1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "vnc.h"
29#include "vnc-jobs.h"
30#include "trace.h"
31#include "hw/qdev-core.h"
32#include "sysemu/sysemu.h"
33#include "qemu/error-report.h"
34#include "qemu/main-loop.h"
35#include "qemu/module.h"
36#include "qemu/option.h"
37#include "qemu/sockets.h"
38#include "qemu/timer.h"
39#include "authz/list.h"
40#include "qemu/config-file.h"
41#include "qapi/qapi-emit-events.h"
42#include "qapi/qapi-events-ui.h"
43#include "qapi/error.h"
44#include "qapi/qapi-commands-ui.h"
45#include "ui/input.h"
46#include "crypto/hash.h"
47#include "crypto/tlscredsanon.h"
48#include "crypto/tlscredsx509.h"
49#include "crypto/random.h"
50#include "qom/object_interfaces.h"
51#include "qemu/cutils.h"
52#include "io/dns-resolver.h"
53
54#define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
55#define VNC_REFRESH_INTERVAL_INC 50
56#define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
57static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
58static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
59
60#include "vnc_keysym.h"
61#include "crypto/cipher.h"
62
63static QTAILQ_HEAD(, VncDisplay) vnc_displays =
64 QTAILQ_HEAD_INITIALIZER(vnc_displays);
65
66static int vnc_cursor_define(VncState *vs);
67static void vnc_update_throttle_offset(VncState *vs);
68
69static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
70{
71#ifdef _VNC_DEBUG
72 static const char *mn[] = {
73 [0] = "undefined",
74 [VNC_SHARE_MODE_CONNECTING] = "connecting",
75 [VNC_SHARE_MODE_SHARED] = "shared",
76 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
77 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
78 };
79 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
80 vs->ioc, mn[vs->share_mode], mn[mode]);
81#endif
82
83 switch (vs->share_mode) {
84 case VNC_SHARE_MODE_CONNECTING:
85 vs->vd->num_connecting--;
86 break;
87 case VNC_SHARE_MODE_SHARED:
88 vs->vd->num_shared--;
89 break;
90 case VNC_SHARE_MODE_EXCLUSIVE:
91 vs->vd->num_exclusive--;
92 break;
93 default:
94 break;
95 }
96
97 vs->share_mode = mode;
98
99 switch (vs->share_mode) {
100 case VNC_SHARE_MODE_CONNECTING:
101 vs->vd->num_connecting++;
102 break;
103 case VNC_SHARE_MODE_SHARED:
104 vs->vd->num_shared++;
105 break;
106 case VNC_SHARE_MODE_EXCLUSIVE:
107 vs->vd->num_exclusive++;
108 break;
109 default:
110 break;
111 }
112}
113
114
115static void vnc_init_basic_info(SocketAddress *addr,
116 VncBasicInfo *info,
117 Error **errp)
118{
119 switch (addr->type) {
120 case SOCKET_ADDRESS_TYPE_INET:
121 info->host = g_strdup(addr->u.inet.host);
122 info->service = g_strdup(addr->u.inet.port);
123 if (addr->u.inet.ipv6) {
124 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
125 } else {
126 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
127 }
128 break;
129
130 case SOCKET_ADDRESS_TYPE_UNIX:
131 info->host = g_strdup("");
132 info->service = g_strdup(addr->u.q_unix.path);
133 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
134 break;
135
136 case SOCKET_ADDRESS_TYPE_VSOCK:
137 case SOCKET_ADDRESS_TYPE_FD:
138 error_setg(errp, "Unsupported socket address type %s",
139 SocketAddressType_str(addr->type));
140 break;
141 default:
142 abort();
143 }
144
145 return;
146}
147
148static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
149 VncBasicInfo *info,
150 Error **errp)
151{
152 SocketAddress *addr = NULL;
153
154 if (!ioc) {
155 error_setg(errp, "No listener socket available");
156 return;
157 }
158
159 addr = qio_channel_socket_get_local_address(ioc, errp);
160 if (!addr) {
161 return;
162 }
163
164 vnc_init_basic_info(addr, info, errp);
165 qapi_free_SocketAddress(addr);
166}
167
168static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
169 VncBasicInfo *info,
170 Error **errp)
171{
172 SocketAddress *addr = NULL;
173
174 addr = qio_channel_socket_get_remote_address(ioc, errp);
175 if (!addr) {
176 return;
177 }
178
179 vnc_init_basic_info(addr, info, errp);
180 qapi_free_SocketAddress(addr);
181}
182
183static const char *vnc_auth_name(VncDisplay *vd) {
184 switch (vd->auth) {
185 case VNC_AUTH_INVALID:
186 return "invalid";
187 case VNC_AUTH_NONE:
188 return "none";
189 case VNC_AUTH_VNC:
190 return "vnc";
191 case VNC_AUTH_RA2:
192 return "ra2";
193 case VNC_AUTH_RA2NE:
194 return "ra2ne";
195 case VNC_AUTH_TIGHT:
196 return "tight";
197 case VNC_AUTH_ULTRA:
198 return "ultra";
199 case VNC_AUTH_TLS:
200 return "tls";
201 case VNC_AUTH_VENCRYPT:
202 switch (vd->subauth) {
203 case VNC_AUTH_VENCRYPT_PLAIN:
204 return "vencrypt+plain";
205 case VNC_AUTH_VENCRYPT_TLSNONE:
206 return "vencrypt+tls+none";
207 case VNC_AUTH_VENCRYPT_TLSVNC:
208 return "vencrypt+tls+vnc";
209 case VNC_AUTH_VENCRYPT_TLSPLAIN:
210 return "vencrypt+tls+plain";
211 case VNC_AUTH_VENCRYPT_X509NONE:
212 return "vencrypt+x509+none";
213 case VNC_AUTH_VENCRYPT_X509VNC:
214 return "vencrypt+x509+vnc";
215 case VNC_AUTH_VENCRYPT_X509PLAIN:
216 return "vencrypt+x509+plain";
217 case VNC_AUTH_VENCRYPT_TLSSASL:
218 return "vencrypt+tls+sasl";
219 case VNC_AUTH_VENCRYPT_X509SASL:
220 return "vencrypt+x509+sasl";
221 default:
222 return "vencrypt";
223 }
224 case VNC_AUTH_SASL:
225 return "sasl";
226 }
227 return "unknown";
228}
229
230static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
231{
232 VncServerInfo *info;
233 Error *err = NULL;
234
235 if (!vd->listener || !vd->listener->nsioc) {
236 return NULL;
237 }
238
239 info = g_malloc0(sizeof(*info));
240 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
241 qapi_VncServerInfo_base(info), &err);
242 info->has_auth = true;
243 info->auth = g_strdup(vnc_auth_name(vd));
244 if (err) {
245 qapi_free_VncServerInfo(info);
246 info = NULL;
247 error_free(err);
248 }
249 return info;
250}
251
252static void vnc_client_cache_auth(VncState *client)
253{
254 if (!client->info) {
255 return;
256 }
257
258 if (client->tls) {
259 client->info->x509_dname =
260 qcrypto_tls_session_get_peer_name(client->tls);
261 client->info->has_x509_dname =
262 client->info->x509_dname != NULL;
263 }
264#ifdef CONFIG_VNC_SASL
265 if (client->sasl.conn &&
266 client->sasl.username) {
267 client->info->has_sasl_username = true;
268 client->info->sasl_username = g_strdup(client->sasl.username);
269 }
270#endif
271}
272
273static void vnc_client_cache_addr(VncState *client)
274{
275 Error *err = NULL;
276
277 client->info = g_malloc0(sizeof(*client->info));
278 vnc_init_basic_info_from_remote_addr(client->sioc,
279 qapi_VncClientInfo_base(client->info),
280 &err);
281 client->info->websocket = client->websocket;
282 if (err) {
283 qapi_free_VncClientInfo(client->info);
284 client->info = NULL;
285 error_free(err);
286 }
287}
288
289static void vnc_qmp_event(VncState *vs, QAPIEvent event)
290{
291 VncServerInfo *si;
292
293 if (!vs->info) {
294 return;
295 }
296
297 si = vnc_server_info_get(vs->vd);
298 if (!si) {
299 return;
300 }
301
302 switch (event) {
303 case QAPI_EVENT_VNC_CONNECTED:
304 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
305 break;
306 case QAPI_EVENT_VNC_INITIALIZED:
307 qapi_event_send_vnc_initialized(si, vs->info);
308 break;
309 case QAPI_EVENT_VNC_DISCONNECTED:
310 qapi_event_send_vnc_disconnected(si, vs->info);
311 break;
312 default:
313 break;
314 }
315
316 qapi_free_VncServerInfo(si);
317}
318
319static VncClientInfo *qmp_query_vnc_client(const VncState *client)
320{
321 VncClientInfo *info;
322 Error *err = NULL;
323
324 info = g_malloc0(sizeof(*info));
325
326 vnc_init_basic_info_from_remote_addr(client->sioc,
327 qapi_VncClientInfo_base(info),
328 &err);
329 if (err) {
330 error_free(err);
331 qapi_free_VncClientInfo(info);
332 return NULL;
333 }
334
335 info->websocket = client->websocket;
336
337 if (client->tls) {
338 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
339 info->has_x509_dname = info->x509_dname != NULL;
340 }
341#ifdef CONFIG_VNC_SASL
342 if (client->sasl.conn && client->sasl.username) {
343 info->has_sasl_username = true;
344 info->sasl_username = g_strdup(client->sasl.username);
345 }
346#endif
347
348 return info;
349}
350
351static VncDisplay *vnc_display_find(const char *id)
352{
353 VncDisplay *vd;
354
355 if (id == NULL) {
356 return QTAILQ_FIRST(&vnc_displays);
357 }
358 QTAILQ_FOREACH(vd, &vnc_displays, next) {
359 if (strcmp(id, vd->id) == 0) {
360 return vd;
361 }
362 }
363 return NULL;
364}
365
366static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
367{
368 VncClientInfoList *cinfo, *prev = NULL;
369 VncState *client;
370
371 QTAILQ_FOREACH(client, &vd->clients, next) {
372 cinfo = g_new0(VncClientInfoList, 1);
373 cinfo->value = qmp_query_vnc_client(client);
374 cinfo->next = prev;
375 prev = cinfo;
376 }
377 return prev;
378}
379
380VncInfo *qmp_query_vnc(Error **errp)
381{
382 VncInfo *info = g_malloc0(sizeof(*info));
383 VncDisplay *vd = vnc_display_find(NULL);
384 SocketAddress *addr = NULL;
385
386 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
387 info->enabled = false;
388 } else {
389 info->enabled = true;
390
391
392 info->has_clients = true;
393 info->clients = qmp_query_client_list(vd);
394
395 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
396 errp);
397 if (!addr) {
398 goto out_error;
399 }
400
401 switch (addr->type) {
402 case SOCKET_ADDRESS_TYPE_INET:
403 info->host = g_strdup(addr->u.inet.host);
404 info->service = g_strdup(addr->u.inet.port);
405 if (addr->u.inet.ipv6) {
406 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
407 } else {
408 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
409 }
410 break;
411
412 case SOCKET_ADDRESS_TYPE_UNIX:
413 info->host = g_strdup("");
414 info->service = g_strdup(addr->u.q_unix.path);
415 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
416 break;
417
418 case SOCKET_ADDRESS_TYPE_VSOCK:
419 case SOCKET_ADDRESS_TYPE_FD:
420 error_setg(errp, "Unsupported socket address type %s",
421 SocketAddressType_str(addr->type));
422 goto out_error;
423 default:
424 abort();
425 }
426
427 info->has_host = true;
428 info->has_service = true;
429 info->has_family = true;
430
431 info->has_auth = true;
432 info->auth = g_strdup(vnc_auth_name(vd));
433 }
434
435 qapi_free_SocketAddress(addr);
436 return info;
437
438out_error:
439 qapi_free_SocketAddress(addr);
440 qapi_free_VncInfo(info);
441 return NULL;
442}
443
444
445static void qmp_query_auth(int auth, int subauth,
446 VncPrimaryAuth *qmp_auth,
447 VncVencryptSubAuth *qmp_vencrypt,
448 bool *qmp_has_vencrypt);
449
450static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
451 bool websocket,
452 int auth,
453 int subauth,
454 VncServerInfo2List *prev)
455{
456 VncServerInfo2List *list;
457 VncServerInfo2 *info;
458 Error *err = NULL;
459 SocketAddress *addr;
460
461 addr = qio_channel_socket_get_local_address(ioc, &err);
462 if (!addr) {
463 error_free(err);
464 return prev;
465 }
466
467 info = g_new0(VncServerInfo2, 1);
468 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
469 qapi_free_SocketAddress(addr);
470 if (err) {
471 qapi_free_VncServerInfo2(info);
472 error_free(err);
473 return prev;
474 }
475 info->websocket = websocket;
476
477 qmp_query_auth(auth, subauth, &info->auth,
478 &info->vencrypt, &info->has_vencrypt);
479
480 list = g_new0(VncServerInfo2List, 1);
481 list->value = info;
482 list->next = prev;
483 return list;
484}
485
486static void qmp_query_auth(int auth, int subauth,
487 VncPrimaryAuth *qmp_auth,
488 VncVencryptSubAuth *qmp_vencrypt,
489 bool *qmp_has_vencrypt)
490{
491 switch (auth) {
492 case VNC_AUTH_VNC:
493 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
494 break;
495 case VNC_AUTH_RA2:
496 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
497 break;
498 case VNC_AUTH_RA2NE:
499 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
500 break;
501 case VNC_AUTH_TIGHT:
502 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
503 break;
504 case VNC_AUTH_ULTRA:
505 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
506 break;
507 case VNC_AUTH_TLS:
508 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
509 break;
510 case VNC_AUTH_VENCRYPT:
511 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
512 *qmp_has_vencrypt = true;
513 switch (subauth) {
514 case VNC_AUTH_VENCRYPT_PLAIN:
515 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
516 break;
517 case VNC_AUTH_VENCRYPT_TLSNONE:
518 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
519 break;
520 case VNC_AUTH_VENCRYPT_TLSVNC:
521 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
522 break;
523 case VNC_AUTH_VENCRYPT_TLSPLAIN:
524 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
525 break;
526 case VNC_AUTH_VENCRYPT_X509NONE:
527 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
528 break;
529 case VNC_AUTH_VENCRYPT_X509VNC:
530 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
531 break;
532 case VNC_AUTH_VENCRYPT_X509PLAIN:
533 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
534 break;
535 case VNC_AUTH_VENCRYPT_TLSSASL:
536 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
537 break;
538 case VNC_AUTH_VENCRYPT_X509SASL:
539 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
540 break;
541 default:
542 *qmp_has_vencrypt = false;
543 break;
544 }
545 break;
546 case VNC_AUTH_SASL:
547 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
548 break;
549 case VNC_AUTH_NONE:
550 default:
551 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
552 break;
553 }
554}
555
556VncInfo2List *qmp_query_vnc_servers(Error **errp)
557{
558 VncInfo2List *item, *prev = NULL;
559 VncInfo2 *info;
560 VncDisplay *vd;
561 DeviceState *dev;
562 size_t i;
563
564 QTAILQ_FOREACH(vd, &vnc_displays, next) {
565 info = g_new0(VncInfo2, 1);
566 info->id = g_strdup(vd->id);
567 info->clients = qmp_query_client_list(vd);
568 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
569 &info->vencrypt, &info->has_vencrypt);
570 if (vd->dcl.con) {
571 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
572 "device", NULL));
573 info->has_display = true;
574 info->display = g_strdup(dev->id);
575 }
576 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
577 info->server = qmp_query_server_entry(
578 vd->listener->sioc[i], false, vd->auth, vd->subauth,
579 info->server);
580 }
581 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
582 info->server = qmp_query_server_entry(
583 vd->wslistener->sioc[i], true, vd->ws_auth,
584 vd->ws_subauth, info->server);
585 }
586
587 item = g_new0(VncInfo2List, 1);
588 item->value = info;
589 item->next = prev;
590 prev = item;
591 }
592 return prev;
593}
594
595
596
597
598
599
600
601
602static int vnc_update_client(VncState *vs, int has_dirty);
603static void vnc_disconnect_start(VncState *vs);
604
605static void vnc_colordepth(VncState *vs);
606static void framebuffer_update_request(VncState *vs, int incremental,
607 int x_position, int y_position,
608 int w, int h);
609static void vnc_refresh(DisplayChangeListener *dcl);
610static int vnc_refresh_server_surface(VncDisplay *vd);
611
612static int vnc_width(VncDisplay *vd)
613{
614 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
615 VNC_DIRTY_PIXELS_PER_BIT));
616}
617
618static int vnc_height(VncDisplay *vd)
619{
620 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
621}
622
623static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
624 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
625 VncDisplay *vd,
626 int x, int y, int w, int h)
627{
628 int width = vnc_width(vd);
629 int height = vnc_height(vd);
630
631
632
633 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
634 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
635
636 x = MIN(x, width);
637 y = MIN(y, height);
638 w = MIN(x + w, width) - x;
639 h = MIN(y + h, height);
640
641 for (; y < h; y++) {
642 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
643 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
644 }
645}
646
647static void vnc_dpy_update(DisplayChangeListener *dcl,
648 int x, int y, int w, int h)
649{
650 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
651 struct VncSurface *s = &vd->guest;
652
653 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
654}
655
656void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
657 int32_t encoding)
658{
659 vnc_write_u16(vs, x);
660 vnc_write_u16(vs, y);
661 vnc_write_u16(vs, w);
662 vnc_write_u16(vs, h);
663
664 vnc_write_s32(vs, encoding);
665}
666
667
668static void vnc_desktop_resize(VncState *vs)
669{
670 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
671 return;
672 }
673 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
674 vs->client_height == pixman_image_get_height(vs->vd->server)) {
675 return;
676 }
677
678 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
679 pixman_image_get_width(vs->vd->server) >= 0);
680 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
681 pixman_image_get_height(vs->vd->server) >= 0);
682 vs->client_width = pixman_image_get_width(vs->vd->server);
683 vs->client_height = pixman_image_get_height(vs->vd->server);
684 vnc_lock_output(vs);
685 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
686 vnc_write_u8(vs, 0);
687 vnc_write_u16(vs, 1);
688 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
689 VNC_ENCODING_DESKTOPRESIZE);
690 vnc_unlock_output(vs);
691 vnc_flush(vs);
692}
693
694static void vnc_abort_display_jobs(VncDisplay *vd)
695{
696 VncState *vs;
697
698 QTAILQ_FOREACH(vs, &vd->clients, next) {
699 vnc_lock_output(vs);
700 vs->abort = true;
701 vnc_unlock_output(vs);
702 }
703 QTAILQ_FOREACH(vs, &vd->clients, next) {
704 vnc_jobs_join(vs);
705 }
706 QTAILQ_FOREACH(vs, &vd->clients, next) {
707 vnc_lock_output(vs);
708 if (vs->update == VNC_STATE_UPDATE_NONE &&
709 vs->job_update != VNC_STATE_UPDATE_NONE) {
710
711 vs->update = vs->job_update;
712 vs->job_update = VNC_STATE_UPDATE_NONE;
713 }
714 vs->abort = false;
715 vnc_unlock_output(vs);
716 }
717}
718
719int vnc_server_fb_stride(VncDisplay *vd)
720{
721 return pixman_image_get_stride(vd->server);
722}
723
724void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
725{
726 uint8_t *ptr;
727
728 ptr = (uint8_t *)pixman_image_get_data(vd->server);
729 ptr += y * vnc_server_fb_stride(vd);
730 ptr += x * VNC_SERVER_FB_BYTES;
731 return ptr;
732}
733
734static void vnc_update_server_surface(VncDisplay *vd)
735{
736 int width, height;
737
738 qemu_pixman_image_unref(vd->server);
739 vd->server = NULL;
740
741 if (QTAILQ_EMPTY(&vd->clients)) {
742 return;
743 }
744
745 width = vnc_width(vd);
746 height = vnc_height(vd);
747 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
748 width, height,
749 NULL, 0);
750
751 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
752 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
753 width, height);
754}
755
756static bool vnc_check_pageflip(DisplaySurface *s1,
757 DisplaySurface *s2)
758{
759 return (s1 != NULL &&
760 s2 != NULL &&
761 surface_width(s1) == surface_width(s2) &&
762 surface_height(s1) == surface_height(s2) &&
763 surface_format(s1) == surface_format(s2));
764
765}
766
767static void vnc_dpy_switch(DisplayChangeListener *dcl,
768 DisplaySurface *surface)
769{
770 static const char placeholder_msg[] =
771 "Display output is not active.";
772 static DisplaySurface *placeholder;
773 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
774 bool pageflip = vnc_check_pageflip(vd->ds, surface);
775 VncState *vs;
776
777 if (surface == NULL) {
778 if (placeholder == NULL) {
779 placeholder = qemu_create_message_surface(640, 480, placeholder_msg);
780 }
781 surface = placeholder;
782 }
783
784 vnc_abort_display_jobs(vd);
785 vd->ds = surface;
786
787
788 qemu_pixman_image_unref(vd->guest.fb);
789 vd->guest.fb = pixman_image_ref(surface->image);
790 vd->guest.format = surface->format;
791
792 if (pageflip) {
793 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
794 surface_width(surface),
795 surface_height(surface));
796 return;
797 }
798
799
800 vnc_update_server_surface(vd);
801
802 QTAILQ_FOREACH(vs, &vd->clients, next) {
803 vnc_colordepth(vs);
804 vnc_desktop_resize(vs);
805 if (vs->vd->cursor) {
806 vnc_cursor_define(vs);
807 }
808 memset(vs->dirty, 0x00, sizeof(vs->dirty));
809 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
810 vnc_width(vd),
811 vnc_height(vd));
812 vnc_update_throttle_offset(vs);
813 }
814}
815
816
817static void vnc_write_pixels_copy(VncState *vs,
818 void *pixels, int size)
819{
820 vnc_write(vs, pixels, size);
821}
822
823
824void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
825{
826 uint8_t r, g, b;
827
828#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
829 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
830 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
831 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
832#else
833# error need some bits here if you change VNC_SERVER_FB_FORMAT
834#endif
835 v = (r << vs->client_pf.rshift) |
836 (g << vs->client_pf.gshift) |
837 (b << vs->client_pf.bshift);
838 switch (vs->client_pf.bytes_per_pixel) {
839 case 1:
840 buf[0] = v;
841 break;
842 case 2:
843 if (vs->client_be) {
844 buf[0] = v >> 8;
845 buf[1] = v;
846 } else {
847 buf[1] = v >> 8;
848 buf[0] = v;
849 }
850 break;
851 default:
852 case 4:
853 if (vs->client_be) {
854 buf[0] = v >> 24;
855 buf[1] = v >> 16;
856 buf[2] = v >> 8;
857 buf[3] = v;
858 } else {
859 buf[3] = v >> 24;
860 buf[2] = v >> 16;
861 buf[1] = v >> 8;
862 buf[0] = v;
863 }
864 break;
865 }
866}
867
868static void vnc_write_pixels_generic(VncState *vs,
869 void *pixels1, int size)
870{
871 uint8_t buf[4];
872
873 if (VNC_SERVER_FB_BYTES == 4) {
874 uint32_t *pixels = pixels1;
875 int n, i;
876 n = size >> 2;
877 for (i = 0; i < n; i++) {
878 vnc_convert_pixel(vs, buf, pixels[i]);
879 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
880 }
881 }
882}
883
884int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
885{
886 int i;
887 uint8_t *row;
888 VncDisplay *vd = vs->vd;
889
890 row = vnc_server_fb_ptr(vd, x, y);
891 for (i = 0; i < h; i++) {
892 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
893 row += vnc_server_fb_stride(vd);
894 }
895 return 1;
896}
897
898int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
899{
900 int n = 0;
901
902 switch(vs->vnc_encoding) {
903 case VNC_ENCODING_ZLIB:
904 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
905 break;
906 case VNC_ENCODING_HEXTILE:
907 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
908 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
909 break;
910 case VNC_ENCODING_TIGHT:
911 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
912 break;
913 case VNC_ENCODING_TIGHT_PNG:
914 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
915 break;
916 case VNC_ENCODING_ZRLE:
917 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
918 break;
919 case VNC_ENCODING_ZYWRLE:
920 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
921 break;
922 default:
923 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
924 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
925 break;
926 }
927 return n;
928}
929
930static void vnc_mouse_set(DisplayChangeListener *dcl,
931 int x, int y, int visible)
932{
933
934}
935
936static int vnc_cursor_define(VncState *vs)
937{
938 QEMUCursor *c = vs->vd->cursor;
939 int isize;
940
941 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
942 vnc_lock_output(vs);
943 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
944 vnc_write_u8(vs, 0);
945 vnc_write_u16(vs, 1);
946 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
947 VNC_ENCODING_RICH_CURSOR);
948 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
949 vnc_write_pixels_generic(vs, c->data, isize);
950 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
951 vnc_unlock_output(vs);
952 return 0;
953 }
954 return -1;
955}
956
957static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
958 QEMUCursor *c)
959{
960 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
961 VncState *vs;
962
963 cursor_put(vd->cursor);
964 g_free(vd->cursor_mask);
965
966 vd->cursor = c;
967 cursor_get(vd->cursor);
968 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
969 vd->cursor_mask = g_malloc0(vd->cursor_msize);
970 cursor_get_mono_mask(c, 0, vd->cursor_mask);
971
972 QTAILQ_FOREACH(vs, &vd->clients, next) {
973 vnc_cursor_define(vs);
974 }
975}
976
977static int find_and_clear_dirty_height(VncState *vs,
978 int y, int last_x, int x, int height)
979{
980 int h;
981
982 for (h = 1; h < (height - y); h++) {
983 if (!test_bit(last_x, vs->dirty[y + h])) {
984 break;
985 }
986 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
987 }
988
989 return h;
990}
991
992
993
994
995
996
997
998
999
1000
1001
1002static void vnc_update_throttle_offset(VncState *vs)
1003{
1004 size_t offset =
1005 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1006
1007 if (vs->audio_cap) {
1008 int bps;
1009 switch (vs->as.fmt) {
1010 default:
1011 case AUDIO_FORMAT_U8:
1012 case AUDIO_FORMAT_S8:
1013 bps = 1;
1014 break;
1015 case AUDIO_FORMAT_U16:
1016 case AUDIO_FORMAT_S16:
1017 bps = 2;
1018 break;
1019 case AUDIO_FORMAT_U32:
1020 case AUDIO_FORMAT_S32:
1021 bps = 4;
1022 break;
1023 }
1024 offset += vs->as.freq * bps * vs->as.nchannels;
1025 }
1026
1027
1028
1029
1030
1031 offset = MAX(offset, 1024 * 1024);
1032
1033 if (vs->throttle_output_offset != offset) {
1034 trace_vnc_client_throttle_threshold(
1035 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1036 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1037 }
1038
1039 vs->throttle_output_offset = offset;
1040}
1041
1042static bool vnc_should_update(VncState *vs)
1043{
1044 switch (vs->update) {
1045 case VNC_STATE_UPDATE_NONE:
1046 break;
1047 case VNC_STATE_UPDATE_INCREMENTAL:
1048
1049
1050
1051
1052 if (vs->output.offset < vs->throttle_output_offset &&
1053 vs->job_update == VNC_STATE_UPDATE_NONE) {
1054 return true;
1055 }
1056 trace_vnc_client_throttle_incremental(
1057 vs, vs->ioc, vs->job_update, vs->output.offset);
1058 break;
1059 case VNC_STATE_UPDATE_FORCE:
1060
1061
1062
1063
1064
1065
1066
1067
1068 if (vs->force_update_offset == 0 &&
1069 vs->job_update == VNC_STATE_UPDATE_NONE) {
1070 return true;
1071 }
1072 trace_vnc_client_throttle_forced(
1073 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1074 break;
1075 }
1076 return false;
1077}
1078
1079static int vnc_update_client(VncState *vs, int has_dirty)
1080{
1081 VncDisplay *vd = vs->vd;
1082 VncJob *job;
1083 int y;
1084 int height, width;
1085 int n = 0;
1086
1087 if (vs->disconnecting) {
1088 vnc_disconnect_finish(vs);
1089 return 0;
1090 }
1091
1092 vs->has_dirty += has_dirty;
1093 if (!vnc_should_update(vs)) {
1094 return 0;
1095 }
1096
1097 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1098 return 0;
1099 }
1100
1101
1102
1103
1104
1105
1106
1107 job = vnc_job_new(vs);
1108
1109 height = pixman_image_get_height(vd->server);
1110 width = pixman_image_get_width(vd->server);
1111
1112 y = 0;
1113 for (;;) {
1114 int x, h;
1115 unsigned long x2;
1116 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1117 height * VNC_DIRTY_BPL(vs),
1118 y * VNC_DIRTY_BPL(vs));
1119 if (offset == height * VNC_DIRTY_BPL(vs)) {
1120
1121 break;
1122 }
1123 y = offset / VNC_DIRTY_BPL(vs);
1124 x = offset % VNC_DIRTY_BPL(vs);
1125 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1126 VNC_DIRTY_BPL(vs), x);
1127 bitmap_clear(vs->dirty[y], x, x2 - x);
1128 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1129 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1130 if (x2 > x) {
1131 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1132 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1133 }
1134 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1135 y += h;
1136 if (y == height) {
1137 break;
1138 }
1139 }
1140 }
1141
1142 vs->job_update = vs->update;
1143 vs->update = VNC_STATE_UPDATE_NONE;
1144 vnc_job_push(job);
1145 vs->has_dirty = 0;
1146 return n;
1147}
1148
1149
1150static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1151{
1152 VncState *vs = opaque;
1153
1154 assert(vs->magic == VNC_MAGIC);
1155 switch (cmd) {
1156 case AUD_CNOTIFY_DISABLE:
1157 vnc_lock_output(vs);
1158 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1159 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1160 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1161 vnc_unlock_output(vs);
1162 vnc_flush(vs);
1163 break;
1164
1165 case AUD_CNOTIFY_ENABLE:
1166 vnc_lock_output(vs);
1167 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1168 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1169 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1170 vnc_unlock_output(vs);
1171 vnc_flush(vs);
1172 break;
1173 }
1174}
1175
1176static void audio_capture_destroy(void *opaque)
1177{
1178}
1179
1180static void audio_capture(void *opaque, void *buf, int size)
1181{
1182 VncState *vs = opaque;
1183
1184 assert(vs->magic == VNC_MAGIC);
1185 vnc_lock_output(vs);
1186 if (vs->output.offset < vs->throttle_output_offset) {
1187 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1188 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1189 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1190 vnc_write_u32(vs, size);
1191 vnc_write(vs, buf, size);
1192 } else {
1193 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1194 }
1195 vnc_unlock_output(vs);
1196 vnc_flush(vs);
1197}
1198
1199static void audio_add(VncState *vs)
1200{
1201 struct audio_capture_ops ops;
1202
1203 if (vs->audio_cap) {
1204 error_report("audio already running");
1205 return;
1206 }
1207
1208 ops.notify = audio_capture_notify;
1209 ops.destroy = audio_capture_destroy;
1210 ops.capture = audio_capture;
1211
1212 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1213 if (!vs->audio_cap) {
1214 error_report("Failed to add audio capture");
1215 }
1216}
1217
1218static void audio_del(VncState *vs)
1219{
1220 if (vs->audio_cap) {
1221 AUD_del_capture(vs->audio_cap, vs);
1222 vs->audio_cap = NULL;
1223 }
1224}
1225
1226static void vnc_disconnect_start(VncState *vs)
1227{
1228 if (vs->disconnecting) {
1229 return;
1230 }
1231 trace_vnc_client_disconnect_start(vs, vs->ioc);
1232 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1233 if (vs->ioc_tag) {
1234 g_source_remove(vs->ioc_tag);
1235 vs->ioc_tag = 0;
1236 }
1237 qio_channel_close(vs->ioc, NULL);
1238 vs->disconnecting = TRUE;
1239}
1240
1241void vnc_disconnect_finish(VncState *vs)
1242{
1243 int i;
1244
1245 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1246
1247 vnc_jobs_join(vs);
1248
1249 vnc_lock_output(vs);
1250 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1251
1252 buffer_free(&vs->input);
1253 buffer_free(&vs->output);
1254
1255 qapi_free_VncClientInfo(vs->info);
1256
1257 vnc_zlib_clear(vs);
1258 vnc_tight_clear(vs);
1259 vnc_zrle_clear(vs);
1260
1261#ifdef CONFIG_VNC_SASL
1262 vnc_sasl_client_cleanup(vs);
1263#endif
1264 audio_del(vs);
1265 qkbd_state_lift_all_keys(vs->vd->kbd);
1266
1267 if (vs->mouse_mode_notifier.notify != NULL) {
1268 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1269 }
1270 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1271 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1272
1273 vnc_update_server_surface(vs->vd);
1274 }
1275
1276 vnc_unlock_output(vs);
1277
1278 qemu_mutex_destroy(&vs->output_mutex);
1279 if (vs->bh != NULL) {
1280 qemu_bh_delete(vs->bh);
1281 }
1282 buffer_free(&vs->jobs_buffer);
1283
1284 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1285 g_free(vs->lossy_rect[i]);
1286 }
1287 g_free(vs->lossy_rect);
1288
1289 object_unref(OBJECT(vs->ioc));
1290 vs->ioc = NULL;
1291 object_unref(OBJECT(vs->sioc));
1292 vs->sioc = NULL;
1293 vs->magic = 0;
1294 g_free(vs->zrle);
1295 g_free(vs->tight);
1296 g_free(vs);
1297}
1298
1299size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1300{
1301 if (ret <= 0) {
1302 if (ret == 0) {
1303 trace_vnc_client_eof(vs, vs->ioc);
1304 vnc_disconnect_start(vs);
1305 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1306 trace_vnc_client_io_error(vs, vs->ioc,
1307 err ? error_get_pretty(err) : "Unknown");
1308 vnc_disconnect_start(vs);
1309 }
1310
1311 error_free(err);
1312 return 0;
1313 }
1314 return ret;
1315}
1316
1317
1318void vnc_client_error(VncState *vs)
1319{
1320 VNC_DEBUG("Closing down client sock: protocol error\n");
1321 vnc_disconnect_start(vs);
1322}
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1341{
1342 Error *err = NULL;
1343 ssize_t ret;
1344 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1345 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1346 return vnc_client_io_error(vs, ret, err);
1347}
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360static size_t vnc_client_write_plain(VncState *vs)
1361{
1362 size_t offset;
1363 size_t ret;
1364
1365#ifdef CONFIG_VNC_SASL
1366 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1367 vs->output.buffer, vs->output.capacity, vs->output.offset,
1368 vs->sasl.waitWriteSSF);
1369
1370 if (vs->sasl.conn &&
1371 vs->sasl.runSSF &&
1372 vs->sasl.waitWriteSSF) {
1373 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1374 if (ret)
1375 vs->sasl.waitWriteSSF -= ret;
1376 } else
1377#endif
1378 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1379 if (!ret)
1380 return 0;
1381
1382 if (ret >= vs->force_update_offset) {
1383 if (vs->force_update_offset != 0) {
1384 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1385 }
1386 vs->force_update_offset = 0;
1387 } else {
1388 vs->force_update_offset -= ret;
1389 }
1390 offset = vs->output.offset;
1391 buffer_advance(&vs->output, ret);
1392 if (offset >= vs->throttle_output_offset &&
1393 vs->output.offset < vs->throttle_output_offset) {
1394 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1395 }
1396
1397 if (vs->output.offset == 0) {
1398 if (vs->ioc_tag) {
1399 g_source_remove(vs->ioc_tag);
1400 }
1401 vs->ioc_tag = qio_channel_add_watch(
1402 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1403 }
1404
1405 return ret;
1406}
1407
1408
1409
1410
1411
1412
1413
1414static void vnc_client_write_locked(VncState *vs)
1415{
1416#ifdef CONFIG_VNC_SASL
1417 if (vs->sasl.conn &&
1418 vs->sasl.runSSF &&
1419 !vs->sasl.waitWriteSSF) {
1420 vnc_client_write_sasl(vs);
1421 } else
1422#endif
1423 {
1424 vnc_client_write_plain(vs);
1425 }
1426}
1427
1428static void vnc_client_write(VncState *vs)
1429{
1430 assert(vs->magic == VNC_MAGIC);
1431 vnc_lock_output(vs);
1432 if (vs->output.offset) {
1433 vnc_client_write_locked(vs);
1434 } else if (vs->ioc != NULL) {
1435 if (vs->ioc_tag) {
1436 g_source_remove(vs->ioc_tag);
1437 }
1438 vs->ioc_tag = qio_channel_add_watch(
1439 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1440 }
1441 vnc_unlock_output(vs);
1442}
1443
1444void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1445{
1446 vs->read_handler = func;
1447 vs->read_handler_expect = expecting;
1448}
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1467{
1468 ssize_t ret;
1469 Error *err = NULL;
1470 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1471 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1472 return vnc_client_io_error(vs, ret, err);
1473}
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485static size_t vnc_client_read_plain(VncState *vs)
1486{
1487 size_t ret;
1488 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1489 vs->input.buffer, vs->input.capacity, vs->input.offset);
1490 buffer_reserve(&vs->input, 4096);
1491 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1492 if (!ret)
1493 return 0;
1494 vs->input.offset += ret;
1495 return ret;
1496}
1497
1498static void vnc_jobs_bh(void *opaque)
1499{
1500 VncState *vs = opaque;
1501
1502 assert(vs->magic == VNC_MAGIC);
1503 vnc_jobs_consume_buffer(vs);
1504}
1505
1506
1507
1508
1509
1510
1511
1512static int vnc_client_read(VncState *vs)
1513{
1514 size_t ret;
1515
1516#ifdef CONFIG_VNC_SASL
1517 if (vs->sasl.conn && vs->sasl.runSSF)
1518 ret = vnc_client_read_sasl(vs);
1519 else
1520#endif
1521 ret = vnc_client_read_plain(vs);
1522 if (!ret) {
1523 if (vs->disconnecting) {
1524 vnc_disconnect_finish(vs);
1525 return -1;
1526 }
1527 return 0;
1528 }
1529
1530 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1531 size_t len = vs->read_handler_expect;
1532 int ret;
1533
1534 ret = vs->read_handler(vs, vs->input.buffer, len);
1535 if (vs->disconnecting) {
1536 vnc_disconnect_finish(vs);
1537 return -1;
1538 }
1539
1540 if (!ret) {
1541 buffer_advance(&vs->input, len);
1542 } else {
1543 vs->read_handler_expect = ret;
1544 }
1545 }
1546 return 0;
1547}
1548
1549gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1550 GIOCondition condition, void *opaque)
1551{
1552 VncState *vs = opaque;
1553
1554 assert(vs->magic == VNC_MAGIC);
1555 if (condition & G_IO_IN) {
1556 if (vnc_client_read(vs) < 0) {
1557
1558 return TRUE;
1559 }
1560 }
1561 if (condition & G_IO_OUT) {
1562 vnc_client_write(vs);
1563 }
1564
1565 if (vs->disconnecting) {
1566 if (vs->ioc_tag != 0) {
1567 g_source_remove(vs->ioc_tag);
1568 }
1569 vs->ioc_tag = 0;
1570 }
1571 return TRUE;
1572}
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582#define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1583
1584void vnc_write(VncState *vs, const void *data, size_t len)
1585{
1586 assert(vs->magic == VNC_MAGIC);
1587 if (vs->disconnecting) {
1588 return;
1589 }
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601 if (vs->throttle_output_offset != 0 &&
1602 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1603 vs->throttle_output_offset) {
1604 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1605 vs->throttle_output_offset);
1606 vnc_disconnect_start(vs);
1607 return;
1608 }
1609 buffer_reserve(&vs->output, len);
1610
1611 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1612 if (vs->ioc_tag) {
1613 g_source_remove(vs->ioc_tag);
1614 }
1615 vs->ioc_tag = qio_channel_add_watch(
1616 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1617 }
1618
1619 buffer_append(&vs->output, data, len);
1620}
1621
1622void vnc_write_s32(VncState *vs, int32_t value)
1623{
1624 vnc_write_u32(vs, *(uint32_t *)&value);
1625}
1626
1627void vnc_write_u32(VncState *vs, uint32_t value)
1628{
1629 uint8_t buf[4];
1630
1631 buf[0] = (value >> 24) & 0xFF;
1632 buf[1] = (value >> 16) & 0xFF;
1633 buf[2] = (value >> 8) & 0xFF;
1634 buf[3] = value & 0xFF;
1635
1636 vnc_write(vs, buf, 4);
1637}
1638
1639void vnc_write_u16(VncState *vs, uint16_t value)
1640{
1641 uint8_t buf[2];
1642
1643 buf[0] = (value >> 8) & 0xFF;
1644 buf[1] = value & 0xFF;
1645
1646 vnc_write(vs, buf, 2);
1647}
1648
1649void vnc_write_u8(VncState *vs, uint8_t value)
1650{
1651 vnc_write(vs, (char *)&value, 1);
1652}
1653
1654void vnc_flush(VncState *vs)
1655{
1656 vnc_lock_output(vs);
1657 if (vs->ioc != NULL && vs->output.offset) {
1658 vnc_client_write_locked(vs);
1659 }
1660 if (vs->disconnecting) {
1661 if (vs->ioc_tag != 0) {
1662 g_source_remove(vs->ioc_tag);
1663 }
1664 vs->ioc_tag = 0;
1665 }
1666 vnc_unlock_output(vs);
1667}
1668
1669static uint8_t read_u8(uint8_t *data, size_t offset)
1670{
1671 return data[offset];
1672}
1673
1674static uint16_t read_u16(uint8_t *data, size_t offset)
1675{
1676 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1677}
1678
1679static int32_t read_s32(uint8_t *data, size_t offset)
1680{
1681 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1682 (data[offset + 2] << 8) | data[offset + 3]);
1683}
1684
1685uint32_t read_u32(uint8_t *data, size_t offset)
1686{
1687 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1688 (data[offset + 2] << 8) | data[offset + 3]);
1689}
1690
1691static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1692{
1693}
1694
1695static void check_pointer_type_change(Notifier *notifier, void *data)
1696{
1697 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1698 int absolute = qemu_input_is_absolute();
1699
1700 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1701 vnc_lock_output(vs);
1702 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1703 vnc_write_u8(vs, 0);
1704 vnc_write_u16(vs, 1);
1705 vnc_framebuffer_update(vs, absolute, 0,
1706 pixman_image_get_width(vs->vd->server),
1707 pixman_image_get_height(vs->vd->server),
1708 VNC_ENCODING_POINTER_TYPE_CHANGE);
1709 vnc_unlock_output(vs);
1710 vnc_flush(vs);
1711 }
1712 vs->absolute = absolute;
1713}
1714
1715static void pointer_event(VncState *vs, int button_mask, int x, int y)
1716{
1717 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1718 [INPUT_BUTTON_LEFT] = 0x01,
1719 [INPUT_BUTTON_MIDDLE] = 0x02,
1720 [INPUT_BUTTON_RIGHT] = 0x04,
1721 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1722 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1723 };
1724 QemuConsole *con = vs->vd->dcl.con;
1725 int width = pixman_image_get_width(vs->vd->server);
1726 int height = pixman_image_get_height(vs->vd->server);
1727
1728 if (vs->last_bmask != button_mask) {
1729 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1730 vs->last_bmask = button_mask;
1731 }
1732
1733 if (vs->absolute) {
1734 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1735 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1736 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1737 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1738 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1739 } else {
1740 if (vs->last_x != -1) {
1741 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1742 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1743 }
1744 vs->last_x = x;
1745 vs->last_y = y;
1746 }
1747 qemu_input_event_sync();
1748}
1749
1750static void press_key(VncState *vs, QKeyCode qcode)
1751{
1752 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1753 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1754}
1755
1756static void vnc_led_state_change(VncState *vs)
1757{
1758 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1759 return;
1760 }
1761
1762 vnc_lock_output(vs);
1763 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1764 vnc_write_u8(vs, 0);
1765 vnc_write_u16(vs, 1);
1766 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1767 vnc_write_u8(vs, vs->vd->ledstate);
1768 vnc_unlock_output(vs);
1769 vnc_flush(vs);
1770}
1771
1772static void kbd_leds(void *opaque, int ledstate)
1773{
1774 VncDisplay *vd = opaque;
1775 VncState *client;
1776
1777 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1778 (ledstate & QEMU_NUM_LOCK_LED),
1779 (ledstate & QEMU_SCROLL_LOCK_LED));
1780
1781 if (ledstate == vd->ledstate) {
1782 return;
1783 }
1784
1785 vd->ledstate = ledstate;
1786
1787 QTAILQ_FOREACH(client, &vd->clients, next) {
1788 vnc_led_state_change(client);
1789 }
1790}
1791
1792static void do_key_event(VncState *vs, int down, int keycode, int sym)
1793{
1794 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1795
1796
1797 switch (qcode) {
1798 case Q_KEY_CODE_1 ... Q_KEY_CODE_9:
1799 if (vs->vd->dcl.con == NULL && down &&
1800 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1801 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1802
1803 qkbd_state_lift_all_keys(vs->vd->kbd);
1804 console_select(qcode - Q_KEY_CODE_1);
1805 return;
1806 }
1807 default:
1808 break;
1809 }
1810
1811
1812
1813
1814 if (down && vs->vd->lock_key_sync &&
1815 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1816 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1817
1818
1819
1820
1821 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1822 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1823 trace_vnc_key_sync_numlock(true);
1824 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1825 }
1826 } else {
1827 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1828 trace_vnc_key_sync_numlock(false);
1829 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1830 }
1831 }
1832 }
1833
1834 if (down && vs->vd->lock_key_sync &&
1835 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1836 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1837
1838
1839
1840
1841 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1842 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1843 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1844 if (capslock) {
1845 if (uppercase == shift) {
1846 trace_vnc_key_sync_capslock(false);
1847 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1848 }
1849 } else {
1850 if (uppercase != shift) {
1851 trace_vnc_key_sync_capslock(true);
1852 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1853 }
1854 }
1855 }
1856
1857 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1858 if (!qemu_console_is_graphic(NULL)) {
1859 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1860 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1861
1862 if (down) {
1863 switch (keycode) {
1864 case 0x2a:
1865 case 0x36:
1866 case 0x1d:
1867 case 0x9d:
1868 case 0x38:
1869 case 0xb8:
1870 break;
1871 case 0xc8:
1872 kbd_put_keysym(QEMU_KEY_UP);
1873 break;
1874 case 0xd0:
1875 kbd_put_keysym(QEMU_KEY_DOWN);
1876 break;
1877 case 0xcb:
1878 kbd_put_keysym(QEMU_KEY_LEFT);
1879 break;
1880 case 0xcd:
1881 kbd_put_keysym(QEMU_KEY_RIGHT);
1882 break;
1883 case 0xd3:
1884 kbd_put_keysym(QEMU_KEY_DELETE);
1885 break;
1886 case 0xc7:
1887 kbd_put_keysym(QEMU_KEY_HOME);
1888 break;
1889 case 0xcf:
1890 kbd_put_keysym(QEMU_KEY_END);
1891 break;
1892 case 0xc9:
1893 kbd_put_keysym(QEMU_KEY_PAGEUP);
1894 break;
1895 case 0xd1:
1896 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1897 break;
1898
1899 case 0x47:
1900 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1901 break;
1902 case 0x48:
1903 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1904 break;
1905 case 0x49:
1906 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1907 break;
1908 case 0x4b:
1909 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1910 break;
1911 case 0x4c:
1912 kbd_put_keysym('5');
1913 break;
1914 case 0x4d:
1915 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1916 break;
1917 case 0x4f:
1918 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1919 break;
1920 case 0x50:
1921 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1922 break;
1923 case 0x51:
1924 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1925 break;
1926 case 0x52:
1927 kbd_put_keysym('0');
1928 break;
1929 case 0x53:
1930 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1931 break;
1932
1933 case 0xb5:
1934 kbd_put_keysym('/');
1935 break;
1936 case 0x37:
1937 kbd_put_keysym('*');
1938 break;
1939 case 0x4a:
1940 kbd_put_keysym('-');
1941 break;
1942 case 0x4e:
1943 kbd_put_keysym('+');
1944 break;
1945 case 0x9c:
1946 kbd_put_keysym('\n');
1947 break;
1948
1949 default:
1950 if (control) {
1951 kbd_put_keysym(sym & 0x1f);
1952 } else {
1953 kbd_put_keysym(sym);
1954 }
1955 break;
1956 }
1957 }
1958 }
1959}
1960
1961static const char *code2name(int keycode)
1962{
1963 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
1964}
1965
1966static void key_event(VncState *vs, int down, uint32_t sym)
1967{
1968 int keycode;
1969 int lsym = sym;
1970
1971 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1972 lsym = lsym - 'A' + 'a';
1973 }
1974
1975 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
1976 vs->vd->kbd, down) & SCANCODE_KEYMASK;
1977 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1978 do_key_event(vs, down, keycode, sym);
1979}
1980
1981static void ext_key_event(VncState *vs, int down,
1982 uint32_t sym, uint16_t keycode)
1983{
1984
1985 if (keyboard_layout) {
1986 key_event(vs, down, sym);
1987 } else {
1988 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1989 do_key_event(vs, down, keycode, sym);
1990 }
1991}
1992
1993static void framebuffer_update_request(VncState *vs, int incremental,
1994 int x, int y, int w, int h)
1995{
1996 if (incremental) {
1997 if (vs->update != VNC_STATE_UPDATE_FORCE) {
1998 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
1999 }
2000 } else {
2001 vs->update = VNC_STATE_UPDATE_FORCE;
2002 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2003 }
2004}
2005
2006static void send_ext_key_event_ack(VncState *vs)
2007{
2008 vnc_lock_output(vs);
2009 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2010 vnc_write_u8(vs, 0);
2011 vnc_write_u16(vs, 1);
2012 vnc_framebuffer_update(vs, 0, 0,
2013 pixman_image_get_width(vs->vd->server),
2014 pixman_image_get_height(vs->vd->server),
2015 VNC_ENCODING_EXT_KEY_EVENT);
2016 vnc_unlock_output(vs);
2017 vnc_flush(vs);
2018}
2019
2020static void send_ext_audio_ack(VncState *vs)
2021{
2022 vnc_lock_output(vs);
2023 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2024 vnc_write_u8(vs, 0);
2025 vnc_write_u16(vs, 1);
2026 vnc_framebuffer_update(vs, 0, 0,
2027 pixman_image_get_width(vs->vd->server),
2028 pixman_image_get_height(vs->vd->server),
2029 VNC_ENCODING_AUDIO);
2030 vnc_unlock_output(vs);
2031 vnc_flush(vs);
2032}
2033
2034static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2035{
2036 int i;
2037 unsigned int enc = 0;
2038
2039 vs->features = 0;
2040 vs->vnc_encoding = 0;
2041 vs->tight->compression = 9;
2042 vs->tight->quality = -1;
2043 vs->absolute = -1;
2044
2045
2046
2047
2048
2049
2050 for (i = n_encodings - 1; i >= 0; i--) {
2051 enc = encodings[i];
2052 switch (enc) {
2053 case VNC_ENCODING_RAW:
2054 vs->vnc_encoding = enc;
2055 break;
2056 case VNC_ENCODING_COPYRECT:
2057 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2058 break;
2059 case VNC_ENCODING_HEXTILE:
2060 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2061 vs->vnc_encoding = enc;
2062 break;
2063 case VNC_ENCODING_TIGHT:
2064 vs->features |= VNC_FEATURE_TIGHT_MASK;
2065 vs->vnc_encoding = enc;
2066 break;
2067#ifdef CONFIG_VNC_PNG
2068 case VNC_ENCODING_TIGHT_PNG:
2069 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2070 vs->vnc_encoding = enc;
2071 break;
2072#endif
2073 case VNC_ENCODING_ZLIB:
2074
2075
2076
2077
2078
2079 if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) {
2080 vs->features |= VNC_FEATURE_ZLIB_MASK;
2081 vs->vnc_encoding = enc;
2082 }
2083 break;
2084 case VNC_ENCODING_ZRLE:
2085 vs->features |= VNC_FEATURE_ZRLE_MASK;
2086 vs->vnc_encoding = enc;
2087 break;
2088 case VNC_ENCODING_ZYWRLE:
2089 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2090 vs->vnc_encoding = enc;
2091 break;
2092 case VNC_ENCODING_DESKTOPRESIZE:
2093 vs->features |= VNC_FEATURE_RESIZE_MASK;
2094 break;
2095 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2096 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2097 break;
2098 case VNC_ENCODING_RICH_CURSOR:
2099 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2100 if (vs->vd->cursor) {
2101 vnc_cursor_define(vs);
2102 }
2103 break;
2104 case VNC_ENCODING_EXT_KEY_EVENT:
2105 send_ext_key_event_ack(vs);
2106 break;
2107 case VNC_ENCODING_AUDIO:
2108 send_ext_audio_ack(vs);
2109 break;
2110 case VNC_ENCODING_WMVi:
2111 vs->features |= VNC_FEATURE_WMVI_MASK;
2112 break;
2113 case VNC_ENCODING_LED_STATE:
2114 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2115 break;
2116 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2117 vs->tight->compression = (enc & 0x0F);
2118 break;
2119 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2120 if (vs->vd->lossy) {
2121 vs->tight->quality = (enc & 0x0F);
2122 }
2123 break;
2124 default:
2125 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2126 break;
2127 }
2128 }
2129 vnc_desktop_resize(vs);
2130 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2131 vnc_led_state_change(vs);
2132}
2133
2134static void set_pixel_conversion(VncState *vs)
2135{
2136 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2137
2138 if (fmt == VNC_SERVER_FB_FORMAT) {
2139 vs->write_pixels = vnc_write_pixels_copy;
2140 vnc_hextile_set_pixel_conversion(vs, 0);
2141 } else {
2142 vs->write_pixels = vnc_write_pixels_generic;
2143 vnc_hextile_set_pixel_conversion(vs, 1);
2144 }
2145}
2146
2147static void send_color_map(VncState *vs)
2148{
2149 int i;
2150
2151 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2152 vnc_write_u8(vs, 0);
2153 vnc_write_u16(vs, 0);
2154 vnc_write_u16(vs, 256);
2155
2156 for (i = 0; i < 256; i++) {
2157 PixelFormat *pf = &vs->client_pf;
2158
2159 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2160 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2161 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2162 }
2163}
2164
2165static void set_pixel_format(VncState *vs, int bits_per_pixel,
2166 int big_endian_flag, int true_color_flag,
2167 int red_max, int green_max, int blue_max,
2168 int red_shift, int green_shift, int blue_shift)
2169{
2170 if (!true_color_flag) {
2171
2172 bits_per_pixel = 8;
2173 red_max = 7;
2174 green_max = 7;
2175 blue_max = 3;
2176 red_shift = 0;
2177 green_shift = 3;
2178 blue_shift = 6;
2179 }
2180
2181 switch (bits_per_pixel) {
2182 case 8:
2183 case 16:
2184 case 32:
2185 break;
2186 default:
2187 vnc_client_error(vs);
2188 return;
2189 }
2190
2191 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2192 vs->client_pf.rbits = ctpopl(red_max);
2193 vs->client_pf.rshift = red_shift;
2194 vs->client_pf.rmask = red_max << red_shift;
2195 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2196 vs->client_pf.gbits = ctpopl(green_max);
2197 vs->client_pf.gshift = green_shift;
2198 vs->client_pf.gmask = green_max << green_shift;
2199 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2200 vs->client_pf.bbits = ctpopl(blue_max);
2201 vs->client_pf.bshift = blue_shift;
2202 vs->client_pf.bmask = blue_max << blue_shift;
2203 vs->client_pf.bits_per_pixel = bits_per_pixel;
2204 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2205 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2206 vs->client_be = big_endian_flag;
2207
2208 if (!true_color_flag) {
2209 send_color_map(vs);
2210 }
2211
2212 set_pixel_conversion(vs);
2213
2214 graphic_hw_invalidate(vs->vd->dcl.con);
2215 graphic_hw_update(vs->vd->dcl.con);
2216}
2217
2218static void pixel_format_message (VncState *vs) {
2219 char pad[3] = { 0, 0, 0 };
2220
2221 vs->client_pf = qemu_default_pixelformat(32);
2222
2223 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
2224 vnc_write_u8(vs, vs->client_pf.depth);
2225
2226#ifdef HOST_WORDS_BIGENDIAN
2227 vnc_write_u8(vs, 1);
2228#else
2229 vnc_write_u8(vs, 0);
2230#endif
2231 vnc_write_u8(vs, 1);
2232 vnc_write_u16(vs, vs->client_pf.rmax);
2233 vnc_write_u16(vs, vs->client_pf.gmax);
2234 vnc_write_u16(vs, vs->client_pf.bmax);
2235 vnc_write_u8(vs, vs->client_pf.rshift);
2236 vnc_write_u8(vs, vs->client_pf.gshift);
2237 vnc_write_u8(vs, vs->client_pf.bshift);
2238 vnc_write(vs, pad, 3);
2239
2240 vnc_hextile_set_pixel_conversion(vs, 0);
2241 vs->write_pixels = vnc_write_pixels_copy;
2242}
2243
2244static void vnc_colordepth(VncState *vs)
2245{
2246 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2247
2248 vnc_lock_output(vs);
2249 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2250 vnc_write_u8(vs, 0);
2251 vnc_write_u16(vs, 1);
2252 vnc_framebuffer_update(vs, 0, 0,
2253 pixman_image_get_width(vs->vd->server),
2254 pixman_image_get_height(vs->vd->server),
2255 VNC_ENCODING_WMVi);
2256 pixel_format_message(vs);
2257 vnc_unlock_output(vs);
2258 vnc_flush(vs);
2259 } else {
2260 set_pixel_conversion(vs);
2261 }
2262}
2263
2264static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2265{
2266 int i;
2267 uint16_t limit;
2268 uint32_t freq;
2269 VncDisplay *vd = vs->vd;
2270
2271 if (data[0] > 3) {
2272 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2273 }
2274
2275 switch (data[0]) {
2276 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2277 if (len == 1)
2278 return 20;
2279
2280 set_pixel_format(vs, read_u8(data, 4),
2281 read_u8(data, 6), read_u8(data, 7),
2282 read_u16(data, 8), read_u16(data, 10),
2283 read_u16(data, 12), read_u8(data, 14),
2284 read_u8(data, 15), read_u8(data, 16));
2285 break;
2286 case VNC_MSG_CLIENT_SET_ENCODINGS:
2287 if (len == 1)
2288 return 4;
2289
2290 if (len == 4) {
2291 limit = read_u16(data, 2);
2292 if (limit > 0)
2293 return 4 + (limit * 4);
2294 } else
2295 limit = read_u16(data, 2);
2296
2297 for (i = 0; i < limit; i++) {
2298 int32_t val = read_s32(data, 4 + (i * 4));
2299 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2300 }
2301
2302 set_encodings(vs, (int32_t *)(data + 4), limit);
2303 break;
2304 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2305 if (len == 1)
2306 return 10;
2307
2308 framebuffer_update_request(vs,
2309 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2310 read_u16(data, 6), read_u16(data, 8));
2311 break;
2312 case VNC_MSG_CLIENT_KEY_EVENT:
2313 if (len == 1)
2314 return 8;
2315
2316 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2317 break;
2318 case VNC_MSG_CLIENT_POINTER_EVENT:
2319 if (len == 1)
2320 return 6;
2321
2322 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2323 break;
2324 case VNC_MSG_CLIENT_CUT_TEXT:
2325 if (len == 1) {
2326 return 8;
2327 }
2328 if (len == 8) {
2329 uint32_t dlen = read_u32(data, 4);
2330 if (dlen > (1 << 20)) {
2331 error_report("vnc: client_cut_text msg payload has %u bytes"
2332 " which exceeds our limit of 1MB.", dlen);
2333 vnc_client_error(vs);
2334 break;
2335 }
2336 if (dlen > 0) {
2337 return 8 + dlen;
2338 }
2339 }
2340
2341 client_cut_text(vs, read_u32(data, 4), data + 8);
2342 break;
2343 case VNC_MSG_CLIENT_QEMU:
2344 if (len == 1)
2345 return 2;
2346
2347 switch (read_u8(data, 1)) {
2348 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2349 if (len == 2)
2350 return 12;
2351
2352 ext_key_event(vs, read_u16(data, 2),
2353 read_u32(data, 4), read_u32(data, 8));
2354 break;
2355 case VNC_MSG_CLIENT_QEMU_AUDIO:
2356 if (len == 2)
2357 return 4;
2358
2359 switch (read_u16 (data, 2)) {
2360 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2361 audio_add(vs);
2362 break;
2363 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2364 audio_del(vs);
2365 break;
2366 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2367 if (len == 4)
2368 return 10;
2369 switch (read_u8(data, 4)) {
2370 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2371 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2372 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2373 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2374 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2375 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2376 default:
2377 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2378 vnc_client_error(vs);
2379 break;
2380 }
2381 vs->as.nchannels = read_u8(data, 5);
2382 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2383 VNC_DEBUG("Invalid audio channel count %d\n",
2384 read_u8(data, 5));
2385 vnc_client_error(vs);
2386 break;
2387 }
2388 freq = read_u32(data, 6);
2389
2390
2391
2392
2393 if (freq > 48000) {
2394 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2395 vnc_client_error(vs);
2396 break;
2397 }
2398 vs->as.freq = freq;
2399 break;
2400 default:
2401 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2402 vnc_client_error(vs);
2403 break;
2404 }
2405 break;
2406
2407 default:
2408 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2409 vnc_client_error(vs);
2410 break;
2411 }
2412 break;
2413 default:
2414 VNC_DEBUG("Msg: %d\n", data[0]);
2415 vnc_client_error(vs);
2416 break;
2417 }
2418
2419 vnc_update_throttle_offset(vs);
2420 vnc_read_when(vs, protocol_client_msg, 1);
2421 return 0;
2422}
2423
2424static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2425{
2426 char buf[1024];
2427 VncShareMode mode;
2428 int size;
2429
2430 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2431 switch (vs->vd->share_policy) {
2432 case VNC_SHARE_POLICY_IGNORE:
2433
2434
2435
2436
2437
2438
2439
2440 break;
2441 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2452 VncState *client;
2453 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2454 if (vs == client) {
2455 continue;
2456 }
2457 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2458 client->share_mode != VNC_SHARE_MODE_SHARED) {
2459 continue;
2460 }
2461 vnc_disconnect_start(client);
2462 }
2463 }
2464 if (mode == VNC_SHARE_MODE_SHARED) {
2465 if (vs->vd->num_exclusive > 0) {
2466 vnc_disconnect_start(vs);
2467 return 0;
2468 }
2469 }
2470 break;
2471 case VNC_SHARE_POLICY_FORCE_SHARED:
2472
2473
2474
2475
2476
2477
2478
2479
2480 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2481 vnc_disconnect_start(vs);
2482 return 0;
2483 }
2484 break;
2485 }
2486 vnc_set_share_mode(vs, mode);
2487
2488 if (vs->vd->num_shared > vs->vd->connections_limit) {
2489 vnc_disconnect_start(vs);
2490 return 0;
2491 }
2492
2493 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2494 pixman_image_get_width(vs->vd->server) >= 0);
2495 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2496 pixman_image_get_height(vs->vd->server) >= 0);
2497 vs->client_width = pixman_image_get_width(vs->vd->server);
2498 vs->client_height = pixman_image_get_height(vs->vd->server);
2499 vnc_write_u16(vs, vs->client_width);
2500 vnc_write_u16(vs, vs->client_height);
2501
2502 pixel_format_message(vs);
2503
2504 if (qemu_name) {
2505 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2506 if (size > sizeof(buf)) {
2507 size = sizeof(buf);
2508 }
2509 } else {
2510 size = snprintf(buf, sizeof(buf), "QEMU");
2511 }
2512
2513 vnc_write_u32(vs, size);
2514 vnc_write(vs, buf, size);
2515 vnc_flush(vs);
2516
2517 vnc_client_cache_auth(vs);
2518 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2519
2520 vnc_read_when(vs, protocol_client_msg, 1);
2521
2522 return 0;
2523}
2524
2525void start_client_init(VncState *vs)
2526{
2527 vnc_read_when(vs, protocol_client_init, 1);
2528}
2529
2530static void authentication_failed(VncState *vs)
2531{
2532 vnc_write_u32(vs, 1);
2533 if (vs->minor >= 8) {
2534 static const char err[] = "Authentication failed";
2535 vnc_write_u32(vs, sizeof(err));
2536 vnc_write(vs, err, sizeof(err));
2537 }
2538 vnc_flush(vs);
2539 vnc_client_error(vs);
2540}
2541
2542static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2543{
2544 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2545 size_t i, pwlen;
2546 unsigned char key[8];
2547 time_t now = time(NULL);
2548 QCryptoCipher *cipher = NULL;
2549 Error *err = NULL;
2550
2551 if (!vs->vd->password) {
2552 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2553 goto reject;
2554 }
2555 if (vs->vd->expires < now) {
2556 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2557 goto reject;
2558 }
2559
2560 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2561
2562
2563 pwlen = strlen(vs->vd->password);
2564 for (i=0; i<sizeof(key); i++)
2565 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2566
2567 cipher = qcrypto_cipher_new(
2568 QCRYPTO_CIPHER_ALG_DES_RFB,
2569 QCRYPTO_CIPHER_MODE_ECB,
2570 key, G_N_ELEMENTS(key),
2571 &err);
2572 if (!cipher) {
2573 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2574 error_get_pretty(err));
2575 error_free(err);
2576 goto reject;
2577 }
2578
2579 if (qcrypto_cipher_encrypt(cipher,
2580 vs->challenge,
2581 response,
2582 VNC_AUTH_CHALLENGE_SIZE,
2583 &err) < 0) {
2584 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2585 error_get_pretty(err));
2586 error_free(err);
2587 goto reject;
2588 }
2589
2590
2591 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2592 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2593 goto reject;
2594 } else {
2595 trace_vnc_auth_pass(vs, vs->auth);
2596 vnc_write_u32(vs, 0);
2597 vnc_flush(vs);
2598
2599 start_client_init(vs);
2600 }
2601
2602 qcrypto_cipher_free(cipher);
2603 return 0;
2604
2605reject:
2606 authentication_failed(vs);
2607 qcrypto_cipher_free(cipher);
2608 return 0;
2609}
2610
2611void start_auth_vnc(VncState *vs)
2612{
2613 Error *err = NULL;
2614
2615 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2616 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2617 error_get_pretty(err));
2618 error_free(err);
2619 authentication_failed(vs);
2620 return;
2621 }
2622
2623
2624 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2625 vnc_flush(vs);
2626
2627 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2628}
2629
2630
2631static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2632{
2633
2634
2635 if (data[0] != vs->auth) {
2636 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2637 authentication_failed(vs);
2638 } else {
2639 trace_vnc_auth_start(vs, vs->auth);
2640 switch (vs->auth) {
2641 case VNC_AUTH_NONE:
2642 if (vs->minor >= 8) {
2643 vnc_write_u32(vs, 0);
2644 vnc_flush(vs);
2645 }
2646 trace_vnc_auth_pass(vs, vs->auth);
2647 start_client_init(vs);
2648 break;
2649
2650 case VNC_AUTH_VNC:
2651 start_auth_vnc(vs);
2652 break;
2653
2654 case VNC_AUTH_VENCRYPT:
2655 start_auth_vencrypt(vs);
2656 break;
2657
2658#ifdef CONFIG_VNC_SASL
2659 case VNC_AUTH_SASL:
2660 start_auth_sasl(vs);
2661 break;
2662#endif
2663
2664 default:
2665 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2666 authentication_failed(vs);
2667 }
2668 }
2669 return 0;
2670}
2671
2672static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2673{
2674 char local[13];
2675
2676 memcpy(local, version, 12);
2677 local[12] = 0;
2678
2679 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2680 VNC_DEBUG("Malformed protocol version %s\n", local);
2681 vnc_client_error(vs);
2682 return 0;
2683 }
2684 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2685 if (vs->major != 3 ||
2686 (vs->minor != 3 &&
2687 vs->minor != 4 &&
2688 vs->minor != 5 &&
2689 vs->minor != 7 &&
2690 vs->minor != 8)) {
2691 VNC_DEBUG("Unsupported client version\n");
2692 vnc_write_u32(vs, VNC_AUTH_INVALID);
2693 vnc_flush(vs);
2694 vnc_client_error(vs);
2695 return 0;
2696 }
2697
2698
2699
2700 if (vs->minor == 4 || vs->minor == 5)
2701 vs->minor = 3;
2702
2703 if (vs->minor == 3) {
2704 trace_vnc_auth_start(vs, vs->auth);
2705 if (vs->auth == VNC_AUTH_NONE) {
2706 vnc_write_u32(vs, vs->auth);
2707 vnc_flush(vs);
2708 trace_vnc_auth_pass(vs, vs->auth);
2709 start_client_init(vs);
2710 } else if (vs->auth == VNC_AUTH_VNC) {
2711 VNC_DEBUG("Tell client VNC auth\n");
2712 vnc_write_u32(vs, vs->auth);
2713 vnc_flush(vs);
2714 start_auth_vnc(vs);
2715 } else {
2716 trace_vnc_auth_fail(vs, vs->auth,
2717 "Unsupported auth method for v3.3", "");
2718 vnc_write_u32(vs, VNC_AUTH_INVALID);
2719 vnc_flush(vs);
2720 vnc_client_error(vs);
2721 }
2722 } else {
2723 vnc_write_u8(vs, 1);
2724 vnc_write_u8(vs, vs->auth);
2725 vnc_read_when(vs, protocol_client_auth, 1);
2726 vnc_flush(vs);
2727 }
2728
2729 return 0;
2730}
2731
2732static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2733{
2734 struct VncSurface *vs = &vd->guest;
2735
2736 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2737}
2738
2739void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2740{
2741 int i, j;
2742
2743 w = (x + w) / VNC_STAT_RECT;
2744 h = (y + h) / VNC_STAT_RECT;
2745 x /= VNC_STAT_RECT;
2746 y /= VNC_STAT_RECT;
2747
2748 for (j = y; j <= h; j++) {
2749 for (i = x; i <= w; i++) {
2750 vs->lossy_rect[j][i] = 1;
2751 }
2752 }
2753}
2754
2755static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2756{
2757 VncState *vs;
2758 int sty = y / VNC_STAT_RECT;
2759 int stx = x / VNC_STAT_RECT;
2760 int has_dirty = 0;
2761
2762 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2763 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2764
2765 QTAILQ_FOREACH(vs, &vd->clients, next) {
2766 int j;
2767
2768
2769 if (vs->output.offset) {
2770 continue;
2771 }
2772
2773 if (!vs->lossy_rect[sty][stx]) {
2774 continue;
2775 }
2776
2777 vs->lossy_rect[sty][stx] = 0;
2778 for (j = 0; j < VNC_STAT_RECT; ++j) {
2779 bitmap_set(vs->dirty[y + j],
2780 x / VNC_DIRTY_PIXELS_PER_BIT,
2781 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2782 }
2783 has_dirty++;
2784 }
2785
2786 return has_dirty;
2787}
2788
2789static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2790{
2791 int width = MIN(pixman_image_get_width(vd->guest.fb),
2792 pixman_image_get_width(vd->server));
2793 int height = MIN(pixman_image_get_height(vd->guest.fb),
2794 pixman_image_get_height(vd->server));
2795 int x, y;
2796 struct timeval res;
2797 int has_dirty = 0;
2798
2799 for (y = 0; y < height; y += VNC_STAT_RECT) {
2800 for (x = 0; x < width; x += VNC_STAT_RECT) {
2801 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2802
2803 rect->updated = false;
2804 }
2805 }
2806
2807 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2808
2809 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2810 return has_dirty;
2811 }
2812 vd->guest.last_freq_check = *tv;
2813
2814 for (y = 0; y < height; y += VNC_STAT_RECT) {
2815 for (x = 0; x < width; x += VNC_STAT_RECT) {
2816 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2817 int count = ARRAY_SIZE(rect->times);
2818 struct timeval min, max;
2819
2820 if (!timerisset(&rect->times[count - 1])) {
2821 continue ;
2822 }
2823
2824 max = rect->times[(rect->idx + count - 1) % count];
2825 qemu_timersub(tv, &max, &res);
2826
2827 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2828 rect->freq = 0;
2829 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2830 memset(rect->times, 0, sizeof (rect->times));
2831 continue ;
2832 }
2833
2834 min = rect->times[rect->idx];
2835 max = rect->times[(rect->idx + count - 1) % count];
2836 qemu_timersub(&max, &min, &res);
2837
2838 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2839 rect->freq /= count;
2840 rect->freq = 1. / rect->freq;
2841 }
2842 }
2843 return has_dirty;
2844}
2845
2846double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2847{
2848 int i, j;
2849 double total = 0;
2850 int num = 0;
2851
2852 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2853 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2854
2855 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2856 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2857 total += vnc_stat_rect(vs->vd, i, j)->freq;
2858 num++;
2859 }
2860 }
2861
2862 if (num) {
2863 return total / num;
2864 } else {
2865 return 0;
2866 }
2867}
2868
2869static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2870{
2871 VncRectStat *rect;
2872
2873 rect = vnc_stat_rect(vd, x, y);
2874 if (rect->updated) {
2875 return ;
2876 }
2877 rect->times[rect->idx] = *tv;
2878 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2879 rect->updated = true;
2880}
2881
2882static int vnc_refresh_server_surface(VncDisplay *vd)
2883{
2884 int width = MIN(pixman_image_get_width(vd->guest.fb),
2885 pixman_image_get_width(vd->server));
2886 int height = MIN(pixman_image_get_height(vd->guest.fb),
2887 pixman_image_get_height(vd->server));
2888 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2889 uint8_t *guest_row0 = NULL, *server_row0;
2890 VncState *vs;
2891 int has_dirty = 0;
2892 pixman_image_t *tmpbuf = NULL;
2893
2894 struct timeval tv = { 0, 0 };
2895
2896 if (!vd->non_adaptive) {
2897 gettimeofday(&tv, NULL);
2898 has_dirty = vnc_update_stats(vd, &tv);
2899 }
2900
2901
2902
2903
2904
2905
2906 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2907 server_stride = guest_stride = guest_ll =
2908 pixman_image_get_stride(vd->server);
2909 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2910 server_stride);
2911 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2912 int width = pixman_image_get_width(vd->server);
2913 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2914 } else {
2915 int guest_bpp =
2916 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2917 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2918 guest_stride = pixman_image_get_stride(vd->guest.fb);
2919 guest_ll = pixman_image_get_width(vd->guest.fb)
2920 * DIV_ROUND_UP(guest_bpp, 8);
2921 }
2922 line_bytes = MIN(server_stride, guest_ll);
2923
2924 for (;;) {
2925 int x;
2926 uint8_t *guest_ptr, *server_ptr;
2927 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2928 height * VNC_DIRTY_BPL(&vd->guest),
2929 y * VNC_DIRTY_BPL(&vd->guest));
2930 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2931
2932 break;
2933 }
2934 y = offset / VNC_DIRTY_BPL(&vd->guest);
2935 x = offset % VNC_DIRTY_BPL(&vd->guest);
2936
2937 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2938
2939 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2940 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2941 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2942 } else {
2943 guest_ptr = guest_row0 + y * guest_stride;
2944 }
2945 guest_ptr += x * cmp_bytes;
2946
2947 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2948 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2949 int _cmp_bytes = cmp_bytes;
2950 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2951 continue;
2952 }
2953 if ((x + 1) * cmp_bytes > line_bytes) {
2954 _cmp_bytes = line_bytes - x * cmp_bytes;
2955 }
2956 assert(_cmp_bytes >= 0);
2957 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2958 continue;
2959 }
2960 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2961 if (!vd->non_adaptive) {
2962 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2963 y, &tv);
2964 }
2965 QTAILQ_FOREACH(vs, &vd->clients, next) {
2966 set_bit(x, vs->dirty[y]);
2967 }
2968 has_dirty++;
2969 }
2970
2971 y++;
2972 }
2973 qemu_pixman_image_unref(tmpbuf);
2974 return has_dirty;
2975}
2976
2977static void vnc_refresh(DisplayChangeListener *dcl)
2978{
2979 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2980 VncState *vs, *vn;
2981 int has_dirty, rects = 0;
2982
2983 if (QTAILQ_EMPTY(&vd->clients)) {
2984 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2985 return;
2986 }
2987
2988 graphic_hw_update(vd->dcl.con);
2989
2990 if (vnc_trylock_display(vd)) {
2991 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2992 return;
2993 }
2994
2995 has_dirty = vnc_refresh_server_surface(vd);
2996 vnc_unlock_display(vd);
2997
2998 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2999 rects += vnc_update_client(vs, has_dirty);
3000
3001 }
3002
3003 if (has_dirty && rects) {
3004 vd->dcl.update_interval /= 2;
3005 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3006 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3007 }
3008 } else {
3009 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3010 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3011 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3012 }
3013 }
3014}
3015
3016static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3017 bool skipauth, bool websocket)
3018{
3019 VncState *vs = g_new0(VncState, 1);
3020 bool first_client = QTAILQ_EMPTY(&vd->clients);
3021 int i;
3022
3023 trace_vnc_client_connect(vs, sioc);
3024 vs->zrle = g_new0(VncZrle, 1);
3025 vs->tight = g_new0(VncTight, 1);
3026 vs->magic = VNC_MAGIC;
3027 vs->sioc = sioc;
3028 object_ref(OBJECT(vs->sioc));
3029 vs->ioc = QIO_CHANNEL(sioc);
3030 object_ref(OBJECT(vs->ioc));
3031 vs->vd = vd;
3032
3033 buffer_init(&vs->input, "vnc-input/%p", sioc);
3034 buffer_init(&vs->output, "vnc-output/%p", sioc);
3035 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3036
3037 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3038 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3039 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3040#ifdef CONFIG_VNC_JPEG
3041 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3042#endif
3043#ifdef CONFIG_VNC_PNG
3044 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3045#endif
3046 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3047 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3048 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3049 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3050
3051 if (skipauth) {
3052 vs->auth = VNC_AUTH_NONE;
3053 vs->subauth = VNC_AUTH_INVALID;
3054 } else {
3055 if (websocket) {
3056 vs->auth = vd->ws_auth;
3057 vs->subauth = VNC_AUTH_INVALID;
3058 } else {
3059 vs->auth = vd->auth;
3060 vs->subauth = vd->subauth;
3061 }
3062 }
3063 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3064 sioc, websocket, vs->auth, vs->subauth);
3065
3066 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3067 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3068 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3069 }
3070
3071 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3072 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3073 qio_channel_set_blocking(vs->ioc, false, NULL);
3074 if (vs->ioc_tag) {
3075 g_source_remove(vs->ioc_tag);
3076 }
3077 if (websocket) {
3078 vs->websocket = 1;
3079 if (vd->tlscreds) {
3080 vs->ioc_tag = qio_channel_add_watch(
3081 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3082 } else {
3083 vs->ioc_tag = qio_channel_add_watch(
3084 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3085 }
3086 } else {
3087 vs->ioc_tag = qio_channel_add_watch(
3088 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3089 }
3090
3091 vnc_client_cache_addr(vs);
3092 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3093 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3094
3095 vs->last_x = -1;
3096 vs->last_y = -1;
3097
3098 vs->as.freq = 44100;
3099 vs->as.nchannels = 2;
3100 vs->as.fmt = AUDIO_FORMAT_S16;
3101 vs->as.endianness = 0;
3102
3103 qemu_mutex_init(&vs->output_mutex);
3104 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3105
3106 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3107 if (first_client) {
3108 vnc_update_server_surface(vd);
3109 }
3110
3111 graphic_hw_update(vd->dcl.con);
3112
3113 if (!vs->websocket) {
3114 vnc_start_protocol(vs);
3115 }
3116
3117 if (vd->num_connecting > vd->connections_limit) {
3118 QTAILQ_FOREACH(vs, &vd->clients, next) {
3119 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3120 vnc_disconnect_start(vs);
3121 return;
3122 }
3123 }
3124 }
3125}
3126
3127void vnc_start_protocol(VncState *vs)
3128{
3129 vnc_write(vs, "RFB 003.008\n", 12);
3130 vnc_flush(vs);
3131 vnc_read_when(vs, protocol_version, 12);
3132
3133 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3134 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3135}
3136
3137static void vnc_listen_io(QIONetListener *listener,
3138 QIOChannelSocket *cioc,
3139 void *opaque)
3140{
3141 VncDisplay *vd = opaque;
3142 bool isWebsock = listener == vd->wslistener;
3143
3144 qio_channel_set_name(QIO_CHANNEL(cioc),
3145 isWebsock ? "vnc-ws-server" : "vnc-server");
3146 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3147 vnc_connect(vd, cioc, false, isWebsock);
3148}
3149
3150static const DisplayChangeListenerOps dcl_ops = {
3151 .dpy_name = "vnc",
3152 .dpy_refresh = vnc_refresh,
3153 .dpy_gfx_update = vnc_dpy_update,
3154 .dpy_gfx_switch = vnc_dpy_switch,
3155 .dpy_gfx_check_format = qemu_pixman_check_format,
3156 .dpy_mouse_set = vnc_mouse_set,
3157 .dpy_cursor_define = vnc_dpy_cursor_define,
3158};
3159
3160void vnc_display_init(const char *id, Error **errp)
3161{
3162 VncDisplay *vd;
3163
3164 if (vnc_display_find(id) != NULL) {
3165 return;
3166 }
3167 vd = g_malloc0(sizeof(*vd));
3168
3169 vd->id = strdup(id);
3170 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3171
3172 QTAILQ_INIT(&vd->clients);
3173 vd->expires = TIME_MAX;
3174
3175 if (keyboard_layout) {
3176 trace_vnc_key_map_init(keyboard_layout);
3177 vd->kbd_layout = init_keyboard_layout(name2keysym,
3178 keyboard_layout, errp);
3179 } else {
3180 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3181 }
3182
3183 if (!vd->kbd_layout) {
3184 return;
3185 }
3186
3187 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3188 vd->connections_limit = 32;
3189
3190 qemu_mutex_init(&vd->mutex);
3191 vnc_start_worker_thread();
3192
3193 vd->dcl.ops = &dcl_ops;
3194 register_displaychangelistener(&vd->dcl);
3195 vd->kbd = qkbd_state_init(vd->dcl.con);
3196}
3197
3198
3199static void vnc_display_close(VncDisplay *vd)
3200{
3201 if (!vd) {
3202 return;
3203 }
3204 vd->is_unix = false;
3205
3206 if (vd->listener) {
3207 qio_net_listener_disconnect(vd->listener);
3208 object_unref(OBJECT(vd->listener));
3209 }
3210 vd->listener = NULL;
3211
3212 if (vd->wslistener) {
3213 qio_net_listener_disconnect(vd->wslistener);
3214 object_unref(OBJECT(vd->wslistener));
3215 }
3216 vd->wslistener = NULL;
3217
3218 vd->auth = VNC_AUTH_INVALID;
3219 vd->subauth = VNC_AUTH_INVALID;
3220 if (vd->tlscreds) {
3221 object_unparent(OBJECT(vd->tlscreds));
3222 vd->tlscreds = NULL;
3223 }
3224 if (vd->tlsauthz) {
3225 object_unparent(OBJECT(vd->tlsauthz));
3226 vd->tlsauthz = NULL;
3227 }
3228 g_free(vd->tlsauthzid);
3229 vd->tlsauthzid = NULL;
3230 if (vd->lock_key_sync) {
3231 qemu_remove_led_event_handler(vd->led);
3232 vd->led = NULL;
3233 }
3234#ifdef CONFIG_VNC_SASL
3235 if (vd->sasl.authz) {
3236 object_unparent(OBJECT(vd->sasl.authz));
3237 vd->sasl.authz = NULL;
3238 }
3239 g_free(vd->sasl.authzid);
3240 vd->sasl.authzid = NULL;
3241#endif
3242}
3243
3244int vnc_display_password(const char *id, const char *password)
3245{
3246 VncDisplay *vd = vnc_display_find(id);
3247
3248 if (!vd) {
3249 return -EINVAL;
3250 }
3251 if (vd->auth == VNC_AUTH_NONE) {
3252 error_printf_unless_qmp("If you want use passwords please enable "
3253 "password auth using '-vnc ${dpy},password'.\n");
3254 return -EINVAL;
3255 }
3256
3257 g_free(vd->password);
3258 vd->password = g_strdup(password);
3259
3260 return 0;
3261}
3262
3263int vnc_display_pw_expire(const char *id, time_t expires)
3264{
3265 VncDisplay *vd = vnc_display_find(id);
3266
3267 if (!vd) {
3268 return -EINVAL;
3269 }
3270
3271 vd->expires = expires;
3272 return 0;
3273}
3274
3275static void vnc_display_print_local_addr(VncDisplay *vd)
3276{
3277 SocketAddress *addr;
3278 Error *err = NULL;
3279
3280 if (!vd->listener || !vd->listener->nsioc) {
3281 return;
3282 }
3283
3284 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], &err);
3285 if (!addr) {
3286 return;
3287 }
3288
3289 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3290 qapi_free_SocketAddress(addr);
3291 return;
3292 }
3293 error_printf_unless_qmp("VNC server running on %s:%s\n",
3294 addr->u.inet.host,
3295 addr->u.inet.port);
3296 qapi_free_SocketAddress(addr);
3297}
3298
3299static QemuOptsList qemu_vnc_opts = {
3300 .name = "vnc",
3301 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3302 .implied_opt_name = "vnc",
3303 .desc = {
3304 {
3305 .name = "vnc",
3306 .type = QEMU_OPT_STRING,
3307 },{
3308 .name = "websocket",
3309 .type = QEMU_OPT_STRING,
3310 },{
3311 .name = "tls-creds",
3312 .type = QEMU_OPT_STRING,
3313 },{
3314 .name = "share",
3315 .type = QEMU_OPT_STRING,
3316 },{
3317 .name = "display",
3318 .type = QEMU_OPT_STRING,
3319 },{
3320 .name = "head",
3321 .type = QEMU_OPT_NUMBER,
3322 },{
3323 .name = "connections",
3324 .type = QEMU_OPT_NUMBER,
3325 },{
3326 .name = "to",
3327 .type = QEMU_OPT_NUMBER,
3328 },{
3329 .name = "ipv4",
3330 .type = QEMU_OPT_BOOL,
3331 },{
3332 .name = "ipv6",
3333 .type = QEMU_OPT_BOOL,
3334 },{
3335 .name = "password",
3336 .type = QEMU_OPT_BOOL,
3337 },{
3338 .name = "reverse",
3339 .type = QEMU_OPT_BOOL,
3340 },{
3341 .name = "lock-key-sync",
3342 .type = QEMU_OPT_BOOL,
3343 },{
3344 .name = "key-delay-ms",
3345 .type = QEMU_OPT_NUMBER,
3346 },{
3347 .name = "sasl",
3348 .type = QEMU_OPT_BOOL,
3349 },{
3350 .name = "acl",
3351 .type = QEMU_OPT_BOOL,
3352 },{
3353 .name = "tls-authz",
3354 .type = QEMU_OPT_STRING,
3355 },{
3356 .name = "sasl-authz",
3357 .type = QEMU_OPT_STRING,
3358 },{
3359 .name = "lossy",
3360 .type = QEMU_OPT_BOOL,
3361 },{
3362 .name = "non-adaptive",
3363 .type = QEMU_OPT_BOOL,
3364 },{
3365 .name = "audiodev",
3366 .type = QEMU_OPT_STRING,
3367 },
3368 { }
3369 },
3370};
3371
3372
3373static int
3374vnc_display_setup_auth(int *auth,
3375 int *subauth,
3376 QCryptoTLSCreds *tlscreds,
3377 bool password,
3378 bool sasl,
3379 bool websocket,
3380 Error **errp)
3381{
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429 if (websocket || !tlscreds) {
3430 if (password) {
3431 VNC_DEBUG("Initializing VNC server with password auth\n");
3432 *auth = VNC_AUTH_VNC;
3433 } else if (sasl) {
3434 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3435 *auth = VNC_AUTH_SASL;
3436 } else {
3437 VNC_DEBUG("Initializing VNC server with no auth\n");
3438 *auth = VNC_AUTH_NONE;
3439 }
3440 *subauth = VNC_AUTH_INVALID;
3441 } else {
3442 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3443 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3444 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3445 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3446
3447 if (!is_x509 && !is_anon) {
3448 error_setg(errp,
3449 "Unsupported TLS cred type %s",
3450 object_get_typename(OBJECT(tlscreds)));
3451 return -1;
3452 }
3453 *auth = VNC_AUTH_VENCRYPT;
3454 if (password) {
3455 if (is_x509) {
3456 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3457 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3458 } else {
3459 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3460 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3461 }
3462
3463 } else if (sasl) {
3464 if (is_x509) {
3465 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3466 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3467 } else {
3468 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3469 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3470 }
3471 } else {
3472 if (is_x509) {
3473 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3474 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3475 } else {
3476 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3477 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3478 }
3479 }
3480 }
3481 return 0;
3482}
3483
3484
3485static int vnc_display_get_address(const char *addrstr,
3486 bool websocket,
3487 bool reverse,
3488 int displaynum,
3489 int to,
3490 bool has_ipv4,
3491 bool has_ipv6,
3492 bool ipv4,
3493 bool ipv6,
3494 SocketAddress **retaddr,
3495 Error **errp)
3496{
3497 int ret = -1;
3498 SocketAddress *addr = NULL;
3499
3500 addr = g_new0(SocketAddress, 1);
3501
3502 if (strncmp(addrstr, "unix:", 5) == 0) {
3503 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3504 addr->u.q_unix.path = g_strdup(addrstr + 5);
3505
3506 if (websocket) {
3507 error_setg(errp, "UNIX sockets not supported with websock");
3508 goto cleanup;
3509 }
3510
3511 if (to) {
3512 error_setg(errp, "Port range not support with UNIX socket");
3513 goto cleanup;
3514 }
3515 ret = 0;
3516 } else {
3517 const char *port;
3518 size_t hostlen;
3519 unsigned long long baseport = 0;
3520 InetSocketAddress *inet;
3521
3522 port = strrchr(addrstr, ':');
3523 if (!port) {
3524 if (websocket) {
3525 hostlen = 0;
3526 port = addrstr;
3527 } else {
3528 error_setg(errp, "no vnc port specified");
3529 goto cleanup;
3530 }
3531 } else {
3532 hostlen = port - addrstr;
3533 port++;
3534 if (*port == '\0') {
3535 error_setg(errp, "vnc port cannot be empty");
3536 goto cleanup;
3537 }
3538 }
3539
3540 addr->type = SOCKET_ADDRESS_TYPE_INET;
3541 inet = &addr->u.inet;
3542 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3543 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3544 } else {
3545 inet->host = g_strndup(addrstr, hostlen);
3546 }
3547
3548
3549 if (websocket) {
3550 if (g_str_equal(addrstr, "") ||
3551 g_str_equal(addrstr, "on")) {
3552 if (displaynum == -1) {
3553 error_setg(errp, "explicit websocket port is required");
3554 goto cleanup;
3555 }
3556 inet->port = g_strdup_printf(
3557 "%d", displaynum + 5700);
3558 if (to) {
3559 inet->has_to = true;
3560 inet->to = to + 5700;
3561 }
3562 } else {
3563 inet->port = g_strdup(port);
3564 }
3565 } else {
3566 int offset = reverse ? 0 : 5900;
3567 if (parse_uint_full(port, &baseport, 10) < 0) {
3568 error_setg(errp, "can't convert to a number: %s", port);
3569 goto cleanup;
3570 }
3571 if (baseport > 65535 ||
3572 baseport + offset > 65535) {
3573 error_setg(errp, "port %s out of range", port);
3574 goto cleanup;
3575 }
3576 inet->port = g_strdup_printf(
3577 "%d", (int)baseport + offset);
3578
3579 if (to) {
3580 inet->has_to = true;
3581 inet->to = to + offset;
3582 }
3583 }
3584
3585 inet->ipv4 = ipv4;
3586 inet->has_ipv4 = has_ipv4;
3587 inet->ipv6 = ipv6;
3588 inet->has_ipv6 = has_ipv6;
3589
3590 ret = baseport;
3591 }
3592
3593 *retaddr = addr;
3594
3595 cleanup:
3596 if (ret < 0) {
3597 qapi_free_SocketAddress(addr);
3598 }
3599 return ret;
3600}
3601
3602static void vnc_free_addresses(SocketAddress ***retsaddr,
3603 size_t *retnsaddr)
3604{
3605 size_t i;
3606
3607 for (i = 0; i < *retnsaddr; i++) {
3608 qapi_free_SocketAddress((*retsaddr)[i]);
3609 }
3610 g_free(*retsaddr);
3611
3612 *retsaddr = NULL;
3613 *retnsaddr = 0;
3614}
3615
3616static int vnc_display_get_addresses(QemuOpts *opts,
3617 bool reverse,
3618 SocketAddress ***retsaddr,
3619 size_t *retnsaddr,
3620 SocketAddress ***retwsaddr,
3621 size_t *retnwsaddr,
3622 Error **errp)
3623{
3624 SocketAddress *saddr = NULL;
3625 SocketAddress *wsaddr = NULL;
3626 QemuOptsIter addriter;
3627 const char *addr;
3628 int to = qemu_opt_get_number(opts, "to", 0);
3629 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3630 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3631 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3632 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3633 int displaynum = -1;
3634 int ret = -1;
3635
3636 *retsaddr = NULL;
3637 *retnsaddr = 0;
3638 *retwsaddr = NULL;
3639 *retnwsaddr = 0;
3640
3641 addr = qemu_opt_get(opts, "vnc");
3642 if (addr == NULL || g_str_equal(addr, "none")) {
3643 ret = 0;
3644 goto cleanup;
3645 }
3646 if (qemu_opt_get(opts, "websocket") &&
3647 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3648 error_setg(errp,
3649 "SHA1 hash support is required for websockets");
3650 goto cleanup;
3651 }
3652
3653 qemu_opt_iter_init(&addriter, opts, "vnc");
3654 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3655 int rv;
3656 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3657 has_ipv4, has_ipv6,
3658 ipv4, ipv6,
3659 &saddr, errp);
3660 if (rv < 0) {
3661 goto cleanup;
3662 }
3663
3664
3665
3666 if (displaynum == -1) {
3667 displaynum = rv;
3668 }
3669 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3670 (*retsaddr)[(*retnsaddr)++] = saddr;
3671 }
3672
3673
3674
3675 if (*retnsaddr > 1) {
3676 displaynum = -1;
3677 }
3678
3679 qemu_opt_iter_init(&addriter, opts, "websocket");
3680 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3681 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3682 has_ipv4, has_ipv6,
3683 ipv4, ipv6,
3684 &wsaddr, errp) < 0) {
3685 goto cleanup;
3686 }
3687
3688
3689
3690
3691
3692 if (*retnsaddr == 1 &&
3693 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3694 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3695 g_str_equal(wsaddr->u.inet.host, "") &&
3696 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3697 g_free(wsaddr->u.inet.host);
3698 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3699 }
3700
3701 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3702 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3703 }
3704
3705 ret = 0;
3706 cleanup:
3707 if (ret < 0) {
3708 vnc_free_addresses(retsaddr, retnsaddr);
3709 vnc_free_addresses(retwsaddr, retnwsaddr);
3710 }
3711 return ret;
3712}
3713
3714static int vnc_display_connect(VncDisplay *vd,
3715 SocketAddress **saddr,
3716 size_t nsaddr,
3717 SocketAddress **wsaddr,
3718 size_t nwsaddr,
3719 Error **errp)
3720{
3721
3722 QIOChannelSocket *sioc = NULL;
3723 if (nwsaddr != 0) {
3724 error_setg(errp, "Cannot use websockets in reverse mode");
3725 return -1;
3726 }
3727 if (nsaddr != 1) {
3728 error_setg(errp, "Expected a single address in reverse mode");
3729 return -1;
3730 }
3731
3732 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3733 sioc = qio_channel_socket_new();
3734 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3735 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3736 return -1;
3737 }
3738 vnc_connect(vd, sioc, false, false);
3739 object_unref(OBJECT(sioc));
3740 return 0;
3741}
3742
3743
3744static int vnc_display_listen(VncDisplay *vd,
3745 SocketAddress **saddr,
3746 size_t nsaddr,
3747 SocketAddress **wsaddr,
3748 size_t nwsaddr,
3749 Error **errp)
3750{
3751 size_t i;
3752
3753 if (nsaddr) {
3754 vd->listener = qio_net_listener_new();
3755 qio_net_listener_set_name(vd->listener, "vnc-listen");
3756 for (i = 0; i < nsaddr; i++) {
3757 if (qio_net_listener_open_sync(vd->listener,
3758 saddr[i], 1,
3759 errp) < 0) {
3760 return -1;
3761 }
3762 }
3763
3764 qio_net_listener_set_client_func(vd->listener,
3765 vnc_listen_io, vd, NULL);
3766 }
3767
3768 if (nwsaddr) {
3769 vd->wslistener = qio_net_listener_new();
3770 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3771 for (i = 0; i < nwsaddr; i++) {
3772 if (qio_net_listener_open_sync(vd->wslistener,
3773 wsaddr[i], 1,
3774 errp) < 0) {
3775 return -1;
3776 }
3777 }
3778
3779 qio_net_listener_set_client_func(vd->wslistener,
3780 vnc_listen_io, vd, NULL);
3781 }
3782
3783 return 0;
3784}
3785
3786
3787void vnc_display_open(const char *id, Error **errp)
3788{
3789 VncDisplay *vd = vnc_display_find(id);
3790 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3791 SocketAddress **saddr = NULL, **wsaddr = NULL;
3792 size_t nsaddr, nwsaddr;
3793 const char *share, *device_id;
3794 QemuConsole *con;
3795 bool password = false;
3796 bool reverse = false;
3797 const char *credid;
3798 bool sasl = false;
3799 int acl = 0;
3800 const char *tlsauthz;
3801 const char *saslauthz;
3802 int lock_key_sync = 1;
3803 int key_delay_ms;
3804 const char *audiodev;
3805
3806 if (!vd) {
3807 error_setg(errp, "VNC display not active");
3808 return;
3809 }
3810 vnc_display_close(vd);
3811
3812 if (!opts) {
3813 return;
3814 }
3815
3816 reverse = qemu_opt_get_bool(opts, "reverse", false);
3817 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3818 &wsaddr, &nwsaddr, errp) < 0) {
3819 goto fail;
3820 }
3821
3822 password = qemu_opt_get_bool(opts, "password", false);
3823 if (password) {
3824 if (fips_get_state()) {
3825 error_setg(errp,
3826 "VNC password auth disabled due to FIPS mode, "
3827 "consider using the VeNCrypt or SASL authentication "
3828 "methods as an alternative");
3829 goto fail;
3830 }
3831 if (!qcrypto_cipher_supports(
3832 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3833 error_setg(errp,
3834 "Cipher backend does not support DES RFB algorithm");
3835 goto fail;
3836 }
3837 }
3838
3839 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3840 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3841 sasl = qemu_opt_get_bool(opts, "sasl", false);
3842#ifndef CONFIG_VNC_SASL
3843 if (sasl) {
3844 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3845 goto fail;
3846 }
3847#endif
3848 credid = qemu_opt_get(opts, "tls-creds");
3849 if (credid) {
3850 Object *creds;
3851 creds = object_resolve_path_component(
3852 object_get_objects_root(), credid);
3853 if (!creds) {
3854 error_setg(errp, "No TLS credentials with id '%s'",
3855 credid);
3856 goto fail;
3857 }
3858 vd->tlscreds = (QCryptoTLSCreds *)
3859 object_dynamic_cast(creds,
3860 TYPE_QCRYPTO_TLS_CREDS);
3861 if (!vd->tlscreds) {
3862 error_setg(errp, "Object with id '%s' is not TLS credentials",
3863 credid);
3864 goto fail;
3865 }
3866 object_ref(OBJECT(vd->tlscreds));
3867
3868 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3869 error_setg(errp,
3870 "Expecting TLS credentials with a server endpoint");
3871 goto fail;
3872 }
3873 }
3874 if (qemu_opt_get(opts, "acl")) {
3875 error_report("The 'acl' option to -vnc is deprecated. "
3876 "Please use the 'tls-authz' and 'sasl-authz' "
3877 "options instead");
3878 }
3879 acl = qemu_opt_get_bool(opts, "acl", false);
3880 tlsauthz = qemu_opt_get(opts, "tls-authz");
3881 if (acl && tlsauthz) {
3882 error_setg(errp, "'acl' option is mutually exclusive with the "
3883 "'tls-authz' option");
3884 goto fail;
3885 }
3886 if (tlsauthz && !vd->tlscreds) {
3887 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
3888 goto fail;
3889 }
3890
3891 saslauthz = qemu_opt_get(opts, "sasl-authz");
3892 if (acl && saslauthz) {
3893 error_setg(errp, "'acl' option is mutually exclusive with the "
3894 "'sasl-authz' option");
3895 goto fail;
3896 }
3897 if (saslauthz && !sasl) {
3898 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
3899 goto fail;
3900 }
3901
3902 share = qemu_opt_get(opts, "share");
3903 if (share) {
3904 if (strcmp(share, "ignore") == 0) {
3905 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3906 } else if (strcmp(share, "allow-exclusive") == 0) {
3907 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3908 } else if (strcmp(share, "force-shared") == 0) {
3909 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3910 } else {
3911 error_setg(errp, "unknown vnc share= option");
3912 goto fail;
3913 }
3914 } else {
3915 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3916 }
3917 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3918
3919#ifdef CONFIG_VNC_JPEG
3920 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3921#endif
3922 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3923
3924
3925
3926 if (!vd->lossy) {
3927 vd->non_adaptive = true;
3928 }
3929
3930 if (tlsauthz) {
3931 vd->tlsauthzid = g_strdup(tlsauthz);
3932 } else if (acl) {
3933 if (strcmp(vd->id, "default") == 0) {
3934 vd->tlsauthzid = g_strdup("vnc.x509dname");
3935 } else {
3936 vd->tlsauthzid = g_strdup_printf("vnc.%s.x509dname", vd->id);
3937 }
3938 vd->tlsauthz = QAUTHZ(qauthz_list_new(vd->tlsauthzid,
3939 QAUTHZ_LIST_POLICY_DENY,
3940 &error_abort));
3941 }
3942#ifdef CONFIG_VNC_SASL
3943 if (sasl) {
3944 if (saslauthz) {
3945 vd->sasl.authzid = g_strdup(saslauthz);
3946 } else if (acl) {
3947 if (strcmp(vd->id, "default") == 0) {
3948 vd->sasl.authzid = g_strdup("vnc.username");
3949 } else {
3950 vd->sasl.authzid = g_strdup_printf("vnc.%s.username", vd->id);
3951 }
3952 vd->sasl.authz = QAUTHZ(qauthz_list_new(vd->sasl.authzid,
3953 QAUTHZ_LIST_POLICY_DENY,
3954 &error_abort));
3955 }
3956 }
3957#endif
3958
3959 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
3960 vd->tlscreds, password,
3961 sasl, false, errp) < 0) {
3962 goto fail;
3963 }
3964 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
3965
3966 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
3967 vd->tlscreds, password,
3968 sasl, true, errp) < 0) {
3969 goto fail;
3970 }
3971 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
3972
3973#ifdef CONFIG_VNC_SASL
3974 if (sasl) {
3975 int saslErr = sasl_server_init(NULL, "qemu");
3976
3977 if (saslErr != SASL_OK) {
3978 error_setg(errp, "Failed to initialize SASL auth: %s",
3979 sasl_errstring(saslErr, NULL, NULL));
3980 goto fail;
3981 }
3982 }
3983#endif
3984 vd->lock_key_sync = lock_key_sync;
3985 if (lock_key_sync) {
3986 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
3987 }
3988 vd->ledstate = 0;
3989
3990 audiodev = qemu_opt_get(opts, "audiodev");
3991 if (audiodev) {
3992 vd->audio_state = audio_state_by_name(audiodev);
3993 if (!vd->audio_state) {
3994 error_setg(errp, "Audiodev '%s' not found", audiodev);
3995 goto fail;
3996 }
3997 }
3998
3999 device_id = qemu_opt_get(opts, "display");
4000 if (device_id) {
4001 int head = qemu_opt_get_number(opts, "head", 0);
4002 Error *err = NULL;
4003
4004 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4005 if (err) {
4006 error_propagate(errp, err);
4007 goto fail;
4008 }
4009 } else {
4010 con = NULL;
4011 }
4012
4013 if (con != vd->dcl.con) {
4014 qkbd_state_free(vd->kbd);
4015 unregister_displaychangelistener(&vd->dcl);
4016 vd->dcl.con = con;
4017 register_displaychangelistener(&vd->dcl);
4018 vd->kbd = qkbd_state_init(vd->dcl.con);
4019 }
4020 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4021
4022 if (saddr == NULL) {
4023 goto cleanup;
4024 }
4025
4026 if (reverse) {
4027 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4028 goto fail;
4029 }
4030 } else {
4031 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4032 goto fail;
4033 }
4034 }
4035
4036 if (qemu_opt_get(opts, "to")) {
4037 vnc_display_print_local_addr(vd);
4038 }
4039
4040 cleanup:
4041 vnc_free_addresses(&saddr, &nsaddr);
4042 vnc_free_addresses(&wsaddr, &nwsaddr);
4043 return;
4044
4045fail:
4046 vnc_display_close(vd);
4047 goto cleanup;
4048}
4049
4050void vnc_display_add_client(const char *id, int csock, bool skipauth)
4051{
4052 VncDisplay *vd = vnc_display_find(id);
4053 QIOChannelSocket *sioc;
4054
4055 if (!vd) {
4056 return;
4057 }
4058
4059 sioc = qio_channel_socket_new_fd(csock, NULL);
4060 if (sioc) {
4061 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4062 vnc_connect(vd, sioc, skipauth, false);
4063 object_unref(OBJECT(sioc));
4064 }
4065}
4066
4067static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4068{
4069 int i = 2;
4070 char *id;
4071
4072 id = g_strdup("default");
4073 while (qemu_opts_find(olist, id)) {
4074 g_free(id);
4075 id = g_strdup_printf("vnc%d", i++);
4076 }
4077 qemu_opts_set_id(opts, id);
4078}
4079
4080QemuOpts *vnc_parse(const char *str, Error **errp)
4081{
4082 QemuOptsList *olist = qemu_find_opts("vnc");
4083 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4084 const char *id;
4085
4086 if (!opts) {
4087 return NULL;
4088 }
4089
4090 id = qemu_opts_id(opts);
4091 if (!id) {
4092
4093 vnc_auto_assign_id(olist, opts);
4094 }
4095 return opts;
4096}
4097
4098int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4099{
4100 Error *local_err = NULL;
4101 char *id = (char *)qemu_opts_id(opts);
4102
4103 assert(id);
4104 vnc_display_init(id, &local_err);
4105 if (local_err) {
4106 error_propagate(errp, local_err);
4107 return -1;
4108 }
4109 vnc_display_open(id, &local_err);
4110 if (local_err != NULL) {
4111 error_propagate(errp, local_err);
4112 return -1;
4113 }
4114 return 0;
4115}
4116
4117static void vnc_register_config(void)
4118{
4119 qemu_add_opts(&qemu_vnc_opts);
4120}
4121opts_init(vnc_register_config);
4122
