1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "vnc.h"
29#include "vnc-jobs.h"
30#include "trace.h"
31#include "hw/qdev.h"
32#include "sysemu/sysemu.h"
33#include "qemu/error-report.h"
34#include "qemu/sockets.h"
35#include "qemu/timer.h"
36#include "qemu/acl.h"
37#include "qemu/config-file.h"
38#include "qapi/qmp/qerror.h"
39#include "qapi/qmp/types.h"
40#include "qmp-commands.h"
41#include "ui/input.h"
42#include "qapi-event.h"
43#include "crypto/hash.h"
44#include "crypto/tlscredsanon.h"
45#include "crypto/tlscredsx509.h"
46#include "qom/object_interfaces.h"
47#include "qemu/cutils.h"
48
49#define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50#define VNC_REFRESH_INTERVAL_INC 50
51#define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55#include "vnc_keysym.h"
56#include "crypto/cipher.h"
57
58static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61static int vnc_cursor_define(VncState *vs);
62static void vnc_release_modifiers(VncState *vs);
63
64static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
65{
66#ifdef _VNC_DEBUG
67 static const char *mn[] = {
68 [0] = "undefined",
69 [VNC_SHARE_MODE_CONNECTING] = "connecting",
70 [VNC_SHARE_MODE_SHARED] = "shared",
71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
73 };
74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
75 vs->ioc, mn[vs->share_mode], mn[mode]);
76#endif
77
78 switch (vs->share_mode) {
79 case VNC_SHARE_MODE_CONNECTING:
80 vs->vd->num_connecting--;
81 break;
82 case VNC_SHARE_MODE_SHARED:
83 vs->vd->num_shared--;
84 break;
85 case VNC_SHARE_MODE_EXCLUSIVE:
86 vs->vd->num_exclusive--;
87 break;
88 default:
89 break;
90 }
91
92 vs->share_mode = mode;
93
94 switch (vs->share_mode) {
95 case VNC_SHARE_MODE_CONNECTING:
96 vs->vd->num_connecting++;
97 break;
98 case VNC_SHARE_MODE_SHARED:
99 vs->vd->num_shared++;
100 break;
101 case VNC_SHARE_MODE_EXCLUSIVE:
102 vs->vd->num_exclusive++;
103 break;
104 default:
105 break;
106 }
107}
108
109
110static void vnc_init_basic_info(SocketAddress *addr,
111 VncBasicInfo *info,
112 Error **errp)
113{
114 switch (addr->type) {
115 case SOCKET_ADDRESS_KIND_INET:
116 info->host = g_strdup(addr->u.inet.data->host);
117 info->service = g_strdup(addr->u.inet.data->port);
118 if (addr->u.inet.data->ipv6) {
119 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
120 } else {
121 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
122 }
123 break;
124
125 case SOCKET_ADDRESS_KIND_UNIX:
126 info->host = g_strdup("");
127 info->service = g_strdup(addr->u.q_unix.data->path);
128 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
129 break;
130
131 default:
132 error_setg(errp, "Unsupported socket kind %d",
133 addr->type);
134 break;
135 }
136
137 return;
138}
139
140static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
141 VncBasicInfo *info,
142 Error **errp)
143{
144 SocketAddress *addr = NULL;
145
146 if (!ioc) {
147 error_setg(errp, "No listener socket available");
148 return;
149 }
150
151 addr = qio_channel_socket_get_local_address(ioc, errp);
152 if (!addr) {
153 return;
154 }
155
156 vnc_init_basic_info(addr, info, errp);
157 qapi_free_SocketAddress(addr);
158}
159
160static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
161 VncBasicInfo *info,
162 Error **errp)
163{
164 SocketAddress *addr = NULL;
165
166 addr = qio_channel_socket_get_remote_address(ioc, errp);
167 if (!addr) {
168 return;
169 }
170
171 vnc_init_basic_info(addr, info, errp);
172 qapi_free_SocketAddress(addr);
173}
174
175static const char *vnc_auth_name(VncDisplay *vd) {
176 switch (vd->auth) {
177 case VNC_AUTH_INVALID:
178 return "invalid";
179 case VNC_AUTH_NONE:
180 return "none";
181 case VNC_AUTH_VNC:
182 return "vnc";
183 case VNC_AUTH_RA2:
184 return "ra2";
185 case VNC_AUTH_RA2NE:
186 return "ra2ne";
187 case VNC_AUTH_TIGHT:
188 return "tight";
189 case VNC_AUTH_ULTRA:
190 return "ultra";
191 case VNC_AUTH_TLS:
192 return "tls";
193 case VNC_AUTH_VENCRYPT:
194 switch (vd->subauth) {
195 case VNC_AUTH_VENCRYPT_PLAIN:
196 return "vencrypt+plain";
197 case VNC_AUTH_VENCRYPT_TLSNONE:
198 return "vencrypt+tls+none";
199 case VNC_AUTH_VENCRYPT_TLSVNC:
200 return "vencrypt+tls+vnc";
201 case VNC_AUTH_VENCRYPT_TLSPLAIN:
202 return "vencrypt+tls+plain";
203 case VNC_AUTH_VENCRYPT_X509NONE:
204 return "vencrypt+x509+none";
205 case VNC_AUTH_VENCRYPT_X509VNC:
206 return "vencrypt+x509+vnc";
207 case VNC_AUTH_VENCRYPT_X509PLAIN:
208 return "vencrypt+x509+plain";
209 case VNC_AUTH_VENCRYPT_TLSSASL:
210 return "vencrypt+tls+sasl";
211 case VNC_AUTH_VENCRYPT_X509SASL:
212 return "vencrypt+x509+sasl";
213 default:
214 return "vencrypt";
215 }
216 case VNC_AUTH_SASL:
217 return "sasl";
218 }
219 return "unknown";
220}
221
222static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
223{
224 VncServerInfo *info;
225 Error *err = NULL;
226
227 info = g_malloc0(sizeof(*info));
228 vnc_init_basic_info_from_server_addr(vd->lsock,
229 qapi_VncServerInfo_base(info), &err);
230 info->has_auth = true;
231 info->auth = g_strdup(vnc_auth_name(vd));
232 if (err) {
233 qapi_free_VncServerInfo(info);
234 info = NULL;
235 error_free(err);
236 }
237 return info;
238}
239
240static void vnc_client_cache_auth(VncState *client)
241{
242 if (!client->info) {
243 return;
244 }
245
246 if (client->tls) {
247 client->info->x509_dname =
248 qcrypto_tls_session_get_peer_name(client->tls);
249 client->info->has_x509_dname =
250 client->info->x509_dname != NULL;
251 }
252#ifdef CONFIG_VNC_SASL
253 if (client->sasl.conn &&
254 client->sasl.username) {
255 client->info->has_sasl_username = true;
256 client->info->sasl_username = g_strdup(client->sasl.username);
257 }
258#endif
259}
260
261static void vnc_client_cache_addr(VncState *client)
262{
263 Error *err = NULL;
264
265 client->info = g_malloc0(sizeof(*client->info));
266 vnc_init_basic_info_from_remote_addr(client->sioc,
267 qapi_VncClientInfo_base(client->info),
268 &err);
269 if (err) {
270 qapi_free_VncClientInfo(client->info);
271 client->info = NULL;
272 error_free(err);
273 }
274}
275
276static void vnc_qmp_event(VncState *vs, QAPIEvent event)
277{
278 VncServerInfo *si;
279
280 if (!vs->info) {
281 return;
282 }
283
284 si = vnc_server_info_get(vs->vd);
285 if (!si) {
286 return;
287 }
288
289 switch (event) {
290 case QAPI_EVENT_VNC_CONNECTED:
291 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
292 &error_abort);
293 break;
294 case QAPI_EVENT_VNC_INITIALIZED:
295 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
296 break;
297 case QAPI_EVENT_VNC_DISCONNECTED:
298 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
299 break;
300 default:
301 break;
302 }
303
304 qapi_free_VncServerInfo(si);
305}
306
307static VncClientInfo *qmp_query_vnc_client(const VncState *client)
308{
309 VncClientInfo *info;
310 Error *err = NULL;
311
312 info = g_malloc0(sizeof(*info));
313
314 vnc_init_basic_info_from_remote_addr(client->sioc,
315 qapi_VncClientInfo_base(info),
316 &err);
317 if (err) {
318 error_free(err);
319 qapi_free_VncClientInfo(info);
320 return NULL;
321 }
322
323 info->websocket = client->websocket;
324
325 if (client->tls) {
326 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
327 info->has_x509_dname = info->x509_dname != NULL;
328 }
329#ifdef CONFIG_VNC_SASL
330 if (client->sasl.conn && client->sasl.username) {
331 info->has_sasl_username = true;
332 info->sasl_username = g_strdup(client->sasl.username);
333 }
334#endif
335
336 return info;
337}
338
339static VncDisplay *vnc_display_find(const char *id)
340{
341 VncDisplay *vd;
342
343 if (id == NULL) {
344 return QTAILQ_FIRST(&vnc_displays);
345 }
346 QTAILQ_FOREACH(vd, &vnc_displays, next) {
347 if (strcmp(id, vd->id) == 0) {
348 return vd;
349 }
350 }
351 return NULL;
352}
353
354static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
355{
356 VncClientInfoList *cinfo, *prev = NULL;
357 VncState *client;
358
359 QTAILQ_FOREACH(client, &vd->clients, next) {
360 cinfo = g_new0(VncClientInfoList, 1);
361 cinfo->value = qmp_query_vnc_client(client);
362 cinfo->next = prev;
363 prev = cinfo;
364 }
365 return prev;
366}
367
368VncInfo *qmp_query_vnc(Error **errp)
369{
370 VncInfo *info = g_malloc0(sizeof(*info));
371 VncDisplay *vd = vnc_display_find(NULL);
372 SocketAddress *addr = NULL;
373
374 if (vd == NULL || !vd->enabled) {
375 info->enabled = false;
376 } else {
377 info->enabled = true;
378
379
380 info->has_clients = true;
381 info->clients = qmp_query_client_list(vd);
382
383 if (vd->lsock == NULL) {
384 return info;
385 }
386
387 addr = qio_channel_socket_get_local_address(vd->lsock, errp);
388 if (!addr) {
389 goto out_error;
390 }
391
392 switch (addr->type) {
393 case SOCKET_ADDRESS_KIND_INET:
394 info->host = g_strdup(addr->u.inet.data->host);
395 info->service = g_strdup(addr->u.inet.data->port);
396 if (addr->u.inet.data->ipv6) {
397 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
398 } else {
399 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
400 }
401 break;
402
403 case SOCKET_ADDRESS_KIND_UNIX:
404 info->host = g_strdup("");
405 info->service = g_strdup(addr->u.q_unix.data->path);
406 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
407 break;
408
409 default:
410 error_setg(errp, "Unsupported socket kind %d",
411 addr->type);
412 goto out_error;
413 }
414
415 info->has_host = true;
416 info->has_service = true;
417 info->has_family = true;
418
419 info->has_auth = true;
420 info->auth = g_strdup(vnc_auth_name(vd));
421 }
422
423 qapi_free_SocketAddress(addr);
424 return info;
425
426out_error:
427 qapi_free_SocketAddress(addr);
428 qapi_free_VncInfo(info);
429 return NULL;
430}
431
432static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc,
433 bool websocket,
434 VncBasicInfoList *prev)
435{
436 VncBasicInfoList *list;
437 VncBasicInfo *info;
438 Error *err = NULL;
439 SocketAddress *addr;
440
441 addr = qio_channel_socket_get_local_address(ioc, &err);
442 if (!addr) {
443 error_free(err);
444 return prev;
445 }
446
447 info = g_new0(VncBasicInfo, 1);
448 vnc_init_basic_info(addr, info, &err);
449 qapi_free_SocketAddress(addr);
450 if (err) {
451 qapi_free_VncBasicInfo(info);
452 error_free(err);
453 return prev;
454 }
455 info->websocket = websocket;
456
457 list = g_new0(VncBasicInfoList, 1);
458 list->value = info;
459 list->next = prev;
460 return list;
461}
462
463static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info)
464{
465 switch (vd->auth) {
466 case VNC_AUTH_VNC:
467 info->auth = VNC_PRIMARY_AUTH_VNC;
468 break;
469 case VNC_AUTH_RA2:
470 info->auth = VNC_PRIMARY_AUTH_RA2;
471 break;
472 case VNC_AUTH_RA2NE:
473 info->auth = VNC_PRIMARY_AUTH_RA2NE;
474 break;
475 case VNC_AUTH_TIGHT:
476 info->auth = VNC_PRIMARY_AUTH_TIGHT;
477 break;
478 case VNC_AUTH_ULTRA:
479 info->auth = VNC_PRIMARY_AUTH_ULTRA;
480 break;
481 case VNC_AUTH_TLS:
482 info->auth = VNC_PRIMARY_AUTH_TLS;
483 break;
484 case VNC_AUTH_VENCRYPT:
485 info->auth = VNC_PRIMARY_AUTH_VENCRYPT;
486 info->has_vencrypt = true;
487 switch (vd->subauth) {
488 case VNC_AUTH_VENCRYPT_PLAIN:
489 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
490 break;
491 case VNC_AUTH_VENCRYPT_TLSNONE:
492 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
493 break;
494 case VNC_AUTH_VENCRYPT_TLSVNC:
495 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
496 break;
497 case VNC_AUTH_VENCRYPT_TLSPLAIN:
498 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
499 break;
500 case VNC_AUTH_VENCRYPT_X509NONE:
501 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
502 break;
503 case VNC_AUTH_VENCRYPT_X509VNC:
504 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
505 break;
506 case VNC_AUTH_VENCRYPT_X509PLAIN:
507 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
508 break;
509 case VNC_AUTH_VENCRYPT_TLSSASL:
510 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
511 break;
512 case VNC_AUTH_VENCRYPT_X509SASL:
513 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
514 break;
515 default:
516 info->has_vencrypt = false;
517 break;
518 }
519 break;
520 case VNC_AUTH_SASL:
521 info->auth = VNC_PRIMARY_AUTH_SASL;
522 break;
523 case VNC_AUTH_NONE:
524 default:
525 info->auth = VNC_PRIMARY_AUTH_NONE;
526 break;
527 }
528}
529
530VncInfo2List *qmp_query_vnc_servers(Error **errp)
531{
532 VncInfo2List *item, *prev = NULL;
533 VncInfo2 *info;
534 VncDisplay *vd;
535 DeviceState *dev;
536
537 QTAILQ_FOREACH(vd, &vnc_displays, next) {
538 info = g_new0(VncInfo2, 1);
539 info->id = g_strdup(vd->id);
540 info->clients = qmp_query_client_list(vd);
541 qmp_query_auth(vd, info);
542 if (vd->dcl.con) {
543 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
544 "device", NULL));
545 info->has_display = true;
546 info->display = g_strdup(dev->id);
547 }
548 if (vd->lsock != NULL) {
549 info->server = qmp_query_server_entry(
550 vd->lsock, false, info->server);
551 }
552 if (vd->lwebsock != NULL) {
553 info->server = qmp_query_server_entry(
554 vd->lwebsock, true, info->server);
555 }
556
557 item = g_new0(VncInfo2List, 1);
558 item->value = info;
559 item->next = prev;
560 prev = item;
561 }
562 return prev;
563}
564
565
566
567
568
569
570
571
572static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
573static void vnc_disconnect_start(VncState *vs);
574
575static void vnc_colordepth(VncState *vs);
576static void framebuffer_update_request(VncState *vs, int incremental,
577 int x_position, int y_position,
578 int w, int h);
579static void vnc_refresh(DisplayChangeListener *dcl);
580static int vnc_refresh_server_surface(VncDisplay *vd);
581
582static int vnc_width(VncDisplay *vd)
583{
584 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
585 VNC_DIRTY_PIXELS_PER_BIT));
586}
587
588static int vnc_height(VncDisplay *vd)
589{
590 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
591}
592
593static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
594 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
595 VncDisplay *vd,
596 int x, int y, int w, int h)
597{
598 int width = vnc_width(vd);
599 int height = vnc_height(vd);
600
601
602
603 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
604 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
605
606 x = MIN(x, width);
607 y = MIN(y, height);
608 w = MIN(x + w, width) - x;
609 h = MIN(y + h, height);
610
611 for (; y < h; y++) {
612 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
613 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
614 }
615}
616
617static void vnc_dpy_update(DisplayChangeListener *dcl,
618 int x, int y, int w, int h)
619{
620 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
621 struct VncSurface *s = &vd->guest;
622
623 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
624}
625
626void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
627 int32_t encoding)
628{
629 vnc_write_u16(vs, x);
630 vnc_write_u16(vs, y);
631 vnc_write_u16(vs, w);
632 vnc_write_u16(vs, h);
633
634 vnc_write_s32(vs, encoding);
635}
636
637
638static void vnc_desktop_resize(VncState *vs)
639{
640 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
641 return;
642 }
643 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
644 vs->client_height == pixman_image_get_height(vs->vd->server)) {
645 return;
646 }
647 vs->client_width = pixman_image_get_width(vs->vd->server);
648 vs->client_height = pixman_image_get_height(vs->vd->server);
649 vnc_lock_output(vs);
650 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
651 vnc_write_u8(vs, 0);
652 vnc_write_u16(vs, 1);
653 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
654 VNC_ENCODING_DESKTOPRESIZE);
655 vnc_unlock_output(vs);
656 vnc_flush(vs);
657}
658
659static void vnc_abort_display_jobs(VncDisplay *vd)
660{
661 VncState *vs;
662
663 QTAILQ_FOREACH(vs, &vd->clients, next) {
664 vnc_lock_output(vs);
665 vs->abort = true;
666 vnc_unlock_output(vs);
667 }
668 QTAILQ_FOREACH(vs, &vd->clients, next) {
669 vnc_jobs_join(vs);
670 }
671 QTAILQ_FOREACH(vs, &vd->clients, next) {
672 vnc_lock_output(vs);
673 vs->abort = false;
674 vnc_unlock_output(vs);
675 }
676}
677
678int vnc_server_fb_stride(VncDisplay *vd)
679{
680 return pixman_image_get_stride(vd->server);
681}
682
683void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
684{
685 uint8_t *ptr;
686
687 ptr = (uint8_t *)pixman_image_get_data(vd->server);
688 ptr += y * vnc_server_fb_stride(vd);
689 ptr += x * VNC_SERVER_FB_BYTES;
690 return ptr;
691}
692
693static void vnc_update_server_surface(VncDisplay *vd)
694{
695 int width, height;
696
697 qemu_pixman_image_unref(vd->server);
698 vd->server = NULL;
699
700 if (QTAILQ_EMPTY(&vd->clients)) {
701 return;
702 }
703
704 width = vnc_width(vd);
705 height = vnc_height(vd);
706 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
707 width, height,
708 NULL, 0);
709
710 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
711 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
712 width, height);
713}
714
715static void vnc_dpy_switch(DisplayChangeListener *dcl,
716 DisplaySurface *surface)
717{
718 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
719 VncState *vs;
720
721 vnc_abort_display_jobs(vd);
722 vd->ds = surface;
723
724
725 vnc_update_server_surface(vd);
726
727
728 qemu_pixman_image_unref(vd->guest.fb);
729 vd->guest.fb = pixman_image_ref(surface->image);
730 vd->guest.format = surface->format;
731
732 QTAILQ_FOREACH(vs, &vd->clients, next) {
733 vnc_colordepth(vs);
734 vnc_desktop_resize(vs);
735 if (vs->vd->cursor) {
736 vnc_cursor_define(vs);
737 }
738 memset(vs->dirty, 0x00, sizeof(vs->dirty));
739 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
740 vnc_width(vd),
741 vnc_height(vd));
742 }
743}
744
745
746static void vnc_write_pixels_copy(VncState *vs,
747 void *pixels, int size)
748{
749 vnc_write(vs, pixels, size);
750}
751
752
753void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
754{
755 uint8_t r, g, b;
756
757#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
758 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
759 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
760 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
761#else
762# error need some bits here if you change VNC_SERVER_FB_FORMAT
763#endif
764 v = (r << vs->client_pf.rshift) |
765 (g << vs->client_pf.gshift) |
766 (b << vs->client_pf.bshift);
767 switch (vs->client_pf.bytes_per_pixel) {
768 case 1:
769 buf[0] = v;
770 break;
771 case 2:
772 if (vs->client_be) {
773 buf[0] = v >> 8;
774 buf[1] = v;
775 } else {
776 buf[1] = v >> 8;
777 buf[0] = v;
778 }
779 break;
780 default:
781 case 4:
782 if (vs->client_be) {
783 buf[0] = v >> 24;
784 buf[1] = v >> 16;
785 buf[2] = v >> 8;
786 buf[3] = v;
787 } else {
788 buf[3] = v >> 24;
789 buf[2] = v >> 16;
790 buf[1] = v >> 8;
791 buf[0] = v;
792 }
793 break;
794 }
795}
796
797static void vnc_write_pixels_generic(VncState *vs,
798 void *pixels1, int size)
799{
800 uint8_t buf[4];
801
802 if (VNC_SERVER_FB_BYTES == 4) {
803 uint32_t *pixels = pixels1;
804 int n, i;
805 n = size >> 2;
806 for (i = 0; i < n; i++) {
807 vnc_convert_pixel(vs, buf, pixels[i]);
808 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
809 }
810 }
811}
812
813int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
814{
815 int i;
816 uint8_t *row;
817 VncDisplay *vd = vs->vd;
818
819 row = vnc_server_fb_ptr(vd, x, y);
820 for (i = 0; i < h; i++) {
821 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
822 row += vnc_server_fb_stride(vd);
823 }
824 return 1;
825}
826
827int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
828{
829 int n = 0;
830 bool encode_raw = false;
831 size_t saved_offs = vs->output.offset;
832
833 switch(vs->vnc_encoding) {
834 case VNC_ENCODING_ZLIB:
835 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
836 break;
837 case VNC_ENCODING_HEXTILE:
838 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
839 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
840 break;
841 case VNC_ENCODING_TIGHT:
842 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
843 break;
844 case VNC_ENCODING_TIGHT_PNG:
845 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
846 break;
847 case VNC_ENCODING_ZRLE:
848 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
849 break;
850 case VNC_ENCODING_ZYWRLE:
851 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
852 break;
853 default:
854 encode_raw = true;
855 break;
856 }
857
858
859
860
861 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
862 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
863 vs->output.offset = saved_offs;
864 encode_raw = true;
865 }
866
867 if (encode_raw) {
868 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
869 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
870 }
871
872 return n;
873}
874
875static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
876{
877
878 vnc_lock_output(vs);
879 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
880 vnc_write_u8(vs, 0);
881 vnc_write_u16(vs, 1);
882 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
883 vnc_write_u16(vs, src_x);
884 vnc_write_u16(vs, src_y);
885 vnc_unlock_output(vs);
886 vnc_flush(vs);
887}
888
889static void vnc_dpy_copy(DisplayChangeListener *dcl,
890 int src_x, int src_y,
891 int dst_x, int dst_y, int w, int h)
892{
893 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
894 VncState *vs, *vn;
895 uint8_t *src_row;
896 uint8_t *dst_row;
897 int i, x, y, pitch, inc, w_lim, s;
898 int cmp_bytes;
899
900 if (!vd->server) {
901
902 return;
903 }
904
905 vnc_refresh_server_surface(vd);
906 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
907 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
908 vs->force_update = 1;
909 vnc_update_client(vs, 1, true);
910
911 }
912 }
913
914
915 pitch = vnc_server_fb_stride(vd);
916 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
917 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
918 y = dst_y;
919 inc = 1;
920 if (dst_y > src_y) {
921
922 src_row += pitch * (h-1);
923 dst_row += pitch * (h-1);
924 pitch = -pitch;
925 y = dst_y + h - 1;
926 inc = -1;
927 }
928 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
929 if (w_lim < 0) {
930 w_lim = w;
931 } else {
932 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT);
933 }
934 for (i = 0; i < h; i++) {
935 for (x = 0; x <= w_lim;
936 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
937 if (x == w_lim) {
938 if ((s = w - w_lim) == 0)
939 break;
940 } else if (!x) {
941 s = (VNC_DIRTY_PIXELS_PER_BIT -
942 (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
943 s = MIN(s, w_lim);
944 } else {
945 s = VNC_DIRTY_PIXELS_PER_BIT;
946 }
947 cmp_bytes = s * VNC_SERVER_FB_BYTES;
948 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
949 continue;
950 memmove(dst_row, src_row, cmp_bytes);
951 QTAILQ_FOREACH(vs, &vd->clients, next) {
952 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
953 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT),
954 vs->dirty[y]);
955 }
956 }
957 }
958 src_row += pitch - w * VNC_SERVER_FB_BYTES;
959 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
960 y += inc;
961 }
962
963 QTAILQ_FOREACH(vs, &vd->clients, next) {
964 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
965 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
966 }
967 }
968}
969
970static void vnc_mouse_set(DisplayChangeListener *dcl,
971 int x, int y, int visible)
972{
973
974}
975
976static int vnc_cursor_define(VncState *vs)
977{
978 QEMUCursor *c = vs->vd->cursor;
979 int isize;
980
981 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
982 vnc_lock_output(vs);
983 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
984 vnc_write_u8(vs, 0);
985 vnc_write_u16(vs, 1);
986 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
987 VNC_ENCODING_RICH_CURSOR);
988 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
989 vnc_write_pixels_generic(vs, c->data, isize);
990 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
991 vnc_unlock_output(vs);
992 return 0;
993 }
994 return -1;
995}
996
997static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
998 QEMUCursor *c)
999{
1000 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1001 VncState *vs;
1002
1003 cursor_put(vd->cursor);
1004 g_free(vd->cursor_mask);
1005
1006 vd->cursor = c;
1007 cursor_get(vd->cursor);
1008 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1009 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1010 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1011
1012 QTAILQ_FOREACH(vs, &vd->clients, next) {
1013 vnc_cursor_define(vs);
1014 }
1015}
1016
1017static int find_and_clear_dirty_height(VncState *vs,
1018 int y, int last_x, int x, int height)
1019{
1020 int h;
1021
1022 for (h = 1; h < (height - y); h++) {
1023 if (!test_bit(last_x, vs->dirty[y + h])) {
1024 break;
1025 }
1026 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1027 }
1028
1029 return h;
1030}
1031
1032static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
1033{
1034 if (vs->disconnecting) {
1035 vnc_disconnect_finish(vs);
1036 return 0;
1037 }
1038
1039 vs->has_dirty += has_dirty;
1040 if (vs->need_update && !vs->disconnecting) {
1041 VncDisplay *vd = vs->vd;
1042 VncJob *job;
1043 int y;
1044 int height, width;
1045 int n = 0;
1046
1047 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
1048
1049 return 0;
1050
1051 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
1052 return 0;
1053
1054
1055
1056
1057
1058
1059
1060 job = vnc_job_new(vs);
1061
1062 height = pixman_image_get_height(vd->server);
1063 width = pixman_image_get_width(vd->server);
1064
1065 y = 0;
1066 for (;;) {
1067 int x, h;
1068 unsigned long x2;
1069 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1070 height * VNC_DIRTY_BPL(vs),
1071 y * VNC_DIRTY_BPL(vs));
1072 if (offset == height * VNC_DIRTY_BPL(vs)) {
1073
1074 break;
1075 }
1076 y = offset / VNC_DIRTY_BPL(vs);
1077 x = offset % VNC_DIRTY_BPL(vs);
1078 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1079 VNC_DIRTY_BPL(vs), x);
1080 bitmap_clear(vs->dirty[y], x, x2 - x);
1081 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1082 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1083 if (x2 > x) {
1084 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1085 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1086 }
1087 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1088 y += h;
1089 if (y == height) {
1090 break;
1091 }
1092 }
1093 }
1094
1095 vnc_job_push(job);
1096 if (sync) {
1097 vnc_jobs_join(vs);
1098 }
1099 vs->force_update = 0;
1100 vs->has_dirty = 0;
1101 return n;
1102 }
1103
1104 if (vs->disconnecting) {
1105 vnc_disconnect_finish(vs);
1106 } else if (sync) {
1107 vnc_jobs_join(vs);
1108 }
1109
1110 return 0;
1111}
1112
1113
1114static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1115{
1116 VncState *vs = opaque;
1117
1118 switch (cmd) {
1119 case AUD_CNOTIFY_DISABLE:
1120 vnc_lock_output(vs);
1121 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1122 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1123 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1124 vnc_unlock_output(vs);
1125 vnc_flush(vs);
1126 break;
1127
1128 case AUD_CNOTIFY_ENABLE:
1129 vnc_lock_output(vs);
1130 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1131 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1132 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1133 vnc_unlock_output(vs);
1134 vnc_flush(vs);
1135 break;
1136 }
1137}
1138
1139static void audio_capture_destroy(void *opaque)
1140{
1141}
1142
1143static void audio_capture(void *opaque, void *buf, int size)
1144{
1145 VncState *vs = opaque;
1146
1147 vnc_lock_output(vs);
1148 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1149 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1150 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1151 vnc_write_u32(vs, size);
1152 vnc_write(vs, buf, size);
1153 vnc_unlock_output(vs);
1154 vnc_flush(vs);
1155}
1156
1157static void audio_add(VncState *vs)
1158{
1159 struct audio_capture_ops ops;
1160
1161 if (vs->audio_cap) {
1162 error_report("audio already running");
1163 return;
1164 }
1165
1166 ops.notify = audio_capture_notify;
1167 ops.destroy = audio_capture_destroy;
1168 ops.capture = audio_capture;
1169
1170 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1171 if (!vs->audio_cap) {
1172 error_report("Failed to add audio capture");
1173 }
1174}
1175
1176static void audio_del(VncState *vs)
1177{
1178 if (vs->audio_cap) {
1179 AUD_del_capture(vs->audio_cap, vs);
1180 vs->audio_cap = NULL;
1181 }
1182}
1183
1184static void vnc_disconnect_start(VncState *vs)
1185{
1186 if (vs->disconnecting) {
1187 return;
1188 }
1189 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1190 if (vs->ioc_tag) {
1191 g_source_remove(vs->ioc_tag);
1192 }
1193 qio_channel_close(vs->ioc, NULL);
1194 vs->disconnecting = TRUE;
1195}
1196
1197void vnc_disconnect_finish(VncState *vs)
1198{
1199 int i;
1200
1201 vnc_jobs_join(vs);
1202
1203 vnc_lock_output(vs);
1204 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1205
1206 buffer_free(&vs->input);
1207 buffer_free(&vs->output);
1208
1209 qapi_free_VncClientInfo(vs->info);
1210
1211 vnc_zlib_clear(vs);
1212 vnc_tight_clear(vs);
1213 vnc_zrle_clear(vs);
1214
1215#ifdef CONFIG_VNC_SASL
1216 vnc_sasl_client_cleanup(vs);
1217#endif
1218 audio_del(vs);
1219 vnc_release_modifiers(vs);
1220
1221 if (vs->initialized) {
1222 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1223 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1224 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1225
1226 vnc_update_server_surface(vs->vd);
1227 }
1228 }
1229
1230 if (vs->vd->lock_key_sync)
1231 qemu_remove_led_event_handler(vs->led);
1232 vnc_unlock_output(vs);
1233
1234 qemu_mutex_destroy(&vs->output_mutex);
1235 if (vs->bh != NULL) {
1236 qemu_bh_delete(vs->bh);
1237 }
1238 buffer_free(&vs->jobs_buffer);
1239
1240 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1241 g_free(vs->lossy_rect[i]);
1242 }
1243 g_free(vs->lossy_rect);
1244
1245 object_unref(OBJECT(vs->ioc));
1246 vs->ioc = NULL;
1247 object_unref(OBJECT(vs->sioc));
1248 vs->sioc = NULL;
1249 g_free(vs);
1250}
1251
1252ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1253{
1254 if (ret <= 0) {
1255 if (ret == 0) {
1256 VNC_DEBUG("Closing down client sock: EOF\n");
1257 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1258 VNC_DEBUG("Closing down client sock: ret %d (%s)\n",
1259 ret, errp ? error_get_pretty(*errp) : "Unknown");
1260 }
1261
1262 vnc_disconnect_start(vs);
1263 if (errp) {
1264 error_free(*errp);
1265 *errp = NULL;
1266 }
1267 return 0;
1268 }
1269 return ret;
1270}
1271
1272
1273void vnc_client_error(VncState *vs)
1274{
1275 VNC_DEBUG("Closing down client sock: protocol error\n");
1276 vnc_disconnect_start(vs);
1277}
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1296{
1297 Error *err = NULL;
1298 ssize_t ret;
1299 ret = qio_channel_write(
1300 vs->ioc, (const char *)data, datalen, &err);
1301 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1302 return vnc_client_io_error(vs, ret, &err);
1303}
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316static ssize_t vnc_client_write_plain(VncState *vs)
1317{
1318 ssize_t ret;
1319
1320#ifdef CONFIG_VNC_SASL
1321 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1322 vs->output.buffer, vs->output.capacity, vs->output.offset,
1323 vs->sasl.waitWriteSSF);
1324
1325 if (vs->sasl.conn &&
1326 vs->sasl.runSSF &&
1327 vs->sasl.waitWriteSSF) {
1328 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1329 if (ret)
1330 vs->sasl.waitWriteSSF -= ret;
1331 } else
1332#endif
1333 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1334 if (!ret)
1335 return 0;
1336
1337 buffer_advance(&vs->output, ret);
1338
1339 if (vs->output.offset == 0) {
1340 if (vs->ioc_tag) {
1341 g_source_remove(vs->ioc_tag);
1342 }
1343 vs->ioc_tag = qio_channel_add_watch(
1344 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1345 }
1346
1347 return ret;
1348}
1349
1350
1351
1352
1353
1354
1355
1356static void vnc_client_write_locked(VncState *vs)
1357{
1358#ifdef CONFIG_VNC_SASL
1359 if (vs->sasl.conn &&
1360 vs->sasl.runSSF &&
1361 !vs->sasl.waitWriteSSF) {
1362 vnc_client_write_sasl(vs);
1363 } else
1364#endif
1365 {
1366 vnc_client_write_plain(vs);
1367 }
1368}
1369
1370static void vnc_client_write(VncState *vs)
1371{
1372
1373 vnc_lock_output(vs);
1374 if (vs->output.offset) {
1375 vnc_client_write_locked(vs);
1376 } else if (vs->ioc != NULL) {
1377 if (vs->ioc_tag) {
1378 g_source_remove(vs->ioc_tag);
1379 }
1380 vs->ioc_tag = qio_channel_add_watch(
1381 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1382 }
1383 vnc_unlock_output(vs);
1384}
1385
1386void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1387{
1388 vs->read_handler = func;
1389 vs->read_handler_expect = expecting;
1390}
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1409{
1410 ssize_t ret;
1411 Error *err = NULL;
1412 ret = qio_channel_read(
1413 vs->ioc, (char *)data, datalen, &err);
1414 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1415 return vnc_client_io_error(vs, ret, &err);
1416}
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427static ssize_t vnc_client_read_plain(VncState *vs)
1428{
1429 ssize_t ret;
1430 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1431 vs->input.buffer, vs->input.capacity, vs->input.offset);
1432 buffer_reserve(&vs->input, 4096);
1433 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1434 if (!ret)
1435 return 0;
1436 vs->input.offset += ret;
1437 return ret;
1438}
1439
1440static void vnc_jobs_bh(void *opaque)
1441{
1442 VncState *vs = opaque;
1443
1444 vnc_jobs_consume_buffer(vs);
1445}
1446
1447
1448
1449
1450
1451
1452
1453static int vnc_client_read(VncState *vs)
1454{
1455 ssize_t ret;
1456
1457#ifdef CONFIG_VNC_SASL
1458 if (vs->sasl.conn && vs->sasl.runSSF)
1459 ret = vnc_client_read_sasl(vs);
1460 else
1461#endif
1462 ret = vnc_client_read_plain(vs);
1463 if (!ret) {
1464 if (vs->disconnecting) {
1465 vnc_disconnect_finish(vs);
1466 return -1;
1467 }
1468 return 0;
1469 }
1470
1471 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1472 size_t len = vs->read_handler_expect;
1473 int ret;
1474
1475 ret = vs->read_handler(vs, vs->input.buffer, len);
1476 if (vs->disconnecting) {
1477 vnc_disconnect_finish(vs);
1478 return -1;
1479 }
1480
1481 if (!ret) {
1482 buffer_advance(&vs->input, len);
1483 } else {
1484 vs->read_handler_expect = ret;
1485 }
1486 }
1487 return 0;
1488}
1489
1490gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1491 GIOCondition condition, void *opaque)
1492{
1493 VncState *vs = opaque;
1494 if (condition & G_IO_IN) {
1495 if (vnc_client_read(vs) < 0) {
1496 return TRUE;
1497 }
1498 }
1499 if (condition & G_IO_OUT) {
1500 vnc_client_write(vs);
1501 }
1502 return TRUE;
1503}
1504
1505
1506void vnc_write(VncState *vs, const void *data, size_t len)
1507{
1508 buffer_reserve(&vs->output, len);
1509
1510 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1511 if (vs->ioc_tag) {
1512 g_source_remove(vs->ioc_tag);
1513 }
1514 vs->ioc_tag = qio_channel_add_watch(
1515 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1516 }
1517
1518 buffer_append(&vs->output, data, len);
1519}
1520
1521void vnc_write_s32(VncState *vs, int32_t value)
1522{
1523 vnc_write_u32(vs, *(uint32_t *)&value);
1524}
1525
1526void vnc_write_u32(VncState *vs, uint32_t value)
1527{
1528 uint8_t buf[4];
1529
1530 buf[0] = (value >> 24) & 0xFF;
1531 buf[1] = (value >> 16) & 0xFF;
1532 buf[2] = (value >> 8) & 0xFF;
1533 buf[3] = value & 0xFF;
1534
1535 vnc_write(vs, buf, 4);
1536}
1537
1538void vnc_write_u16(VncState *vs, uint16_t value)
1539{
1540 uint8_t buf[2];
1541
1542 buf[0] = (value >> 8) & 0xFF;
1543 buf[1] = value & 0xFF;
1544
1545 vnc_write(vs, buf, 2);
1546}
1547
1548void vnc_write_u8(VncState *vs, uint8_t value)
1549{
1550 vnc_write(vs, (char *)&value, 1);
1551}
1552
1553void vnc_flush(VncState *vs)
1554{
1555 vnc_lock_output(vs);
1556 if (vs->ioc != NULL && vs->output.offset) {
1557 vnc_client_write_locked(vs);
1558 }
1559 vnc_unlock_output(vs);
1560}
1561
1562static uint8_t read_u8(uint8_t *data, size_t offset)
1563{
1564 return data[offset];
1565}
1566
1567static uint16_t read_u16(uint8_t *data, size_t offset)
1568{
1569 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1570}
1571
1572static int32_t read_s32(uint8_t *data, size_t offset)
1573{
1574 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1575 (data[offset + 2] << 8) | data[offset + 3]);
1576}
1577
1578uint32_t read_u32(uint8_t *data, size_t offset)
1579{
1580 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1581 (data[offset + 2] << 8) | data[offset + 3]);
1582}
1583
1584static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1585{
1586}
1587
1588static void check_pointer_type_change(Notifier *notifier, void *data)
1589{
1590 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1591 int absolute = qemu_input_is_absolute();
1592
1593 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1594 vnc_lock_output(vs);
1595 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1596 vnc_write_u8(vs, 0);
1597 vnc_write_u16(vs, 1);
1598 vnc_framebuffer_update(vs, absolute, 0,
1599 pixman_image_get_width(vs->vd->server),
1600 pixman_image_get_height(vs->vd->server),
1601 VNC_ENCODING_POINTER_TYPE_CHANGE);
1602 vnc_unlock_output(vs);
1603 vnc_flush(vs);
1604 }
1605 vs->absolute = absolute;
1606}
1607
1608static void pointer_event(VncState *vs, int button_mask, int x, int y)
1609{
1610 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1611 [INPUT_BUTTON_LEFT] = 0x01,
1612 [INPUT_BUTTON_MIDDLE] = 0x02,
1613 [INPUT_BUTTON_RIGHT] = 0x04,
1614 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1615 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1616 };
1617 QemuConsole *con = vs->vd->dcl.con;
1618 int width = pixman_image_get_width(vs->vd->server);
1619 int height = pixman_image_get_height(vs->vd->server);
1620
1621 if (vs->last_bmask != button_mask) {
1622 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1623 vs->last_bmask = button_mask;
1624 }
1625
1626 if (vs->absolute) {
1627 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width);
1628 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height);
1629 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1630 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1631 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1632 } else {
1633 if (vs->last_x != -1) {
1634 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1635 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1636 }
1637 vs->last_x = x;
1638 vs->last_y = y;
1639 }
1640 qemu_input_event_sync();
1641}
1642
1643static void reset_keys(VncState *vs)
1644{
1645 int i;
1646 for(i = 0; i < 256; i++) {
1647 if (vs->modifiers_state[i]) {
1648 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1649 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1650 vs->modifiers_state[i] = 0;
1651 }
1652 }
1653}
1654
1655static void press_key(VncState *vs, int keysym)
1656{
1657 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1658 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1659 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1660 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1661 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1662}
1663
1664static int current_led_state(VncState *vs)
1665{
1666 int ledstate = 0;
1667
1668 if (vs->modifiers_state[0x46]) {
1669 ledstate |= QEMU_SCROLL_LOCK_LED;
1670 }
1671 if (vs->modifiers_state[0x45]) {
1672 ledstate |= QEMU_NUM_LOCK_LED;
1673 }
1674 if (vs->modifiers_state[0x3a]) {
1675 ledstate |= QEMU_CAPS_LOCK_LED;
1676 }
1677
1678 return ledstate;
1679}
1680
1681static void vnc_led_state_change(VncState *vs)
1682{
1683 int ledstate = 0;
1684
1685 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1686 return;
1687 }
1688
1689 ledstate = current_led_state(vs);
1690 vnc_lock_output(vs);
1691 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1692 vnc_write_u8(vs, 0);
1693 vnc_write_u16(vs, 1);
1694 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1695 vnc_write_u8(vs, ledstate);
1696 vnc_unlock_output(vs);
1697 vnc_flush(vs);
1698}
1699
1700static void kbd_leds(void *opaque, int ledstate)
1701{
1702 VncState *vs = opaque;
1703 int caps, num, scr;
1704 bool has_changed = (ledstate != current_led_state(vs));
1705
1706 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1707 (ledstate & QEMU_NUM_LOCK_LED),
1708 (ledstate & QEMU_SCROLL_LOCK_LED));
1709
1710 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1711 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1712 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0;
1713
1714 if (vs->modifiers_state[0x3a] != caps) {
1715 vs->modifiers_state[0x3a] = caps;
1716 }
1717 if (vs->modifiers_state[0x45] != num) {
1718 vs->modifiers_state[0x45] = num;
1719 }
1720 if (vs->modifiers_state[0x46] != scr) {
1721 vs->modifiers_state[0x46] = scr;
1722 }
1723
1724
1725 if (has_changed) {
1726 vnc_led_state_change(vs);
1727 }
1728}
1729
1730static void do_key_event(VncState *vs, int down, int keycode, int sym)
1731{
1732
1733 switch(keycode) {
1734 case 0x2a:
1735 case 0x36:
1736 case 0x1d:
1737 case 0x9d:
1738 case 0x38:
1739 case 0xb8:
1740 if (down)
1741 vs->modifiers_state[keycode] = 1;
1742 else
1743 vs->modifiers_state[keycode] = 0;
1744 break;
1745 case 0x02 ... 0x0a:
1746 if (vs->vd->dcl.con == NULL &&
1747 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1748
1749 reset_keys(vs);
1750 console_select(keycode - 0x02);
1751 return;
1752 }
1753 break;
1754 case 0x3a:
1755 case 0x45:
1756 if (down)
1757 vs->modifiers_state[keycode] ^= 1;
1758 break;
1759 }
1760
1761
1762
1763
1764 if (down && vs->vd->lock_key_sync &&
1765 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1766 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1767
1768
1769
1770
1771 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1772 if (!vs->modifiers_state[0x45]) {
1773 trace_vnc_key_sync_numlock(true);
1774 vs->modifiers_state[0x45] = 1;
1775 press_key(vs, 0xff7f);
1776 }
1777 } else {
1778 if (vs->modifiers_state[0x45]) {
1779 trace_vnc_key_sync_numlock(false);
1780 vs->modifiers_state[0x45] = 0;
1781 press_key(vs, 0xff7f);
1782 }
1783 }
1784 }
1785
1786 if (down && vs->vd->lock_key_sync &&
1787 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1788 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1789
1790
1791
1792
1793 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1794 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1795 int capslock = !!(vs->modifiers_state[0x3a]);
1796 if (capslock) {
1797 if (uppercase == shift) {
1798 trace_vnc_key_sync_capslock(false);
1799 vs->modifiers_state[0x3a] = 0;
1800 press_key(vs, 0xffe5);
1801 }
1802 } else {
1803 if (uppercase != shift) {
1804 trace_vnc_key_sync_capslock(true);
1805 vs->modifiers_state[0x3a] = 1;
1806 press_key(vs, 0xffe5);
1807 }
1808 }
1809 }
1810
1811 if (qemu_console_is_graphic(NULL)) {
1812 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1813 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1814 } else {
1815 bool numlock = vs->modifiers_state[0x45];
1816 bool control = (vs->modifiers_state[0x1d] ||
1817 vs->modifiers_state[0x9d]);
1818
1819 if (down) {
1820 switch (keycode) {
1821 case 0x2a:
1822 case 0x36:
1823 case 0x1d:
1824 case 0x9d:
1825 case 0x38:
1826 case 0xb8:
1827 break;
1828 case 0xc8:
1829 kbd_put_keysym(QEMU_KEY_UP);
1830 break;
1831 case 0xd0:
1832 kbd_put_keysym(QEMU_KEY_DOWN);
1833 break;
1834 case 0xcb:
1835 kbd_put_keysym(QEMU_KEY_LEFT);
1836 break;
1837 case 0xcd:
1838 kbd_put_keysym(QEMU_KEY_RIGHT);
1839 break;
1840 case 0xd3:
1841 kbd_put_keysym(QEMU_KEY_DELETE);
1842 break;
1843 case 0xc7:
1844 kbd_put_keysym(QEMU_KEY_HOME);
1845 break;
1846 case 0xcf:
1847 kbd_put_keysym(QEMU_KEY_END);
1848 break;
1849 case 0xc9:
1850 kbd_put_keysym(QEMU_KEY_PAGEUP);
1851 break;
1852 case 0xd1:
1853 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1854 break;
1855
1856 case 0x47:
1857 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1858 break;
1859 case 0x48:
1860 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1861 break;
1862 case 0x49:
1863 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1864 break;
1865 case 0x4b:
1866 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1867 break;
1868 case 0x4c:
1869 kbd_put_keysym('5');
1870 break;
1871 case 0x4d:
1872 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1873 break;
1874 case 0x4f:
1875 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1876 break;
1877 case 0x50:
1878 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1879 break;
1880 case 0x51:
1881 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1882 break;
1883 case 0x52:
1884 kbd_put_keysym('0');
1885 break;
1886 case 0x53:
1887 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1888 break;
1889
1890 case 0xb5:
1891 kbd_put_keysym('/');
1892 break;
1893 case 0x37:
1894 kbd_put_keysym('*');
1895 break;
1896 case 0x4a:
1897 kbd_put_keysym('-');
1898 break;
1899 case 0x4e:
1900 kbd_put_keysym('+');
1901 break;
1902 case 0x9c:
1903 kbd_put_keysym('\n');
1904 break;
1905
1906 default:
1907 if (control) {
1908 kbd_put_keysym(sym & 0x1f);
1909 } else {
1910 kbd_put_keysym(sym);
1911 }
1912 break;
1913 }
1914 }
1915 }
1916}
1917
1918static void vnc_release_modifiers(VncState *vs)
1919{
1920 static const int keycodes[] = {
1921
1922 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1923 };
1924 int i, keycode;
1925
1926 if (!qemu_console_is_graphic(NULL)) {
1927 return;
1928 }
1929 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1930 keycode = keycodes[i];
1931 if (!vs->modifiers_state[keycode]) {
1932 continue;
1933 }
1934 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1935 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1936 }
1937}
1938
1939static const char *code2name(int keycode)
1940{
1941 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
1942}
1943
1944static void key_event(VncState *vs, int down, uint32_t sym)
1945{
1946 int keycode;
1947 int lsym = sym;
1948
1949 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1950 lsym = lsym - 'A' + 'a';
1951 }
1952
1953 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1954 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1955 do_key_event(vs, down, keycode, sym);
1956}
1957
1958static void ext_key_event(VncState *vs, int down,
1959 uint32_t sym, uint16_t keycode)
1960{
1961
1962 if (keyboard_layout) {
1963 key_event(vs, down, sym);
1964 } else {
1965 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1966 do_key_event(vs, down, keycode, sym);
1967 }
1968}
1969
1970static void framebuffer_update_request(VncState *vs, int incremental,
1971 int x, int y, int w, int h)
1972{
1973 vs->need_update = 1;
1974
1975 if (incremental) {
1976 return;
1977 }
1978
1979 vs->force_update = 1;
1980 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1981}
1982
1983static void send_ext_key_event_ack(VncState *vs)
1984{
1985 vnc_lock_output(vs);
1986 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1987 vnc_write_u8(vs, 0);
1988 vnc_write_u16(vs, 1);
1989 vnc_framebuffer_update(vs, 0, 0,
1990 pixman_image_get_width(vs->vd->server),
1991 pixman_image_get_height(vs->vd->server),
1992 VNC_ENCODING_EXT_KEY_EVENT);
1993 vnc_unlock_output(vs);
1994 vnc_flush(vs);
1995}
1996
1997static void send_ext_audio_ack(VncState *vs)
1998{
1999 vnc_lock_output(vs);
2000 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2001 vnc_write_u8(vs, 0);
2002 vnc_write_u16(vs, 1);
2003 vnc_framebuffer_update(vs, 0, 0,
2004 pixman_image_get_width(vs->vd->server),
2005 pixman_image_get_height(vs->vd->server),
2006 VNC_ENCODING_AUDIO);
2007 vnc_unlock_output(vs);
2008 vnc_flush(vs);
2009}
2010
2011static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2012{
2013 int i;
2014 unsigned int enc = 0;
2015
2016 vs->features = 0;
2017 vs->vnc_encoding = 0;
2018 vs->tight.compression = 9;
2019 vs->tight.quality = -1;
2020 vs->absolute = -1;
2021
2022
2023
2024
2025
2026
2027 for (i = n_encodings - 1; i >= 0; i--) {
2028 enc = encodings[i];
2029 switch (enc) {
2030 case VNC_ENCODING_RAW:
2031 vs->vnc_encoding = enc;
2032 break;
2033 case VNC_ENCODING_COPYRECT:
2034 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2035 break;
2036 case VNC_ENCODING_HEXTILE:
2037 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2038 vs->vnc_encoding = enc;
2039 break;
2040 case VNC_ENCODING_TIGHT:
2041 vs->features |= VNC_FEATURE_TIGHT_MASK;
2042 vs->vnc_encoding = enc;
2043 break;
2044#ifdef CONFIG_VNC_PNG
2045 case VNC_ENCODING_TIGHT_PNG:
2046 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2047 vs->vnc_encoding = enc;
2048 break;
2049#endif
2050 case VNC_ENCODING_ZLIB:
2051 vs->features |= VNC_FEATURE_ZLIB_MASK;
2052 vs->vnc_encoding = enc;
2053 break;
2054 case VNC_ENCODING_ZRLE:
2055 vs->features |= VNC_FEATURE_ZRLE_MASK;
2056 vs->vnc_encoding = enc;
2057 break;
2058 case VNC_ENCODING_ZYWRLE:
2059 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2060 vs->vnc_encoding = enc;
2061 break;
2062 case VNC_ENCODING_DESKTOPRESIZE:
2063 vs->features |= VNC_FEATURE_RESIZE_MASK;
2064 break;
2065 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2066 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2067 break;
2068 case VNC_ENCODING_RICH_CURSOR:
2069 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2070 if (vs->vd->cursor) {
2071 vnc_cursor_define(vs);
2072 }
2073 break;
2074 case VNC_ENCODING_EXT_KEY_EVENT:
2075 send_ext_key_event_ack(vs);
2076 break;
2077 case VNC_ENCODING_AUDIO:
2078 send_ext_audio_ack(vs);
2079 break;
2080 case VNC_ENCODING_WMVi:
2081 vs->features |= VNC_FEATURE_WMVI_MASK;
2082 break;
2083 case VNC_ENCODING_LED_STATE:
2084 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2085 break;
2086 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2087 vs->tight.compression = (enc & 0x0F);
2088 break;
2089 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2090 if (vs->vd->lossy) {
2091 vs->tight.quality = (enc & 0x0F);
2092 }
2093 break;
2094 default:
2095 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2096 break;
2097 }
2098 }
2099 vnc_desktop_resize(vs);
2100 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2101 vnc_led_state_change(vs);
2102}
2103
2104static void set_pixel_conversion(VncState *vs)
2105{
2106 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2107
2108 if (fmt == VNC_SERVER_FB_FORMAT) {
2109 vs->write_pixels = vnc_write_pixels_copy;
2110 vnc_hextile_set_pixel_conversion(vs, 0);
2111 } else {
2112 vs->write_pixels = vnc_write_pixels_generic;
2113 vnc_hextile_set_pixel_conversion(vs, 1);
2114 }
2115}
2116
2117static void send_color_map(VncState *vs)
2118{
2119 int i;
2120
2121 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2122 vnc_write_u8(vs, 0);
2123 vnc_write_u16(vs, 0);
2124 vnc_write_u16(vs, 256);
2125
2126 for (i = 0; i < 256; i++) {
2127 PixelFormat *pf = &vs->client_pf;
2128
2129 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2130 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2131 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2132 }
2133}
2134
2135static void set_pixel_format(VncState *vs, int bits_per_pixel,
2136 int big_endian_flag, int true_color_flag,
2137 int red_max, int green_max, int blue_max,
2138 int red_shift, int green_shift, int blue_shift)
2139{
2140 if (!true_color_flag) {
2141
2142 bits_per_pixel = 8;
2143 red_max = 7;
2144 green_max = 7;
2145 blue_max = 3;
2146 red_shift = 0;
2147 green_shift = 3;
2148 blue_shift = 6;
2149 }
2150
2151 switch (bits_per_pixel) {
2152 case 8:
2153 case 16:
2154 case 32:
2155 break;
2156 default:
2157 vnc_client_error(vs);
2158 return;
2159 }
2160
2161 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2162 vs->client_pf.rbits = hweight_long(red_max);
2163 vs->client_pf.rshift = red_shift;
2164 vs->client_pf.rmask = red_max << red_shift;
2165 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2166 vs->client_pf.gbits = hweight_long(green_max);
2167 vs->client_pf.gshift = green_shift;
2168 vs->client_pf.gmask = green_max << green_shift;
2169 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2170 vs->client_pf.bbits = hweight_long(blue_max);
2171 vs->client_pf.bshift = blue_shift;
2172 vs->client_pf.bmask = blue_max << blue_shift;
2173 vs->client_pf.bits_per_pixel = bits_per_pixel;
2174 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2175 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2176 vs->client_be = big_endian_flag;
2177
2178 if (!true_color_flag) {
2179 send_color_map(vs);
2180 }
2181
2182 set_pixel_conversion(vs);
2183
2184 graphic_hw_invalidate(vs->vd->dcl.con);
2185 graphic_hw_update(vs->vd->dcl.con);
2186}
2187
2188static void pixel_format_message (VncState *vs) {
2189 char pad[3] = { 0, 0, 0 };
2190
2191 vs->client_pf = qemu_default_pixelformat(32);
2192
2193 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
2194 vnc_write_u8(vs, vs->client_pf.depth);
2195
2196#ifdef HOST_WORDS_BIGENDIAN
2197 vnc_write_u8(vs, 1);
2198#else
2199 vnc_write_u8(vs, 0);
2200#endif
2201 vnc_write_u8(vs, 1);
2202 vnc_write_u16(vs, vs->client_pf.rmax);
2203 vnc_write_u16(vs, vs->client_pf.gmax);
2204 vnc_write_u16(vs, vs->client_pf.bmax);
2205 vnc_write_u8(vs, vs->client_pf.rshift);
2206 vnc_write_u8(vs, vs->client_pf.gshift);
2207 vnc_write_u8(vs, vs->client_pf.bshift);
2208 vnc_write(vs, pad, 3);
2209
2210 vnc_hextile_set_pixel_conversion(vs, 0);
2211 vs->write_pixels = vnc_write_pixels_copy;
2212}
2213
2214static void vnc_colordepth(VncState *vs)
2215{
2216 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2217
2218 vnc_lock_output(vs);
2219 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2220 vnc_write_u8(vs, 0);
2221 vnc_write_u16(vs, 1);
2222 vnc_framebuffer_update(vs, 0, 0,
2223 pixman_image_get_width(vs->vd->server),
2224 pixman_image_get_height(vs->vd->server),
2225 VNC_ENCODING_WMVi);
2226 pixel_format_message(vs);
2227 vnc_unlock_output(vs);
2228 vnc_flush(vs);
2229 } else {
2230 set_pixel_conversion(vs);
2231 }
2232}
2233
2234static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2235{
2236 int i;
2237 uint16_t limit;
2238 VncDisplay *vd = vs->vd;
2239
2240 if (data[0] > 3) {
2241 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2242 }
2243
2244 switch (data[0]) {
2245 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2246 if (len == 1)
2247 return 20;
2248
2249 set_pixel_format(vs, read_u8(data, 4),
2250 read_u8(data, 6), read_u8(data, 7),
2251 read_u16(data, 8), read_u16(data, 10),
2252 read_u16(data, 12), read_u8(data, 14),
2253 read_u8(data, 15), read_u8(data, 16));
2254 break;
2255 case VNC_MSG_CLIENT_SET_ENCODINGS:
2256 if (len == 1)
2257 return 4;
2258
2259 if (len == 4) {
2260 limit = read_u16(data, 2);
2261 if (limit > 0)
2262 return 4 + (limit * 4);
2263 } else
2264 limit = read_u16(data, 2);
2265
2266 for (i = 0; i < limit; i++) {
2267 int32_t val = read_s32(data, 4 + (i * 4));
2268 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2269 }
2270
2271 set_encodings(vs, (int32_t *)(data + 4), limit);
2272 break;
2273 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2274 if (len == 1)
2275 return 10;
2276
2277 framebuffer_update_request(vs,
2278 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2279 read_u16(data, 6), read_u16(data, 8));
2280 break;
2281 case VNC_MSG_CLIENT_KEY_EVENT:
2282 if (len == 1)
2283 return 8;
2284
2285 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2286 break;
2287 case VNC_MSG_CLIENT_POINTER_EVENT:
2288 if (len == 1)
2289 return 6;
2290
2291 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2292 break;
2293 case VNC_MSG_CLIENT_CUT_TEXT:
2294 if (len == 1) {
2295 return 8;
2296 }
2297 if (len == 8) {
2298 uint32_t dlen = read_u32(data, 4);
2299 if (dlen > (1 << 20)) {
2300 error_report("vnc: client_cut_text msg payload has %u bytes"
2301 " which exceeds our limit of 1MB.", dlen);
2302 vnc_client_error(vs);
2303 break;
2304 }
2305 if (dlen > 0) {
2306 return 8 + dlen;
2307 }
2308 }
2309
2310 client_cut_text(vs, read_u32(data, 4), data + 8);
2311 break;
2312 case VNC_MSG_CLIENT_QEMU:
2313 if (len == 1)
2314 return 2;
2315
2316 switch (read_u8(data, 1)) {
2317 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2318 if (len == 2)
2319 return 12;
2320
2321 ext_key_event(vs, read_u16(data, 2),
2322 read_u32(data, 4), read_u32(data, 8));
2323 break;
2324 case VNC_MSG_CLIENT_QEMU_AUDIO:
2325 if (len == 2)
2326 return 4;
2327
2328 switch (read_u16 (data, 2)) {
2329 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2330 audio_add(vs);
2331 break;
2332 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2333 audio_del(vs);
2334 break;
2335 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2336 if (len == 4)
2337 return 10;
2338 switch (read_u8(data, 4)) {
2339 case 0: vs->as.fmt = AUD_FMT_U8; break;
2340 case 1: vs->as.fmt = AUD_FMT_S8; break;
2341 case 2: vs->as.fmt = AUD_FMT_U16; break;
2342 case 3: vs->as.fmt = AUD_FMT_S16; break;
2343 case 4: vs->as.fmt = AUD_FMT_U32; break;
2344 case 5: vs->as.fmt = AUD_FMT_S32; break;
2345 default:
2346 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2347 vnc_client_error(vs);
2348 break;
2349 }
2350 vs->as.nchannels = read_u8(data, 5);
2351 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2352 VNC_DEBUG("Invalid audio channel coount %d\n",
2353 read_u8(data, 5));
2354 vnc_client_error(vs);
2355 break;
2356 }
2357 vs->as.freq = read_u32(data, 6);
2358 break;
2359 default:
2360 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2361 vnc_client_error(vs);
2362 break;
2363 }
2364 break;
2365
2366 default:
2367 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2368 vnc_client_error(vs);
2369 break;
2370 }
2371 break;
2372 default:
2373 VNC_DEBUG("Msg: %d\n", data[0]);
2374 vnc_client_error(vs);
2375 break;
2376 }
2377
2378 vnc_read_when(vs, protocol_client_msg, 1);
2379 return 0;
2380}
2381
2382static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2383{
2384 char buf[1024];
2385 VncShareMode mode;
2386 int size;
2387
2388 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2389 switch (vs->vd->share_policy) {
2390 case VNC_SHARE_POLICY_IGNORE:
2391
2392
2393
2394
2395
2396
2397
2398 break;
2399 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2410 VncState *client;
2411 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2412 if (vs == client) {
2413 continue;
2414 }
2415 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2416 client->share_mode != VNC_SHARE_MODE_SHARED) {
2417 continue;
2418 }
2419 vnc_disconnect_start(client);
2420 }
2421 }
2422 if (mode == VNC_SHARE_MODE_SHARED) {
2423 if (vs->vd->num_exclusive > 0) {
2424 vnc_disconnect_start(vs);
2425 return 0;
2426 }
2427 }
2428 break;
2429 case VNC_SHARE_POLICY_FORCE_SHARED:
2430
2431
2432
2433
2434
2435
2436
2437
2438 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2439 vnc_disconnect_start(vs);
2440 return 0;
2441 }
2442 break;
2443 }
2444 vnc_set_share_mode(vs, mode);
2445
2446 if (vs->vd->num_shared > vs->vd->connections_limit) {
2447 vnc_disconnect_start(vs);
2448 return 0;
2449 }
2450
2451 vs->client_width = pixman_image_get_width(vs->vd->server);
2452 vs->client_height = pixman_image_get_height(vs->vd->server);
2453 vnc_write_u16(vs, vs->client_width);
2454 vnc_write_u16(vs, vs->client_height);
2455
2456 pixel_format_message(vs);
2457
2458 if (qemu_name)
2459 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2460 else
2461 size = snprintf(buf, sizeof(buf), "QEMU");
2462
2463 vnc_write_u32(vs, size);
2464 vnc_write(vs, buf, size);
2465 vnc_flush(vs);
2466
2467 vnc_client_cache_auth(vs);
2468 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2469
2470 vnc_read_when(vs, protocol_client_msg, 1);
2471
2472 return 0;
2473}
2474
2475void start_client_init(VncState *vs)
2476{
2477 vnc_read_when(vs, protocol_client_init, 1);
2478}
2479
2480static void make_challenge(VncState *vs)
2481{
2482 int i;
2483
2484 srand(time(NULL)+getpid()+getpid()*987654+rand());
2485
2486 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2487 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2488}
2489
2490static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2491{
2492 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2493 size_t i, pwlen;
2494 unsigned char key[8];
2495 time_t now = time(NULL);
2496 QCryptoCipher *cipher = NULL;
2497 Error *err = NULL;
2498
2499 if (!vs->vd->password) {
2500 VNC_DEBUG("No password configured on server");
2501 goto reject;
2502 }
2503 if (vs->vd->expires < now) {
2504 VNC_DEBUG("Password is expired");
2505 goto reject;
2506 }
2507
2508 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2509
2510
2511 pwlen = strlen(vs->vd->password);
2512 for (i=0; i<sizeof(key); i++)
2513 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2514
2515 cipher = qcrypto_cipher_new(
2516 QCRYPTO_CIPHER_ALG_DES_RFB,
2517 QCRYPTO_CIPHER_MODE_ECB,
2518 key, G_N_ELEMENTS(key),
2519 &err);
2520 if (!cipher) {
2521 VNC_DEBUG("Cannot initialize cipher %s",
2522 error_get_pretty(err));
2523 error_free(err);
2524 goto reject;
2525 }
2526
2527 if (qcrypto_cipher_encrypt(cipher,
2528 vs->challenge,
2529 response,
2530 VNC_AUTH_CHALLENGE_SIZE,
2531 &err) < 0) {
2532 VNC_DEBUG("Cannot encrypt challenge %s",
2533 error_get_pretty(err));
2534 error_free(err);
2535 goto reject;
2536 }
2537
2538
2539 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2540 VNC_DEBUG("Client challenge response did not match\n");
2541 goto reject;
2542 } else {
2543 VNC_DEBUG("Accepting VNC challenge response\n");
2544 vnc_write_u32(vs, 0);
2545 vnc_flush(vs);
2546
2547 start_client_init(vs);
2548 }
2549
2550 qcrypto_cipher_free(cipher);
2551 return 0;
2552
2553reject:
2554 vnc_write_u32(vs, 1);
2555 if (vs->minor >= 8) {
2556 static const char err[] = "Authentication failed";
2557 vnc_write_u32(vs, sizeof(err));
2558 vnc_write(vs, err, sizeof(err));
2559 }
2560 vnc_flush(vs);
2561 vnc_client_error(vs);
2562 qcrypto_cipher_free(cipher);
2563 return 0;
2564}
2565
2566void start_auth_vnc(VncState *vs)
2567{
2568 make_challenge(vs);
2569
2570 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2571 vnc_flush(vs);
2572
2573 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2574}
2575
2576
2577static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2578{
2579
2580
2581 if (data[0] != vs->auth) {
2582 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2583 vnc_write_u32(vs, 1);
2584 if (vs->minor >= 8) {
2585 static const char err[] = "Authentication failed";
2586 vnc_write_u32(vs, sizeof(err));
2587 vnc_write(vs, err, sizeof(err));
2588 }
2589 vnc_client_error(vs);
2590 } else {
2591 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2592 switch (vs->auth) {
2593 case VNC_AUTH_NONE:
2594 VNC_DEBUG("Accept auth none\n");
2595 if (vs->minor >= 8) {
2596 vnc_write_u32(vs, 0);
2597 vnc_flush(vs);
2598 }
2599 start_client_init(vs);
2600 break;
2601
2602 case VNC_AUTH_VNC:
2603 VNC_DEBUG("Start VNC auth\n");
2604 start_auth_vnc(vs);
2605 break;
2606
2607 case VNC_AUTH_VENCRYPT:
2608 VNC_DEBUG("Accept VeNCrypt auth\n");
2609 start_auth_vencrypt(vs);
2610 break;
2611
2612#ifdef CONFIG_VNC_SASL
2613 case VNC_AUTH_SASL:
2614 VNC_DEBUG("Accept SASL auth\n");
2615 start_auth_sasl(vs);
2616 break;
2617#endif
2618
2619 default:
2620 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2621 vnc_write_u8(vs, 1);
2622 if (vs->minor >= 8) {
2623 static const char err[] = "Authentication failed";
2624 vnc_write_u32(vs, sizeof(err));
2625 vnc_write(vs, err, sizeof(err));
2626 }
2627 vnc_client_error(vs);
2628 }
2629 }
2630 return 0;
2631}
2632
2633static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2634{
2635 char local[13];
2636
2637 memcpy(local, version, 12);
2638 local[12] = 0;
2639
2640 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2641 VNC_DEBUG("Malformed protocol version %s\n", local);
2642 vnc_client_error(vs);
2643 return 0;
2644 }
2645 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2646 if (vs->major != 3 ||
2647 (vs->minor != 3 &&
2648 vs->minor != 4 &&
2649 vs->minor != 5 &&
2650 vs->minor != 7 &&
2651 vs->minor != 8)) {
2652 VNC_DEBUG("Unsupported client version\n");
2653 vnc_write_u32(vs, VNC_AUTH_INVALID);
2654 vnc_flush(vs);
2655 vnc_client_error(vs);
2656 return 0;
2657 }
2658
2659
2660
2661 if (vs->minor == 4 || vs->minor == 5)
2662 vs->minor = 3;
2663
2664 if (vs->minor == 3) {
2665 if (vs->auth == VNC_AUTH_NONE) {
2666 VNC_DEBUG("Tell client auth none\n");
2667 vnc_write_u32(vs, vs->auth);
2668 vnc_flush(vs);
2669 start_client_init(vs);
2670 } else if (vs->auth == VNC_AUTH_VNC) {
2671 VNC_DEBUG("Tell client VNC auth\n");
2672 vnc_write_u32(vs, vs->auth);
2673 vnc_flush(vs);
2674 start_auth_vnc(vs);
2675 } else {
2676 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2677 vnc_write_u32(vs, VNC_AUTH_INVALID);
2678 vnc_flush(vs);
2679 vnc_client_error(vs);
2680 }
2681 } else {
2682 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2683 vnc_write_u8(vs, 1);
2684 vnc_write_u8(vs, vs->auth);
2685 vnc_read_when(vs, protocol_client_auth, 1);
2686 vnc_flush(vs);
2687 }
2688
2689 return 0;
2690}
2691
2692static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2693{
2694 struct VncSurface *vs = &vd->guest;
2695
2696 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2697}
2698
2699void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2700{
2701 int i, j;
2702
2703 w = (x + w) / VNC_STAT_RECT;
2704 h = (y + h) / VNC_STAT_RECT;
2705 x /= VNC_STAT_RECT;
2706 y /= VNC_STAT_RECT;
2707
2708 for (j = y; j <= h; j++) {
2709 for (i = x; i <= w; i++) {
2710 vs->lossy_rect[j][i] = 1;
2711 }
2712 }
2713}
2714
2715static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2716{
2717 VncState *vs;
2718 int sty = y / VNC_STAT_RECT;
2719 int stx = x / VNC_STAT_RECT;
2720 int has_dirty = 0;
2721
2722 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2723 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2724
2725 QTAILQ_FOREACH(vs, &vd->clients, next) {
2726 int j;
2727
2728
2729 if (vs->output.offset) {
2730 continue;
2731 }
2732
2733 if (!vs->lossy_rect[sty][stx]) {
2734 continue;
2735 }
2736
2737 vs->lossy_rect[sty][stx] = 0;
2738 for (j = 0; j < VNC_STAT_RECT; ++j) {
2739 bitmap_set(vs->dirty[y + j],
2740 x / VNC_DIRTY_PIXELS_PER_BIT,
2741 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2742 }
2743 has_dirty++;
2744 }
2745
2746 return has_dirty;
2747}
2748
2749static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2750{
2751 int width = pixman_image_get_width(vd->guest.fb);
2752 int height = pixman_image_get_height(vd->guest.fb);
2753 int x, y;
2754 struct timeval res;
2755 int has_dirty = 0;
2756
2757 for (y = 0; y < height; y += VNC_STAT_RECT) {
2758 for (x = 0; x < width; x += VNC_STAT_RECT) {
2759 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2760
2761 rect->updated = false;
2762 }
2763 }
2764
2765 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2766
2767 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2768 return has_dirty;
2769 }
2770 vd->guest.last_freq_check = *tv;
2771
2772 for (y = 0; y < height; y += VNC_STAT_RECT) {
2773 for (x = 0; x < width; x += VNC_STAT_RECT) {
2774 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2775 int count = ARRAY_SIZE(rect->times);
2776 struct timeval min, max;
2777
2778 if (!timerisset(&rect->times[count - 1])) {
2779 continue ;
2780 }
2781
2782 max = rect->times[(rect->idx + count - 1) % count];
2783 qemu_timersub(tv, &max, &res);
2784
2785 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2786 rect->freq = 0;
2787 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2788 memset(rect->times, 0, sizeof (rect->times));
2789 continue ;
2790 }
2791
2792 min = rect->times[rect->idx];
2793 max = rect->times[(rect->idx + count - 1) % count];
2794 qemu_timersub(&max, &min, &res);
2795
2796 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2797 rect->freq /= count;
2798 rect->freq = 1. / rect->freq;
2799 }
2800 }
2801 return has_dirty;
2802}
2803
2804double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2805{
2806 int i, j;
2807 double total = 0;
2808 int num = 0;
2809
2810 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2811 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2812
2813 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2814 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2815 total += vnc_stat_rect(vs->vd, i, j)->freq;
2816 num++;
2817 }
2818 }
2819
2820 if (num) {
2821 return total / num;
2822 } else {
2823 return 0;
2824 }
2825}
2826
2827static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2828{
2829 VncRectStat *rect;
2830
2831 rect = vnc_stat_rect(vd, x, y);
2832 if (rect->updated) {
2833 return ;
2834 }
2835 rect->times[rect->idx] = *tv;
2836 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2837 rect->updated = true;
2838}
2839
2840static int vnc_refresh_server_surface(VncDisplay *vd)
2841{
2842 int width = MIN(pixman_image_get_width(vd->guest.fb),
2843 pixman_image_get_width(vd->server));
2844 int height = MIN(pixman_image_get_height(vd->guest.fb),
2845 pixman_image_get_height(vd->server));
2846 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2847 uint8_t *guest_row0 = NULL, *server_row0;
2848 VncState *vs;
2849 int has_dirty = 0;
2850 pixman_image_t *tmpbuf = NULL;
2851
2852 struct timeval tv = { 0, 0 };
2853
2854 if (!vd->non_adaptive) {
2855 gettimeofday(&tv, NULL);
2856 has_dirty = vnc_update_stats(vd, &tv);
2857 }
2858
2859
2860
2861
2862
2863
2864 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2865 server_stride = guest_stride = guest_ll =
2866 pixman_image_get_stride(vd->server);
2867 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2868 server_stride);
2869 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2870 int width = pixman_image_get_width(vd->server);
2871 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2872 } else {
2873 int guest_bpp =
2874 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2875 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2876 guest_stride = pixman_image_get_stride(vd->guest.fb);
2877 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
2878 }
2879 line_bytes = MIN(server_stride, guest_ll);
2880
2881 for (;;) {
2882 int x;
2883 uint8_t *guest_ptr, *server_ptr;
2884 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2885 height * VNC_DIRTY_BPL(&vd->guest),
2886 y * VNC_DIRTY_BPL(&vd->guest));
2887 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2888
2889 break;
2890 }
2891 y = offset / VNC_DIRTY_BPL(&vd->guest);
2892 x = offset % VNC_DIRTY_BPL(&vd->guest);
2893
2894 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2895
2896 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2897 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2898 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2899 } else {
2900 guest_ptr = guest_row0 + y * guest_stride;
2901 }
2902 guest_ptr += x * cmp_bytes;
2903
2904 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2905 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2906 int _cmp_bytes = cmp_bytes;
2907 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2908 continue;
2909 }
2910 if ((x + 1) * cmp_bytes > line_bytes) {
2911 _cmp_bytes = line_bytes - x * cmp_bytes;
2912 }
2913 assert(_cmp_bytes >= 0);
2914 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2915 continue;
2916 }
2917 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2918 if (!vd->non_adaptive) {
2919 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2920 y, &tv);
2921 }
2922 QTAILQ_FOREACH(vs, &vd->clients, next) {
2923 set_bit(x, vs->dirty[y]);
2924 }
2925 has_dirty++;
2926 }
2927
2928 y++;
2929 }
2930 qemu_pixman_image_unref(tmpbuf);
2931 return has_dirty;
2932}
2933
2934static void vnc_refresh(DisplayChangeListener *dcl)
2935{
2936 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2937 VncState *vs, *vn;
2938 int has_dirty, rects = 0;
2939
2940 if (QTAILQ_EMPTY(&vd->clients)) {
2941 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2942 return;
2943 }
2944
2945 graphic_hw_update(vd->dcl.con);
2946
2947 if (vnc_trylock_display(vd)) {
2948 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2949 return;
2950 }
2951
2952 has_dirty = vnc_refresh_server_surface(vd);
2953 vnc_unlock_display(vd);
2954
2955 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2956 rects += vnc_update_client(vs, has_dirty, false);
2957
2958 }
2959
2960 if (has_dirty && rects) {
2961 vd->dcl.update_interval /= 2;
2962 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2963 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2964 }
2965 } else {
2966 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2967 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2968 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2969 }
2970 }
2971}
2972
2973static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2974 bool skipauth, bool websocket)
2975{
2976 VncState *vs = g_new0(VncState, 1);
2977 int i;
2978
2979 vs->sioc = sioc;
2980 object_ref(OBJECT(vs->sioc));
2981 vs->ioc = QIO_CHANNEL(sioc);
2982 object_ref(OBJECT(vs->ioc));
2983 vs->vd = vd;
2984
2985 buffer_init(&vs->input, "vnc-input/%p", sioc);
2986 buffer_init(&vs->output, "vnc-output/%p", sioc);
2987 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2988
2989 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2990 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2991 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2992#ifdef CONFIG_VNC_JPEG
2993 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2994#endif
2995#ifdef CONFIG_VNC_PNG
2996 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2997#endif
2998 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2999 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
3000 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
3001 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
3002
3003 if (skipauth) {
3004 vs->auth = VNC_AUTH_NONE;
3005 vs->subauth = VNC_AUTH_INVALID;
3006 } else {
3007 if (websocket) {
3008 vs->auth = vd->ws_auth;
3009 vs->subauth = VNC_AUTH_INVALID;
3010 } else {
3011 vs->auth = vd->auth;
3012 vs->subauth = vd->subauth;
3013 }
3014 }
3015 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3016 sioc, websocket, vs->auth, vs->subauth);
3017
3018 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3019 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3020 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3021 }
3022
3023 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3024 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3025 qio_channel_set_blocking(vs->ioc, false, NULL);
3026 if (websocket) {
3027 vs->websocket = 1;
3028 if (vd->ws_tls) {
3029 vs->ioc_tag = qio_channel_add_watch(
3030 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3031 } else {
3032 vs->ioc_tag = qio_channel_add_watch(
3033 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3034 }
3035 } else {
3036 vs->ioc_tag = qio_channel_add_watch(
3037 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3038 }
3039
3040 vnc_client_cache_addr(vs);
3041 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3042 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3043
3044 if (!vs->websocket) {
3045 vnc_init_state(vs);
3046 }
3047
3048 if (vd->num_connecting > vd->connections_limit) {
3049 QTAILQ_FOREACH(vs, &vd->clients, next) {
3050 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3051 vnc_disconnect_start(vs);
3052 return;
3053 }
3054 }
3055 }
3056}
3057
3058void vnc_init_state(VncState *vs)
3059{
3060 vs->initialized = true;
3061 VncDisplay *vd = vs->vd;
3062 bool first_client = QTAILQ_EMPTY(&vd->clients);
3063
3064 vs->last_x = -1;
3065 vs->last_y = -1;
3066
3067 vs->as.freq = 44100;
3068 vs->as.nchannels = 2;
3069 vs->as.fmt = AUD_FMT_S16;
3070 vs->as.endianness = 0;
3071
3072 qemu_mutex_init(&vs->output_mutex);
3073 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3074
3075 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3076 if (first_client) {
3077 vnc_update_server_surface(vd);
3078 }
3079
3080 graphic_hw_update(vd->dcl.con);
3081
3082 vnc_write(vs, "RFB 003.008\n", 12);
3083 vnc_flush(vs);
3084 vnc_read_when(vs, protocol_version, 12);
3085 reset_keys(vs);
3086 if (vs->vd->lock_key_sync)
3087 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
3088
3089 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3090 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3091
3092
3093}
3094
3095static gboolean vnc_listen_io(QIOChannel *ioc,
3096 GIOCondition condition,
3097 void *opaque)
3098{
3099 VncDisplay *vs = opaque;
3100 QIOChannelSocket *sioc = NULL;
3101 Error *err = NULL;
3102
3103
3104 graphic_hw_update(vs->dcl.con);
3105 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3106 if (sioc != NULL) {
3107 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3108 vnc_connect(vs, sioc, false,
3109 ioc != QIO_CHANNEL(vs->lsock));
3110 object_unref(OBJECT(sioc));
3111 } else {
3112
3113 error_free(err);
3114 }
3115
3116 return TRUE;
3117}
3118
3119static const DisplayChangeListenerOps dcl_ops = {
3120 .dpy_name = "vnc",
3121 .dpy_refresh = vnc_refresh,
3122 .dpy_gfx_copy = vnc_dpy_copy,
3123 .dpy_gfx_update = vnc_dpy_update,
3124 .dpy_gfx_switch = vnc_dpy_switch,
3125 .dpy_gfx_check_format = qemu_pixman_check_format,
3126 .dpy_mouse_set = vnc_mouse_set,
3127 .dpy_cursor_define = vnc_dpy_cursor_define,
3128};
3129
3130void vnc_display_init(const char *id)
3131{
3132 VncDisplay *vs;
3133
3134 if (vnc_display_find(id) != NULL) {
3135 return;
3136 }
3137 vs = g_malloc0(sizeof(*vs));
3138
3139 vs->id = strdup(id);
3140 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next);
3141
3142 QTAILQ_INIT(&vs->clients);
3143 vs->expires = TIME_MAX;
3144
3145 if (keyboard_layout) {
3146 trace_vnc_key_map_init(keyboard_layout);
3147 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3148 } else {
3149 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3150 }
3151
3152 if (!vs->kbd_layout)
3153 exit(1);
3154
3155 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3156 vs->connections_limit = 32;
3157
3158 qemu_mutex_init(&vs->mutex);
3159 vnc_start_worker_thread();
3160
3161 vs->dcl.ops = &dcl_ops;
3162 register_displaychangelistener(&vs->dcl);
3163}
3164
3165
3166static void vnc_display_close(VncDisplay *vs)
3167{
3168 if (!vs)
3169 return;
3170 vs->enabled = false;
3171 vs->is_unix = false;
3172 if (vs->lsock != NULL) {
3173 if (vs->lsock_tag) {
3174 g_source_remove(vs->lsock_tag);
3175 }
3176 object_unref(OBJECT(vs->lsock));
3177 vs->lsock = NULL;
3178 }
3179 vs->ws_enabled = false;
3180 if (vs->lwebsock != NULL) {
3181 if (vs->lwebsock_tag) {
3182 g_source_remove(vs->lwebsock_tag);
3183 }
3184 object_unref(OBJECT(vs->lwebsock));
3185 vs->lwebsock = NULL;
3186 }
3187 vs->auth = VNC_AUTH_INVALID;
3188 vs->subauth = VNC_AUTH_INVALID;
3189 if (vs->tlscreds) {
3190 object_unparent(OBJECT(vs->tlscreds));
3191 vs->tlscreds = NULL;
3192 }
3193 g_free(vs->tlsaclname);
3194 vs->tlsaclname = NULL;
3195}
3196
3197int vnc_display_password(const char *id, const char *password)
3198{
3199 VncDisplay *vs = vnc_display_find(id);
3200
3201 if (!vs) {
3202 return -EINVAL;
3203 }
3204 if (vs->auth == VNC_AUTH_NONE) {
3205 error_printf_unless_qmp("If you want use passwords please enable "
3206 "password auth using '-vnc ${dpy},password'.\n");
3207 return -EINVAL;
3208 }
3209
3210 g_free(vs->password);
3211 vs->password = g_strdup(password);
3212
3213 return 0;
3214}
3215
3216int vnc_display_pw_expire(const char *id, time_t expires)
3217{
3218 VncDisplay *vs = vnc_display_find(id);
3219
3220 if (!vs) {
3221 return -EINVAL;
3222 }
3223
3224 vs->expires = expires;
3225 return 0;
3226}
3227
3228static void vnc_display_print_local_addr(VncDisplay *vs)
3229{
3230 SocketAddress *addr;
3231 Error *err = NULL;
3232
3233 addr = qio_channel_socket_get_local_address(vs->lsock, &err);
3234 if (!addr) {
3235 return;
3236 }
3237
3238 if (addr->type != SOCKET_ADDRESS_KIND_INET) {
3239 qapi_free_SocketAddress(addr);
3240 return;
3241 }
3242 error_printf_unless_qmp("VNC server running on %s:%s\n",
3243 addr->u.inet.data->host,
3244 addr->u.inet.data->port);
3245 qapi_free_SocketAddress(addr);
3246}
3247
3248static QemuOptsList qemu_vnc_opts = {
3249 .name = "vnc",
3250 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3251 .implied_opt_name = "vnc",
3252 .desc = {
3253 {
3254 .name = "vnc",
3255 .type = QEMU_OPT_STRING,
3256 },{
3257 .name = "websocket",
3258 .type = QEMU_OPT_STRING,
3259 },{
3260 .name = "tls-creds",
3261 .type = QEMU_OPT_STRING,
3262 },{
3263
3264 .name = "x509",
3265 .type = QEMU_OPT_STRING,
3266 },{
3267 .name = "share",
3268 .type = QEMU_OPT_STRING,
3269 },{
3270 .name = "display",
3271 .type = QEMU_OPT_STRING,
3272 },{
3273 .name = "head",
3274 .type = QEMU_OPT_NUMBER,
3275 },{
3276 .name = "connections",
3277 .type = QEMU_OPT_NUMBER,
3278 },{
3279 .name = "to",
3280 .type = QEMU_OPT_NUMBER,
3281 },{
3282 .name = "ipv4",
3283 .type = QEMU_OPT_BOOL,
3284 },{
3285 .name = "ipv6",
3286 .type = QEMU_OPT_BOOL,
3287 },{
3288 .name = "password",
3289 .type = QEMU_OPT_BOOL,
3290 },{
3291 .name = "reverse",
3292 .type = QEMU_OPT_BOOL,
3293 },{
3294 .name = "lock-key-sync",
3295 .type = QEMU_OPT_BOOL,
3296 },{
3297 .name = "key-delay-ms",
3298 .type = QEMU_OPT_NUMBER,
3299 },{
3300 .name = "sasl",
3301 .type = QEMU_OPT_BOOL,
3302 },{
3303
3304 .name = "tls",
3305 .type = QEMU_OPT_BOOL,
3306 },{
3307
3308 .name = "x509verify",
3309 .type = QEMU_OPT_STRING,
3310 },{
3311 .name = "acl",
3312 .type = QEMU_OPT_BOOL,
3313 },{
3314 .name = "lossy",
3315 .type = QEMU_OPT_BOOL,
3316 },{
3317 .name = "non-adaptive",
3318 .type = QEMU_OPT_BOOL,
3319 },
3320 { }
3321 },
3322};
3323
3324
3325static int
3326vnc_display_setup_auth(VncDisplay *vs,
3327 bool password,
3328 bool sasl,
3329 bool websocket,
3330 Error **errp)
3331{
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379 if (password) {
3380 if (vs->tlscreds) {
3381 vs->auth = VNC_AUTH_VENCRYPT;
3382 if (websocket) {
3383 vs->ws_tls = true;
3384 }
3385 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3386 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3387 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3388 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3389 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3390 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3391 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3392 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3393 } else {
3394 error_setg(errp,
3395 "Unsupported TLS cred type %s",
3396 object_get_typename(OBJECT(vs->tlscreds)));
3397 return -1;
3398 }
3399 } else {
3400 VNC_DEBUG("Initializing VNC server with password auth\n");
3401 vs->auth = VNC_AUTH_VNC;
3402 vs->subauth = VNC_AUTH_INVALID;
3403 }
3404 if (websocket) {
3405 vs->ws_auth = VNC_AUTH_VNC;
3406 } else {
3407 vs->ws_auth = VNC_AUTH_INVALID;
3408 }
3409 } else if (sasl) {
3410 if (vs->tlscreds) {
3411 vs->auth = VNC_AUTH_VENCRYPT;
3412 if (websocket) {
3413 vs->ws_tls = true;
3414 }
3415 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3416 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3417 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3418 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3419 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3420 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3421 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3422 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3423 } else {
3424 error_setg(errp,
3425 "Unsupported TLS cred type %s",
3426 object_get_typename(OBJECT(vs->tlscreds)));
3427 return -1;
3428 }
3429 } else {
3430 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3431 vs->auth = VNC_AUTH_SASL;
3432 vs->subauth = VNC_AUTH_INVALID;
3433 }
3434 if (websocket) {
3435 vs->ws_auth = VNC_AUTH_SASL;
3436 } else {
3437 vs->ws_auth = VNC_AUTH_INVALID;
3438 }
3439 } else {
3440 if (vs->tlscreds) {
3441 vs->auth = VNC_AUTH_VENCRYPT;
3442 if (websocket) {
3443 vs->ws_tls = true;
3444 }
3445 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3446 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3447 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3448 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3449 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3450 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3451 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3452 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3453 } else {
3454 error_setg(errp,
3455 "Unsupported TLS cred type %s",
3456 object_get_typename(OBJECT(vs->tlscreds)));
3457 return -1;
3458 }
3459 } else {
3460 VNC_DEBUG("Initializing VNC server with no auth\n");
3461 vs->auth = VNC_AUTH_NONE;
3462 vs->subauth = VNC_AUTH_INVALID;
3463 }
3464 if (websocket) {
3465 vs->ws_auth = VNC_AUTH_NONE;
3466 } else {
3467 vs->ws_auth = VNC_AUTH_INVALID;
3468 }
3469 }
3470 return 0;
3471}
3472
3473
3474
3475
3476
3477
3478static QCryptoTLSCreds *
3479vnc_display_create_creds(bool x509,
3480 bool x509verify,
3481 const char *dir,
3482 const char *id,
3483 Error **errp)
3484{
3485 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3486 Object *parent = object_get_objects_root();
3487 Object *creds;
3488 Error *err = NULL;
3489
3490 if (x509) {
3491 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3492 parent,
3493 credsid,
3494 &err,
3495 "endpoint", "server",
3496 "dir", dir,
3497 "verify-peer", x509verify ? "yes" : "no",
3498 NULL);
3499 } else {
3500 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3501 parent,
3502 credsid,
3503 &err,
3504 "endpoint", "server",
3505 NULL);
3506 }
3507
3508 g_free(credsid);
3509
3510 if (err) {
3511 error_propagate(errp, err);
3512 return NULL;
3513 }
3514
3515 return QCRYPTO_TLS_CREDS(creds);
3516}
3517
3518
3519void vnc_display_open(const char *id, Error **errp)
3520{
3521 VncDisplay *vs = vnc_display_find(id);
3522 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3523 SocketAddress *saddr = NULL, *wsaddr = NULL;
3524 const char *share, *device_id;
3525 QemuConsole *con;
3526 bool password = false;
3527 bool reverse = false;
3528 const char *vnc;
3529 char *h;
3530 const char *credid;
3531 int show_vnc_port = 0;
3532 bool sasl = false;
3533#ifdef CONFIG_VNC_SASL
3534 int saslErr;
3535#endif
3536 int acl = 0;
3537 int lock_key_sync = 1;
3538 int key_delay_ms;
3539
3540 if (!vs) {
3541 error_setg(errp, "VNC display not active");
3542 return;
3543 }
3544 vnc_display_close(vs);
3545
3546 if (!opts) {
3547 return;
3548 }
3549 vnc = qemu_opt_get(opts, "vnc");
3550 if (!vnc || strcmp(vnc, "none") == 0) {
3551 return;
3552 }
3553
3554 h = strrchr(vnc, ':');
3555 if (h) {
3556 size_t hlen = h - vnc;
3557
3558 const char *websocket = qemu_opt_get(opts, "websocket");
3559 int to = qemu_opt_get_number(opts, "to", 0);
3560 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3561 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3562 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3563 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3564
3565 saddr = g_new0(SocketAddress, 1);
3566 if (websocket) {
3567 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3568 error_setg(errp,
3569 "SHA1 hash support is required for websockets");
3570 goto fail;
3571 }
3572
3573 wsaddr = g_new0(SocketAddress, 1);
3574 vs->ws_enabled = true;
3575 }
3576
3577 if (strncmp(vnc, "unix:", 5) == 0) {
3578 saddr->type = SOCKET_ADDRESS_KIND_UNIX;
3579 saddr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
3580 saddr->u.q_unix.data->path = g_strdup(vnc + 5);
3581
3582 if (vs->ws_enabled) {
3583 error_setg(errp, "UNIX sockets not supported with websock");
3584 goto fail;
3585 }
3586 } else {
3587 unsigned long long baseport;
3588 InetSocketAddress *inet;
3589 saddr->type = SOCKET_ADDRESS_KIND_INET;
3590 inet = saddr->u.inet.data = g_new0(InetSocketAddress, 1);
3591 if (vnc[0] == '[' && vnc[hlen - 1] == ']') {
3592 inet->host = g_strndup(vnc + 1, hlen - 2);
3593 } else {
3594 inet->host = g_strndup(vnc, hlen);
3595 }
3596 if (parse_uint_full(h + 1, &baseport, 10) < 0) {
3597 error_setg(errp, "can't convert to a number: %s", h + 1);
3598 goto fail;
3599 }
3600 if (baseport > 65535 ||
3601 baseport + 5900 > 65535) {
3602 error_setg(errp, "port %s out of range", h + 1);
3603 goto fail;
3604 }
3605 inet->port = g_strdup_printf(
3606 "%d", (int)baseport + 5900);
3607
3608 if (to) {
3609 inet->has_to = true;
3610 inet->to = to + 5900;
3611 show_vnc_port = 1;
3612 }
3613 inet->ipv4 = ipv4;
3614 inet->has_ipv4 = has_ipv4;
3615 inet->ipv6 = ipv6;
3616 inet->has_ipv6 = has_ipv6;
3617
3618 if (vs->ws_enabled) {
3619 wsaddr->type = SOCKET_ADDRESS_KIND_INET;
3620 inet = wsaddr->u.inet.data = g_new0(InetSocketAddress, 1);
3621 inet->host = g_strdup(saddr->u.inet.data->host);
3622 inet->port = g_strdup(websocket);
3623
3624 if (to) {
3625 inet->has_to = true;
3626 inet->to = to;
3627 }
3628 inet->ipv4 = ipv4;
3629 inet->has_ipv4 = has_ipv4;
3630 inet->ipv6 = ipv6;
3631 inet->has_ipv6 = has_ipv6;
3632 }
3633 }
3634 } else {
3635 error_setg(errp, "no vnc port specified");
3636 goto fail;
3637 }
3638
3639 password = qemu_opt_get_bool(opts, "password", false);
3640 if (password) {
3641 if (fips_get_state()) {
3642 error_setg(errp,
3643 "VNC password auth disabled due to FIPS mode, "
3644 "consider using the VeNCrypt or SASL authentication "
3645 "methods as an alternative");
3646 goto fail;
3647 }
3648 if (!qcrypto_cipher_supports(
3649 QCRYPTO_CIPHER_ALG_DES_RFB)) {
3650 error_setg(errp,
3651 "Cipher backend does not support DES RFB algorithm");
3652 goto fail;
3653 }
3654 }
3655
3656 reverse = qemu_opt_get_bool(opts, "reverse", false);
3657 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3658 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 1);
3659 sasl = qemu_opt_get_bool(opts, "sasl", false);
3660#ifndef CONFIG_VNC_SASL
3661 if (sasl) {
3662 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3663 goto fail;
3664 }
3665#endif
3666 credid = qemu_opt_get(opts, "tls-creds");
3667 if (credid) {
3668 Object *creds;
3669 if (qemu_opt_get(opts, "tls") ||
3670 qemu_opt_get(opts, "x509") ||
3671 qemu_opt_get(opts, "x509verify")) {
3672 error_setg(errp,
3673 "'tls-creds' parameter is mutually exclusive with "
3674 "'tls', 'x509' and 'x509verify' parameters");
3675 goto fail;
3676 }
3677
3678 creds = object_resolve_path_component(
3679 object_get_objects_root(), credid);
3680 if (!creds) {
3681 error_setg(errp, "No TLS credentials with id '%s'",
3682 credid);
3683 goto fail;
3684 }
3685 vs->tlscreds = (QCryptoTLSCreds *)
3686 object_dynamic_cast(creds,
3687 TYPE_QCRYPTO_TLS_CREDS);
3688 if (!vs->tlscreds) {
3689 error_setg(errp, "Object with id '%s' is not TLS credentials",
3690 credid);
3691 goto fail;
3692 }
3693 object_ref(OBJECT(vs->tlscreds));
3694
3695 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3696 error_setg(errp,
3697 "Expecting TLS credentials with a server endpoint");
3698 goto fail;
3699 }
3700 } else {
3701 const char *path;
3702 bool tls = false, x509 = false, x509verify = false;
3703 tls = qemu_opt_get_bool(opts, "tls", false);
3704 if (tls) {
3705 path = qemu_opt_get(opts, "x509");
3706
3707 if (path) {
3708 x509 = true;
3709 } else {
3710 path = qemu_opt_get(opts, "x509verify");
3711 if (path) {
3712 x509 = true;
3713 x509verify = true;
3714 }
3715 }
3716 vs->tlscreds = vnc_display_create_creds(x509,
3717 x509verify,
3718 path,
3719 vs->id,
3720 errp);
3721 if (!vs->tlscreds) {
3722 goto fail;
3723 }
3724 }
3725 }
3726 acl = qemu_opt_get_bool(opts, "acl", false);
3727
3728 share = qemu_opt_get(opts, "share");
3729 if (share) {
3730 if (strcmp(share, "ignore") == 0) {
3731 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3732 } else if (strcmp(share, "allow-exclusive") == 0) {
3733 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3734 } else if (strcmp(share, "force-shared") == 0) {
3735 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3736 } else {
3737 error_setg(errp, "unknown vnc share= option");
3738 goto fail;
3739 }
3740 } else {
3741 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3742 }
3743 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3744
3745#ifdef CONFIG_VNC_JPEG
3746 vs->lossy = qemu_opt_get_bool(opts, "lossy", false);
3747#endif
3748 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3749
3750
3751
3752 if (!vs->lossy) {
3753 vs->non_adaptive = true;
3754 }
3755
3756 if (acl) {
3757 if (strcmp(vs->id, "default") == 0) {
3758 vs->tlsaclname = g_strdup("vnc.x509dname");
3759 } else {
3760 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id);
3761 }
3762 qemu_acl_init(vs->tlsaclname);
3763 }
3764#ifdef CONFIG_VNC_SASL
3765 if (acl && sasl) {
3766 char *aclname;
3767
3768 if (strcmp(vs->id, "default") == 0) {
3769 aclname = g_strdup("vnc.username");
3770 } else {
3771 aclname = g_strdup_printf("vnc.%s.username", vs->id);
3772 }
3773 vs->sasl.acl = qemu_acl_init(aclname);
3774 g_free(aclname);
3775 }
3776#endif
3777
3778 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) {
3779 goto fail;
3780 }
3781
3782#ifdef CONFIG_VNC_SASL
3783 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3784 error_setg(errp, "Failed to initialize SASL auth: %s",
3785 sasl_errstring(saslErr, NULL, NULL));
3786 goto fail;
3787 }
3788#endif
3789 vs->lock_key_sync = lock_key_sync;
3790 vs->key_delay_ms = key_delay_ms;
3791
3792 device_id = qemu_opt_get(opts, "display");
3793 if (device_id) {
3794 int head = qemu_opt_get_number(opts, "head", 0);
3795 Error *err = NULL;
3796
3797 con = qemu_console_lookup_by_device_name(device_id, head, &err);
3798 if (err) {
3799 error_propagate(errp, err);
3800 goto fail;
3801 }
3802 } else {
3803 con = NULL;
3804 }
3805
3806 if (con != vs->dcl.con) {
3807 unregister_displaychangelistener(&vs->dcl);
3808 vs->dcl.con = con;
3809 register_displaychangelistener(&vs->dcl);
3810 }
3811
3812 if (reverse) {
3813
3814 QIOChannelSocket *sioc = NULL;
3815 vs->lsock = NULL;
3816 vs->lwebsock = NULL;
3817 if (vs->ws_enabled) {
3818 error_setg(errp, "Cannot use websockets in reverse mode");
3819 goto fail;
3820 }
3821 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3822 sioc = qio_channel_socket_new();
3823 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) {
3824 goto fail;
3825 }
3826 vnc_connect(vs, sioc, false, false);
3827 object_unref(OBJECT(sioc));
3828 } else {
3829 vs->lsock = qio_channel_socket_new();
3830 if (qio_channel_socket_listen_sync(vs->lsock, saddr, errp) < 0) {
3831 goto fail;
3832 }
3833 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3834 vs->enabled = true;
3835
3836 if (vs->ws_enabled) {
3837 vs->lwebsock = qio_channel_socket_new();
3838 if (qio_channel_socket_listen_sync(vs->lwebsock,
3839 wsaddr, errp) < 0) {
3840 object_unref(OBJECT(vs->lsock));
3841 vs->lsock = NULL;
3842 goto fail;
3843 }
3844 }
3845
3846 vs->lsock_tag = qio_channel_add_watch(
3847 QIO_CHANNEL(vs->lsock),
3848 G_IO_IN, vnc_listen_io, vs, NULL);
3849 if (vs->ws_enabled) {
3850 vs->lwebsock_tag = qio_channel_add_watch(
3851 QIO_CHANNEL(vs->lwebsock),
3852 G_IO_IN, vnc_listen_io, vs, NULL);
3853 }
3854 }
3855
3856 if (show_vnc_port) {
3857 vnc_display_print_local_addr(vs);
3858 }
3859
3860 qapi_free_SocketAddress(saddr);
3861 qapi_free_SocketAddress(wsaddr);
3862 return;
3863
3864fail:
3865 qapi_free_SocketAddress(saddr);
3866 qapi_free_SocketAddress(wsaddr);
3867 vs->enabled = false;
3868 vs->ws_enabled = false;
3869}
3870
3871void vnc_display_add_client(const char *id, int csock, bool skipauth)
3872{
3873 VncDisplay *vs = vnc_display_find(id);
3874 QIOChannelSocket *sioc;
3875
3876 if (!vs) {
3877 return;
3878 }
3879
3880 sioc = qio_channel_socket_new_fd(csock, NULL);
3881 if (sioc) {
3882 vnc_connect(vs, sioc, skipauth, false);
3883 object_unref(OBJECT(sioc));
3884 }
3885}
3886
3887static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
3888{
3889 int i = 2;
3890 char *id;
3891
3892 id = g_strdup("default");
3893 while (qemu_opts_find(olist, id)) {
3894 g_free(id);
3895 id = g_strdup_printf("vnc%d", i++);
3896 }
3897 qemu_opts_set_id(opts, id);
3898}
3899
3900QemuOpts *vnc_parse(const char *str, Error **errp)
3901{
3902 QemuOptsList *olist = qemu_find_opts("vnc");
3903 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
3904 const char *id;
3905
3906 if (!opts) {
3907 return NULL;
3908 }
3909
3910 id = qemu_opts_id(opts);
3911 if (!id) {
3912
3913 vnc_auto_assign_id(olist, opts);
3914 }
3915 return opts;
3916}
3917
3918int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
3919{
3920 Error *local_err = NULL;
3921 char *id = (char *)qemu_opts_id(opts);
3922
3923 assert(id);
3924 vnc_display_init(id);
3925 vnc_display_open(id, &local_err);
3926 if (local_err != NULL) {
3927 error_reportf_err(local_err, "Failed to start VNC server: ");
3928 exit(1);
3929 }
3930 return 0;
3931}
3932
3933static void vnc_register_config(void)
3934{
3935 qemu_add_opts(&qemu_vnc_opts);
3936}
3937opts_init(vnc_register_config);
3938