1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "vnc.h"
29#include "vnc-jobs.h"
30#include "trace.h"
31#include "hw/qdev-core.h"
32#include "sysemu/sysemu.h"
33#include "sysemu/runstate.h"
34#include "qemu/error-report.h"
35#include "qemu/main-loop.h"
36#include "qemu/module.h"
37#include "qemu/option.h"
38#include "qemu/sockets.h"
39#include "qemu/timer.h"
40#include "authz/list.h"
41#include "qemu/config-file.h"
42#include "qapi/qapi-emit-events.h"
43#include "qapi/qapi-events-ui.h"
44#include "qapi/error.h"
45#include "qapi/qapi-commands-ui.h"
46#include "ui/input.h"
47#include "crypto/hash.h"
48#include "crypto/tlscredsanon.h"
49#include "crypto/tlscredsx509.h"
50#include "crypto/random.h"
51#include "crypto/secret_common.h"
52#include "qom/object_interfaces.h"
53#include "qemu/cutils.h"
54#include "qemu/help_option.h"
55#include "io/dns-resolver.h"
56
57#define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
58#define VNC_REFRESH_INTERVAL_INC 50
59#define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
60static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
61static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
62
63#include "vnc_keysym.h"
64#include "crypto/cipher.h"
65
66static QTAILQ_HEAD(, VncDisplay) vnc_displays =
67 QTAILQ_HEAD_INITIALIZER(vnc_displays);
68
69static int vnc_cursor_define(VncState *vs);
70static void vnc_update_throttle_offset(VncState *vs);
71
72static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
73{
74#ifdef _VNC_DEBUG
75 static const char *mn[] = {
76 [0] = "undefined",
77 [VNC_SHARE_MODE_CONNECTING] = "connecting",
78 [VNC_SHARE_MODE_SHARED] = "shared",
79 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
80 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
81 };
82 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
83 vs->ioc, mn[vs->share_mode], mn[mode]);
84#endif
85
86 switch (vs->share_mode) {
87 case VNC_SHARE_MODE_CONNECTING:
88 vs->vd->num_connecting--;
89 break;
90 case VNC_SHARE_MODE_SHARED:
91 vs->vd->num_shared--;
92 break;
93 case VNC_SHARE_MODE_EXCLUSIVE:
94 vs->vd->num_exclusive--;
95 break;
96 default:
97 break;
98 }
99
100 vs->share_mode = mode;
101
102 switch (vs->share_mode) {
103 case VNC_SHARE_MODE_CONNECTING:
104 vs->vd->num_connecting++;
105 break;
106 case VNC_SHARE_MODE_SHARED:
107 vs->vd->num_shared++;
108 break;
109 case VNC_SHARE_MODE_EXCLUSIVE:
110 vs->vd->num_exclusive++;
111 break;
112 default:
113 break;
114 }
115}
116
117
118static void vnc_init_basic_info(SocketAddress *addr,
119 VncBasicInfo *info,
120 Error **errp)
121{
122 switch (addr->type) {
123 case SOCKET_ADDRESS_TYPE_INET:
124 info->host = g_strdup(addr->u.inet.host);
125 info->service = g_strdup(addr->u.inet.port);
126 if (addr->u.inet.ipv6) {
127 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
128 } else {
129 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
130 }
131 break;
132
133 case SOCKET_ADDRESS_TYPE_UNIX:
134 info->host = g_strdup("");
135 info->service = g_strdup(addr->u.q_unix.path);
136 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
137 break;
138
139 case SOCKET_ADDRESS_TYPE_VSOCK:
140 case SOCKET_ADDRESS_TYPE_FD:
141 error_setg(errp, "Unsupported socket address type %s",
142 SocketAddressType_str(addr->type));
143 break;
144 default:
145 abort();
146 }
147
148 return;
149}
150
151static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
152 VncBasicInfo *info,
153 Error **errp)
154{
155 SocketAddress *addr = NULL;
156
157 if (!ioc) {
158 error_setg(errp, "No listener socket available");
159 return;
160 }
161
162 addr = qio_channel_socket_get_local_address(ioc, errp);
163 if (!addr) {
164 return;
165 }
166
167 vnc_init_basic_info(addr, info, errp);
168 qapi_free_SocketAddress(addr);
169}
170
171static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
172 VncBasicInfo *info,
173 Error **errp)
174{
175 SocketAddress *addr = NULL;
176
177 addr = qio_channel_socket_get_remote_address(ioc, errp);
178 if (!addr) {
179 return;
180 }
181
182 vnc_init_basic_info(addr, info, errp);
183 qapi_free_SocketAddress(addr);
184}
185
186static const char *vnc_auth_name(VncDisplay *vd) {
187 switch (vd->auth) {
188 case VNC_AUTH_INVALID:
189 return "invalid";
190 case VNC_AUTH_NONE:
191 return "none";
192 case VNC_AUTH_VNC:
193 return "vnc";
194 case VNC_AUTH_RA2:
195 return "ra2";
196 case VNC_AUTH_RA2NE:
197 return "ra2ne";
198 case VNC_AUTH_TIGHT:
199 return "tight";
200 case VNC_AUTH_ULTRA:
201 return "ultra";
202 case VNC_AUTH_TLS:
203 return "tls";
204 case VNC_AUTH_VENCRYPT:
205 switch (vd->subauth) {
206 case VNC_AUTH_VENCRYPT_PLAIN:
207 return "vencrypt+plain";
208 case VNC_AUTH_VENCRYPT_TLSNONE:
209 return "vencrypt+tls+none";
210 case VNC_AUTH_VENCRYPT_TLSVNC:
211 return "vencrypt+tls+vnc";
212 case VNC_AUTH_VENCRYPT_TLSPLAIN:
213 return "vencrypt+tls+plain";
214 case VNC_AUTH_VENCRYPT_X509NONE:
215 return "vencrypt+x509+none";
216 case VNC_AUTH_VENCRYPT_X509VNC:
217 return "vencrypt+x509+vnc";
218 case VNC_AUTH_VENCRYPT_X509PLAIN:
219 return "vencrypt+x509+plain";
220 case VNC_AUTH_VENCRYPT_TLSSASL:
221 return "vencrypt+tls+sasl";
222 case VNC_AUTH_VENCRYPT_X509SASL:
223 return "vencrypt+x509+sasl";
224 default:
225 return "vencrypt";
226 }
227 case VNC_AUTH_SASL:
228 return "sasl";
229 }
230 return "unknown";
231}
232
233static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
234{
235 VncServerInfo *info;
236 Error *err = NULL;
237
238 if (!vd->listener || !vd->listener->nsioc) {
239 return NULL;
240 }
241
242 info = g_malloc0(sizeof(*info));
243 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
244 qapi_VncServerInfo_base(info), &err);
245 info->has_auth = true;
246 info->auth = g_strdup(vnc_auth_name(vd));
247 if (err) {
248 qapi_free_VncServerInfo(info);
249 info = NULL;
250 error_free(err);
251 }
252 return info;
253}
254
255static void vnc_client_cache_auth(VncState *client)
256{
257 if (!client->info) {
258 return;
259 }
260
261 if (client->tls) {
262 client->info->x509_dname =
263 qcrypto_tls_session_get_peer_name(client->tls);
264 client->info->has_x509_dname =
265 client->info->x509_dname != NULL;
266 }
267#ifdef CONFIG_VNC_SASL
268 if (client->sasl.conn &&
269 client->sasl.username) {
270 client->info->has_sasl_username = true;
271 client->info->sasl_username = g_strdup(client->sasl.username);
272 }
273#endif
274}
275
276static void vnc_client_cache_addr(VncState *client)
277{
278 Error *err = NULL;
279
280 client->info = g_malloc0(sizeof(*client->info));
281 vnc_init_basic_info_from_remote_addr(client->sioc,
282 qapi_VncClientInfo_base(client->info),
283 &err);
284 client->info->websocket = client->websocket;
285 if (err) {
286 qapi_free_VncClientInfo(client->info);
287 client->info = NULL;
288 error_free(err);
289 }
290}
291
292static void vnc_qmp_event(VncState *vs, QAPIEvent event)
293{
294 VncServerInfo *si;
295
296 if (!vs->info) {
297 return;
298 }
299
300 si = vnc_server_info_get(vs->vd);
301 if (!si) {
302 return;
303 }
304
305 switch (event) {
306 case QAPI_EVENT_VNC_CONNECTED:
307 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
308 break;
309 case QAPI_EVENT_VNC_INITIALIZED:
310 qapi_event_send_vnc_initialized(si, vs->info);
311 break;
312 case QAPI_EVENT_VNC_DISCONNECTED:
313 qapi_event_send_vnc_disconnected(si, vs->info);
314 break;
315 default:
316 break;
317 }
318
319 qapi_free_VncServerInfo(si);
320}
321
322static VncClientInfo *qmp_query_vnc_client(const VncState *client)
323{
324 VncClientInfo *info;
325 Error *err = NULL;
326
327 info = g_malloc0(sizeof(*info));
328
329 vnc_init_basic_info_from_remote_addr(client->sioc,
330 qapi_VncClientInfo_base(info),
331 &err);
332 if (err) {
333 error_free(err);
334 qapi_free_VncClientInfo(info);
335 return NULL;
336 }
337
338 info->websocket = client->websocket;
339
340 if (client->tls) {
341 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
342 info->has_x509_dname = info->x509_dname != NULL;
343 }
344#ifdef CONFIG_VNC_SASL
345 if (client->sasl.conn && client->sasl.username) {
346 info->has_sasl_username = true;
347 info->sasl_username = g_strdup(client->sasl.username);
348 }
349#endif
350
351 return info;
352}
353
354static VncDisplay *vnc_display_find(const char *id)
355{
356 VncDisplay *vd;
357
358 if (id == NULL) {
359 return QTAILQ_FIRST(&vnc_displays);
360 }
361 QTAILQ_FOREACH(vd, &vnc_displays, next) {
362 if (strcmp(id, vd->id) == 0) {
363 return vd;
364 }
365 }
366 return NULL;
367}
368
369static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
370{
371 VncClientInfoList *prev = NULL;
372 VncState *client;
373
374 QTAILQ_FOREACH(client, &vd->clients, next) {
375 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client));
376 }
377 return prev;
378}
379
380VncInfo *qmp_query_vnc(Error **errp)
381{
382 VncInfo *info = g_malloc0(sizeof(*info));
383 VncDisplay *vd = vnc_display_find(NULL);
384 SocketAddress *addr = NULL;
385
386 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
387 info->enabled = false;
388 } else {
389 info->enabled = true;
390
391
392 info->has_clients = true;
393 info->clients = qmp_query_client_list(vd);
394
395 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
396 errp);
397 if (!addr) {
398 goto out_error;
399 }
400
401 switch (addr->type) {
402 case SOCKET_ADDRESS_TYPE_INET:
403 info->host = g_strdup(addr->u.inet.host);
404 info->service = g_strdup(addr->u.inet.port);
405 if (addr->u.inet.ipv6) {
406 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
407 } else {
408 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
409 }
410 break;
411
412 case SOCKET_ADDRESS_TYPE_UNIX:
413 info->host = g_strdup("");
414 info->service = g_strdup(addr->u.q_unix.path);
415 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
416 break;
417
418 case SOCKET_ADDRESS_TYPE_VSOCK:
419 case SOCKET_ADDRESS_TYPE_FD:
420 error_setg(errp, "Unsupported socket address type %s",
421 SocketAddressType_str(addr->type));
422 goto out_error;
423 default:
424 abort();
425 }
426
427 info->has_host = true;
428 info->has_service = true;
429 info->has_family = true;
430
431 info->has_auth = true;
432 info->auth = g_strdup(vnc_auth_name(vd));
433 }
434
435 qapi_free_SocketAddress(addr);
436 return info;
437
438out_error:
439 qapi_free_SocketAddress(addr);
440 qapi_free_VncInfo(info);
441 return NULL;
442}
443
444
445static void qmp_query_auth(int auth, int subauth,
446 VncPrimaryAuth *qmp_auth,
447 VncVencryptSubAuth *qmp_vencrypt,
448 bool *qmp_has_vencrypt);
449
450static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
451 bool websocket,
452 int auth,
453 int subauth,
454 VncServerInfo2List *prev)
455{
456 VncServerInfo2 *info;
457 Error *err = NULL;
458 SocketAddress *addr;
459
460 addr = qio_channel_socket_get_local_address(ioc, NULL);
461 if (!addr) {
462 return prev;
463 }
464
465 info = g_new0(VncServerInfo2, 1);
466 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
467 qapi_free_SocketAddress(addr);
468 if (err) {
469 qapi_free_VncServerInfo2(info);
470 error_free(err);
471 return prev;
472 }
473 info->websocket = websocket;
474
475 qmp_query_auth(auth, subauth, &info->auth,
476 &info->vencrypt, &info->has_vencrypt);
477
478 QAPI_LIST_PREPEND(prev, info);
479 return prev;
480}
481
482static void qmp_query_auth(int auth, int subauth,
483 VncPrimaryAuth *qmp_auth,
484 VncVencryptSubAuth *qmp_vencrypt,
485 bool *qmp_has_vencrypt)
486{
487 switch (auth) {
488 case VNC_AUTH_VNC:
489 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
490 break;
491 case VNC_AUTH_RA2:
492 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
493 break;
494 case VNC_AUTH_RA2NE:
495 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
496 break;
497 case VNC_AUTH_TIGHT:
498 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
499 break;
500 case VNC_AUTH_ULTRA:
501 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
502 break;
503 case VNC_AUTH_TLS:
504 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
505 break;
506 case VNC_AUTH_VENCRYPT:
507 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
508 *qmp_has_vencrypt = true;
509 switch (subauth) {
510 case VNC_AUTH_VENCRYPT_PLAIN:
511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
512 break;
513 case VNC_AUTH_VENCRYPT_TLSNONE:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
515 break;
516 case VNC_AUTH_VENCRYPT_TLSVNC:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
518 break;
519 case VNC_AUTH_VENCRYPT_TLSPLAIN:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
521 break;
522 case VNC_AUTH_VENCRYPT_X509NONE:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
524 break;
525 case VNC_AUTH_VENCRYPT_X509VNC:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
527 break;
528 case VNC_AUTH_VENCRYPT_X509PLAIN:
529 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
530 break;
531 case VNC_AUTH_VENCRYPT_TLSSASL:
532 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
533 break;
534 case VNC_AUTH_VENCRYPT_X509SASL:
535 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
536 break;
537 default:
538 *qmp_has_vencrypt = false;
539 break;
540 }
541 break;
542 case VNC_AUTH_SASL:
543 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
544 break;
545 case VNC_AUTH_NONE:
546 default:
547 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
548 break;
549 }
550}
551
552VncInfo2List *qmp_query_vnc_servers(Error **errp)
553{
554 VncInfo2List *prev = NULL;
555 VncInfo2 *info;
556 VncDisplay *vd;
557 DeviceState *dev;
558 size_t i;
559
560 QTAILQ_FOREACH(vd, &vnc_displays, next) {
561 info = g_new0(VncInfo2, 1);
562 info->id = g_strdup(vd->id);
563 info->clients = qmp_query_client_list(vd);
564 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
565 &info->vencrypt, &info->has_vencrypt);
566 if (vd->dcl.con) {
567 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
568 "device", &error_abort));
569 info->has_display = true;
570 info->display = g_strdup(dev->id);
571 }
572 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
573 info->server = qmp_query_server_entry(
574 vd->listener->sioc[i], false, vd->auth, vd->subauth,
575 info->server);
576 }
577 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
578 info->server = qmp_query_server_entry(
579 vd->wslistener->sioc[i], true, vd->ws_auth,
580 vd->ws_subauth, info->server);
581 }
582
583 QAPI_LIST_PREPEND(prev, info);
584 }
585 return prev;
586}
587
588bool vnc_display_reload_certs(const char *id, Error **errp)
589{
590 VncDisplay *vd = vnc_display_find(id);
591 QCryptoTLSCredsClass *creds = NULL;
592
593 if (!vd) {
594 error_setg(errp, "Can not find vnc display");
595 return false;
596 }
597
598 if (!vd->tlscreds) {
599 error_setg(errp, "vnc tls is not enable");
600 return false;
601 }
602
603 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
604 if (creds->reload == NULL) {
605 error_setg(errp, "%s doesn't support to reload TLS credential",
606 object_get_typename(OBJECT(vd->tlscreds)));
607 return false;
608 }
609 if (!creds->reload(vd->tlscreds, errp)) {
610 return false;
611 }
612
613 return true;
614}
615
616
617
618
619
620
621
622
623static int vnc_update_client(VncState *vs, int has_dirty);
624static void vnc_disconnect_start(VncState *vs);
625
626static void vnc_colordepth(VncState *vs);
627static void framebuffer_update_request(VncState *vs, int incremental,
628 int x_position, int y_position,
629 int w, int h);
630static void vnc_refresh(DisplayChangeListener *dcl);
631static int vnc_refresh_server_surface(VncDisplay *vd);
632
633static int vnc_width(VncDisplay *vd)
634{
635 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
636 VNC_DIRTY_PIXELS_PER_BIT));
637}
638
639static int vnc_true_width(VncDisplay *vd)
640{
641 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds));
642}
643
644static int vnc_height(VncDisplay *vd)
645{
646 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
647}
648
649static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
650 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
651 VncDisplay *vd,
652 int x, int y, int w, int h)
653{
654 int width = vnc_width(vd);
655 int height = vnc_height(vd);
656
657
658
659 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
660 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
661
662 x = MIN(x, width);
663 y = MIN(y, height);
664 w = MIN(x + w, width) - x;
665 h = MIN(y + h, height);
666
667 for (; y < h; y++) {
668 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
669 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
670 }
671}
672
673static void vnc_dpy_update(DisplayChangeListener *dcl,
674 int x, int y, int w, int h)
675{
676 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
677 struct VncSurface *s = &vd->guest;
678
679 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
680}
681
682void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
683 int32_t encoding)
684{
685 vnc_write_u16(vs, x);
686 vnc_write_u16(vs, y);
687 vnc_write_u16(vs, w);
688 vnc_write_u16(vs, h);
689
690 vnc_write_s32(vs, encoding);
691}
692
693static void vnc_desktop_resize_ext(VncState *vs, int reject_reason)
694{
695 trace_vnc_msg_server_ext_desktop_resize(
696 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason);
697
698 vnc_lock_output(vs);
699 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
700 vnc_write_u8(vs, 0);
701 vnc_write_u16(vs, 1);
702 vnc_framebuffer_update(vs,
703 reject_reason ? 1 : 0,
704 reject_reason,
705 vs->client_width, vs->client_height,
706 VNC_ENCODING_DESKTOP_RESIZE_EXT);
707 vnc_write_u8(vs, 1);
708 vnc_write_u8(vs, 0);
709 vnc_write_u8(vs, 0);
710 vnc_write_u8(vs, 0);
711 vnc_write_u32(vs, 0);
712 vnc_write_u16(vs, 0);
713 vnc_write_u16(vs, 0);
714 vnc_write_u16(vs, vs->client_width);
715 vnc_write_u16(vs, vs->client_height);
716 vnc_write_u32(vs, 0);
717 vnc_unlock_output(vs);
718 vnc_flush(vs);
719}
720
721static void vnc_desktop_resize(VncState *vs)
722{
723 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) &&
724 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) {
725 return;
726 }
727 if (vs->client_width == vs->vd->true_width &&
728 vs->client_height == pixman_image_get_height(vs->vd->server)) {
729 return;
730 }
731
732 assert(vs->vd->true_width < 65536 &&
733 vs->vd->true_width >= 0);
734 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
735 pixman_image_get_height(vs->vd->server) >= 0);
736 vs->client_width = vs->vd->true_width;
737 vs->client_height = pixman_image_get_height(vs->vd->server);
738
739 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
740 vnc_desktop_resize_ext(vs, 0);
741 return;
742 }
743
744 trace_vnc_msg_server_desktop_resize(
745 vs, vs->ioc, vs->client_width, vs->client_height);
746
747 vnc_lock_output(vs);
748 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
749 vnc_write_u8(vs, 0);
750 vnc_write_u16(vs, 1);
751 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
752 VNC_ENCODING_DESKTOPRESIZE);
753 vnc_unlock_output(vs);
754 vnc_flush(vs);
755}
756
757static void vnc_abort_display_jobs(VncDisplay *vd)
758{
759 VncState *vs;
760
761 QTAILQ_FOREACH(vs, &vd->clients, next) {
762 vnc_lock_output(vs);
763 vs->abort = true;
764 vnc_unlock_output(vs);
765 }
766 QTAILQ_FOREACH(vs, &vd->clients, next) {
767 vnc_jobs_join(vs);
768 }
769 QTAILQ_FOREACH(vs, &vd->clients, next) {
770 vnc_lock_output(vs);
771 if (vs->update == VNC_STATE_UPDATE_NONE &&
772 vs->job_update != VNC_STATE_UPDATE_NONE) {
773
774 vs->update = vs->job_update;
775 vs->job_update = VNC_STATE_UPDATE_NONE;
776 }
777 vs->abort = false;
778 vnc_unlock_output(vs);
779 }
780}
781
782int vnc_server_fb_stride(VncDisplay *vd)
783{
784 return pixman_image_get_stride(vd->server);
785}
786
787void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
788{
789 uint8_t *ptr;
790
791 ptr = (uint8_t *)pixman_image_get_data(vd->server);
792 ptr += y * vnc_server_fb_stride(vd);
793 ptr += x * VNC_SERVER_FB_BYTES;
794 return ptr;
795}
796
797static void vnc_update_server_surface(VncDisplay *vd)
798{
799 int width, height;
800
801 qemu_pixman_image_unref(vd->server);
802 vd->server = NULL;
803
804 if (QTAILQ_EMPTY(&vd->clients)) {
805 return;
806 }
807
808 width = vnc_width(vd);
809 height = vnc_height(vd);
810 vd->true_width = vnc_true_width(vd);
811 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
812 width, height,
813 NULL, 0);
814
815 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
816 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
817 width, height);
818}
819
820static bool vnc_check_pageflip(DisplaySurface *s1,
821 DisplaySurface *s2)
822{
823 return (s1 != NULL &&
824 s2 != NULL &&
825 surface_width(s1) == surface_width(s2) &&
826 surface_height(s1) == surface_height(s2) &&
827 surface_format(s1) == surface_format(s2));
828
829}
830
831static void vnc_dpy_switch(DisplayChangeListener *dcl,
832 DisplaySurface *surface)
833{
834 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
835 bool pageflip = vnc_check_pageflip(vd->ds, surface);
836 VncState *vs;
837
838 vnc_abort_display_jobs(vd);
839 vd->ds = surface;
840
841
842 qemu_pixman_image_unref(vd->guest.fb);
843 vd->guest.fb = pixman_image_ref(surface->image);
844 vd->guest.format = surface->format;
845
846
847 if (pageflip) {
848 trace_vnc_server_dpy_pageflip(vd,
849 surface_width(surface),
850 surface_height(surface),
851 surface_format(surface));
852 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
853 surface_width(surface),
854 surface_height(surface));
855 return;
856 }
857
858 trace_vnc_server_dpy_recreate(vd,
859 surface_width(surface),
860 surface_height(surface),
861 surface_format(surface));
862
863 vnc_update_server_surface(vd);
864
865 QTAILQ_FOREACH(vs, &vd->clients, next) {
866 vnc_colordepth(vs);
867 vnc_desktop_resize(vs);
868 vnc_cursor_define(vs);
869 memset(vs->dirty, 0x00, sizeof(vs->dirty));
870 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
871 vnc_width(vd),
872 vnc_height(vd));
873 vnc_update_throttle_offset(vs);
874 }
875}
876
877
878static void vnc_write_pixels_copy(VncState *vs,
879 void *pixels, int size)
880{
881 vnc_write(vs, pixels, size);
882}
883
884
885void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
886{
887 uint8_t r, g, b;
888
889#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
890 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
891 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
892 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
893#else
894# error need some bits here if you change VNC_SERVER_FB_FORMAT
895#endif
896 v = (r << vs->client_pf.rshift) |
897 (g << vs->client_pf.gshift) |
898 (b << vs->client_pf.bshift);
899 switch (vs->client_pf.bytes_per_pixel) {
900 case 1:
901 buf[0] = v;
902 break;
903 case 2:
904 if (vs->client_be) {
905 buf[0] = v >> 8;
906 buf[1] = v;
907 } else {
908 buf[1] = v >> 8;
909 buf[0] = v;
910 }
911 break;
912 default:
913 case 4:
914 if (vs->client_be) {
915 buf[0] = v >> 24;
916 buf[1] = v >> 16;
917 buf[2] = v >> 8;
918 buf[3] = v;
919 } else {
920 buf[3] = v >> 24;
921 buf[2] = v >> 16;
922 buf[1] = v >> 8;
923 buf[0] = v;
924 }
925 break;
926 }
927}
928
929static void vnc_write_pixels_generic(VncState *vs,
930 void *pixels1, int size)
931{
932 uint8_t buf[4];
933
934 if (VNC_SERVER_FB_BYTES == 4) {
935 uint32_t *pixels = pixels1;
936 int n, i;
937 n = size >> 2;
938 for (i = 0; i < n; i++) {
939 vnc_convert_pixel(vs, buf, pixels[i]);
940 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
941 }
942 }
943}
944
945int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
946{
947 int i;
948 uint8_t *row;
949 VncDisplay *vd = vs->vd;
950
951 row = vnc_server_fb_ptr(vd, x, y);
952 for (i = 0; i < h; i++) {
953 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
954 row += vnc_server_fb_stride(vd);
955 }
956 return 1;
957}
958
959int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
960{
961 int n = 0;
962
963 switch(vs->vnc_encoding) {
964 case VNC_ENCODING_ZLIB:
965 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
966 break;
967 case VNC_ENCODING_HEXTILE:
968 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
969 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
970 break;
971 case VNC_ENCODING_TIGHT:
972 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
973 break;
974 case VNC_ENCODING_TIGHT_PNG:
975 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
976 break;
977 case VNC_ENCODING_ZRLE:
978 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
979 break;
980 case VNC_ENCODING_ZYWRLE:
981 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
982 break;
983 default:
984 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
985 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
986 break;
987 }
988 return n;
989}
990
991static void vnc_mouse_set(DisplayChangeListener *dcl,
992 int x, int y, int visible)
993{
994
995}
996
997static int vnc_cursor_define(VncState *vs)
998{
999 QEMUCursor *c = vs->vd->cursor;
1000 int isize;
1001
1002 if (!vs->vd->cursor) {
1003 return -1;
1004 }
1005
1006 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) {
1007 vnc_lock_output(vs);
1008 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1009 vnc_write_u8(vs, 0);
1010 vnc_write_u16(vs, 1);
1011 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1012 VNC_ENCODING_ALPHA_CURSOR);
1013 vnc_write_s32(vs, VNC_ENCODING_RAW);
1014 vnc_write(vs, c->data, c->width * c->height * 4);
1015 vnc_unlock_output(vs);
1016 return 0;
1017 }
1018 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1019 vnc_lock_output(vs);
1020 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1021 vnc_write_u8(vs, 0);
1022 vnc_write_u16(vs, 1);
1023 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1024 VNC_ENCODING_RICH_CURSOR);
1025 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1026 vnc_write_pixels_generic(vs, c->data, isize);
1027 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1028 vnc_unlock_output(vs);
1029 return 0;
1030 }
1031 return -1;
1032}
1033
1034static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1035 QEMUCursor *c)
1036{
1037 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1038 VncState *vs;
1039
1040 cursor_put(vd->cursor);
1041 g_free(vd->cursor_mask);
1042
1043 vd->cursor = c;
1044 cursor_get(vd->cursor);
1045 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1046 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1047 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1048
1049 QTAILQ_FOREACH(vs, &vd->clients, next) {
1050 vnc_cursor_define(vs);
1051 }
1052}
1053
1054static int find_and_clear_dirty_height(VncState *vs,
1055 int y, int last_x, int x, int height)
1056{
1057 int h;
1058
1059 for (h = 1; h < (height - y); h++) {
1060 if (!test_bit(last_x, vs->dirty[y + h])) {
1061 break;
1062 }
1063 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1064 }
1065
1066 return h;
1067}
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079static void vnc_update_throttle_offset(VncState *vs)
1080{
1081 size_t offset =
1082 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1083
1084 if (vs->audio_cap) {
1085 int bps;
1086 switch (vs->as.fmt) {
1087 default:
1088 case AUDIO_FORMAT_U8:
1089 case AUDIO_FORMAT_S8:
1090 bps = 1;
1091 break;
1092 case AUDIO_FORMAT_U16:
1093 case AUDIO_FORMAT_S16:
1094 bps = 2;
1095 break;
1096 case AUDIO_FORMAT_U32:
1097 case AUDIO_FORMAT_S32:
1098 bps = 4;
1099 break;
1100 }
1101 offset += vs->as.freq * bps * vs->as.nchannels;
1102 }
1103
1104
1105
1106
1107
1108 offset = MAX(offset, 1024 * 1024);
1109
1110 if (vs->throttle_output_offset != offset) {
1111 trace_vnc_client_throttle_threshold(
1112 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1113 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1114 }
1115
1116 vs->throttle_output_offset = offset;
1117}
1118
1119static bool vnc_should_update(VncState *vs)
1120{
1121 switch (vs->update) {
1122 case VNC_STATE_UPDATE_NONE:
1123 break;
1124 case VNC_STATE_UPDATE_INCREMENTAL:
1125
1126
1127
1128
1129 if (vs->output.offset < vs->throttle_output_offset &&
1130 vs->job_update == VNC_STATE_UPDATE_NONE) {
1131 return true;
1132 }
1133 trace_vnc_client_throttle_incremental(
1134 vs, vs->ioc, vs->job_update, vs->output.offset);
1135 break;
1136 case VNC_STATE_UPDATE_FORCE:
1137
1138
1139
1140
1141
1142
1143
1144
1145 if (vs->force_update_offset == 0 &&
1146 vs->job_update == VNC_STATE_UPDATE_NONE) {
1147 return true;
1148 }
1149 trace_vnc_client_throttle_forced(
1150 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1151 break;
1152 }
1153 return false;
1154}
1155
1156static int vnc_update_client(VncState *vs, int has_dirty)
1157{
1158 VncDisplay *vd = vs->vd;
1159 VncJob *job;
1160 int y;
1161 int height, width;
1162 int n = 0;
1163
1164 if (vs->disconnecting) {
1165 vnc_disconnect_finish(vs);
1166 return 0;
1167 }
1168
1169 vs->has_dirty += has_dirty;
1170 if (!vnc_should_update(vs)) {
1171 return 0;
1172 }
1173
1174 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1175 return 0;
1176 }
1177
1178
1179
1180
1181
1182
1183
1184 job = vnc_job_new(vs);
1185
1186 height = pixman_image_get_height(vd->server);
1187 width = pixman_image_get_width(vd->server);
1188
1189 y = 0;
1190 for (;;) {
1191 int x, h;
1192 unsigned long x2;
1193 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1194 height * VNC_DIRTY_BPL(vs),
1195 y * VNC_DIRTY_BPL(vs));
1196 if (offset == height * VNC_DIRTY_BPL(vs)) {
1197
1198 break;
1199 }
1200 y = offset / VNC_DIRTY_BPL(vs);
1201 x = offset % VNC_DIRTY_BPL(vs);
1202 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1203 VNC_DIRTY_BPL(vs), x);
1204 bitmap_clear(vs->dirty[y], x, x2 - x);
1205 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1206 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1207 if (x2 > x) {
1208 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1209 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1210 }
1211 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1212 y += h;
1213 if (y == height) {
1214 break;
1215 }
1216 }
1217 }
1218
1219 vs->job_update = vs->update;
1220 vs->update = VNC_STATE_UPDATE_NONE;
1221 vnc_job_push(job);
1222 vs->has_dirty = 0;
1223 return n;
1224}
1225
1226
1227static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1228{
1229 VncState *vs = opaque;
1230
1231 assert(vs->magic == VNC_MAGIC);
1232 switch (cmd) {
1233 case AUD_CNOTIFY_DISABLE:
1234 trace_vnc_msg_server_audio_end(vs, vs->ioc);
1235 vnc_lock_output(vs);
1236 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1237 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1238 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1239 vnc_unlock_output(vs);
1240 vnc_flush(vs);
1241 break;
1242
1243 case AUD_CNOTIFY_ENABLE:
1244 trace_vnc_msg_server_audio_begin(vs, vs->ioc);
1245 vnc_lock_output(vs);
1246 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1247 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1248 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1249 vnc_unlock_output(vs);
1250 vnc_flush(vs);
1251 break;
1252 }
1253}
1254
1255static void audio_capture_destroy(void *opaque)
1256{
1257}
1258
1259static void audio_capture(void *opaque, const void *buf, int size)
1260{
1261 VncState *vs = opaque;
1262
1263 assert(vs->magic == VNC_MAGIC);
1264 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size);
1265 vnc_lock_output(vs);
1266 if (vs->output.offset < vs->throttle_output_offset) {
1267 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1268 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1269 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1270 vnc_write_u32(vs, size);
1271 vnc_write(vs, buf, size);
1272 } else {
1273 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1274 }
1275 vnc_unlock_output(vs);
1276 vnc_flush(vs);
1277}
1278
1279static void audio_add(VncState *vs)
1280{
1281 struct audio_capture_ops ops;
1282
1283 if (vs->audio_cap) {
1284 error_report("audio already running");
1285 return;
1286 }
1287
1288 ops.notify = audio_capture_notify;
1289 ops.destroy = audio_capture_destroy;
1290 ops.capture = audio_capture;
1291
1292 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1293 if (!vs->audio_cap) {
1294 error_report("Failed to add audio capture");
1295 }
1296}
1297
1298static void audio_del(VncState *vs)
1299{
1300 if (vs->audio_cap) {
1301 AUD_del_capture(vs->audio_cap, vs);
1302 vs->audio_cap = NULL;
1303 }
1304}
1305
1306static void vnc_disconnect_start(VncState *vs)
1307{
1308 if (vs->disconnecting) {
1309 return;
1310 }
1311 trace_vnc_client_disconnect_start(vs, vs->ioc);
1312 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1313 if (vs->ioc_tag) {
1314 g_source_remove(vs->ioc_tag);
1315 vs->ioc_tag = 0;
1316 }
1317 qio_channel_close(vs->ioc, NULL);
1318 vs->disconnecting = TRUE;
1319}
1320
1321void vnc_disconnect_finish(VncState *vs)
1322{
1323 int i;
1324
1325 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1326
1327 vnc_jobs_join(vs);
1328
1329 vnc_lock_output(vs);
1330 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1331
1332 buffer_free(&vs->input);
1333 buffer_free(&vs->output);
1334
1335 qapi_free_VncClientInfo(vs->info);
1336
1337 vnc_zlib_clear(vs);
1338 vnc_tight_clear(vs);
1339 vnc_zrle_clear(vs);
1340
1341#ifdef CONFIG_VNC_SASL
1342 vnc_sasl_client_cleanup(vs);
1343#endif
1344 audio_del(vs);
1345 qkbd_state_lift_all_keys(vs->vd->kbd);
1346
1347 if (vs->mouse_mode_notifier.notify != NULL) {
1348 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1349 }
1350 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1351 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1352
1353 vnc_update_server_surface(vs->vd);
1354 }
1355
1356 vnc_unlock_output(vs);
1357
1358 qemu_mutex_destroy(&vs->output_mutex);
1359 if (vs->bh != NULL) {
1360 qemu_bh_delete(vs->bh);
1361 }
1362 buffer_free(&vs->jobs_buffer);
1363
1364 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1365 g_free(vs->lossy_rect[i]);
1366 }
1367 g_free(vs->lossy_rect);
1368
1369 object_unref(OBJECT(vs->ioc));
1370 vs->ioc = NULL;
1371 object_unref(OBJECT(vs->sioc));
1372 vs->sioc = NULL;
1373 vs->magic = 0;
1374 g_free(vs->zrle);
1375 g_free(vs->tight);
1376 g_free(vs);
1377}
1378
1379size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1380{
1381 if (ret <= 0) {
1382 if (ret == 0) {
1383 trace_vnc_client_eof(vs, vs->ioc);
1384 vnc_disconnect_start(vs);
1385 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1386 trace_vnc_client_io_error(vs, vs->ioc,
1387 err ? error_get_pretty(err) : "Unknown");
1388 vnc_disconnect_start(vs);
1389 }
1390
1391 error_free(err);
1392 return 0;
1393 }
1394 return ret;
1395}
1396
1397
1398void vnc_client_error(VncState *vs)
1399{
1400 VNC_DEBUG("Closing down client sock: protocol error\n");
1401 vnc_disconnect_start(vs);
1402}
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1421{
1422 Error *err = NULL;
1423 ssize_t ret;
1424 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1425 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1426 return vnc_client_io_error(vs, ret, err);
1427}
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440static size_t vnc_client_write_plain(VncState *vs)
1441{
1442 size_t offset;
1443 size_t ret;
1444
1445#ifdef CONFIG_VNC_SASL
1446 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1447 vs->output.buffer, vs->output.capacity, vs->output.offset,
1448 vs->sasl.waitWriteSSF);
1449
1450 if (vs->sasl.conn &&
1451 vs->sasl.runSSF &&
1452 vs->sasl.waitWriteSSF) {
1453 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1454 if (ret)
1455 vs->sasl.waitWriteSSF -= ret;
1456 } else
1457#endif
1458 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1459 if (!ret)
1460 return 0;
1461
1462 if (ret >= vs->force_update_offset) {
1463 if (vs->force_update_offset != 0) {
1464 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1465 }
1466 vs->force_update_offset = 0;
1467 } else {
1468 vs->force_update_offset -= ret;
1469 }
1470 offset = vs->output.offset;
1471 buffer_advance(&vs->output, ret);
1472 if (offset >= vs->throttle_output_offset &&
1473 vs->output.offset < vs->throttle_output_offset) {
1474 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1475 }
1476
1477 if (vs->output.offset == 0) {
1478 if (vs->ioc_tag) {
1479 g_source_remove(vs->ioc_tag);
1480 }
1481 vs->ioc_tag = qio_channel_add_watch(
1482 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1483 vnc_client_io, vs, NULL);
1484 }
1485
1486 return ret;
1487}
1488
1489
1490
1491
1492
1493
1494
1495static void vnc_client_write_locked(VncState *vs)
1496{
1497#ifdef CONFIG_VNC_SASL
1498 if (vs->sasl.conn &&
1499 vs->sasl.runSSF &&
1500 !vs->sasl.waitWriteSSF) {
1501 vnc_client_write_sasl(vs);
1502 } else
1503#endif
1504 {
1505 vnc_client_write_plain(vs);
1506 }
1507}
1508
1509static void vnc_client_write(VncState *vs)
1510{
1511 assert(vs->magic == VNC_MAGIC);
1512 vnc_lock_output(vs);
1513 if (vs->output.offset) {
1514 vnc_client_write_locked(vs);
1515 } else if (vs->ioc != NULL) {
1516 if (vs->ioc_tag) {
1517 g_source_remove(vs->ioc_tag);
1518 }
1519 vs->ioc_tag = qio_channel_add_watch(
1520 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1521 vnc_client_io, vs, NULL);
1522 }
1523 vnc_unlock_output(vs);
1524}
1525
1526void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1527{
1528 vs->read_handler = func;
1529 vs->read_handler_expect = expecting;
1530}
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1549{
1550 ssize_t ret;
1551 Error *err = NULL;
1552 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1553 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1554 return vnc_client_io_error(vs, ret, err);
1555}
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567static size_t vnc_client_read_plain(VncState *vs)
1568{
1569 size_t ret;
1570 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1571 vs->input.buffer, vs->input.capacity, vs->input.offset);
1572 buffer_reserve(&vs->input, 4096);
1573 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1574 if (!ret)
1575 return 0;
1576 vs->input.offset += ret;
1577 return ret;
1578}
1579
1580static void vnc_jobs_bh(void *opaque)
1581{
1582 VncState *vs = opaque;
1583
1584 assert(vs->magic == VNC_MAGIC);
1585 vnc_jobs_consume_buffer(vs);
1586}
1587
1588
1589
1590
1591
1592
1593
1594static int vnc_client_read(VncState *vs)
1595{
1596 size_t ret;
1597
1598#ifdef CONFIG_VNC_SASL
1599 if (vs->sasl.conn && vs->sasl.runSSF)
1600 ret = vnc_client_read_sasl(vs);
1601 else
1602#endif
1603 ret = vnc_client_read_plain(vs);
1604 if (!ret) {
1605 if (vs->disconnecting) {
1606 vnc_disconnect_finish(vs);
1607 return -1;
1608 }
1609 return 0;
1610 }
1611
1612 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1613 size_t len = vs->read_handler_expect;
1614 int ret;
1615
1616 ret = vs->read_handler(vs, vs->input.buffer, len);
1617 if (vs->disconnecting) {
1618 vnc_disconnect_finish(vs);
1619 return -1;
1620 }
1621
1622 if (!ret) {
1623 buffer_advance(&vs->input, len);
1624 } else {
1625 vs->read_handler_expect = ret;
1626 }
1627 }
1628 return 0;
1629}
1630
1631gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1632 GIOCondition condition, void *opaque)
1633{
1634 VncState *vs = opaque;
1635
1636 assert(vs->magic == VNC_MAGIC);
1637
1638 if (condition & (G_IO_HUP | G_IO_ERR)) {
1639 vnc_disconnect_start(vs);
1640 return TRUE;
1641 }
1642
1643 if (condition & G_IO_IN) {
1644 if (vnc_client_read(vs) < 0) {
1645
1646 return TRUE;
1647 }
1648 }
1649 if (condition & G_IO_OUT) {
1650 vnc_client_write(vs);
1651 }
1652
1653 if (vs->disconnecting) {
1654 if (vs->ioc_tag != 0) {
1655 g_source_remove(vs->ioc_tag);
1656 }
1657 vs->ioc_tag = 0;
1658 }
1659 return TRUE;
1660}
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670#define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1671
1672void vnc_write(VncState *vs, const void *data, size_t len)
1673{
1674 assert(vs->magic == VNC_MAGIC);
1675 if (vs->disconnecting) {
1676 return;
1677 }
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689 if (vs->throttle_output_offset != 0 &&
1690 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1691 vs->throttle_output_offset) {
1692 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1693 vs->throttle_output_offset);
1694 vnc_disconnect_start(vs);
1695 return;
1696 }
1697 buffer_reserve(&vs->output, len);
1698
1699 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1700 if (vs->ioc_tag) {
1701 g_source_remove(vs->ioc_tag);
1702 }
1703 vs->ioc_tag = qio_channel_add_watch(
1704 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
1705 vnc_client_io, vs, NULL);
1706 }
1707
1708 buffer_append(&vs->output, data, len);
1709}
1710
1711void vnc_write_s32(VncState *vs, int32_t value)
1712{
1713 vnc_write_u32(vs, *(uint32_t *)&value);
1714}
1715
1716void vnc_write_u32(VncState *vs, uint32_t value)
1717{
1718 uint8_t buf[4];
1719
1720 buf[0] = (value >> 24) & 0xFF;
1721 buf[1] = (value >> 16) & 0xFF;
1722 buf[2] = (value >> 8) & 0xFF;
1723 buf[3] = value & 0xFF;
1724
1725 vnc_write(vs, buf, 4);
1726}
1727
1728void vnc_write_u16(VncState *vs, uint16_t value)
1729{
1730 uint8_t buf[2];
1731
1732 buf[0] = (value >> 8) & 0xFF;
1733 buf[1] = value & 0xFF;
1734
1735 vnc_write(vs, buf, 2);
1736}
1737
1738void vnc_write_u8(VncState *vs, uint8_t value)
1739{
1740 vnc_write(vs, (char *)&value, 1);
1741}
1742
1743void vnc_flush(VncState *vs)
1744{
1745 vnc_lock_output(vs);
1746 if (vs->ioc != NULL && vs->output.offset) {
1747 vnc_client_write_locked(vs);
1748 }
1749 if (vs->disconnecting) {
1750 if (vs->ioc_tag != 0) {
1751 g_source_remove(vs->ioc_tag);
1752 }
1753 vs->ioc_tag = 0;
1754 }
1755 vnc_unlock_output(vs);
1756}
1757
1758static uint8_t read_u8(uint8_t *data, size_t offset)
1759{
1760 return data[offset];
1761}
1762
1763static uint16_t read_u16(uint8_t *data, size_t offset)
1764{
1765 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1766}
1767
1768static int32_t read_s32(uint8_t *data, size_t offset)
1769{
1770 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1771 (data[offset + 2] << 8) | data[offset + 3]);
1772}
1773
1774uint32_t read_u32(uint8_t *data, size_t offset)
1775{
1776 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1777 (data[offset + 2] << 8) | data[offset + 3]);
1778}
1779
1780static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1781{
1782}
1783
1784static void check_pointer_type_change(Notifier *notifier, void *data)
1785{
1786 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1787 int absolute = qemu_input_is_absolute();
1788
1789 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1790 vnc_lock_output(vs);
1791 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1792 vnc_write_u8(vs, 0);
1793 vnc_write_u16(vs, 1);
1794 vnc_framebuffer_update(vs, absolute, 0,
1795 pixman_image_get_width(vs->vd->server),
1796 pixman_image_get_height(vs->vd->server),
1797 VNC_ENCODING_POINTER_TYPE_CHANGE);
1798 vnc_unlock_output(vs);
1799 vnc_flush(vs);
1800 }
1801 vs->absolute = absolute;
1802}
1803
1804static void pointer_event(VncState *vs, int button_mask, int x, int y)
1805{
1806 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1807 [INPUT_BUTTON_LEFT] = 0x01,
1808 [INPUT_BUTTON_MIDDLE] = 0x02,
1809 [INPUT_BUTTON_RIGHT] = 0x04,
1810 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1811 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1812 };
1813 QemuConsole *con = vs->vd->dcl.con;
1814 int width = pixman_image_get_width(vs->vd->server);
1815 int height = pixman_image_get_height(vs->vd->server);
1816
1817 if (vs->last_bmask != button_mask) {
1818 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1819 vs->last_bmask = button_mask;
1820 }
1821
1822 if (vs->absolute) {
1823 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1824 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1825 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1826 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1827 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1828 } else {
1829 if (vs->last_x != -1) {
1830 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1831 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1832 }
1833 vs->last_x = x;
1834 vs->last_y = y;
1835 }
1836 qemu_input_event_sync();
1837}
1838
1839static void press_key(VncState *vs, QKeyCode qcode)
1840{
1841 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1842 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1843}
1844
1845static void vnc_led_state_change(VncState *vs)
1846{
1847 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1848 return;
1849 }
1850
1851 vnc_lock_output(vs);
1852 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1853 vnc_write_u8(vs, 0);
1854 vnc_write_u16(vs, 1);
1855 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1856 vnc_write_u8(vs, vs->vd->ledstate);
1857 vnc_unlock_output(vs);
1858 vnc_flush(vs);
1859}
1860
1861static void kbd_leds(void *opaque, int ledstate)
1862{
1863 VncDisplay *vd = opaque;
1864 VncState *client;
1865
1866 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1867 (ledstate & QEMU_NUM_LOCK_LED),
1868 (ledstate & QEMU_SCROLL_LOCK_LED));
1869
1870 if (ledstate == vd->ledstate) {
1871 return;
1872 }
1873
1874 vd->ledstate = ledstate;
1875
1876 QTAILQ_FOREACH(client, &vd->clients, next) {
1877 vnc_led_state_change(client);
1878 }
1879}
1880
1881static void do_key_event(VncState *vs, int down, int keycode, int sym)
1882{
1883 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1884
1885
1886 switch (qcode) {
1887 case Q_KEY_CODE_1 ... Q_KEY_CODE_9:
1888 if (vs->vd->dcl.con == NULL && down &&
1889 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1890 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1891
1892 qkbd_state_lift_all_keys(vs->vd->kbd);
1893 console_select(qcode - Q_KEY_CODE_1);
1894 return;
1895 }
1896 default:
1897 break;
1898 }
1899
1900
1901
1902
1903 if (down && vs->vd->lock_key_sync &&
1904 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1905 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1906
1907
1908
1909
1910 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1911 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1912 trace_vnc_key_sync_numlock(true);
1913 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1914 }
1915 } else {
1916 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1917 trace_vnc_key_sync_numlock(false);
1918 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1919 }
1920 }
1921 }
1922
1923 if (down && vs->vd->lock_key_sync &&
1924 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1925 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1926
1927
1928
1929
1930 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1931 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1932 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1933 if (capslock) {
1934 if (uppercase == shift) {
1935 trace_vnc_key_sync_capslock(false);
1936 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1937 }
1938 } else {
1939 if (uppercase != shift) {
1940 trace_vnc_key_sync_capslock(true);
1941 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1942 }
1943 }
1944 }
1945
1946 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1947 if (!qemu_console_is_graphic(NULL)) {
1948 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1949 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1950
1951 if (down) {
1952 switch (keycode) {
1953 case 0x2a:
1954 case 0x36:
1955 case 0x1d:
1956 case 0x9d:
1957 case 0x38:
1958 case 0xb8:
1959 break;
1960 case 0xc8:
1961 kbd_put_keysym(QEMU_KEY_UP);
1962 break;
1963 case 0xd0:
1964 kbd_put_keysym(QEMU_KEY_DOWN);
1965 break;
1966 case 0xcb:
1967 kbd_put_keysym(QEMU_KEY_LEFT);
1968 break;
1969 case 0xcd:
1970 kbd_put_keysym(QEMU_KEY_RIGHT);
1971 break;
1972 case 0xd3:
1973 kbd_put_keysym(QEMU_KEY_DELETE);
1974 break;
1975 case 0xc7:
1976 kbd_put_keysym(QEMU_KEY_HOME);
1977 break;
1978 case 0xcf:
1979 kbd_put_keysym(QEMU_KEY_END);
1980 break;
1981 case 0xc9:
1982 kbd_put_keysym(QEMU_KEY_PAGEUP);
1983 break;
1984 case 0xd1:
1985 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1986 break;
1987
1988 case 0x47:
1989 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1990 break;
1991 case 0x48:
1992 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1993 break;
1994 case 0x49:
1995 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1996 break;
1997 case 0x4b:
1998 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1999 break;
2000 case 0x4c:
2001 kbd_put_keysym('5');
2002 break;
2003 case 0x4d:
2004 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
2005 break;
2006 case 0x4f:
2007 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
2008 break;
2009 case 0x50:
2010 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
2011 break;
2012 case 0x51:
2013 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
2014 break;
2015 case 0x52:
2016 kbd_put_keysym('0');
2017 break;
2018 case 0x53:
2019 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
2020 break;
2021
2022 case 0xb5:
2023 kbd_put_keysym('/');
2024 break;
2025 case 0x37:
2026 kbd_put_keysym('*');
2027 break;
2028 case 0x4a:
2029 kbd_put_keysym('-');
2030 break;
2031 case 0x4e:
2032 kbd_put_keysym('+');
2033 break;
2034 case 0x9c:
2035 kbd_put_keysym('\n');
2036 break;
2037
2038 default:
2039 if (control) {
2040 kbd_put_keysym(sym & 0x1f);
2041 } else {
2042 kbd_put_keysym(sym);
2043 }
2044 break;
2045 }
2046 }
2047 }
2048}
2049
2050static const char *code2name(int keycode)
2051{
2052 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2053}
2054
2055static void key_event(VncState *vs, int down, uint32_t sym)
2056{
2057 int keycode;
2058 int lsym = sym;
2059
2060 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
2061 lsym = lsym - 'A' + 'a';
2062 }
2063
2064 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2065 vs->vd->kbd, down) & SCANCODE_KEYMASK;
2066 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2067 do_key_event(vs, down, keycode, sym);
2068}
2069
2070static void ext_key_event(VncState *vs, int down,
2071 uint32_t sym, uint16_t keycode)
2072{
2073
2074 if (keyboard_layout) {
2075 key_event(vs, down, sym);
2076 } else {
2077 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2078 do_key_event(vs, down, keycode, sym);
2079 }
2080}
2081
2082static void framebuffer_update_request(VncState *vs, int incremental,
2083 int x, int y, int w, int h)
2084{
2085 if (incremental) {
2086 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2087 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2088 }
2089 } else {
2090 vs->update = VNC_STATE_UPDATE_FORCE;
2091 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2092 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
2093 vnc_desktop_resize_ext(vs, 0);
2094 }
2095 }
2096}
2097
2098static void send_ext_key_event_ack(VncState *vs)
2099{
2100 vnc_lock_output(vs);
2101 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2102 vnc_write_u8(vs, 0);
2103 vnc_write_u16(vs, 1);
2104 vnc_framebuffer_update(vs, 0, 0,
2105 pixman_image_get_width(vs->vd->server),
2106 pixman_image_get_height(vs->vd->server),
2107 VNC_ENCODING_EXT_KEY_EVENT);
2108 vnc_unlock_output(vs);
2109 vnc_flush(vs);
2110}
2111
2112static void send_ext_audio_ack(VncState *vs)
2113{
2114 vnc_lock_output(vs);
2115 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2116 vnc_write_u8(vs, 0);
2117 vnc_write_u16(vs, 1);
2118 vnc_framebuffer_update(vs, 0, 0,
2119 pixman_image_get_width(vs->vd->server),
2120 pixman_image_get_height(vs->vd->server),
2121 VNC_ENCODING_AUDIO);
2122 vnc_unlock_output(vs);
2123 vnc_flush(vs);
2124}
2125
2126static void send_xvp_message(VncState *vs, int code)
2127{
2128 vnc_lock_output(vs);
2129 vnc_write_u8(vs, VNC_MSG_SERVER_XVP);
2130 vnc_write_u8(vs, 0);
2131 vnc_write_u8(vs, 1);
2132 vnc_write_u8(vs, code);
2133 vnc_unlock_output(vs);
2134 vnc_flush(vs);
2135}
2136
2137static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2138{
2139 int i;
2140 unsigned int enc = 0;
2141
2142 vs->features = 0;
2143 vs->vnc_encoding = 0;
2144 vs->tight->compression = 9;
2145 vs->tight->quality = -1;
2146 vs->absolute = -1;
2147
2148
2149
2150
2151
2152
2153 for (i = n_encodings - 1; i >= 0; i--) {
2154 enc = encodings[i];
2155 switch (enc) {
2156 case VNC_ENCODING_RAW:
2157 vs->vnc_encoding = enc;
2158 break;
2159 case VNC_ENCODING_HEXTILE:
2160 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2161 vs->vnc_encoding = enc;
2162 break;
2163 case VNC_ENCODING_TIGHT:
2164 vs->features |= VNC_FEATURE_TIGHT_MASK;
2165 vs->vnc_encoding = enc;
2166 break;
2167#ifdef CONFIG_VNC_PNG
2168 case VNC_ENCODING_TIGHT_PNG:
2169 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2170 vs->vnc_encoding = enc;
2171 break;
2172#endif
2173 case VNC_ENCODING_ZLIB:
2174
2175
2176
2177
2178
2179 if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) {
2180 vs->features |= VNC_FEATURE_ZLIB_MASK;
2181 vs->vnc_encoding = enc;
2182 }
2183 break;
2184 case VNC_ENCODING_ZRLE:
2185 vs->features |= VNC_FEATURE_ZRLE_MASK;
2186 vs->vnc_encoding = enc;
2187 break;
2188 case VNC_ENCODING_ZYWRLE:
2189 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2190 vs->vnc_encoding = enc;
2191 break;
2192 case VNC_ENCODING_DESKTOPRESIZE:
2193 vs->features |= VNC_FEATURE_RESIZE_MASK;
2194 break;
2195 case VNC_ENCODING_DESKTOP_RESIZE_EXT:
2196 vs->features |= VNC_FEATURE_RESIZE_EXT_MASK;
2197 break;
2198 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2199 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2200 break;
2201 case VNC_ENCODING_RICH_CURSOR:
2202 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2203 break;
2204 case VNC_ENCODING_ALPHA_CURSOR:
2205 vs->features |= VNC_FEATURE_ALPHA_CURSOR_MASK;
2206 break;
2207 case VNC_ENCODING_EXT_KEY_EVENT:
2208 send_ext_key_event_ack(vs);
2209 break;
2210 case VNC_ENCODING_AUDIO:
2211 send_ext_audio_ack(vs);
2212 break;
2213 case VNC_ENCODING_WMVi:
2214 vs->features |= VNC_FEATURE_WMVI_MASK;
2215 break;
2216 case VNC_ENCODING_LED_STATE:
2217 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2218 break;
2219 case VNC_ENCODING_XVP:
2220 if (vs->vd->power_control) {
2221 vs->features |= VNC_FEATURE_XVP;
2222 send_xvp_message(vs, VNC_XVP_CODE_INIT);
2223 }
2224 break;
2225 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2226 vs->tight->compression = (enc & 0x0F);
2227 break;
2228 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2229 if (vs->vd->lossy) {
2230 vs->tight->quality = (enc & 0x0F);
2231 }
2232 break;
2233 default:
2234 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2235 break;
2236 }
2237 }
2238 vnc_desktop_resize(vs);
2239 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2240 vnc_led_state_change(vs);
2241 vnc_cursor_define(vs);
2242}
2243
2244static void set_pixel_conversion(VncState *vs)
2245{
2246 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2247
2248 if (fmt == VNC_SERVER_FB_FORMAT) {
2249 vs->write_pixels = vnc_write_pixels_copy;
2250 vnc_hextile_set_pixel_conversion(vs, 0);
2251 } else {
2252 vs->write_pixels = vnc_write_pixels_generic;
2253 vnc_hextile_set_pixel_conversion(vs, 1);
2254 }
2255}
2256
2257static void send_color_map(VncState *vs)
2258{
2259 int i;
2260
2261 vnc_lock_output(vs);
2262 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2263 vnc_write_u8(vs, 0);
2264 vnc_write_u16(vs, 0);
2265 vnc_write_u16(vs, 256);
2266
2267 for (i = 0; i < 256; i++) {
2268 PixelFormat *pf = &vs->client_pf;
2269
2270 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2271 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2272 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2273 }
2274 vnc_unlock_output(vs);
2275}
2276
2277static void set_pixel_format(VncState *vs, int bits_per_pixel,
2278 int big_endian_flag, int true_color_flag,
2279 int red_max, int green_max, int blue_max,
2280 int red_shift, int green_shift, int blue_shift)
2281{
2282 if (!true_color_flag) {
2283
2284 bits_per_pixel = 8;
2285 red_max = 7;
2286 green_max = 7;
2287 blue_max = 3;
2288 red_shift = 0;
2289 green_shift = 3;
2290 blue_shift = 6;
2291 }
2292
2293 switch (bits_per_pixel) {
2294 case 8:
2295 case 16:
2296 case 32:
2297 break;
2298 default:
2299 vnc_client_error(vs);
2300 return;
2301 }
2302
2303 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2304 vs->client_pf.rbits = ctpopl(red_max);
2305 vs->client_pf.rshift = red_shift;
2306 vs->client_pf.rmask = red_max << red_shift;
2307 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2308 vs->client_pf.gbits = ctpopl(green_max);
2309 vs->client_pf.gshift = green_shift;
2310 vs->client_pf.gmask = green_max << green_shift;
2311 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2312 vs->client_pf.bbits = ctpopl(blue_max);
2313 vs->client_pf.bshift = blue_shift;
2314 vs->client_pf.bmask = blue_max << blue_shift;
2315 vs->client_pf.bits_per_pixel = bits_per_pixel;
2316 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2317 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2318 vs->client_be = big_endian_flag;
2319
2320 if (!true_color_flag) {
2321 send_color_map(vs);
2322 }
2323
2324 set_pixel_conversion(vs);
2325
2326 graphic_hw_invalidate(vs->vd->dcl.con);
2327 graphic_hw_update(vs->vd->dcl.con);
2328}
2329
2330static void pixel_format_message (VncState *vs) {
2331 char pad[3] = { 0, 0, 0 };
2332
2333 vs->client_pf = qemu_default_pixelformat(32);
2334
2335 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
2336 vnc_write_u8(vs, vs->client_pf.depth);
2337
2338#ifdef HOST_WORDS_BIGENDIAN
2339 vnc_write_u8(vs, 1);
2340#else
2341 vnc_write_u8(vs, 0);
2342#endif
2343 vnc_write_u8(vs, 1);
2344 vnc_write_u16(vs, vs->client_pf.rmax);
2345 vnc_write_u16(vs, vs->client_pf.gmax);
2346 vnc_write_u16(vs, vs->client_pf.bmax);
2347 vnc_write_u8(vs, vs->client_pf.rshift);
2348 vnc_write_u8(vs, vs->client_pf.gshift);
2349 vnc_write_u8(vs, vs->client_pf.bshift);
2350 vnc_write(vs, pad, 3);
2351
2352 vnc_hextile_set_pixel_conversion(vs, 0);
2353 vs->write_pixels = vnc_write_pixels_copy;
2354}
2355
2356static void vnc_colordepth(VncState *vs)
2357{
2358 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2359
2360 vnc_lock_output(vs);
2361 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2362 vnc_write_u8(vs, 0);
2363 vnc_write_u16(vs, 1);
2364 vnc_framebuffer_update(vs, 0, 0,
2365 vs->client_width,
2366 vs->client_height,
2367 VNC_ENCODING_WMVi);
2368 pixel_format_message(vs);
2369 vnc_unlock_output(vs);
2370 vnc_flush(vs);
2371 } else {
2372 set_pixel_conversion(vs);
2373 }
2374}
2375
2376static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2377{
2378 int i;
2379 uint16_t limit;
2380 uint32_t freq;
2381 VncDisplay *vd = vs->vd;
2382
2383 if (data[0] > 3) {
2384 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2385 }
2386
2387 switch (data[0]) {
2388 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2389 if (len == 1)
2390 return 20;
2391
2392 set_pixel_format(vs, read_u8(data, 4),
2393 read_u8(data, 6), read_u8(data, 7),
2394 read_u16(data, 8), read_u16(data, 10),
2395 read_u16(data, 12), read_u8(data, 14),
2396 read_u8(data, 15), read_u8(data, 16));
2397 break;
2398 case VNC_MSG_CLIENT_SET_ENCODINGS:
2399 if (len == 1)
2400 return 4;
2401
2402 if (len == 4) {
2403 limit = read_u16(data, 2);
2404 if (limit > 0)
2405 return 4 + (limit * 4);
2406 } else
2407 limit = read_u16(data, 2);
2408
2409 for (i = 0; i < limit; i++) {
2410 int32_t val = read_s32(data, 4 + (i * 4));
2411 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2412 }
2413
2414 set_encodings(vs, (int32_t *)(data + 4), limit);
2415 break;
2416 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2417 if (len == 1)
2418 return 10;
2419
2420 framebuffer_update_request(vs,
2421 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2422 read_u16(data, 6), read_u16(data, 8));
2423 break;
2424 case VNC_MSG_CLIENT_KEY_EVENT:
2425 if (len == 1)
2426 return 8;
2427
2428 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2429 break;
2430 case VNC_MSG_CLIENT_POINTER_EVENT:
2431 if (len == 1)
2432 return 6;
2433
2434 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2435 break;
2436 case VNC_MSG_CLIENT_CUT_TEXT:
2437 if (len == 1) {
2438 return 8;
2439 }
2440 if (len == 8) {
2441 uint32_t dlen = read_u32(data, 4);
2442 if (dlen > (1 << 20)) {
2443 error_report("vnc: client_cut_text msg payload has %u bytes"
2444 " which exceeds our limit of 1MB.", dlen);
2445 vnc_client_error(vs);
2446 break;
2447 }
2448 if (dlen > 0) {
2449 return 8 + dlen;
2450 }
2451 }
2452
2453 client_cut_text(vs, read_u32(data, 4), data + 8);
2454 break;
2455 case VNC_MSG_CLIENT_XVP:
2456 if (!(vs->features & VNC_FEATURE_XVP)) {
2457 error_report("vnc: xvp client message while disabled");
2458 vnc_client_error(vs);
2459 break;
2460 }
2461 if (len == 1) {
2462 return 4;
2463 }
2464 if (len == 4) {
2465 uint8_t version = read_u8(data, 2);
2466 uint8_t action = read_u8(data, 3);
2467
2468 if (version != 1) {
2469 error_report("vnc: xvp client message version %d != 1",
2470 version);
2471 vnc_client_error(vs);
2472 break;
2473 }
2474
2475 switch (action) {
2476 case VNC_XVP_ACTION_SHUTDOWN:
2477 qemu_system_powerdown_request();
2478 break;
2479 case VNC_XVP_ACTION_REBOOT:
2480 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2481 break;
2482 case VNC_XVP_ACTION_RESET:
2483 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET);
2484 break;
2485 default:
2486 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2487 break;
2488 }
2489 }
2490 break;
2491 case VNC_MSG_CLIENT_QEMU:
2492 if (len == 1)
2493 return 2;
2494
2495 switch (read_u8(data, 1)) {
2496 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2497 if (len == 2)
2498 return 12;
2499
2500 ext_key_event(vs, read_u16(data, 2),
2501 read_u32(data, 4), read_u32(data, 8));
2502 break;
2503 case VNC_MSG_CLIENT_QEMU_AUDIO:
2504 if (len == 2)
2505 return 4;
2506
2507 switch (read_u16 (data, 2)) {
2508 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2509 trace_vnc_msg_client_audio_enable(vs, vs->ioc);
2510 audio_add(vs);
2511 break;
2512 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2513 trace_vnc_msg_client_audio_disable(vs, vs->ioc);
2514 audio_del(vs);
2515 break;
2516 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2517 if (len == 4)
2518 return 10;
2519 switch (read_u8(data, 4)) {
2520 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2521 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2522 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2523 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2524 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2525 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2526 default:
2527 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2528 vnc_client_error(vs);
2529 break;
2530 }
2531 vs->as.nchannels = read_u8(data, 5);
2532 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2533 VNC_DEBUG("Invalid audio channel count %d\n",
2534 read_u8(data, 5));
2535 vnc_client_error(vs);
2536 break;
2537 }
2538 freq = read_u32(data, 6);
2539
2540
2541
2542
2543 if (freq > 48000) {
2544 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2545 vnc_client_error(vs);
2546 break;
2547 }
2548 vs->as.freq = freq;
2549 trace_vnc_msg_client_audio_format(
2550 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq);
2551 break;
2552 default:
2553 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2554 vnc_client_error(vs);
2555 break;
2556 }
2557 break;
2558
2559 default:
2560 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2561 vnc_client_error(vs);
2562 break;
2563 }
2564 break;
2565 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE:
2566 {
2567 size_t size;
2568 uint8_t screens;
2569 int w, h;
2570
2571 if (len < 8) {
2572 return 8;
2573 }
2574
2575 screens = read_u8(data, 6);
2576 size = 8 + screens * 16;
2577 if (len < size) {
2578 return size;
2579 }
2580 w = read_u16(data, 2);
2581 h = read_u16(data, 4);
2582
2583 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens);
2584 if (dpy_ui_info_supported(vs->vd->dcl.con)) {
2585 QemuUIInfo info;
2586 memset(&info, 0, sizeof(info));
2587 info.width = w;
2588 info.height = h;
2589 dpy_set_ui_info(vs->vd->dcl.con, &info);
2590 vnc_desktop_resize_ext(vs, 4 );
2591 } else {
2592 vnc_desktop_resize_ext(vs, 3 );
2593 }
2594
2595 break;
2596 }
2597 default:
2598 VNC_DEBUG("Msg: %d\n", data[0]);
2599 vnc_client_error(vs);
2600 break;
2601 }
2602
2603 vnc_update_throttle_offset(vs);
2604 vnc_read_when(vs, protocol_client_msg, 1);
2605 return 0;
2606}
2607
2608static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2609{
2610 char buf[1024];
2611 VncShareMode mode;
2612 int size;
2613
2614 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2615 switch (vs->vd->share_policy) {
2616 case VNC_SHARE_POLICY_IGNORE:
2617
2618
2619
2620
2621
2622
2623
2624 break;
2625 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2636 VncState *client;
2637 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2638 if (vs == client) {
2639 continue;
2640 }
2641 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2642 client->share_mode != VNC_SHARE_MODE_SHARED) {
2643 continue;
2644 }
2645 vnc_disconnect_start(client);
2646 }
2647 }
2648 if (mode == VNC_SHARE_MODE_SHARED) {
2649 if (vs->vd->num_exclusive > 0) {
2650 vnc_disconnect_start(vs);
2651 return 0;
2652 }
2653 }
2654 break;
2655 case VNC_SHARE_POLICY_FORCE_SHARED:
2656
2657
2658
2659
2660
2661
2662
2663
2664 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2665 vnc_disconnect_start(vs);
2666 return 0;
2667 }
2668 break;
2669 }
2670 vnc_set_share_mode(vs, mode);
2671
2672 if (vs->vd->num_shared > vs->vd->connections_limit) {
2673 vnc_disconnect_start(vs);
2674 return 0;
2675 }
2676
2677 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2678 pixman_image_get_width(vs->vd->server) >= 0);
2679 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2680 pixman_image_get_height(vs->vd->server) >= 0);
2681 vs->client_width = pixman_image_get_width(vs->vd->server);
2682 vs->client_height = pixman_image_get_height(vs->vd->server);
2683 vnc_write_u16(vs, vs->client_width);
2684 vnc_write_u16(vs, vs->client_height);
2685
2686 pixel_format_message(vs);
2687
2688 if (qemu_name) {
2689 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2690 if (size > sizeof(buf)) {
2691 size = sizeof(buf);
2692 }
2693 } else {
2694 size = snprintf(buf, sizeof(buf), "QEMU");
2695 }
2696
2697 vnc_write_u32(vs, size);
2698 vnc_write(vs, buf, size);
2699 vnc_flush(vs);
2700
2701 vnc_client_cache_auth(vs);
2702 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2703
2704 vnc_read_when(vs, protocol_client_msg, 1);
2705
2706 return 0;
2707}
2708
2709void start_client_init(VncState *vs)
2710{
2711 vnc_read_when(vs, protocol_client_init, 1);
2712}
2713
2714static void authentication_failed(VncState *vs)
2715{
2716 vnc_write_u32(vs, 1);
2717 if (vs->minor >= 8) {
2718 static const char err[] = "Authentication failed";
2719 vnc_write_u32(vs, sizeof(err));
2720 vnc_write(vs, err, sizeof(err));
2721 }
2722 vnc_flush(vs);
2723 vnc_client_error(vs);
2724}
2725
2726static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2727{
2728 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2729 size_t i, pwlen;
2730 unsigned char key[8];
2731 time_t now = time(NULL);
2732 QCryptoCipher *cipher = NULL;
2733 Error *err = NULL;
2734
2735 if (!vs->vd->password) {
2736 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2737 goto reject;
2738 }
2739 if (vs->vd->expires < now) {
2740 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2741 goto reject;
2742 }
2743
2744 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2745
2746
2747 pwlen = strlen(vs->vd->password);
2748 for (i=0; i<sizeof(key); i++)
2749 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2750
2751 cipher = qcrypto_cipher_new(
2752 QCRYPTO_CIPHER_ALG_DES_RFB,
2753 QCRYPTO_CIPHER_MODE_ECB,
2754 key, G_N_ELEMENTS(key),
2755 &err);
2756 if (!cipher) {
2757 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2758 error_get_pretty(err));
2759 error_free(err);
2760 goto reject;
2761 }
2762
2763 if (qcrypto_cipher_encrypt(cipher,
2764 vs->challenge,
2765 response,
2766 VNC_AUTH_CHALLENGE_SIZE,
2767 &err) < 0) {
2768 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2769 error_get_pretty(err));
2770 error_free(err);
2771 goto reject;
2772 }
2773
2774
2775 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2776 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2777 goto reject;
2778 } else {
2779 trace_vnc_auth_pass(vs, vs->auth);
2780 vnc_write_u32(vs, 0);
2781 vnc_flush(vs);
2782
2783 start_client_init(vs);
2784 }
2785
2786 qcrypto_cipher_free(cipher);
2787 return 0;
2788
2789reject:
2790 authentication_failed(vs);
2791 qcrypto_cipher_free(cipher);
2792 return 0;
2793}
2794
2795void start_auth_vnc(VncState *vs)
2796{
2797 Error *err = NULL;
2798
2799 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2800 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2801 error_get_pretty(err));
2802 error_free(err);
2803 authentication_failed(vs);
2804 return;
2805 }
2806
2807
2808 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2809 vnc_flush(vs);
2810
2811 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2812}
2813
2814
2815static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2816{
2817
2818
2819 if (data[0] != vs->auth) {
2820 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2821 authentication_failed(vs);
2822 } else {
2823 trace_vnc_auth_start(vs, vs->auth);
2824 switch (vs->auth) {
2825 case VNC_AUTH_NONE:
2826 if (vs->minor >= 8) {
2827 vnc_write_u32(vs, 0);
2828 vnc_flush(vs);
2829 }
2830 trace_vnc_auth_pass(vs, vs->auth);
2831 start_client_init(vs);
2832 break;
2833
2834 case VNC_AUTH_VNC:
2835 start_auth_vnc(vs);
2836 break;
2837
2838 case VNC_AUTH_VENCRYPT:
2839 start_auth_vencrypt(vs);
2840 break;
2841
2842#ifdef CONFIG_VNC_SASL
2843 case VNC_AUTH_SASL:
2844 start_auth_sasl(vs);
2845 break;
2846#endif
2847
2848 default:
2849 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2850 authentication_failed(vs);
2851 }
2852 }
2853 return 0;
2854}
2855
2856static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2857{
2858 char local[13];
2859
2860 memcpy(local, version, 12);
2861 local[12] = 0;
2862
2863 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2864 VNC_DEBUG("Malformed protocol version %s\n", local);
2865 vnc_client_error(vs);
2866 return 0;
2867 }
2868 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2869 if (vs->major != 3 ||
2870 (vs->minor != 3 &&
2871 vs->minor != 4 &&
2872 vs->minor != 5 &&
2873 vs->minor != 7 &&
2874 vs->minor != 8)) {
2875 VNC_DEBUG("Unsupported client version\n");
2876 vnc_write_u32(vs, VNC_AUTH_INVALID);
2877 vnc_flush(vs);
2878 vnc_client_error(vs);
2879 return 0;
2880 }
2881
2882
2883
2884 if (vs->minor == 4 || vs->minor == 5)
2885 vs->minor = 3;
2886
2887 if (vs->minor == 3) {
2888 trace_vnc_auth_start(vs, vs->auth);
2889 if (vs->auth == VNC_AUTH_NONE) {
2890 vnc_write_u32(vs, vs->auth);
2891 vnc_flush(vs);
2892 trace_vnc_auth_pass(vs, vs->auth);
2893 start_client_init(vs);
2894 } else if (vs->auth == VNC_AUTH_VNC) {
2895 VNC_DEBUG("Tell client VNC auth\n");
2896 vnc_write_u32(vs, vs->auth);
2897 vnc_flush(vs);
2898 start_auth_vnc(vs);
2899 } else {
2900 trace_vnc_auth_fail(vs, vs->auth,
2901 "Unsupported auth method for v3.3", "");
2902 vnc_write_u32(vs, VNC_AUTH_INVALID);
2903 vnc_flush(vs);
2904 vnc_client_error(vs);
2905 }
2906 } else {
2907 vnc_write_u8(vs, 1);
2908 vnc_write_u8(vs, vs->auth);
2909 vnc_read_when(vs, protocol_client_auth, 1);
2910 vnc_flush(vs);
2911 }
2912
2913 return 0;
2914}
2915
2916static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2917{
2918 struct VncSurface *vs = &vd->guest;
2919
2920 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2921}
2922
2923void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2924{
2925 int i, j;
2926
2927 w = (x + w) / VNC_STAT_RECT;
2928 h = (y + h) / VNC_STAT_RECT;
2929 x /= VNC_STAT_RECT;
2930 y /= VNC_STAT_RECT;
2931
2932 for (j = y; j <= h; j++) {
2933 for (i = x; i <= w; i++) {
2934 vs->lossy_rect[j][i] = 1;
2935 }
2936 }
2937}
2938
2939static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2940{
2941 VncState *vs;
2942 int sty = y / VNC_STAT_RECT;
2943 int stx = x / VNC_STAT_RECT;
2944 int has_dirty = 0;
2945
2946 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2947 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2948
2949 QTAILQ_FOREACH(vs, &vd->clients, next) {
2950 int j;
2951
2952
2953 if (vs->output.offset) {
2954 continue;
2955 }
2956
2957 if (!vs->lossy_rect[sty][stx]) {
2958 continue;
2959 }
2960
2961 vs->lossy_rect[sty][stx] = 0;
2962 for (j = 0; j < VNC_STAT_RECT; ++j) {
2963 bitmap_set(vs->dirty[y + j],
2964 x / VNC_DIRTY_PIXELS_PER_BIT,
2965 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2966 }
2967 has_dirty++;
2968 }
2969
2970 return has_dirty;
2971}
2972
2973static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2974{
2975 int width = MIN(pixman_image_get_width(vd->guest.fb),
2976 pixman_image_get_width(vd->server));
2977 int height = MIN(pixman_image_get_height(vd->guest.fb),
2978 pixman_image_get_height(vd->server));
2979 int x, y;
2980 struct timeval res;
2981 int has_dirty = 0;
2982
2983 for (y = 0; y < height; y += VNC_STAT_RECT) {
2984 for (x = 0; x < width; x += VNC_STAT_RECT) {
2985 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2986
2987 rect->updated = false;
2988 }
2989 }
2990
2991 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2992
2993 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2994 return has_dirty;
2995 }
2996 vd->guest.last_freq_check = *tv;
2997
2998 for (y = 0; y < height; y += VNC_STAT_RECT) {
2999 for (x = 0; x < width; x += VNC_STAT_RECT) {
3000 VncRectStat *rect= vnc_stat_rect(vd, x, y);
3001 int count = ARRAY_SIZE(rect->times);
3002 struct timeval min, max;
3003
3004 if (!timerisset(&rect->times[count - 1])) {
3005 continue ;
3006 }
3007
3008 max = rect->times[(rect->idx + count - 1) % count];
3009 qemu_timersub(tv, &max, &res);
3010
3011 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
3012 rect->freq = 0;
3013 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
3014 memset(rect->times, 0, sizeof (rect->times));
3015 continue ;
3016 }
3017
3018 min = rect->times[rect->idx];
3019 max = rect->times[(rect->idx + count - 1) % count];
3020 qemu_timersub(&max, &min, &res);
3021
3022 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
3023 rect->freq /= count;
3024 rect->freq = 1. / rect->freq;
3025 }
3026 }
3027 return has_dirty;
3028}
3029
3030double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
3031{
3032 int i, j;
3033 double total = 0;
3034 int num = 0;
3035
3036 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3037 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3038
3039 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
3040 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
3041 total += vnc_stat_rect(vs->vd, i, j)->freq;
3042 num++;
3043 }
3044 }
3045
3046 if (num) {
3047 return total / num;
3048 } else {
3049 return 0;
3050 }
3051}
3052
3053static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
3054{
3055 VncRectStat *rect;
3056
3057 rect = vnc_stat_rect(vd, x, y);
3058 if (rect->updated) {
3059 return ;
3060 }
3061 rect->times[rect->idx] = *tv;
3062 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
3063 rect->updated = true;
3064}
3065
3066static int vnc_refresh_server_surface(VncDisplay *vd)
3067{
3068 int width = MIN(pixman_image_get_width(vd->guest.fb),
3069 pixman_image_get_width(vd->server));
3070 int height = MIN(pixman_image_get_height(vd->guest.fb),
3071 pixman_image_get_height(vd->server));
3072 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
3073 uint8_t *guest_row0 = NULL, *server_row0;
3074 VncState *vs;
3075 int has_dirty = 0;
3076 pixman_image_t *tmpbuf = NULL;
3077
3078 struct timeval tv = { 0, 0 };
3079
3080 if (!vd->non_adaptive) {
3081 gettimeofday(&tv, NULL);
3082 has_dirty = vnc_update_stats(vd, &tv);
3083 }
3084
3085
3086
3087
3088
3089
3090 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
3091 server_stride = guest_stride = guest_ll =
3092 pixman_image_get_stride(vd->server);
3093 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
3094 server_stride);
3095 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3096 int width = pixman_image_get_width(vd->server);
3097 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
3098 } else {
3099 int guest_bpp =
3100 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
3101 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
3102 guest_stride = pixman_image_get_stride(vd->guest.fb);
3103 guest_ll = pixman_image_get_width(vd->guest.fb)
3104 * DIV_ROUND_UP(guest_bpp, 8);
3105 }
3106 line_bytes = MIN(server_stride, guest_ll);
3107
3108 for (;;) {
3109 int x;
3110 uint8_t *guest_ptr, *server_ptr;
3111 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3112 height * VNC_DIRTY_BPL(&vd->guest),
3113 y * VNC_DIRTY_BPL(&vd->guest));
3114 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3115
3116 break;
3117 }
3118 y = offset / VNC_DIRTY_BPL(&vd->guest);
3119 x = offset % VNC_DIRTY_BPL(&vd->guest);
3120
3121 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
3122
3123 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3124 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
3125 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
3126 } else {
3127 guest_ptr = guest_row0 + y * guest_stride;
3128 }
3129 guest_ptr += x * cmp_bytes;
3130
3131 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
3132 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
3133 int _cmp_bytes = cmp_bytes;
3134 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3135 continue;
3136 }
3137 if ((x + 1) * cmp_bytes > line_bytes) {
3138 _cmp_bytes = line_bytes - x * cmp_bytes;
3139 }
3140 assert(_cmp_bytes >= 0);
3141 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3142 continue;
3143 }
3144 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3145 if (!vd->non_adaptive) {
3146 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3147 y, &tv);
3148 }
3149 QTAILQ_FOREACH(vs, &vd->clients, next) {
3150 set_bit(x, vs->dirty[y]);
3151 }
3152 has_dirty++;
3153 }
3154
3155 y++;
3156 }
3157 qemu_pixman_image_unref(tmpbuf);
3158 return has_dirty;
3159}
3160
3161static void vnc_refresh(DisplayChangeListener *dcl)
3162{
3163 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3164 VncState *vs, *vn;
3165 int has_dirty, rects = 0;
3166
3167 if (QTAILQ_EMPTY(&vd->clients)) {
3168 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3169 return;
3170 }
3171
3172 graphic_hw_update(vd->dcl.con);
3173
3174 if (vnc_trylock_display(vd)) {
3175 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3176 return;
3177 }
3178
3179 has_dirty = vnc_refresh_server_surface(vd);
3180 vnc_unlock_display(vd);
3181
3182 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3183 rects += vnc_update_client(vs, has_dirty);
3184
3185 }
3186
3187 if (has_dirty && rects) {
3188 vd->dcl.update_interval /= 2;
3189 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3190 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3191 }
3192 } else {
3193 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3194 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3195 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3196 }
3197 }
3198}
3199
3200static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3201 bool skipauth, bool websocket)
3202{
3203 VncState *vs = g_new0(VncState, 1);
3204 bool first_client = QTAILQ_EMPTY(&vd->clients);
3205 int i;
3206
3207 trace_vnc_client_connect(vs, sioc);
3208 vs->zrle = g_new0(VncZrle, 1);
3209 vs->tight = g_new0(VncTight, 1);
3210 vs->magic = VNC_MAGIC;
3211 vs->sioc = sioc;
3212 object_ref(OBJECT(vs->sioc));
3213 vs->ioc = QIO_CHANNEL(sioc);
3214 object_ref(OBJECT(vs->ioc));
3215 vs->vd = vd;
3216
3217 buffer_init(&vs->input, "vnc-input/%p", sioc);
3218 buffer_init(&vs->output, "vnc-output/%p", sioc);
3219 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3220
3221 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3222 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3223 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3224#ifdef CONFIG_VNC_JPEG
3225 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3226#endif
3227#ifdef CONFIG_VNC_PNG
3228 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3229#endif
3230 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3231 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3232 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3233 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3234
3235 if (skipauth) {
3236 vs->auth = VNC_AUTH_NONE;
3237 vs->subauth = VNC_AUTH_INVALID;
3238 } else {
3239 if (websocket) {
3240 vs->auth = vd->ws_auth;
3241 vs->subauth = VNC_AUTH_INVALID;
3242 } else {
3243 vs->auth = vd->auth;
3244 vs->subauth = vd->subauth;
3245 }
3246 }
3247 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3248 sioc, websocket, vs->auth, vs->subauth);
3249
3250 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3251 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3252 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3253 }
3254
3255 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3256 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3257 qio_channel_set_blocking(vs->ioc, false, NULL);
3258 if (vs->ioc_tag) {
3259 g_source_remove(vs->ioc_tag);
3260 }
3261 if (websocket) {
3262 vs->websocket = 1;
3263 if (vd->tlscreds) {
3264 vs->ioc_tag = qio_channel_add_watch(
3265 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3266 vncws_tls_handshake_io, vs, NULL);
3267 } else {
3268 vs->ioc_tag = qio_channel_add_watch(
3269 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3270 vncws_handshake_io, vs, NULL);
3271 }
3272 } else {
3273 vs->ioc_tag = qio_channel_add_watch(
3274 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3275 vnc_client_io, vs, NULL);
3276 }
3277
3278 vnc_client_cache_addr(vs);
3279 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3280 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3281
3282 vs->last_x = -1;
3283 vs->last_y = -1;
3284
3285 vs->as.freq = 44100;
3286 vs->as.nchannels = 2;
3287 vs->as.fmt = AUDIO_FORMAT_S16;
3288 vs->as.endianness = 0;
3289
3290 qemu_mutex_init(&vs->output_mutex);
3291 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3292
3293 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3294 if (first_client) {
3295 vnc_update_server_surface(vd);
3296 }
3297
3298 graphic_hw_update(vd->dcl.con);
3299
3300 if (!vs->websocket) {
3301 vnc_start_protocol(vs);
3302 }
3303
3304 if (vd->num_connecting > vd->connections_limit) {
3305 QTAILQ_FOREACH(vs, &vd->clients, next) {
3306 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3307 vnc_disconnect_start(vs);
3308 return;
3309 }
3310 }
3311 }
3312}
3313
3314void vnc_start_protocol(VncState *vs)
3315{
3316 vnc_write(vs, "RFB 003.008\n", 12);
3317 vnc_flush(vs);
3318 vnc_read_when(vs, protocol_version, 12);
3319
3320 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3321 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3322}
3323
3324static void vnc_listen_io(QIONetListener *listener,
3325 QIOChannelSocket *cioc,
3326 void *opaque)
3327{
3328 VncDisplay *vd = opaque;
3329 bool isWebsock = listener == vd->wslistener;
3330
3331 qio_channel_set_name(QIO_CHANNEL(cioc),
3332 isWebsock ? "vnc-ws-server" : "vnc-server");
3333 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3334 vnc_connect(vd, cioc, false, isWebsock);
3335}
3336
3337static const DisplayChangeListenerOps dcl_ops = {
3338 .dpy_name = "vnc",
3339 .dpy_refresh = vnc_refresh,
3340 .dpy_gfx_update = vnc_dpy_update,
3341 .dpy_gfx_switch = vnc_dpy_switch,
3342 .dpy_gfx_check_format = qemu_pixman_check_format,
3343 .dpy_mouse_set = vnc_mouse_set,
3344 .dpy_cursor_define = vnc_dpy_cursor_define,
3345};
3346
3347void vnc_display_init(const char *id, Error **errp)
3348{
3349 VncDisplay *vd;
3350
3351 if (vnc_display_find(id) != NULL) {
3352 return;
3353 }
3354 vd = g_malloc0(sizeof(*vd));
3355
3356 vd->id = strdup(id);
3357 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3358
3359 QTAILQ_INIT(&vd->clients);
3360 vd->expires = TIME_MAX;
3361
3362 if (keyboard_layout) {
3363 trace_vnc_key_map_init(keyboard_layout);
3364 vd->kbd_layout = init_keyboard_layout(name2keysym,
3365 keyboard_layout, errp);
3366 } else {
3367 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3368 }
3369
3370 if (!vd->kbd_layout) {
3371 return;
3372 }
3373
3374 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3375 vd->connections_limit = 32;
3376
3377 qemu_mutex_init(&vd->mutex);
3378 vnc_start_worker_thread();
3379
3380 vd->dcl.ops = &dcl_ops;
3381 register_displaychangelistener(&vd->dcl);
3382 vd->kbd = qkbd_state_init(vd->dcl.con);
3383}
3384
3385
3386static void vnc_display_close(VncDisplay *vd)
3387{
3388 if (!vd) {
3389 return;
3390 }
3391 vd->is_unix = false;
3392
3393 if (vd->listener) {
3394 qio_net_listener_disconnect(vd->listener);
3395 object_unref(OBJECT(vd->listener));
3396 }
3397 vd->listener = NULL;
3398
3399 if (vd->wslistener) {
3400 qio_net_listener_disconnect(vd->wslistener);
3401 object_unref(OBJECT(vd->wslistener));
3402 }
3403 vd->wslistener = NULL;
3404
3405 vd->auth = VNC_AUTH_INVALID;
3406 vd->subauth = VNC_AUTH_INVALID;
3407 if (vd->tlscreds) {
3408 object_unref(OBJECT(vd->tlscreds));
3409 vd->tlscreds = NULL;
3410 }
3411 if (vd->tlsauthz) {
3412 object_unparent(OBJECT(vd->tlsauthz));
3413 vd->tlsauthz = NULL;
3414 }
3415 g_free(vd->tlsauthzid);
3416 vd->tlsauthzid = NULL;
3417 if (vd->lock_key_sync) {
3418 qemu_remove_led_event_handler(vd->led);
3419 vd->led = NULL;
3420 }
3421#ifdef CONFIG_VNC_SASL
3422 if (vd->sasl.authz) {
3423 object_unparent(OBJECT(vd->sasl.authz));
3424 vd->sasl.authz = NULL;
3425 }
3426 g_free(vd->sasl.authzid);
3427 vd->sasl.authzid = NULL;
3428#endif
3429}
3430
3431int vnc_display_password(const char *id, const char *password)
3432{
3433 VncDisplay *vd = vnc_display_find(id);
3434
3435 if (!vd) {
3436 return -EINVAL;
3437 }
3438 if (vd->auth == VNC_AUTH_NONE) {
3439 error_printf_unless_qmp("If you want use passwords please enable "
3440 "password auth using '-vnc ${dpy},password'.\n");
3441 return -EINVAL;
3442 }
3443
3444 g_free(vd->password);
3445 vd->password = g_strdup(password);
3446
3447 return 0;
3448}
3449
3450int vnc_display_pw_expire(const char *id, time_t expires)
3451{
3452 VncDisplay *vd = vnc_display_find(id);
3453
3454 if (!vd) {
3455 return -EINVAL;
3456 }
3457
3458 vd->expires = expires;
3459 return 0;
3460}
3461
3462static void vnc_display_print_local_addr(VncDisplay *vd)
3463{
3464 SocketAddress *addr;
3465
3466 if (!vd->listener || !vd->listener->nsioc) {
3467 return;
3468 }
3469
3470 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3471 if (!addr) {
3472 return;
3473 }
3474
3475 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3476 qapi_free_SocketAddress(addr);
3477 return;
3478 }
3479 error_printf_unless_qmp("VNC server running on %s:%s\n",
3480 addr->u.inet.host,
3481 addr->u.inet.port);
3482 qapi_free_SocketAddress(addr);
3483}
3484
3485static QemuOptsList qemu_vnc_opts = {
3486 .name = "vnc",
3487 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3488 .implied_opt_name = "vnc",
3489 .desc = {
3490 {
3491 .name = "vnc",
3492 .type = QEMU_OPT_STRING,
3493 },{
3494 .name = "websocket",
3495 .type = QEMU_OPT_STRING,
3496 },{
3497 .name = "tls-creds",
3498 .type = QEMU_OPT_STRING,
3499 },{
3500 .name = "share",
3501 .type = QEMU_OPT_STRING,
3502 },{
3503 .name = "display",
3504 .type = QEMU_OPT_STRING,
3505 },{
3506 .name = "head",
3507 .type = QEMU_OPT_NUMBER,
3508 },{
3509 .name = "connections",
3510 .type = QEMU_OPT_NUMBER,
3511 },{
3512 .name = "to",
3513 .type = QEMU_OPT_NUMBER,
3514 },{
3515 .name = "ipv4",
3516 .type = QEMU_OPT_BOOL,
3517 },{
3518 .name = "ipv6",
3519 .type = QEMU_OPT_BOOL,
3520 },{
3521 .name = "password",
3522 .type = QEMU_OPT_BOOL,
3523 },{
3524 .name = "password-secret",
3525 .type = QEMU_OPT_STRING,
3526 },{
3527 .name = "reverse",
3528 .type = QEMU_OPT_BOOL,
3529 },{
3530 .name = "lock-key-sync",
3531 .type = QEMU_OPT_BOOL,
3532 },{
3533 .name = "key-delay-ms",
3534 .type = QEMU_OPT_NUMBER,
3535 },{
3536 .name = "sasl",
3537 .type = QEMU_OPT_BOOL,
3538 },{
3539 .name = "tls-authz",
3540 .type = QEMU_OPT_STRING,
3541 },{
3542 .name = "sasl-authz",
3543 .type = QEMU_OPT_STRING,
3544 },{
3545 .name = "lossy",
3546 .type = QEMU_OPT_BOOL,
3547 },{
3548 .name = "non-adaptive",
3549 .type = QEMU_OPT_BOOL,
3550 },{
3551 .name = "audiodev",
3552 .type = QEMU_OPT_STRING,
3553 },{
3554 .name = "power-control",
3555 .type = QEMU_OPT_BOOL,
3556 },
3557 { }
3558 },
3559};
3560
3561
3562static int
3563vnc_display_setup_auth(int *auth,
3564 int *subauth,
3565 QCryptoTLSCreds *tlscreds,
3566 bool password,
3567 bool sasl,
3568 bool websocket,
3569 Error **errp)
3570{
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618 if (websocket || !tlscreds) {
3619 if (password) {
3620 VNC_DEBUG("Initializing VNC server with password auth\n");
3621 *auth = VNC_AUTH_VNC;
3622 } else if (sasl) {
3623 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3624 *auth = VNC_AUTH_SASL;
3625 } else {
3626 VNC_DEBUG("Initializing VNC server with no auth\n");
3627 *auth = VNC_AUTH_NONE;
3628 }
3629 *subauth = VNC_AUTH_INVALID;
3630 } else {
3631 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3632 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3633 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3634 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3635
3636 if (!is_x509 && !is_anon) {
3637 error_setg(errp,
3638 "Unsupported TLS cred type %s",
3639 object_get_typename(OBJECT(tlscreds)));
3640 return -1;
3641 }
3642 *auth = VNC_AUTH_VENCRYPT;
3643 if (password) {
3644 if (is_x509) {
3645 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3646 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3647 } else {
3648 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3649 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3650 }
3651
3652 } else if (sasl) {
3653 if (is_x509) {
3654 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3655 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3656 } else {
3657 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3658 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3659 }
3660 } else {
3661 if (is_x509) {
3662 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3663 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3664 } else {
3665 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3666 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3667 }
3668 }
3669 }
3670 return 0;
3671}
3672
3673
3674static int vnc_display_get_address(const char *addrstr,
3675 bool websocket,
3676 bool reverse,
3677 int displaynum,
3678 int to,
3679 bool has_ipv4,
3680 bool has_ipv6,
3681 bool ipv4,
3682 bool ipv6,
3683 SocketAddress **retaddr,
3684 Error **errp)
3685{
3686 int ret = -1;
3687 SocketAddress *addr = NULL;
3688
3689 addr = g_new0(SocketAddress, 1);
3690
3691 if (strncmp(addrstr, "unix:", 5) == 0) {
3692 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3693 addr->u.q_unix.path = g_strdup(addrstr + 5);
3694
3695 if (websocket) {
3696 error_setg(errp, "UNIX sockets not supported with websock");
3697 goto cleanup;
3698 }
3699
3700 if (to) {
3701 error_setg(errp, "Port range not support with UNIX socket");
3702 goto cleanup;
3703 }
3704 ret = 0;
3705 } else {
3706 const char *port;
3707 size_t hostlen;
3708 unsigned long long baseport = 0;
3709 InetSocketAddress *inet;
3710
3711 port = strrchr(addrstr, ':');
3712 if (!port) {
3713 if (websocket) {
3714 hostlen = 0;
3715 port = addrstr;
3716 } else {
3717 error_setg(errp, "no vnc port specified");
3718 goto cleanup;
3719 }
3720 } else {
3721 hostlen = port - addrstr;
3722 port++;
3723 if (*port == '\0') {
3724 error_setg(errp, "vnc port cannot be empty");
3725 goto cleanup;
3726 }
3727 }
3728
3729 addr->type = SOCKET_ADDRESS_TYPE_INET;
3730 inet = &addr->u.inet;
3731 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3732 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3733 } else {
3734 inet->host = g_strndup(addrstr, hostlen);
3735 }
3736
3737
3738 if (websocket) {
3739 if (g_str_equal(addrstr, "") ||
3740 g_str_equal(addrstr, "on")) {
3741 if (displaynum == -1) {
3742 error_setg(errp, "explicit websocket port is required");
3743 goto cleanup;
3744 }
3745 inet->port = g_strdup_printf(
3746 "%d", displaynum + 5700);
3747 if (to) {
3748 inet->has_to = true;
3749 inet->to = to + 5700;
3750 }
3751 } else {
3752 inet->port = g_strdup(port);
3753 }
3754 } else {
3755 int offset = reverse ? 0 : 5900;
3756 if (parse_uint_full(port, &baseport, 10) < 0) {
3757 error_setg(errp, "can't convert to a number: %s", port);
3758 goto cleanup;
3759 }
3760 if (baseport > 65535 ||
3761 baseport + offset > 65535) {
3762 error_setg(errp, "port %s out of range", port);
3763 goto cleanup;
3764 }
3765 inet->port = g_strdup_printf(
3766 "%d", (int)baseport + offset);
3767
3768 if (to) {
3769 inet->has_to = true;
3770 inet->to = to + offset;
3771 }
3772 }
3773
3774 inet->ipv4 = ipv4;
3775 inet->has_ipv4 = has_ipv4;
3776 inet->ipv6 = ipv6;
3777 inet->has_ipv6 = has_ipv6;
3778
3779 ret = baseport;
3780 }
3781
3782 *retaddr = addr;
3783
3784 cleanup:
3785 if (ret < 0) {
3786 qapi_free_SocketAddress(addr);
3787 }
3788 return ret;
3789}
3790
3791static void vnc_free_addresses(SocketAddress ***retsaddr,
3792 size_t *retnsaddr)
3793{
3794 size_t i;
3795
3796 for (i = 0; i < *retnsaddr; i++) {
3797 qapi_free_SocketAddress((*retsaddr)[i]);
3798 }
3799 g_free(*retsaddr);
3800
3801 *retsaddr = NULL;
3802 *retnsaddr = 0;
3803}
3804
3805static int vnc_display_get_addresses(QemuOpts *opts,
3806 bool reverse,
3807 SocketAddress ***retsaddr,
3808 size_t *retnsaddr,
3809 SocketAddress ***retwsaddr,
3810 size_t *retnwsaddr,
3811 Error **errp)
3812{
3813 SocketAddress *saddr = NULL;
3814 SocketAddress *wsaddr = NULL;
3815 QemuOptsIter addriter;
3816 const char *addr;
3817 int to = qemu_opt_get_number(opts, "to", 0);
3818 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3819 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3820 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3821 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3822 int displaynum = -1;
3823 int ret = -1;
3824
3825 *retsaddr = NULL;
3826 *retnsaddr = 0;
3827 *retwsaddr = NULL;
3828 *retnwsaddr = 0;
3829
3830 addr = qemu_opt_get(opts, "vnc");
3831 if (addr == NULL || g_str_equal(addr, "none")) {
3832 ret = 0;
3833 goto cleanup;
3834 }
3835 if (qemu_opt_get(opts, "websocket") &&
3836 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3837 error_setg(errp,
3838 "SHA1 hash support is required for websockets");
3839 goto cleanup;
3840 }
3841
3842 qemu_opt_iter_init(&addriter, opts, "vnc");
3843 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3844 int rv;
3845 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3846 has_ipv4, has_ipv6,
3847 ipv4, ipv6,
3848 &saddr, errp);
3849 if (rv < 0) {
3850 goto cleanup;
3851 }
3852
3853
3854
3855 if (displaynum == -1) {
3856 displaynum = rv;
3857 }
3858 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3859 (*retsaddr)[(*retnsaddr)++] = saddr;
3860 }
3861
3862
3863
3864 if (*retnsaddr > 1) {
3865 displaynum = -1;
3866 }
3867
3868 qemu_opt_iter_init(&addriter, opts, "websocket");
3869 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3870 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3871 has_ipv4, has_ipv6,
3872 ipv4, ipv6,
3873 &wsaddr, errp) < 0) {
3874 goto cleanup;
3875 }
3876
3877
3878
3879
3880
3881 if (*retnsaddr == 1 &&
3882 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3883 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3884 g_str_equal(wsaddr->u.inet.host, "") &&
3885 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3886 g_free(wsaddr->u.inet.host);
3887 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3888 }
3889
3890 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3891 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3892 }
3893
3894 ret = 0;
3895 cleanup:
3896 if (ret < 0) {
3897 vnc_free_addresses(retsaddr, retnsaddr);
3898 vnc_free_addresses(retwsaddr, retnwsaddr);
3899 }
3900 return ret;
3901}
3902
3903static int vnc_display_connect(VncDisplay *vd,
3904 SocketAddress **saddr,
3905 size_t nsaddr,
3906 SocketAddress **wsaddr,
3907 size_t nwsaddr,
3908 Error **errp)
3909{
3910
3911 QIOChannelSocket *sioc = NULL;
3912 if (nwsaddr != 0) {
3913 error_setg(errp, "Cannot use websockets in reverse mode");
3914 return -1;
3915 }
3916 if (nsaddr != 1) {
3917 error_setg(errp, "Expected a single address in reverse mode");
3918 return -1;
3919 }
3920
3921 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3922 sioc = qio_channel_socket_new();
3923 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3924 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3925 object_unref(OBJECT(sioc));
3926 return -1;
3927 }
3928 vnc_connect(vd, sioc, false, false);
3929 object_unref(OBJECT(sioc));
3930 return 0;
3931}
3932
3933
3934static int vnc_display_listen(VncDisplay *vd,
3935 SocketAddress **saddr,
3936 size_t nsaddr,
3937 SocketAddress **wsaddr,
3938 size_t nwsaddr,
3939 Error **errp)
3940{
3941 size_t i;
3942
3943 if (nsaddr) {
3944 vd->listener = qio_net_listener_new();
3945 qio_net_listener_set_name(vd->listener, "vnc-listen");
3946 for (i = 0; i < nsaddr; i++) {
3947 if (qio_net_listener_open_sync(vd->listener,
3948 saddr[i], 1,
3949 errp) < 0) {
3950 return -1;
3951 }
3952 }
3953
3954 qio_net_listener_set_client_func(vd->listener,
3955 vnc_listen_io, vd, NULL);
3956 }
3957
3958 if (nwsaddr) {
3959 vd->wslistener = qio_net_listener_new();
3960 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3961 for (i = 0; i < nwsaddr; i++) {
3962 if (qio_net_listener_open_sync(vd->wslistener,
3963 wsaddr[i], 1,
3964 errp) < 0) {
3965 return -1;
3966 }
3967 }
3968
3969 qio_net_listener_set_client_func(vd->wslistener,
3970 vnc_listen_io, vd, NULL);
3971 }
3972
3973 return 0;
3974}
3975
3976
3977void vnc_display_open(const char *id, Error **errp)
3978{
3979 VncDisplay *vd = vnc_display_find(id);
3980 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3981 SocketAddress **saddr = NULL, **wsaddr = NULL;
3982 size_t nsaddr, nwsaddr;
3983 const char *share, *device_id;
3984 QemuConsole *con;
3985 bool password = false;
3986 bool reverse = false;
3987 const char *credid;
3988 bool sasl = false;
3989 const char *tlsauthz;
3990 const char *saslauthz;
3991 int lock_key_sync = 1;
3992 int key_delay_ms;
3993 const char *audiodev;
3994 const char *passwordSecret;
3995
3996 if (!vd) {
3997 error_setg(errp, "VNC display not active");
3998 return;
3999 }
4000 vnc_display_close(vd);
4001
4002 if (!opts) {
4003 return;
4004 }
4005
4006 reverse = qemu_opt_get_bool(opts, "reverse", false);
4007 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
4008 &wsaddr, &nwsaddr, errp) < 0) {
4009 goto fail;
4010 }
4011
4012
4013 passwordSecret = qemu_opt_get(opts, "password-secret");
4014 if (passwordSecret) {
4015 if (qemu_opt_get(opts, "password")) {
4016 error_setg(errp,
4017 "'password' flag is redundant with 'password-secret'");
4018 goto fail;
4019 }
4020 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret,
4021 errp);
4022 if (!vd->password) {
4023 goto fail;
4024 }
4025 password = true;
4026 } else {
4027 password = qemu_opt_get_bool(opts, "password", false);
4028 }
4029 if (password) {
4030 if (fips_get_state()) {
4031 error_setg(errp,
4032 "VNC password auth disabled due to FIPS mode, "
4033 "consider using the VeNCrypt or SASL authentication "
4034 "methods as an alternative");
4035 goto fail;
4036 }
4037 if (!qcrypto_cipher_supports(
4038 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
4039 error_setg(errp,
4040 "Cipher backend does not support DES RFB algorithm");
4041 goto fail;
4042 }
4043 }
4044
4045 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
4046 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
4047 sasl = qemu_opt_get_bool(opts, "sasl", false);
4048#ifndef CONFIG_VNC_SASL
4049 if (sasl) {
4050 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4051 goto fail;
4052 }
4053#endif
4054 credid = qemu_opt_get(opts, "tls-creds");
4055 if (credid) {
4056 Object *creds;
4057 creds = object_resolve_path_component(
4058 object_get_objects_root(), credid);
4059 if (!creds) {
4060 error_setg(errp, "No TLS credentials with id '%s'",
4061 credid);
4062 goto fail;
4063 }
4064 vd->tlscreds = (QCryptoTLSCreds *)
4065 object_dynamic_cast(creds,
4066 TYPE_QCRYPTO_TLS_CREDS);
4067 if (!vd->tlscreds) {
4068 error_setg(errp, "Object with id '%s' is not TLS credentials",
4069 credid);
4070 goto fail;
4071 }
4072 object_ref(OBJECT(vd->tlscreds));
4073
4074 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
4075 error_setg(errp,
4076 "Expecting TLS credentials with a server endpoint");
4077 goto fail;
4078 }
4079 }
4080 tlsauthz = qemu_opt_get(opts, "tls-authz");
4081 if (tlsauthz && !vd->tlscreds) {
4082 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
4083 goto fail;
4084 }
4085
4086 saslauthz = qemu_opt_get(opts, "sasl-authz");
4087 if (saslauthz && !sasl) {
4088 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4089 goto fail;
4090 }
4091
4092 share = qemu_opt_get(opts, "share");
4093 if (share) {
4094 if (strcmp(share, "ignore") == 0) {
4095 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
4096 } else if (strcmp(share, "allow-exclusive") == 0) {
4097 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4098 } else if (strcmp(share, "force-shared") == 0) {
4099 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4100 } else {
4101 error_setg(errp, "unknown vnc share= option");
4102 goto fail;
4103 }
4104 } else {
4105 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4106 }
4107 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4108
4109#ifdef CONFIG_VNC_JPEG
4110 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4111#endif
4112 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4113
4114
4115
4116 if (!vd->lossy) {
4117 vd->non_adaptive = true;
4118 }
4119
4120 vd->power_control = qemu_opt_get_bool(opts, "power-control", false);
4121
4122 if (tlsauthz) {
4123 vd->tlsauthzid = g_strdup(tlsauthz);
4124 }
4125#ifdef CONFIG_VNC_SASL
4126 if (sasl) {
4127 if (saslauthz) {
4128 vd->sasl.authzid = g_strdup(saslauthz);
4129 }
4130 }
4131#endif
4132
4133 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4134 vd->tlscreds, password,
4135 sasl, false, errp) < 0) {
4136 goto fail;
4137 }
4138 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4139
4140 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4141 vd->tlscreds, password,
4142 sasl, true, errp) < 0) {
4143 goto fail;
4144 }
4145 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4146
4147#ifdef CONFIG_VNC_SASL
4148 if (sasl) {
4149 int saslErr = sasl_server_init(NULL, "qemu");
4150
4151 if (saslErr != SASL_OK) {
4152 error_setg(errp, "Failed to initialize SASL auth: %s",
4153 sasl_errstring(saslErr, NULL, NULL));
4154 goto fail;
4155 }
4156 }
4157#endif
4158 vd->lock_key_sync = lock_key_sync;
4159 if (lock_key_sync) {
4160 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4161 }
4162 vd->ledstate = 0;
4163
4164 audiodev = qemu_opt_get(opts, "audiodev");
4165 if (audiodev) {
4166 vd->audio_state = audio_state_by_name(audiodev);
4167 if (!vd->audio_state) {
4168 error_setg(errp, "Audiodev '%s' not found", audiodev);
4169 goto fail;
4170 }
4171 }
4172
4173 device_id = qemu_opt_get(opts, "display");
4174 if (device_id) {
4175 int head = qemu_opt_get_number(opts, "head", 0);
4176 Error *err = NULL;
4177
4178 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4179 if (err) {
4180 error_propagate(errp, err);
4181 goto fail;
4182 }
4183 } else {
4184 con = NULL;
4185 }
4186
4187 if (con != vd->dcl.con) {
4188 qkbd_state_free(vd->kbd);
4189 unregister_displaychangelistener(&vd->dcl);
4190 vd->dcl.con = con;
4191 register_displaychangelistener(&vd->dcl);
4192 vd->kbd = qkbd_state_init(vd->dcl.con);
4193 }
4194 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4195
4196 if (saddr == NULL) {
4197 goto cleanup;
4198 }
4199
4200 if (reverse) {
4201 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4202 goto fail;
4203 }
4204 } else {
4205 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4206 goto fail;
4207 }
4208 }
4209
4210 if (qemu_opt_get(opts, "to")) {
4211 vnc_display_print_local_addr(vd);
4212 }
4213
4214 cleanup:
4215 vnc_free_addresses(&saddr, &nsaddr);
4216 vnc_free_addresses(&wsaddr, &nwsaddr);
4217 return;
4218
4219fail:
4220 vnc_display_close(vd);
4221 goto cleanup;
4222}
4223
4224void vnc_display_add_client(const char *id, int csock, bool skipauth)
4225{
4226 VncDisplay *vd = vnc_display_find(id);
4227 QIOChannelSocket *sioc;
4228
4229 if (!vd) {
4230 return;
4231 }
4232
4233 sioc = qio_channel_socket_new_fd(csock, NULL);
4234 if (sioc) {
4235 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4236 vnc_connect(vd, sioc, skipauth, false);
4237 object_unref(OBJECT(sioc));
4238 }
4239}
4240
4241static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4242{
4243 int i = 2;
4244 char *id;
4245
4246 id = g_strdup("default");
4247 while (qemu_opts_find(olist, id)) {
4248 g_free(id);
4249 id = g_strdup_printf("vnc%d", i++);
4250 }
4251 qemu_opts_set_id(opts, id);
4252}
4253
4254void vnc_parse(const char *str)
4255{
4256 QemuOptsList *olist = qemu_find_opts("vnc");
4257 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str));
4258 const char *id;
4259
4260 if (!opts) {
4261 exit(1);
4262 }
4263
4264 id = qemu_opts_id(opts);
4265 if (!id) {
4266
4267 vnc_auto_assign_id(olist, opts);
4268 }
4269}
4270
4271int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4272{
4273 Error *local_err = NULL;
4274 char *id = (char *)qemu_opts_id(opts);
4275
4276 assert(id);
4277 vnc_display_init(id, &local_err);
4278 if (local_err) {
4279 error_propagate(errp, local_err);
4280 return -1;
4281 }
4282 vnc_display_open(id, &local_err);
4283 if (local_err != NULL) {
4284 error_propagate(errp, local_err);
4285 return -1;
4286 }
4287 return 0;
4288}
4289
4290static void vnc_register_config(void)
4291{
4292 qemu_add_opts(&qemu_vnc_opts);
4293}
4294opts_init(vnc_register_config);
4295
