credentials with id '%s'",
3846 credid);
3847 goto fail;
3848 }
3849 vd->tlscreds = (QCryptoTLSCreds *)
3850 object_dynamic_cast(creds,
3851 TYPE_QCRYPTO_TLS_CREDS);
3852 if (!vd->tlscreds) {
3853 error_setg(errp, "Object with id '%s' is not TLS credentials",
3854 credid);
3855 goto fail;
3856 }
3857 object_ref(OBJECT(vd->tlscreds));
3858
3859 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3860 error_setg(errp,
3861 "Expecting TLS credentials with a server endpoint");
3862 goto fail;
3863 }
3864 } else {
3865 const char *path;
3866 bool tls = false, x509 = false, x509verify = false;
3867 tls = qemu_opt_get_bool(opts, "tls", false);
3868 if (tls) {
3869 path = qemu_opt_get(opts, "x509");
3870
3871 if (path) {
3872 x509 = true;
3873 } else {
3874 path = qemu_opt_get(opts, "x509verify");
3875 if (path) {
3876 x509 = true;
3877 x509verify = true;
3878 }
3879 }
3880 vd->tlscreds = vnc_display_create_creds(x509,
3881 x509verify,
3882 path,
3883 vd->id,
3884 errp);
3885 if (!vd->tlscreds) {
3886 goto fail;
3887 }
3888 }
3889 }
3890 acl = qemu_opt_get_bool(opts, "acl", false);
3891
3892 share = qemu_opt_get(opts, "share");
3893 if (share) {
3894 if (strcmp(share, "ignore") == 0) {
3895 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3896 } else if (strcmp(share, "allow-exclusive") == 0) {
3897 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3898 } else if (strcmp(share, "force-shared") == 0) {
3899 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3900 } else {
3901 error_setg(errp, "unknown vnc share= option");
3902 goto fail;
3903 }
3904 } else {
3905 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3906 }
3907 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3908
3909#ifdef CONFIG_VNC_JPEG
3910 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3911#endif
3912 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3913
3914
3915
3916 if (!vd->lossy) {
3917 vd->non_adaptive = true;
3918 }
3919
3920 if (acl) {
3921 if (strcmp(vd->id, "default") == 0) {
3922 vd->tlsaclname = g_strdup("vnc.x509dname");
3923 } else {
3924 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id);
3925 }
3926 qemu_acl_init(vd->tlsaclname);
3927 }
3928#ifdef CONFIG_VNC_SASL
3929 if (acl && sasl) {
3930 char *aclname;
3931
3932 if (strcmp(vd->id, "default") == 0) {
3933 aclname = g_strdup("vnc.username");
3934 } else {
3935 aclname = g_strdup_printf("vnc.%s.username", vd->id);
3936 }
3937 vd->sasl.acl = qemu_acl_init(aclname);
3938 g_free(aclname);
3939 }
3940#endif
3941
3942 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
3943 vd->tlscreds, password,
3944 sasl, false, errp) < 0) {
3945 goto fail;
3946 }
3947 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
3948
3949 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
3950 vd->tlscreds, password,
3951 sasl, true, errp) < 0) {
3952 goto fail;
3953 }
3954 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
3955
3956#ifdef CONFIG_VNC_SASL
3957 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3958 error_setg(errp, "Failed to initialize SASL auth: %s",
3959 sasl_errstring(saslErr, NULL, NULL));
3960 goto fail;
3961 }
3962#endif
3963 vd->lock_key_sync = lock_key_sync;
3964 if (lock_key_sync) {
3965 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
3966 }
3967 vd->ledstate = 0;
3968 vd->key_delay_ms = key_delay_ms;
3969
3970 device_id = qemu_opt_get(opts, "display");
3971 if (device_id) {
3972 int head = qemu_opt_get_number(opts, "head", 0);
3973 Error *err = NULL;
3974
3975 con = qemu_console_lookup_by_device_name(device_id, head, &err);
3976 if (err) {
3977 error_propagate(errp, err);
3978 goto fail;
3979 }
3980 } else {
3981 con = NULL;
3982 }
3983
3984 if (con != vd->dcl.con) {
3985 unregister_displaychangelistener(&vd->dcl);
3986 vd->dcl.con = con;
3987 register_displaychangelistener(&vd->dcl);
3988 }
3989
3990 if (saddr == NULL) {
3991 goto cleanup;
3992 }
3993
3994 if (reverse) {
3995 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
3996 goto fail;
3997 }
3998 } else {
3999 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4000 goto fail;
4001 }
4002 }
4003
4004 if (qemu_opt_get(opts, "to")) {
4005 vnc_display_print_local_addr(vd);
4006 }
4007
4008 cleanup:
4009 vnc_free_addresses(&saddr, &nsaddr);
4010 vnc_free_addresses(&wsaddr, &nwsaddr);
4011 return;
4012
4013fail:
4014 vnc_display_close(vd);
4015 goto cleanup;
4016}
4017
4018void vnc_display_add_client(const char *id, int csock, bool skipauth)
4019{
4020 VncDisplay *vd = vnc_display_find(id);
4021 QIOChannelSocket *sioc;
4022
4023 if (!vd) {
4024 return;
4025 }
4026
4027 sioc = qio_channel_socket_new_fd(csock, NULL);
4028 if (sioc) {
4029 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4030 vnc_connect(vd, sioc, skipauth, false);
4031 object_unref(OBJECT(sioc));
4032 }
4033}
4034
4035static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4036{
4037 int i = 2;
4038 char *id;
4039
4040 id = g_strdup("default");
4041 while (qemu_opts_find(olist, id)) {
4042 g_free(id);
4043 id = g_strdup_printf("vnc%d", i++);
4044 }
4045 qemu_opts_set_id(opts, id);
4046}
4047
4048QemuOpts *vnc_parse(const char *str, Error **errp)
4049{
4050 QemuOptsList *olist = qemu_find_opts("vnc");
4051 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4052 const char *id;
4053
4054 if (!opts) {
4055 return NULL;
4056 }
4057
4058 id = qemu_opts_id(opts);
4059 if (!id) {
4060
4061 vnc_auto_assign_id(olist, opts);
4062 }
4063 return opts;
4064}
4065
4066int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4067{
4068 Error *local_err = NULL;
4069 char *id = (char *)qemu_opts_id(opts);
4070
4071 assert(id);
4072 vnc_display_init(id);
4073 vnc_display_open(id, &local_err);
4074 if (local_err != NULL) {
4075 error_reportf_err(local_err, "Failed to start VNC server: ");
4076 exit(1);
4077 }
4078 return 0;
4079}
4080
4081static void vnc_register_config(void)
4082{
4083 qemu_add_opts(&qemu_vnc_opts);
4084}
4085opts_init(vnc_register_config);
4086
