1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "qemu-common.h"
29#include "vnc.h"
30#include "vnc-jobs.h"
31#include "trace.h"
32#include "hw/qdev-core.h"
33#include "sysemu/sysemu.h"
34#include "sysemu/runstate.h"
35#include "qemu/error-report.h"
36#include "qemu/main-loop.h"
37#include "qemu/module.h"
38#include "qemu/option.h"
39#include "qemu/sockets.h"
40#include "qemu/timer.h"
41#include "authz/list.h"
42#include "qemu/config-file.h"
43#include "qapi/qapi-emit-events.h"
44#include "qapi/qapi-events-ui.h"
45#include "qapi/error.h"
46#include "qapi/qapi-commands-ui.h"
47#include "ui/input.h"
48#include "crypto/hash.h"
49#include "crypto/tlscreds.h"
50#include "crypto/tlscredsanon.h"
51#include "crypto/tlscredsx509.h"
52#include "crypto/random.h"
53#include "crypto/secret_common.h"
54#include "qom/object_interfaces.h"
55#include "qemu/cutils.h"
56#include "qemu/help_option.h"
57#include "io/dns-resolver.h"
58
59#define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
60#define VNC_REFRESH_INTERVAL_INC 50
61#define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
62static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
63static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
64
65#include "vnc_keysym.h"
66#include "crypto/cipher.h"
67
68static QTAILQ_HEAD(, VncDisplay) vnc_displays =
69 QTAILQ_HEAD_INITIALIZER(vnc_displays);
70
71static int vnc_cursor_define(VncState *vs);
72static void vnc_update_throttle_offset(VncState *vs);
73
74static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
75{
76#ifdef _VNC_DEBUG
77 static const char *mn[] = {
78 [0] = "undefined",
79 [VNC_SHARE_MODE_CONNECTING] = "connecting",
80 [VNC_SHARE_MODE_SHARED] = "shared",
81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
83 };
84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
85 vs->ioc, mn[vs->share_mode], mn[mode]);
86#endif
87
88 switch (vs->share_mode) {
89 case VNC_SHARE_MODE_CONNECTING:
90 vs->vd->num_connecting--;
91 break;
92 case VNC_SHARE_MODE_SHARED:
93 vs->vd->num_shared--;
94 break;
95 case VNC_SHARE_MODE_EXCLUSIVE:
96 vs->vd->num_exclusive--;
97 break;
98 default:
99 break;
100 }
101
102 vs->share_mode = mode;
103
104 switch (vs->share_mode) {
105 case VNC_SHARE_MODE_CONNECTING:
106 vs->vd->num_connecting++;
107 break;
108 case VNC_SHARE_MODE_SHARED:
109 vs->vd->num_shared++;
110 break;
111 case VNC_SHARE_MODE_EXCLUSIVE:
112 vs->vd->num_exclusive++;
113 break;
114 default:
115 break;
116 }
117}
118
119
120static void vnc_init_basic_info(SocketAddress *addr,
121 VncBasicInfo *info,
122 Error **errp)
123{
124 switch (addr->type) {
125 case SOCKET_ADDRESS_TYPE_INET:
126 info->host = g_strdup(addr->u.inet.host);
127 info->service = g_strdup(addr->u.inet.port);
128 if (addr->u.inet.ipv6) {
129 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
130 } else {
131 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
132 }
133 break;
134
135 case SOCKET_ADDRESS_TYPE_UNIX:
136 info->host = g_strdup("");
137 info->service = g_strdup(addr->u.q_unix.path);
138 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
139 break;
140
141 case SOCKET_ADDRESS_TYPE_VSOCK:
142 case SOCKET_ADDRESS_TYPE_FD:
143 error_setg(errp, "Unsupported socket address type %s",
144 SocketAddressType_str(addr->type));
145 break;
146 default:
147 abort();
148 }
149
150 return;
151}
152
153static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
154 VncBasicInfo *info,
155 Error **errp)
156{
157 SocketAddress *addr = NULL;
158
159 if (!ioc) {
160 error_setg(errp, "No listener socket available");
161 return;
162 }
163
164 addr = qio_channel_socket_get_local_address(ioc, errp);
165 if (!addr) {
166 return;
167 }
168
169 vnc_init_basic_info(addr, info, errp);
170 qapi_free_SocketAddress(addr);
171}
172
173static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
174 VncBasicInfo *info,
175 Error **errp)
176{
177 SocketAddress *addr = NULL;
178
179 addr = qio_channel_socket_get_remote_address(ioc, errp);
180 if (!addr) {
181 return;
182 }
183
184 vnc_init_basic_info(addr, info, errp);
185 qapi_free_SocketAddress(addr);
186}
187
188static const char *vnc_auth_name(VncDisplay *vd) {
189 switch (vd->auth) {
190 case VNC_AUTH_INVALID:
191 return "invalid";
192 case VNC_AUTH_NONE:
193 return "none";
194 case VNC_AUTH_VNC:
195 return "vnc";
196 case VNC_AUTH_RA2:
197 return "ra2";
198 case VNC_AUTH_RA2NE:
199 return "ra2ne";
200 case VNC_AUTH_TIGHT:
201 return "tight";
202 case VNC_AUTH_ULTRA:
203 return "ultra";
204 case VNC_AUTH_TLS:
205 return "tls";
206 case VNC_AUTH_VENCRYPT:
207 switch (vd->subauth) {
208 case VNC_AUTH_VENCRYPT_PLAIN:
209 return "vencrypt+plain";
210 case VNC_AUTH_VENCRYPT_TLSNONE:
211 return "vencrypt+tls+none";
212 case VNC_AUTH_VENCRYPT_TLSVNC:
213 return "vencrypt+tls+vnc";
214 case VNC_AUTH_VENCRYPT_TLSPLAIN:
215 return "vencrypt+tls+plain";
216 case VNC_AUTH_VENCRYPT_X509NONE:
217 return "vencrypt+x509+none";
218 case VNC_AUTH_VENCRYPT_X509VNC:
219 return "vencrypt+x509+vnc";
220 case VNC_AUTH_VENCRYPT_X509PLAIN:
221 return "vencrypt+x509+plain";
222 case VNC_AUTH_VENCRYPT_TLSSASL:
223 return "vencrypt+tls+sasl";
224 case VNC_AUTH_VENCRYPT_X509SASL:
225 return "vencrypt+x509+sasl";
226 default:
227 return "vencrypt";
228 }
229 case VNC_AUTH_SASL:
230 return "sasl";
231 }
232 return "unknown";
233}
234
235static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
236{
237 VncServerInfo *info;
238 Error *err = NULL;
239
240 if (!vd->listener || !vd->listener->nsioc) {
241 return NULL;
242 }
243
244 info = g_malloc0(sizeof(*info));
245 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
246 qapi_VncServerInfo_base(info), &err);
247 info->has_auth = true;
248 info->auth = g_strdup(vnc_auth_name(vd));
249 if (err) {
250 qapi_free_VncServerInfo(info);
251 info = NULL;
252 error_free(err);
253 }
254 return info;
255}
256
257static void vnc_client_cache_auth(VncState *client)
258{
259 if (!client->info) {
260 return;
261 }
262
263 if (client->tls) {
264 client->info->x509_dname =
265 qcrypto_tls_session_get_peer_name(client->tls);
266 client->info->has_x509_dname =
267 client->info->x509_dname != NULL;
268 }
269#ifdef CONFIG_VNC_SASL
270 if (client->sasl.conn &&
271 client->sasl.username) {
272 client->info->has_sasl_username = true;
273 client->info->sasl_username = g_strdup(client->sasl.username);
274 }
275#endif
276}
277
278static void vnc_client_cache_addr(VncState *client)
279{
280 Error *err = NULL;
281
282 client->info = g_malloc0(sizeof(*client->info));
283 vnc_init_basic_info_from_remote_addr(client->sioc,
284 qapi_VncClientInfo_base(client->info),
285 &err);
286 client->info->websocket = client->websocket;
287 if (err) {
288 qapi_free_VncClientInfo(client->info);
289 client->info = NULL;
290 error_free(err);
291 }
292}
293
294static void vnc_qmp_event(VncState *vs, QAPIEvent event)
295{
296 VncServerInfo *si;
297
298 if (!vs->info) {
299 return;
300 }
301
302 si = vnc_server_info_get(vs->vd);
303 if (!si) {
304 return;
305 }
306
307 switch (event) {
308 case QAPI_EVENT_VNC_CONNECTED:
309 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
310 break;
311 case QAPI_EVENT_VNC_INITIALIZED:
312 qapi_event_send_vnc_initialized(si, vs->info);
313 break;
314 case QAPI_EVENT_VNC_DISCONNECTED:
315 qapi_event_send_vnc_disconnected(si, vs->info);
316 break;
317 default:
318 break;
319 }
320
321 qapi_free_VncServerInfo(si);
322}
323
324static VncClientInfo *qmp_query_vnc_client(const VncState *client)
325{
326 VncClientInfo *info;
327 Error *err = NULL;
328
329 info = g_malloc0(sizeof(*info));
330
331 vnc_init_basic_info_from_remote_addr(client->sioc,
332 qapi_VncClientInfo_base(info),
333 &err);
334 if (err) {
335 error_free(err);
336 qapi_free_VncClientInfo(info);
337 return NULL;
338 }
339
340 info->websocket = client->websocket;
341
342 if (client->tls) {
343 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
344 info->has_x509_dname = info->x509_dname != NULL;
345 }
346#ifdef CONFIG_VNC_SASL
347 if (client->sasl.conn && client->sasl.username) {
348 info->has_sasl_username = true;
349 info->sasl_username = g_strdup(client->sasl.username);
350 }
351#endif
352
353 return info;
354}
355
356static VncDisplay *vnc_display_find(const char *id)
357{
358 VncDisplay *vd;
359
360 if (id == NULL) {
361 return QTAILQ_FIRST(&vnc_displays);
362 }
363 QTAILQ_FOREACH(vd, &vnc_displays, next) {
364 if (strcmp(id, vd->id) == 0) {
365 return vd;
366 }
367 }
368 return NULL;
369}
370
371static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
372{
373 VncClientInfoList *prev = NULL;
374 VncState *client;
375
376 QTAILQ_FOREACH(client, &vd->clients, next) {
377 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client));
378 }
379 return prev;
380}
381
382VncInfo *qmp_query_vnc(Error **errp)
383{
384 VncInfo *info = g_malloc0(sizeof(*info));
385 VncDisplay *vd = vnc_display_find(NULL);
386 SocketAddress *addr = NULL;
387
388 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
389 info->enabled = false;
390 } else {
391 info->enabled = true;
392
393
394 info->has_clients = true;
395 info->clients = qmp_query_client_list(vd);
396
397 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
398 errp);
399 if (!addr) {
400 goto out_error;
401 }
402
403 switch (addr->type) {
404 case SOCKET_ADDRESS_TYPE_INET:
405 info->host = g_strdup(addr->u.inet.host);
406 info->service = g_strdup(addr->u.inet.port);
407 if (addr->u.inet.ipv6) {
408 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
409 } else {
410 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
411 }
412 break;
413
414 case SOCKET_ADDRESS_TYPE_UNIX:
415 info->host = g_strdup("");
416 info->service = g_strdup(addr->u.q_unix.path);
417 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
418 break;
419
420 case SOCKET_ADDRESS_TYPE_VSOCK:
421 case SOCKET_ADDRESS_TYPE_FD:
422 error_setg(errp, "Unsupported socket address type %s",
423 SocketAddressType_str(addr->type));
424 goto out_error;
425 default:
426 abort();
427 }
428
429 info->has_host = true;
430 info->has_service = true;
431 info->has_family = true;
432
433 info->has_auth = true;
434 info->auth = g_strdup(vnc_auth_name(vd));
435 }
436
437 qapi_free_SocketAddress(addr);
438 return info;
439
440out_error:
441 qapi_free_SocketAddress(addr);
442 qapi_free_VncInfo(info);
443 return NULL;
444}
445
446
447static void qmp_query_auth(int auth, int subauth,
448 VncPrimaryAuth *qmp_auth,
449 VncVencryptSubAuth *qmp_vencrypt,
450 bool *qmp_has_vencrypt);
451
452static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
453 bool websocket,
454 int auth,
455 int subauth,
456 VncServerInfo2List *prev)
457{
458 VncServerInfo2 *info;
459 Error *err = NULL;
460 SocketAddress *addr;
461
462 addr = qio_channel_socket_get_local_address(ioc, NULL);
463 if (!addr) {
464 return prev;
465 }
466
467 info = g_new0(VncServerInfo2, 1);
468 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
469 qapi_free_SocketAddress(addr);
470 if (err) {
471 qapi_free_VncServerInfo2(info);
472 error_free(err);
473 return prev;
474 }
475 info->websocket = websocket;
476
477 qmp_query_auth(auth, subauth, &info->auth,
478 &info->vencrypt, &info->has_vencrypt);
479
480 QAPI_LIST_PREPEND(prev, info);
481 return prev;
482}
483
484static void qmp_query_auth(int auth, int subauth,
485 VncPrimaryAuth *qmp_auth,
486 VncVencryptSubAuth *qmp_vencrypt,
487 bool *qmp_has_vencrypt)
488{
489 switch (auth) {
490 case VNC_AUTH_VNC:
491 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
492 break;
493 case VNC_AUTH_RA2:
494 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
495 break;
496 case VNC_AUTH_RA2NE:
497 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
498 break;
499 case VNC_AUTH_TIGHT:
500 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
501 break;
502 case VNC_AUTH_ULTRA:
503 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
504 break;
505 case VNC_AUTH_TLS:
506 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
507 break;
508 case VNC_AUTH_VENCRYPT:
509 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
510 *qmp_has_vencrypt = true;
511 switch (subauth) {
512 case VNC_AUTH_VENCRYPT_PLAIN:
513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
514 break;
515 case VNC_AUTH_VENCRYPT_TLSNONE:
516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
517 break;
518 case VNC_AUTH_VENCRYPT_TLSVNC:
519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
520 break;
521 case VNC_AUTH_VENCRYPT_TLSPLAIN:
522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
523 break;
524 case VNC_AUTH_VENCRYPT_X509NONE:
525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
526 break;
527 case VNC_AUTH_VENCRYPT_X509VNC:
528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
529 break;
530 case VNC_AUTH_VENCRYPT_X509PLAIN:
531 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
532 break;
533 case VNC_AUTH_VENCRYPT_TLSSASL:
534 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
535 break;
536 case VNC_AUTH_VENCRYPT_X509SASL:
537 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
538 break;
539 default:
540 *qmp_has_vencrypt = false;
541 break;
542 }
543 break;
544 case VNC_AUTH_SASL:
545 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
546 break;
547 case VNC_AUTH_NONE:
548 default:
549 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
550 break;
551 }
552}
553
554VncInfo2List *qmp_query_vnc_servers(Error **errp)
555{
556 VncInfo2List *prev = NULL;
557 VncInfo2 *info;
558 VncDisplay *vd;
559 DeviceState *dev;
560 size_t i;
561
562 QTAILQ_FOREACH(vd, &vnc_displays, next) {
563 info = g_new0(VncInfo2, 1);
564 info->id = g_strdup(vd->id);
565 info->clients = qmp_query_client_list(vd);
566 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
567 &info->vencrypt, &info->has_vencrypt);
568 if (vd->dcl.con) {
569 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
570 "device", &error_abort));
571 info->has_display = true;
572 info->display = g_strdup(dev->id);
573 }
574 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
575 info->server = qmp_query_server_entry(
576 vd->listener->sioc[i], false, vd->auth, vd->subauth,
577 info->server);
578 }
579 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
580 info->server = qmp_query_server_entry(
581 vd->wslistener->sioc[i], true, vd->ws_auth,
582 vd->ws_subauth, info->server);
583 }
584
585 QAPI_LIST_PREPEND(prev, info);
586 }
587 return prev;
588}
589
590bool vnc_display_reload_certs(const char *id, Error **errp)
591{
592 VncDisplay *vd = vnc_display_find(id);
593 QCryptoTLSCredsClass *creds = NULL;
594
595 if (!vd) {
596 error_setg(errp, "Can not find vnc display");
597 return false;
598 }
599
600 if (!vd->tlscreds) {
601 error_setg(errp, "vnc tls is not enabled");
602 return false;
603 }
604
605 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
606 if (creds->reload == NULL) {
607 error_setg(errp, "%s doesn't support to reload TLS credential",
608 object_get_typename(OBJECT(vd->tlscreds)));
609 return false;
610 }
611 if (!creds->reload(vd->tlscreds, errp)) {
612 return false;
613 }
614
615 return true;
616}
617
618
619
620
621
622
623
624
625static int vnc_update_client(VncState *vs, int has_dirty);
626static void vnc_disconnect_start(VncState *vs);
627
628static void vnc_colordepth(VncState *vs);
629static void framebuffer_update_request(VncState *vs, int incremental,
630 int x_position, int y_position,
631 int w, int h);
632static void vnc_refresh(DisplayChangeListener *dcl);
633static int vnc_refresh_server_surface(VncDisplay *vd);
634
635static int vnc_width(VncDisplay *vd)
636{
637 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
638 VNC_DIRTY_PIXELS_PER_BIT));
639}
640
641static int vnc_true_width(VncDisplay *vd)
642{
643 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds));
644}
645
646static int vnc_height(VncDisplay *vd)
647{
648 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
649}
650
651static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
652 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
653 VncDisplay *vd,
654 int x, int y, int w, int h)
655{
656 int width = vnc_width(vd);
657 int height = vnc_height(vd);
658
659
660
661 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
662 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
663
664 x = MIN(x, width);
665 y = MIN(y, height);
666 w = MIN(x + w, width) - x;
667 h = MIN(y + h, height);
668
669 for (; y < h; y++) {
670 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
671 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
672 }
673}
674
675static void vnc_dpy_update(DisplayChangeListener *dcl,
676 int x, int y, int w, int h)
677{
678 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
679 struct VncSurface *s = &vd->guest;
680
681 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
682}
683
684void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
685 int32_t encoding)
686{
687 vnc_write_u16(vs, x);
688 vnc_write_u16(vs, y);
689 vnc_write_u16(vs, w);
690 vnc_write_u16(vs, h);
691
692 vnc_write_s32(vs, encoding);
693}
694
695static void vnc_desktop_resize_ext(VncState *vs, int reject_reason)
696{
697 trace_vnc_msg_server_ext_desktop_resize(
698 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason);
699
700 vnc_lock_output(vs);
701 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
702 vnc_write_u8(vs, 0);
703 vnc_write_u16(vs, 1);
704 vnc_framebuffer_update(vs,
705 reject_reason ? 1 : 0,
706 reject_reason,
707 vs->client_width, vs->client_height,
708 VNC_ENCODING_DESKTOP_RESIZE_EXT);
709 vnc_write_u8(vs, 1);
710 vnc_write_u8(vs, 0);
711 vnc_write_u8(vs, 0);
712 vnc_write_u8(vs, 0);
713 vnc_write_u32(vs, 0);
714 vnc_write_u16(vs, 0);
715 vnc_write_u16(vs, 0);
716 vnc_write_u16(vs, vs->client_width);
717 vnc_write_u16(vs, vs->client_height);
718 vnc_write_u32(vs, 0);
719 vnc_unlock_output(vs);
720 vnc_flush(vs);
721}
722
723static void vnc_desktop_resize(VncState *vs)
724{
725 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) &&
726 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) {
727 return;
728 }
729 if (vs->client_width == vs->vd->true_width &&
730 vs->client_height == pixman_image_get_height(vs->vd->server)) {
731 return;
732 }
733
734 assert(vs->vd->true_width < 65536 &&
735 vs->vd->true_width >= 0);
736 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
737 pixman_image_get_height(vs->vd->server) >= 0);
738 vs->client_width = vs->vd->true_width;
739 vs->client_height = pixman_image_get_height(vs->vd->server);
740
741 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
742 vnc_desktop_resize_ext(vs, 0);
743 return;
744 }
745
746 trace_vnc_msg_server_desktop_resize(
747 vs, vs->ioc, vs->client_width, vs->client_height);
748
749 vnc_lock_output(vs);
750 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
751 vnc_write_u8(vs, 0);
752 vnc_write_u16(vs, 1);
753 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
754 VNC_ENCODING_DESKTOPRESIZE);
755 vnc_unlock_output(vs);
756 vnc_flush(vs);
757}
758
759static void vnc_abort_display_jobs(VncDisplay *vd)
760{
761 VncState *vs;
762
763 QTAILQ_FOREACH(vs, &vd->clients, next) {
764 vnc_lock_output(vs);
765 vs->abort = true;
766 vnc_unlock_output(vs);
767 }
768 QTAILQ_FOREACH(vs, &vd->clients, next) {
769 vnc_jobs_join(vs);
770 }
771 QTAILQ_FOREACH(vs, &vd->clients, next) {
772 vnc_lock_output(vs);
773 if (vs->update == VNC_STATE_UPDATE_NONE &&
774 vs->job_update != VNC_STATE_UPDATE_NONE) {
775
776 vs->update = vs->job_update;
777 vs->job_update = VNC_STATE_UPDATE_NONE;
778 }
779 vs->abort = false;
780 vnc_unlock_output(vs);
781 }
782}
783
784int vnc_server_fb_stride(VncDisplay *vd)
785{
786 return pixman_image_get_stride(vd->server);
787}
788
789void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
790{
791 uint8_t *ptr;
792
793 ptr = (uint8_t *)pixman_image_get_data(vd->server);
794 ptr += y * vnc_server_fb_stride(vd);
795 ptr += x * VNC_SERVER_FB_BYTES;
796 return ptr;
797}
798
799static void vnc_update_server_surface(VncDisplay *vd)
800{
801 int width, height;
802
803 qemu_pixman_image_unref(vd->server);
804 vd->server = NULL;
805
806 if (QTAILQ_EMPTY(&vd->clients)) {
807 return;
808 }
809
810 width = vnc_width(vd);
811 height = vnc_height(vd);
812 vd->true_width = vnc_true_width(vd);
813 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
814 width, height,
815 NULL, 0);
816
817 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
818 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
819 width, height);
820}
821
822static bool vnc_check_pageflip(DisplaySurface *s1,
823 DisplaySurface *s2)
824{
825 return (s1 != NULL &&
826 s2 != NULL &&
827 surface_width(s1) == surface_width(s2) &&
828 surface_height(s1) == surface_height(s2) &&
829 surface_format(s1) == surface_format(s2));
830
831}
832
833static void vnc_dpy_switch(DisplayChangeListener *dcl,
834 DisplaySurface *surface)
835{
836 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
837 bool pageflip = vnc_check_pageflip(vd->ds, surface);
838 VncState *vs;
839
840 vnc_abort_display_jobs(vd);
841 vd->ds = surface;
842
843
844 qemu_pixman_image_unref(vd->guest.fb);
845 vd->guest.fb = pixman_image_ref(surface->image);
846 vd->guest.format = surface->format;
847
848
849 if (pageflip) {
850 trace_vnc_server_dpy_pageflip(vd,
851 surface_width(surface),
852 surface_height(surface),
853 surface_format(surface));
854 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
855 surface_width(surface),
856 surface_height(surface));
857 return;
858 }
859
860 trace_vnc_server_dpy_recreate(vd,
861 surface_width(surface),
862 surface_height(surface),
863 surface_format(surface));
864
865 vnc_update_server_surface(vd);
866
867 QTAILQ_FOREACH(vs, &vd->clients, next) {
868 vnc_colordepth(vs);
869 vnc_desktop_resize(vs);
870 vnc_cursor_define(vs);
871 memset(vs->dirty, 0x00, sizeof(vs->dirty));
872 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
873 vnc_width(vd),
874 vnc_height(vd));
875 vnc_update_throttle_offset(vs);
876 }
877}
878
879
880static void vnc_write_pixels_copy(VncState *vs,
881 void *pixels, int size)
882{
883 vnc_write(vs, pixels, size);
884}
885
886
887void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
888{
889 uint8_t r, g, b;
890
891#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
892 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
893 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
894 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
895#else
896# error need some bits here if you change VNC_SERVER_FB_FORMAT
897#endif
898 v = (r << vs->client_pf.rshift) |
899 (g << vs->client_pf.gshift) |
900 (b << vs->client_pf.bshift);
901 switch (vs->client_pf.bytes_per_pixel) {
902 case 1:
903 buf[0] = v;
904 break;
905 case 2:
906 if (vs->client_be) {
907 buf[0] = v >> 8;
908 buf[1] = v;
909 } else {
910 buf[1] = v >> 8;
911 buf[0] = v;
912 }
913 break;
914 default:
915 case 4:
916 if (vs->client_be) {
917 buf[0] = v >> 24;
918 buf[1] = v >> 16;
919 buf[2] = v >> 8;
920 buf[3] = v;
921 } else {
922 buf[3] = v >> 24;
923 buf[2] = v >> 16;
924 buf[1] = v >> 8;
925 buf[0] = v;
926 }
927 break;
928 }
929}
930
931static void vnc_write_pixels_generic(VncState *vs,
932 void *pixels1, int size)
933{
934 uint8_t buf[4];
935
936 if (VNC_SERVER_FB_BYTES == 4) {
937 uint32_t *pixels = pixels1;
938 int n, i;
939 n = size >> 2;
940 for (i = 0; i < n; i++) {
941 vnc_convert_pixel(vs, buf, pixels[i]);
942 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
943 }
944 }
945}
946
947int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
948{
949 int i;
950 uint8_t *row;
951 VncDisplay *vd = vs->vd;
952
953 row = vnc_server_fb_ptr(vd, x, y);
954 for (i = 0; i < h; i++) {
955 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
956 row += vnc_server_fb_stride(vd);
957 }
958 return 1;
959}
960
961int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
962{
963 int n = 0;
964
965 switch(vs->vnc_encoding) {
966 case VNC_ENCODING_ZLIB:
967 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
968 break;
969 case VNC_ENCODING_HEXTILE:
970 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
971 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
972 break;
973 case VNC_ENCODING_TIGHT:
974 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
975 break;
976 case VNC_ENCODING_TIGHT_PNG:
977 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
978 break;
979 case VNC_ENCODING_ZRLE:
980 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
981 break;
982 case VNC_ENCODING_ZYWRLE:
983 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
984 break;
985 default:
986 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
987 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
988 break;
989 }
990 return n;
991}
992
993static void vnc_mouse_set(DisplayChangeListener *dcl,
994 int x, int y, int visible)
995{
996
997}
998
999static int vnc_cursor_define(VncState *vs)
1000{
1001 QEMUCursor *c = vs->vd->cursor;
1002 int isize;
1003
1004 if (!vs->vd->cursor) {
1005 return -1;
1006 }
1007
1008 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) {
1009 vnc_lock_output(vs);
1010 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1011 vnc_write_u8(vs, 0);
1012 vnc_write_u16(vs, 1);
1013 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1014 VNC_ENCODING_ALPHA_CURSOR);
1015 vnc_write_s32(vs, VNC_ENCODING_RAW);
1016 vnc_write(vs, c->data, c->width * c->height * 4);
1017 vnc_unlock_output(vs);
1018 return 0;
1019 }
1020 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1021 vnc_lock_output(vs);
1022 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1023 vnc_write_u8(vs, 0);
1024 vnc_write_u16(vs, 1);
1025 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1026 VNC_ENCODING_RICH_CURSOR);
1027 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1028 vnc_write_pixels_generic(vs, c->data, isize);
1029 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1030 vnc_unlock_output(vs);
1031 return 0;
1032 }
1033 return -1;
1034}
1035
1036static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1037 QEMUCursor *c)
1038{
1039 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1040 VncState *vs;
1041
1042 cursor_put(vd->cursor);
1043 g_free(vd->cursor_mask);
1044
1045 vd->cursor = c;
1046 cursor_get(vd->cursor);
1047 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1048 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1049 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1050
1051 QTAILQ_FOREACH(vs, &vd->clients, next) {
1052 vnc_cursor_define(vs);
1053 }
1054}
1055
1056static int find_and_clear_dirty_height(VncState *vs,
1057 int y, int last_x, int x, int height)
1058{
1059 int h;
1060
1061 for (h = 1; h < (height - y); h++) {
1062 if (!test_bit(last_x, vs->dirty[y + h])) {
1063 break;
1064 }
1065 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1066 }
1067
1068 return h;
1069}
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081static void vnc_update_throttle_offset(VncState *vs)
1082{
1083 size_t offset =
1084 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1085
1086 if (vs->audio_cap) {
1087 int bps;
1088 switch (vs->as.fmt) {
1089 default:
1090 case AUDIO_FORMAT_U8:
1091 case AUDIO_FORMAT_S8:
1092 bps = 1;
1093 break;
1094 case AUDIO_FORMAT_U16:
1095 case AUDIO_FORMAT_S16:
1096 bps = 2;
1097 break;
1098 case AUDIO_FORMAT_U32:
1099 case AUDIO_FORMAT_S32:
1100 bps = 4;
1101 break;
1102 }
1103 offset += vs->as.freq * bps * vs->as.nchannels;
1104 }
1105
1106
1107
1108
1109
1110 offset = MAX(offset, 1024 * 1024);
1111
1112 if (vs->throttle_output_offset != offset) {
1113 trace_vnc_client_throttle_threshold(
1114 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1115 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1116 }
1117
1118 vs->throttle_output_offset = offset;
1119}
1120
1121static bool vnc_should_update(VncState *vs)
1122{
1123 switch (vs->update) {
1124 case VNC_STATE_UPDATE_NONE:
1125 break;
1126 case VNC_STATE_UPDATE_INCREMENTAL:
1127
1128
1129
1130
1131 if (vs->output.offset < vs->throttle_output_offset &&
1132 vs->job_update == VNC_STATE_UPDATE_NONE) {
1133 return true;
1134 }
1135 trace_vnc_client_throttle_incremental(
1136 vs, vs->ioc, vs->job_update, vs->output.offset);
1137 break;
1138 case VNC_STATE_UPDATE_FORCE:
1139
1140
1141
1142
1143
1144
1145
1146
1147 if (vs->force_update_offset == 0 &&
1148 vs->job_update == VNC_STATE_UPDATE_NONE) {
1149 return true;
1150 }
1151 trace_vnc_client_throttle_forced(
1152 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1153 break;
1154 }
1155 return false;
1156}
1157
1158static int vnc_update_client(VncState *vs, int has_dirty)
1159{
1160 VncDisplay *vd = vs->vd;
1161 VncJob *job;
1162 int y;
1163 int height, width;
1164 int n = 0;
1165
1166 if (vs->disconnecting) {
1167 vnc_disconnect_finish(vs);
1168 return 0;
1169 }
1170
1171 vs->has_dirty += has_dirty;
1172 if (!vnc_should_update(vs)) {
1173 return 0;
1174 }
1175
1176 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1177 return 0;
1178 }
1179
1180
1181
1182
1183
1184
1185
1186 job = vnc_job_new(vs);
1187
1188 height = pixman_image_get_height(vd->server);
1189 width = pixman_image_get_width(vd->server);
1190
1191 y = 0;
1192 for (;;) {
1193 int x, h;
1194 unsigned long x2;
1195 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1196 height * VNC_DIRTY_BPL(vs),
1197 y * VNC_DIRTY_BPL(vs));
1198 if (offset == height * VNC_DIRTY_BPL(vs)) {
1199
1200 break;
1201 }
1202 y = offset / VNC_DIRTY_BPL(vs);
1203 x = offset % VNC_DIRTY_BPL(vs);
1204 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1205 VNC_DIRTY_BPL(vs), x);
1206 bitmap_clear(vs->dirty[y], x, x2 - x);
1207 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1208 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1209 if (x2 > x) {
1210 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1211 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1212 }
1213 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1214 y += h;
1215 if (y == height) {
1216 break;
1217 }
1218 }
1219 }
1220
1221 vs->job_update = vs->update;
1222 vs->update = VNC_STATE_UPDATE_NONE;
1223 vnc_job_push(job);
1224 vs->has_dirty = 0;
1225 return n;
1226}
1227
1228
1229static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1230{
1231 VncState *vs = opaque;
1232
1233 assert(vs->magic == VNC_MAGIC);
1234 switch (cmd) {
1235 case AUD_CNOTIFY_DISABLE:
1236 trace_vnc_msg_server_audio_end(vs, vs->ioc);
1237 vnc_lock_output(vs);
1238 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1239 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1240 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1241 vnc_unlock_output(vs);
1242 vnc_flush(vs);
1243 break;
1244
1245 case AUD_CNOTIFY_ENABLE:
1246 trace_vnc_msg_server_audio_begin(vs, vs->ioc);
1247 vnc_lock_output(vs);
1248 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1249 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1250 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1251 vnc_unlock_output(vs);
1252 vnc_flush(vs);
1253 break;
1254 }
1255}
1256
1257static void audio_capture_destroy(void *opaque)
1258{
1259}
1260
1261static void audio_capture(void *opaque, const void *buf, int size)
1262{
1263 VncState *vs = opaque;
1264
1265 assert(vs->magic == VNC_MAGIC);
1266 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size);
1267 vnc_lock_output(vs);
1268 if (vs->output.offset < vs->throttle_output_offset) {
1269 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1270 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1271 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1272 vnc_write_u32(vs, size);
1273 vnc_write(vs, buf, size);
1274 } else {
1275 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1276 }
1277 vnc_unlock_output(vs);
1278 vnc_flush(vs);
1279}
1280
1281static void audio_add(VncState *vs)
1282{
1283 struct audio_capture_ops ops;
1284
1285 if (vs->audio_cap) {
1286 error_report("audio already running");
1287 return;
1288 }
1289
1290 ops.notify = audio_capture_notify;
1291 ops.destroy = audio_capture_destroy;
1292 ops.capture = audio_capture;
1293
1294 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1295 if (!vs->audio_cap) {
1296 error_report("Failed to add audio capture");
1297 }
1298}
1299
1300static void audio_del(VncState *vs)
1301{
1302 if (vs->audio_cap) {
1303 AUD_del_capture(vs->audio_cap, vs);
1304 vs->audio_cap = NULL;
1305 }
1306}
1307
1308static void vnc_disconnect_start(VncState *vs)
1309{
1310 if (vs->disconnecting) {
1311 return;
1312 }
1313 trace_vnc_client_disconnect_start(vs, vs->ioc);
1314 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1315 if (vs->ioc_tag) {
1316 g_source_remove(vs->ioc_tag);
1317 vs->ioc_tag = 0;
1318 }
1319 qio_channel_close(vs->ioc, NULL);
1320 vs->disconnecting = TRUE;
1321}
1322
1323void vnc_disconnect_finish(VncState *vs)
1324{
1325 int i;
1326
1327 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1328
1329 vnc_jobs_join(vs);
1330
1331 vnc_lock_output(vs);
1332 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1333
1334 buffer_free(&vs->input);
1335 buffer_free(&vs->output);
1336
1337 qapi_free_VncClientInfo(vs->info);
1338
1339 vnc_zlib_clear(vs);
1340 vnc_tight_clear(vs);
1341 vnc_zrle_clear(vs);
1342
1343#ifdef CONFIG_VNC_SASL
1344 vnc_sasl_client_cleanup(vs);
1345#endif
1346 audio_del(vs);
1347 qkbd_state_lift_all_keys(vs->vd->kbd);
1348
1349 if (vs->mouse_mode_notifier.notify != NULL) {
1350 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1351 }
1352 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1353 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1354
1355 vnc_update_server_surface(vs->vd);
1356 }
1357 if (vs->cbpeer.update.notify) {
1358 qemu_clipboard_peer_unregister(&vs->cbpeer);
1359 }
1360
1361 vnc_unlock_output(vs);
1362
1363 qemu_mutex_destroy(&vs->output_mutex);
1364 if (vs->bh != NULL) {
1365 qemu_bh_delete(vs->bh);
1366 }
1367 buffer_free(&vs->jobs_buffer);
1368
1369 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1370 g_free(vs->lossy_rect[i]);
1371 }
1372 g_free(vs->lossy_rect);
1373
1374 object_unref(OBJECT(vs->ioc));
1375 vs->ioc = NULL;
1376 object_unref(OBJECT(vs->sioc));
1377 vs->sioc = NULL;
1378 vs->magic = 0;
1379 g_free(vs->zrle);
1380 g_free(vs->tight);
1381 g_free(vs);
1382}
1383
1384size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1385{
1386 if (ret <= 0) {
1387 if (ret == 0) {
1388 trace_vnc_client_eof(vs, vs->ioc);
1389 vnc_disconnect_start(vs);
1390 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1391 trace_vnc_client_io_error(vs, vs->ioc,
1392 err ? error_get_pretty(err) : "Unknown");
1393 vnc_disconnect_start(vs);
1394 }
1395
1396 error_free(err);
1397 return 0;
1398 }
1399 return ret;
1400}
1401
1402
1403void vnc_client_error(VncState *vs)
1404{
1405 VNC_DEBUG("Closing down client sock: protocol error\n");
1406 vnc_disconnect_start(vs);
1407}
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1426{
1427 Error *err = NULL;
1428 ssize_t ret;
1429 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1430 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1431 return vnc_client_io_error(vs, ret, err);
1432}
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445static size_t vnc_client_write_plain(VncState *vs)
1446{
1447 size_t offset;
1448 size_t ret;
1449
1450#ifdef CONFIG_VNC_SASL
1451 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1452 vs->output.buffer, vs->output.capacity, vs->output.offset,
1453 vs->sasl.waitWriteSSF);
1454
1455 if (vs->sasl.conn &&
1456 vs->sasl.runSSF &&
1457 vs->sasl.waitWriteSSF) {
1458 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1459 if (ret)
1460 vs->sasl.waitWriteSSF -= ret;
1461 } else
1462#endif
1463 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1464 if (!ret)
1465 return 0;
1466
1467 if (ret >= vs->force_update_offset) {
1468 if (vs->force_update_offset != 0) {
1469 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1470 }
1471 vs->force_update_offset = 0;
1472 } else {
1473 vs->force_update_offset -= ret;
1474 }
1475 offset = vs->output.offset;
1476 buffer_advance(&vs->output, ret);
1477 if (offset >= vs->throttle_output_offset &&
1478 vs->output.offset < vs->throttle_output_offset) {
1479 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1480 }
1481
1482 if (vs->output.offset == 0) {
1483 if (vs->ioc_tag) {
1484 g_source_remove(vs->ioc_tag);
1485 }
1486 vs->ioc_tag = qio_channel_add_watch(
1487 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1488 vnc_client_io, vs, NULL);
1489 }
1490
1491 return ret;
1492}
1493
1494
1495
1496
1497
1498
1499
1500static void vnc_client_write_locked(VncState *vs)
1501{
1502#ifdef CONFIG_VNC_SASL
1503 if (vs->sasl.conn &&
1504 vs->sasl.runSSF &&
1505 !vs->sasl.waitWriteSSF) {
1506 vnc_client_write_sasl(vs);
1507 } else
1508#endif
1509 {
1510 vnc_client_write_plain(vs);
1511 }
1512}
1513
1514static void vnc_client_write(VncState *vs)
1515{
1516 assert(vs->magic == VNC_MAGIC);
1517 vnc_lock_output(vs);
1518 if (vs->output.offset) {
1519 vnc_client_write_locked(vs);
1520 } else if (vs->ioc != NULL) {
1521 if (vs->ioc_tag) {
1522 g_source_remove(vs->ioc_tag);
1523 }
1524 vs->ioc_tag = qio_channel_add_watch(
1525 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1526 vnc_client_io, vs, NULL);
1527 }
1528 vnc_unlock_output(vs);
1529}
1530
1531void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1532{
1533 vs->read_handler = func;
1534 vs->read_handler_expect = expecting;
1535}
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1554{
1555 ssize_t ret;
1556 Error *err = NULL;
1557 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1558 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1559 return vnc_client_io_error(vs, ret, err);
1560}
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572static size_t vnc_client_read_plain(VncState *vs)
1573{
1574 size_t ret;
1575 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1576 vs->input.buffer, vs->input.capacity, vs->input.offset);
1577 buffer_reserve(&vs->input, 4096);
1578 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1579 if (!ret)
1580 return 0;
1581 vs->input.offset += ret;
1582 return ret;
1583}
1584
1585static void vnc_jobs_bh(void *opaque)
1586{
1587 VncState *vs = opaque;
1588
1589 assert(vs->magic == VNC_MAGIC);
1590 vnc_jobs_consume_buffer(vs);
1591}
1592
1593
1594
1595
1596
1597
1598
1599static int vnc_client_read(VncState *vs)
1600{
1601 size_t ret;
1602
1603#ifdef CONFIG_VNC_SASL
1604 if (vs->sasl.conn && vs->sasl.runSSF)
1605 ret = vnc_client_read_sasl(vs);
1606 else
1607#endif
1608 ret = vnc_client_read_plain(vs);
1609 if (!ret) {
1610 if (vs->disconnecting) {
1611 vnc_disconnect_finish(vs);
1612 return -1;
1613 }
1614 return 0;
1615 }
1616
1617 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1618 size_t len = vs->read_handler_expect;
1619 int ret;
1620
1621 ret = vs->read_handler(vs, vs->input.buffer, len);
1622 if (vs->disconnecting) {
1623 vnc_disconnect_finish(vs);
1624 return -1;
1625 }
1626
1627 if (!ret) {
1628 buffer_advance(&vs->input, len);
1629 } else {
1630 vs->read_handler_expect = ret;
1631 }
1632 }
1633 return 0;
1634}
1635
1636gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1637 GIOCondition condition, void *opaque)
1638{
1639 VncState *vs = opaque;
1640
1641 assert(vs->magic == VNC_MAGIC);
1642
1643 if (condition & (G_IO_HUP | G_IO_ERR)) {
1644 vnc_disconnect_start(vs);
1645 return TRUE;
1646 }
1647
1648 if (condition & G_IO_IN) {
1649 if (vnc_client_read(vs) < 0) {
1650
1651 return TRUE;
1652 }
1653 }
1654 if (condition & G_IO_OUT) {
1655 vnc_client_write(vs);
1656 }
1657
1658 if (vs->disconnecting) {
1659 if (vs->ioc_tag != 0) {
1660 g_source_remove(vs->ioc_tag);
1661 }
1662 vs->ioc_tag = 0;
1663 }
1664 return TRUE;
1665}
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675#define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1676
1677void vnc_write(VncState *vs, const void *data, size_t len)
1678{
1679 assert(vs->magic == VNC_MAGIC);
1680 if (vs->disconnecting) {
1681 return;
1682 }
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694 if (vs->throttle_output_offset != 0 &&
1695 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1696 vs->throttle_output_offset) {
1697 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1698 vs->throttle_output_offset);
1699 vnc_disconnect_start(vs);
1700 return;
1701 }
1702 buffer_reserve(&vs->output, len);
1703
1704 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1705 if (vs->ioc_tag) {
1706 g_source_remove(vs->ioc_tag);
1707 }
1708 vs->ioc_tag = qio_channel_add_watch(
1709 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
1710 vnc_client_io, vs, NULL);
1711 }
1712
1713 buffer_append(&vs->output, data, len);
1714}
1715
1716void vnc_write_s32(VncState *vs, int32_t value)
1717{
1718 vnc_write_u32(vs, *(uint32_t *)&value);
1719}
1720
1721void vnc_write_u32(VncState *vs, uint32_t value)
1722{
1723 uint8_t buf[4];
1724
1725 buf[0] = (value >> 24) & 0xFF;
1726 buf[1] = (value >> 16) & 0xFF;
1727 buf[2] = (value >> 8) & 0xFF;
1728 buf[3] = value & 0xFF;
1729
1730 vnc_write(vs, buf, 4);
1731}
1732
1733void vnc_write_u16(VncState *vs, uint16_t value)
1734{
1735 uint8_t buf[2];
1736
1737 buf[0] = (value >> 8) & 0xFF;
1738 buf[1] = value & 0xFF;
1739
1740 vnc_write(vs, buf, 2);
1741}
1742
1743void vnc_write_u8(VncState *vs, uint8_t value)
1744{
1745 vnc_write(vs, (char *)&value, 1);
1746}
1747
1748void vnc_flush(VncState *vs)
1749{
1750 vnc_lock_output(vs);
1751 if (vs->ioc != NULL && vs->output.offset) {
1752 vnc_client_write_locked(vs);
1753 }
1754 if (vs->disconnecting) {
1755 if (vs->ioc_tag != 0) {
1756 g_source_remove(vs->ioc_tag);
1757 }
1758 vs->ioc_tag = 0;
1759 }
1760 vnc_unlock_output(vs);
1761}
1762
1763static uint8_t read_u8(uint8_t *data, size_t offset)
1764{
1765 return data[offset];
1766}
1767
1768static uint16_t read_u16(uint8_t *data, size_t offset)
1769{
1770 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1771}
1772
1773static int32_t read_s32(uint8_t *data, size_t offset)
1774{
1775 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1776 (data[offset + 2] << 8) | data[offset + 3]);
1777}
1778
1779uint32_t read_u32(uint8_t *data, size_t offset)
1780{
1781 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1782 (data[offset + 2] << 8) | data[offset + 3]);
1783}
1784
1785static void check_pointer_type_change(Notifier *notifier, void *data)
1786{
1787 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1788 int absolute = qemu_input_is_absolute();
1789
1790 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1791 vnc_lock_output(vs);
1792 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1793 vnc_write_u8(vs, 0);
1794 vnc_write_u16(vs, 1);
1795 vnc_framebuffer_update(vs, absolute, 0,
1796 pixman_image_get_width(vs->vd->server),
1797 pixman_image_get_height(vs->vd->server),
1798 VNC_ENCODING_POINTER_TYPE_CHANGE);
1799 vnc_unlock_output(vs);
1800 vnc_flush(vs);
1801 }
1802 vs->absolute = absolute;
1803}
1804
1805static void pointer_event(VncState *vs, int button_mask, int x, int y)
1806{
1807 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1808 [INPUT_BUTTON_LEFT] = 0x01,
1809 [INPUT_BUTTON_MIDDLE] = 0x02,
1810 [INPUT_BUTTON_RIGHT] = 0x04,
1811 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1812 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1813 };
1814 QemuConsole *con = vs->vd->dcl.con;
1815 int width = pixman_image_get_width(vs->vd->server);
1816 int height = pixman_image_get_height(vs->vd->server);
1817
1818 if (vs->last_bmask != button_mask) {
1819 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1820 vs->last_bmask = button_mask;
1821 }
1822
1823 if (vs->absolute) {
1824 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1825 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1826 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1827 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1828 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1829 } else {
1830 if (vs->last_x != -1) {
1831 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1832 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1833 }
1834 vs->last_x = x;
1835 vs->last_y = y;
1836 }
1837 qemu_input_event_sync();
1838}
1839
1840static void press_key(VncState *vs, QKeyCode qcode)
1841{
1842 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1843 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1844}
1845
1846static void vnc_led_state_change(VncState *vs)
1847{
1848 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1849 return;
1850 }
1851
1852 vnc_lock_output(vs);
1853 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1854 vnc_write_u8(vs, 0);
1855 vnc_write_u16(vs, 1);
1856 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1857 vnc_write_u8(vs, vs->vd->ledstate);
1858 vnc_unlock_output(vs);
1859 vnc_flush(vs);
1860}
1861
1862static void kbd_leds(void *opaque, int ledstate)
1863{
1864 VncDisplay *vd = opaque;
1865 VncState *client;
1866
1867 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1868 (ledstate & QEMU_NUM_LOCK_LED),
1869 (ledstate & QEMU_SCROLL_LOCK_LED));
1870
1871 if (ledstate == vd->ledstate) {
1872 return;
1873 }
1874
1875 vd->ledstate = ledstate;
1876
1877 QTAILQ_FOREACH(client, &vd->clients, next) {
1878 vnc_led_state_change(client);
1879 }
1880}
1881
1882static void do_key_event(VncState *vs, int down, int keycode, int sym)
1883{
1884 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1885
1886
1887 switch (qcode) {
1888 case Q_KEY_CODE_1 ... Q_KEY_CODE_9:
1889 if (vs->vd->dcl.con == NULL && down &&
1890 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1891 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1892
1893 qkbd_state_lift_all_keys(vs->vd->kbd);
1894 console_select(qcode - Q_KEY_CODE_1);
1895 return;
1896 }
1897 default:
1898 break;
1899 }
1900
1901
1902
1903
1904 if (down && vs->vd->lock_key_sync &&
1905 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1906 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1907
1908
1909
1910
1911 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1912 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1913 trace_vnc_key_sync_numlock(true);
1914 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1915 }
1916 } else {
1917 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1918 trace_vnc_key_sync_numlock(false);
1919 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1920 }
1921 }
1922 }
1923
1924 if (down && vs->vd->lock_key_sync &&
1925 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1926 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1927
1928
1929
1930
1931 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1932 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1933 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1934 if (capslock) {
1935 if (uppercase == shift) {
1936 trace_vnc_key_sync_capslock(false);
1937 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1938 }
1939 } else {
1940 if (uppercase != shift) {
1941 trace_vnc_key_sync_capslock(true);
1942 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1943 }
1944 }
1945 }
1946
1947 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1948 if (!qemu_console_is_graphic(NULL)) {
1949 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1950 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1951
1952 if (down) {
1953 switch (keycode) {
1954 case 0x2a:
1955 case 0x36:
1956 case 0x1d:
1957 case 0x9d:
1958 case 0x38:
1959 case 0xb8:
1960 break;
1961 case 0xc8:
1962 kbd_put_keysym(QEMU_KEY_UP);
1963 break;
1964 case 0xd0:
1965 kbd_put_keysym(QEMU_KEY_DOWN);
1966 break;
1967 case 0xcb:
1968 kbd_put_keysym(QEMU_KEY_LEFT);
1969 break;
1970 case 0xcd:
1971 kbd_put_keysym(QEMU_KEY_RIGHT);
1972 break;
1973 case 0xd3:
1974 kbd_put_keysym(QEMU_KEY_DELETE);
1975 break;
1976 case 0xc7:
1977 kbd_put_keysym(QEMU_KEY_HOME);
1978 break;
1979 case 0xcf:
1980 kbd_put_keysym(QEMU_KEY_END);
1981 break;
1982 case 0xc9:
1983 kbd_put_keysym(QEMU_KEY_PAGEUP);
1984 break;
1985 case 0xd1:
1986 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1987 break;
1988
1989 case 0x47:
1990 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1991 break;
1992 case 0x48:
1993 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1994 break;
1995 case 0x49:
1996 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1997 break;
1998 case 0x4b:
1999 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
2000 break;
2001 case 0x4c:
2002 kbd_put_keysym('5');
2003 break;
2004 case 0x4d:
2005 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
2006 break;
2007 case 0x4f:
2008 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
2009 break;
2010 case 0x50:
2011 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
2012 break;
2013 case 0x51:
2014 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
2015 break;
2016 case 0x52:
2017 kbd_put_keysym('0');
2018 break;
2019 case 0x53:
2020 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
2021 break;
2022
2023 case 0xb5:
2024 kbd_put_keysym('/');
2025 break;
2026 case 0x37:
2027 kbd_put_keysym('*');
2028 break;
2029 case 0x4a:
2030 kbd_put_keysym('-');
2031 break;
2032 case 0x4e:
2033 kbd_put_keysym('+');
2034 break;
2035 case 0x9c:
2036 kbd_put_keysym('\n');
2037 break;
2038
2039 default:
2040 if (control) {
2041 kbd_put_keysym(sym & 0x1f);
2042 } else {
2043 kbd_put_keysym(sym);
2044 }
2045 break;
2046 }
2047 }
2048 }
2049}
2050
2051static const char *code2name(int keycode)
2052{
2053 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2054}
2055
2056static void key_event(VncState *vs, int down, uint32_t sym)
2057{
2058 int keycode;
2059 int lsym = sym;
2060
2061 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
2062 lsym = lsym - 'A' + 'a';
2063 }
2064
2065 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2066 vs->vd->kbd, down) & SCANCODE_KEYMASK;
2067 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2068 do_key_event(vs, down, keycode, sym);
2069}
2070
2071static void ext_key_event(VncState *vs, int down,
2072 uint32_t sym, uint16_t keycode)
2073{
2074
2075 if (keyboard_layout) {
2076 key_event(vs, down, sym);
2077 } else {
2078 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2079 do_key_event(vs, down, keycode, sym);
2080 }
2081}
2082
2083static void framebuffer_update_request(VncState *vs, int incremental,
2084 int x, int y, int w, int h)
2085{
2086 if (incremental) {
2087 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2088 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2089 }
2090 } else {
2091 vs->update = VNC_STATE_UPDATE_FORCE;
2092 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2093 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
2094 vnc_desktop_resize_ext(vs, 0);
2095 }
2096 }
2097}
2098
2099static void send_ext_key_event_ack(VncState *vs)
2100{
2101 vnc_lock_output(vs);
2102 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2103 vnc_write_u8(vs, 0);
2104 vnc_write_u16(vs, 1);
2105 vnc_framebuffer_update(vs, 0, 0,
2106 pixman_image_get_width(vs->vd->server),
2107 pixman_image_get_height(vs->vd->server),
2108 VNC_ENCODING_EXT_KEY_EVENT);
2109 vnc_unlock_output(vs);
2110 vnc_flush(vs);
2111}
2112
2113static void send_ext_audio_ack(VncState *vs)
2114{
2115 vnc_lock_output(vs);
2116 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2117 vnc_write_u8(vs, 0);
2118 vnc_write_u16(vs, 1);
2119 vnc_framebuffer_update(vs, 0, 0,
2120 pixman_image_get_width(vs->vd->server),
2121 pixman_image_get_height(vs->vd->server),
2122 VNC_ENCODING_AUDIO);
2123 vnc_unlock_output(vs);
2124 vnc_flush(vs);
2125}
2126
2127static void send_xvp_message(VncState *vs, int code)
2128{
2129 vnc_lock_output(vs);
2130 vnc_write_u8(vs, VNC_MSG_SERVER_XVP);
2131 vnc_write_u8(vs, 0);
2132 vnc_write_u8(vs, 1);
2133 vnc_write_u8(vs, code);
2134 vnc_unlock_output(vs);
2135 vnc_flush(vs);
2136}
2137
2138static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2139{
2140 int i;
2141 unsigned int enc = 0;
2142
2143 vs->features = 0;
2144 vs->vnc_encoding = 0;
2145 vs->tight->compression = 9;
2146 vs->tight->quality = -1;
2147 vs->absolute = -1;
2148
2149
2150
2151
2152
2153
2154 for (i = n_encodings - 1; i >= 0; i--) {
2155 enc = encodings[i];
2156 switch (enc) {
2157 case VNC_ENCODING_RAW:
2158 vs->vnc_encoding = enc;
2159 break;
2160 case VNC_ENCODING_HEXTILE:
2161 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2162 vs->vnc_encoding = enc;
2163 break;
2164 case VNC_ENCODING_TIGHT:
2165 vs->features |= VNC_FEATURE_TIGHT_MASK;
2166 vs->vnc_encoding = enc;
2167 break;
2168#ifdef CONFIG_VNC_PNG
2169 case VNC_ENCODING_TIGHT_PNG:
2170 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2171 vs->vnc_encoding = enc;
2172 break;
2173#endif
2174 case VNC_ENCODING_ZLIB:
2175
2176
2177
2178
2179
2180 if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) {
2181 vs->features |= VNC_FEATURE_ZLIB_MASK;
2182 vs->vnc_encoding = enc;
2183 }
2184 break;
2185 case VNC_ENCODING_ZRLE:
2186 vs->features |= VNC_FEATURE_ZRLE_MASK;
2187 vs->vnc_encoding = enc;
2188 break;
2189 case VNC_ENCODING_ZYWRLE:
2190 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2191 vs->vnc_encoding = enc;
2192 break;
2193 case VNC_ENCODING_DESKTOPRESIZE:
2194 vs->features |= VNC_FEATURE_RESIZE_MASK;
2195 break;
2196 case VNC_ENCODING_DESKTOP_RESIZE_EXT:
2197 vs->features |= VNC_FEATURE_RESIZE_EXT_MASK;
2198 break;
2199 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2200 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2201 break;
2202 case VNC_ENCODING_RICH_CURSOR:
2203 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2204 break;
2205 case VNC_ENCODING_ALPHA_CURSOR:
2206 vs->features |= VNC_FEATURE_ALPHA_CURSOR_MASK;
2207 break;
2208 case VNC_ENCODING_EXT_KEY_EVENT:
2209 send_ext_key_event_ack(vs);
2210 break;
2211 case VNC_ENCODING_AUDIO:
2212 send_ext_audio_ack(vs);
2213 break;
2214 case VNC_ENCODING_WMVi:
2215 vs->features |= VNC_FEATURE_WMVI_MASK;
2216 break;
2217 case VNC_ENCODING_LED_STATE:
2218 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2219 break;
2220 case VNC_ENCODING_XVP:
2221 if (vs->vd->power_control) {
2222 vs->features |= VNC_FEATURE_XVP;
2223 send_xvp_message(vs, VNC_XVP_CODE_INIT);
2224 }
2225 break;
2226 case VNC_ENCODING_CLIPBOARD_EXT:
2227 vs->features |= VNC_FEATURE_CLIPBOARD_EXT_MASK;
2228 vnc_server_cut_text_caps(vs);
2229 break;
2230 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2231 vs->tight->compression = (enc & 0x0F);
2232 break;
2233 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2234 if (vs->vd->lossy) {
2235 vs->tight->quality = (enc & 0x0F);
2236 }
2237 break;
2238 default:
2239 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2240 break;
2241 }
2242 }
2243 vnc_desktop_resize(vs);
2244 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2245 vnc_led_state_change(vs);
2246 vnc_cursor_define(vs);
2247}
2248
2249static void set_pixel_conversion(VncState *vs)
2250{
2251 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2252
2253 if (fmt == VNC_SERVER_FB_FORMAT) {
2254 vs->write_pixels = vnc_write_pixels_copy;
2255 vnc_hextile_set_pixel_conversion(vs, 0);
2256 } else {
2257 vs->write_pixels = vnc_write_pixels_generic;
2258 vnc_hextile_set_pixel_conversion(vs, 1);
2259 }
2260}
2261
2262static void send_color_map(VncState *vs)
2263{
2264 int i;
2265
2266 vnc_lock_output(vs);
2267 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2268 vnc_write_u8(vs, 0);
2269 vnc_write_u16(vs, 0);
2270 vnc_write_u16(vs, 256);
2271
2272 for (i = 0; i < 256; i++) {
2273 PixelFormat *pf = &vs->client_pf;
2274
2275 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2276 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2277 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2278 }
2279 vnc_unlock_output(vs);
2280}
2281
2282static void set_pixel_format(VncState *vs, int bits_per_pixel,
2283 int big_endian_flag, int true_color_flag,
2284 int red_max, int green_max, int blue_max,
2285 int red_shift, int green_shift, int blue_shift)
2286{
2287 if (!true_color_flag) {
2288
2289 bits_per_pixel = 8;
2290 red_max = 7;
2291 green_max = 7;
2292 blue_max = 3;
2293 red_shift = 0;
2294 green_shift = 3;
2295 blue_shift = 6;
2296 }
2297
2298 switch (bits_per_pixel) {
2299 case 8:
2300 case 16:
2301 case 32:
2302 break;
2303 default:
2304 vnc_client_error(vs);
2305 return;
2306 }
2307
2308 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2309 vs->client_pf.rbits = ctpopl(red_max);
2310 vs->client_pf.rshift = red_shift;
2311 vs->client_pf.rmask = red_max << red_shift;
2312 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2313 vs->client_pf.gbits = ctpopl(green_max);
2314 vs->client_pf.gshift = green_shift;
2315 vs->client_pf.gmask = green_max << green_shift;
2316 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2317 vs->client_pf.bbits = ctpopl(blue_max);
2318 vs->client_pf.bshift = blue_shift;
2319 vs->client_pf.bmask = blue_max << blue_shift;
2320 vs->client_pf.bits_per_pixel = bits_per_pixel;
2321 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2322 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2323 vs->client_be = big_endian_flag;
2324
2325 if (!true_color_flag) {
2326 send_color_map(vs);
2327 }
2328
2329 set_pixel_conversion(vs);
2330
2331 graphic_hw_invalidate(vs->vd->dcl.con);
2332 graphic_hw_update(vs->vd->dcl.con);
2333}
2334
2335static void pixel_format_message (VncState *vs) {
2336 char pad[3] = { 0, 0, 0 };
2337
2338 vs->client_pf = qemu_default_pixelformat(32);
2339
2340 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
2341 vnc_write_u8(vs, vs->client_pf.depth);
2342
2343#ifdef HOST_WORDS_BIGENDIAN
2344 vnc_write_u8(vs, 1);
2345#else
2346 vnc_write_u8(vs, 0);
2347#endif
2348 vnc_write_u8(vs, 1);
2349 vnc_write_u16(vs, vs->client_pf.rmax);
2350 vnc_write_u16(vs, vs->client_pf.gmax);
2351 vnc_write_u16(vs, vs->client_pf.bmax);
2352 vnc_write_u8(vs, vs->client_pf.rshift);
2353 vnc_write_u8(vs, vs->client_pf.gshift);
2354 vnc_write_u8(vs, vs->client_pf.bshift);
2355 vnc_write(vs, pad, 3);
2356
2357 vnc_hextile_set_pixel_conversion(vs, 0);
2358 vs->write_pixels = vnc_write_pixels_copy;
2359}
2360
2361static void vnc_colordepth(VncState *vs)
2362{
2363 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2364
2365 vnc_lock_output(vs);
2366 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2367 vnc_write_u8(vs, 0);
2368 vnc_write_u16(vs, 1);
2369 vnc_framebuffer_update(vs, 0, 0,
2370 vs->client_width,
2371 vs->client_height,
2372 VNC_ENCODING_WMVi);
2373 pixel_format_message(vs);
2374 vnc_unlock_output(vs);
2375 vnc_flush(vs);
2376 } else {
2377 set_pixel_conversion(vs);
2378 }
2379}
2380
2381static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2382{
2383 int i;
2384 uint16_t limit;
2385 uint32_t freq;
2386 VncDisplay *vd = vs->vd;
2387
2388 if (data[0] > 3) {
2389 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2390 }
2391
2392 switch (data[0]) {
2393 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2394 if (len == 1)
2395 return 20;
2396
2397 set_pixel_format(vs, read_u8(data, 4),
2398 read_u8(data, 6), read_u8(data, 7),
2399 read_u16(data, 8), read_u16(data, 10),
2400 read_u16(data, 12), read_u8(data, 14),
2401 read_u8(data, 15), read_u8(data, 16));
2402 break;
2403 case VNC_MSG_CLIENT_SET_ENCODINGS:
2404 if (len == 1)
2405 return 4;
2406
2407 if (len == 4) {
2408 limit = read_u16(data, 2);
2409 if (limit > 0)
2410 return 4 + (limit * 4);
2411 } else
2412 limit = read_u16(data, 2);
2413
2414 for (i = 0; i < limit; i++) {
2415 int32_t val = read_s32(data, 4 + (i * 4));
2416 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2417 }
2418
2419 set_encodings(vs, (int32_t *)(data + 4), limit);
2420 break;
2421 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2422 if (len == 1)
2423 return 10;
2424
2425 framebuffer_update_request(vs,
2426 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2427 read_u16(data, 6), read_u16(data, 8));
2428 break;
2429 case VNC_MSG_CLIENT_KEY_EVENT:
2430 if (len == 1)
2431 return 8;
2432
2433 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2434 break;
2435 case VNC_MSG_CLIENT_POINTER_EVENT:
2436 if (len == 1)
2437 return 6;
2438
2439 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2440 break;
2441 case VNC_MSG_CLIENT_CUT_TEXT:
2442 if (len == 1) {
2443 return 8;
2444 }
2445 if (len == 8) {
2446 uint32_t dlen = abs(read_s32(data, 4));
2447 if (dlen > (1 << 20)) {
2448 error_report("vnc: client_cut_text msg payload has %u bytes"
2449 " which exceeds our limit of 1MB.", dlen);
2450 vnc_client_error(vs);
2451 break;
2452 }
2453 if (dlen > 0) {
2454 return 8 + dlen;
2455 }
2456 }
2457
2458 if (read_s32(data, 4) < 0) {
2459 vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)),
2460 read_u32(data, 8), data + 12);
2461 break;
2462 }
2463 vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
2464 break;
2465 case VNC_MSG_CLIENT_XVP:
2466 if (!(vs->features & VNC_FEATURE_XVP)) {
2467 error_report("vnc: xvp client message while disabled");
2468 vnc_client_error(vs);
2469 break;
2470 }
2471 if (len == 1) {
2472 return 4;
2473 }
2474 if (len == 4) {
2475 uint8_t version = read_u8(data, 2);
2476 uint8_t action = read_u8(data, 3);
2477
2478 if (version != 1) {
2479 error_report("vnc: xvp client message version %d != 1",
2480 version);
2481 vnc_client_error(vs);
2482 break;
2483 }
2484
2485 switch (action) {
2486 case VNC_XVP_ACTION_SHUTDOWN:
2487 qemu_system_powerdown_request();
2488 break;
2489 case VNC_XVP_ACTION_REBOOT:
2490 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2491 break;
2492 case VNC_XVP_ACTION_RESET:
2493 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET);
2494 break;
2495 default:
2496 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2497 break;
2498 }
2499 }
2500 break;
2501 case VNC_MSG_CLIENT_QEMU:
2502 if (len == 1)
2503 return 2;
2504
2505 switch (read_u8(data, 1)) {
2506 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2507 if (len == 2)
2508 return 12;
2509
2510 ext_key_event(vs, read_u16(data, 2),
2511 read_u32(data, 4), read_u32(data, 8));
2512 break;
2513 case VNC_MSG_CLIENT_QEMU_AUDIO:
2514 if (len == 2)
2515 return 4;
2516
2517 switch (read_u16 (data, 2)) {
2518 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2519 trace_vnc_msg_client_audio_enable(vs, vs->ioc);
2520 audio_add(vs);
2521 break;
2522 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2523 trace_vnc_msg_client_audio_disable(vs, vs->ioc);
2524 audio_del(vs);
2525 break;
2526 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2527 if (len == 4)
2528 return 10;
2529 switch (read_u8(data, 4)) {
2530 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2531 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2532 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2533 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2534 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2535 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2536 default:
2537 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2538 vnc_client_error(vs);
2539 break;
2540 }
2541 vs->as.nchannels = read_u8(data, 5);
2542 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2543 VNC_DEBUG("Invalid audio channel count %d\n",
2544 read_u8(data, 5));
2545 vnc_client_error(vs);
2546 break;
2547 }
2548 freq = read_u32(data, 6);
2549
2550
2551
2552
2553 if (freq > 48000) {
2554 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2555 vnc_client_error(vs);
2556 break;
2557 }
2558 vs->as.freq = freq;
2559 trace_vnc_msg_client_audio_format(
2560 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq);
2561 break;
2562 default:
2563 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2564 vnc_client_error(vs);
2565 break;
2566 }
2567 break;
2568
2569 default:
2570 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2571 vnc_client_error(vs);
2572 break;
2573 }
2574 break;
2575 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE:
2576 {
2577 size_t size;
2578 uint8_t screens;
2579 int w, h;
2580
2581 if (len < 8) {
2582 return 8;
2583 }
2584
2585 screens = read_u8(data, 6);
2586 size = 8 + screens * 16;
2587 if (len < size) {
2588 return size;
2589 }
2590 w = read_u16(data, 2);
2591 h = read_u16(data, 4);
2592
2593 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens);
2594 if (dpy_ui_info_supported(vs->vd->dcl.con)) {
2595 QemuUIInfo info;
2596 memset(&info, 0, sizeof(info));
2597 info.width = w;
2598 info.height = h;
2599 dpy_set_ui_info(vs->vd->dcl.con, &info);
2600 vnc_desktop_resize_ext(vs, 4 );
2601 } else {
2602 vnc_desktop_resize_ext(vs, 3 );
2603 }
2604
2605 break;
2606 }
2607 default:
2608 VNC_DEBUG("Msg: %d\n", data[0]);
2609 vnc_client_error(vs);
2610 break;
2611 }
2612
2613 vnc_update_throttle_offset(vs);
2614 vnc_read_when(vs, protocol_client_msg, 1);
2615 return 0;
2616}
2617
2618static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2619{
2620 char buf[1024];
2621 VncShareMode mode;
2622 int size;
2623
2624 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2625 switch (vs->vd->share_policy) {
2626 case VNC_SHARE_POLICY_IGNORE:
2627
2628
2629
2630
2631
2632
2633
2634 break;
2635 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2646 VncState *client;
2647 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2648 if (vs == client) {
2649 continue;
2650 }
2651 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2652 client->share_mode != VNC_SHARE_MODE_SHARED) {
2653 continue;
2654 }
2655 vnc_disconnect_start(client);
2656 }
2657 }
2658 if (mode == VNC_SHARE_MODE_SHARED) {
2659 if (vs->vd->num_exclusive > 0) {
2660 vnc_disconnect_start(vs);
2661 return 0;
2662 }
2663 }
2664 break;
2665 case VNC_SHARE_POLICY_FORCE_SHARED:
2666
2667
2668
2669
2670
2671
2672
2673
2674 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2675 vnc_disconnect_start(vs);
2676 return 0;
2677 }
2678 break;
2679 }
2680 vnc_set_share_mode(vs, mode);
2681
2682 if (vs->vd->num_shared > vs->vd->connections_limit) {
2683 vnc_disconnect_start(vs);
2684 return 0;
2685 }
2686
2687 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2688 pixman_image_get_width(vs->vd->server) >= 0);
2689 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2690 pixman_image_get_height(vs->vd->server) >= 0);
2691 vs->client_width = pixman_image_get_width(vs->vd->server);
2692 vs->client_height = pixman_image_get_height(vs->vd->server);
2693 vnc_write_u16(vs, vs->client_width);
2694 vnc_write_u16(vs, vs->client_height);
2695
2696 pixel_format_message(vs);
2697
2698 if (qemu_name) {
2699 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2700 if (size > sizeof(buf)) {
2701 size = sizeof(buf);
2702 }
2703 } else {
2704 size = snprintf(buf, sizeof(buf), "QEMU");
2705 }
2706
2707 vnc_write_u32(vs, size);
2708 vnc_write(vs, buf, size);
2709 vnc_flush(vs);
2710
2711 vnc_client_cache_auth(vs);
2712 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2713
2714 vnc_read_when(vs, protocol_client_msg, 1);
2715
2716 return 0;
2717}
2718
2719void start_client_init(VncState *vs)
2720{
2721 vnc_read_when(vs, protocol_client_init, 1);
2722}
2723
2724static void authentication_failed(VncState *vs)
2725{
2726 vnc_write_u32(vs, 1);
2727 if (vs->minor >= 8) {
2728 static const char err[] = "Authentication failed";
2729 vnc_write_u32(vs, sizeof(err));
2730 vnc_write(vs, err, sizeof(err));
2731 }
2732 vnc_flush(vs);
2733 vnc_client_error(vs);
2734}
2735
2736static void
2737vnc_munge_des_rfb_key(unsigned char *key, size_t nkey)
2738{
2739 size_t i;
2740 for (i = 0; i < nkey; i++) {
2741 uint8_t r = key[i];
2742 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4;
2743 r = (r & 0xcc) >> 2 | (r & 0x33) << 2;
2744 r = (r & 0xaa) >> 1 | (r & 0x55) << 1;
2745 key[i] = r;
2746 }
2747}
2748
2749static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2750{
2751 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2752 size_t i, pwlen;
2753 unsigned char key[8];
2754 time_t now = time(NULL);
2755 QCryptoCipher *cipher = NULL;
2756 Error *err = NULL;
2757
2758 if (!vs->vd->password) {
2759 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2760 goto reject;
2761 }
2762 if (vs->vd->expires < now) {
2763 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2764 goto reject;
2765 }
2766
2767 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2768
2769
2770 pwlen = strlen(vs->vd->password);
2771 for (i=0; i<sizeof(key); i++)
2772 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2773 vnc_munge_des_rfb_key(key, sizeof(key));
2774
2775 cipher = qcrypto_cipher_new(
2776 QCRYPTO_CIPHER_ALG_DES,
2777 QCRYPTO_CIPHER_MODE_ECB,
2778 key, G_N_ELEMENTS(key),
2779 &err);
2780 if (!cipher) {
2781 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2782 error_get_pretty(err));
2783 error_free(err);
2784 goto reject;
2785 }
2786
2787 if (qcrypto_cipher_encrypt(cipher,
2788 vs->challenge,
2789 response,
2790 VNC_AUTH_CHALLENGE_SIZE,
2791 &err) < 0) {
2792 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2793 error_get_pretty(err));
2794 error_free(err);
2795 goto reject;
2796 }
2797
2798
2799 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2800 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2801 goto reject;
2802 } else {
2803 trace_vnc_auth_pass(vs, vs->auth);
2804 vnc_write_u32(vs, 0);
2805 vnc_flush(vs);
2806
2807 start_client_init(vs);
2808 }
2809
2810 qcrypto_cipher_free(cipher);
2811 return 0;
2812
2813reject:
2814 authentication_failed(vs);
2815 qcrypto_cipher_free(cipher);
2816 return 0;
2817}
2818
2819void start_auth_vnc(VncState *vs)
2820{
2821 Error *err = NULL;
2822
2823 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2824 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2825 error_get_pretty(err));
2826 error_free(err);
2827 authentication_failed(vs);
2828 return;
2829 }
2830
2831
2832 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2833 vnc_flush(vs);
2834
2835 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2836}
2837
2838
2839static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2840{
2841
2842
2843 if (data[0] != vs->auth) {
2844 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2845 authentication_failed(vs);
2846 } else {
2847 trace_vnc_auth_start(vs, vs->auth);
2848 switch (vs->auth) {
2849 case VNC_AUTH_NONE:
2850 if (vs->minor >= 8) {
2851 vnc_write_u32(vs, 0);
2852 vnc_flush(vs);
2853 }
2854 trace_vnc_auth_pass(vs, vs->auth);
2855 start_client_init(vs);
2856 break;
2857
2858 case VNC_AUTH_VNC:
2859 start_auth_vnc(vs);
2860 break;
2861
2862 case VNC_AUTH_VENCRYPT:
2863 start_auth_vencrypt(vs);
2864 break;
2865
2866#ifdef CONFIG_VNC_SASL
2867 case VNC_AUTH_SASL:
2868 start_auth_sasl(vs);
2869 break;
2870#endif
2871
2872 default:
2873 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2874 authentication_failed(vs);
2875 }
2876 }
2877 return 0;
2878}
2879
2880static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2881{
2882 char local[13];
2883
2884 memcpy(local, version, 12);
2885 local[12] = 0;
2886
2887 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2888 VNC_DEBUG("Malformed protocol version %s\n", local);
2889 vnc_client_error(vs);
2890 return 0;
2891 }
2892 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2893 if (vs->major != 3 ||
2894 (vs->minor != 3 &&
2895 vs->minor != 4 &&
2896 vs->minor != 5 &&
2897 vs->minor != 7 &&
2898 vs->minor != 8)) {
2899 VNC_DEBUG("Unsupported client version\n");
2900 vnc_write_u32(vs, VNC_AUTH_INVALID);
2901 vnc_flush(vs);
2902 vnc_client_error(vs);
2903 return 0;
2904 }
2905
2906
2907
2908 if (vs->minor == 4 || vs->minor == 5)
2909 vs->minor = 3;
2910
2911 if (vs->minor == 3) {
2912 trace_vnc_auth_start(vs, vs->auth);
2913 if (vs->auth == VNC_AUTH_NONE) {
2914 vnc_write_u32(vs, vs->auth);
2915 vnc_flush(vs);
2916 trace_vnc_auth_pass(vs, vs->auth);
2917 start_client_init(vs);
2918 } else if (vs->auth == VNC_AUTH_VNC) {
2919 VNC_DEBUG("Tell client VNC auth\n");
2920 vnc_write_u32(vs, vs->auth);
2921 vnc_flush(vs);
2922 start_auth_vnc(vs);
2923 } else {
2924 trace_vnc_auth_fail(vs, vs->auth,
2925 "Unsupported auth method for v3.3", "");
2926 vnc_write_u32(vs, VNC_AUTH_INVALID);
2927 vnc_flush(vs);
2928 vnc_client_error(vs);
2929 }
2930 } else {
2931 vnc_write_u8(vs, 1);
2932 vnc_write_u8(vs, vs->auth);
2933 vnc_read_when(vs, protocol_client_auth, 1);
2934 vnc_flush(vs);
2935 }
2936
2937 return 0;
2938}
2939
2940static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2941{
2942 struct VncSurface *vs = &vd->guest;
2943
2944 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2945}
2946
2947void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2948{
2949 int i, j;
2950
2951 w = (x + w) / VNC_STAT_RECT;
2952 h = (y + h) / VNC_STAT_RECT;
2953 x /= VNC_STAT_RECT;
2954 y /= VNC_STAT_RECT;
2955
2956 for (j = y; j <= h; j++) {
2957 for (i = x; i <= w; i++) {
2958 vs->lossy_rect[j][i] = 1;
2959 }
2960 }
2961}
2962
2963static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2964{
2965 VncState *vs;
2966 int sty = y / VNC_STAT_RECT;
2967 int stx = x / VNC_STAT_RECT;
2968 int has_dirty = 0;
2969
2970 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2971 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2972
2973 QTAILQ_FOREACH(vs, &vd->clients, next) {
2974 int j;
2975
2976
2977 if (vs->output.offset) {
2978 continue;
2979 }
2980
2981 if (!vs->lossy_rect[sty][stx]) {
2982 continue;
2983 }
2984
2985 vs->lossy_rect[sty][stx] = 0;
2986 for (j = 0; j < VNC_STAT_RECT; ++j) {
2987 bitmap_set(vs->dirty[y + j],
2988 x / VNC_DIRTY_PIXELS_PER_BIT,
2989 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2990 }
2991 has_dirty++;
2992 }
2993
2994 return has_dirty;
2995}
2996
2997static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2998{
2999 int width = MIN(pixman_image_get_width(vd->guest.fb),
3000 pixman_image_get_width(vd->server));
3001 int height = MIN(pixman_image_get_height(vd->guest.fb),
3002 pixman_image_get_height(vd->server));
3003 int x, y;
3004 struct timeval res;
3005 int has_dirty = 0;
3006
3007 for (y = 0; y < height; y += VNC_STAT_RECT) {
3008 for (x = 0; x < width; x += VNC_STAT_RECT) {
3009 VncRectStat *rect = vnc_stat_rect(vd, x, y);
3010
3011 rect->updated = false;
3012 }
3013 }
3014
3015 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
3016
3017 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
3018 return has_dirty;
3019 }
3020 vd->guest.last_freq_check = *tv;
3021
3022 for (y = 0; y < height; y += VNC_STAT_RECT) {
3023 for (x = 0; x < width; x += VNC_STAT_RECT) {
3024 VncRectStat *rect= vnc_stat_rect(vd, x, y);
3025 int count = ARRAY_SIZE(rect->times);
3026 struct timeval min, max;
3027
3028 if (!timerisset(&rect->times[count - 1])) {
3029 continue ;
3030 }
3031
3032 max = rect->times[(rect->idx + count - 1) % count];
3033 qemu_timersub(tv, &max, &res);
3034
3035 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
3036 rect->freq = 0;
3037 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
3038 memset(rect->times, 0, sizeof (rect->times));
3039 continue ;
3040 }
3041
3042 min = rect->times[rect->idx];
3043 max = rect->times[(rect->idx + count - 1) % count];
3044 qemu_timersub(&max, &min, &res);
3045
3046 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
3047 rect->freq /= count;
3048 rect->freq = 1. / rect->freq;
3049 }
3050 }
3051 return has_dirty;
3052}
3053
3054double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
3055{
3056 int i, j;
3057 double total = 0;
3058 int num = 0;
3059
3060 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3061 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3062
3063 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
3064 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
3065 total += vnc_stat_rect(vs->vd, i, j)->freq;
3066 num++;
3067 }
3068 }
3069
3070 if (num) {
3071 return total / num;
3072 } else {
3073 return 0;
3074 }
3075}
3076
3077static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
3078{
3079 VncRectStat *rect;
3080
3081 rect = vnc_stat_rect(vd, x, y);
3082 if (rect->updated) {
3083 return ;
3084 }
3085 rect->times[rect->idx] = *tv;
3086 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
3087 rect->updated = true;
3088}
3089
3090static int vnc_refresh_server_surface(VncDisplay *vd)
3091{
3092 int width = MIN(pixman_image_get_width(vd->guest.fb),
3093 pixman_image_get_width(vd->server));
3094 int height = MIN(pixman_image_get_height(vd->guest.fb),
3095 pixman_image_get_height(vd->server));
3096 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
3097 uint8_t *guest_row0 = NULL, *server_row0;
3098 VncState *vs;
3099 int has_dirty = 0;
3100 pixman_image_t *tmpbuf = NULL;
3101
3102 struct timeval tv = { 0, 0 };
3103
3104 if (!vd->non_adaptive) {
3105 gettimeofday(&tv, NULL);
3106 has_dirty = vnc_update_stats(vd, &tv);
3107 }
3108
3109
3110
3111
3112
3113
3114 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
3115 server_stride = guest_stride = guest_ll =
3116 pixman_image_get_stride(vd->server);
3117 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
3118 server_stride);
3119 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3120 int width = pixman_image_get_width(vd->server);
3121 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
3122 } else {
3123 int guest_bpp =
3124 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
3125 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
3126 guest_stride = pixman_image_get_stride(vd->guest.fb);
3127 guest_ll = pixman_image_get_width(vd->guest.fb)
3128 * DIV_ROUND_UP(guest_bpp, 8);
3129 }
3130 line_bytes = MIN(server_stride, guest_ll);
3131
3132 for (;;) {
3133 int x;
3134 uint8_t *guest_ptr, *server_ptr;
3135 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3136 height * VNC_DIRTY_BPL(&vd->guest),
3137 y * VNC_DIRTY_BPL(&vd->guest));
3138 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3139
3140 break;
3141 }
3142 y = offset / VNC_DIRTY_BPL(&vd->guest);
3143 x = offset % VNC_DIRTY_BPL(&vd->guest);
3144
3145 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
3146
3147 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3148 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
3149 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
3150 } else {
3151 guest_ptr = guest_row0 + y * guest_stride;
3152 }
3153 guest_ptr += x * cmp_bytes;
3154
3155 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
3156 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
3157 int _cmp_bytes = cmp_bytes;
3158 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3159 continue;
3160 }
3161 if ((x + 1) * cmp_bytes > line_bytes) {
3162 _cmp_bytes = line_bytes - x * cmp_bytes;
3163 }
3164 assert(_cmp_bytes >= 0);
3165 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3166 continue;
3167 }
3168 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3169 if (!vd->non_adaptive) {
3170 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3171 y, &tv);
3172 }
3173 QTAILQ_FOREACH(vs, &vd->clients, next) {
3174 set_bit(x, vs->dirty[y]);
3175 }
3176 has_dirty++;
3177 }
3178
3179 y++;
3180 }
3181 qemu_pixman_image_unref(tmpbuf);
3182 return has_dirty;
3183}
3184
3185static void vnc_refresh(DisplayChangeListener *dcl)
3186{
3187 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3188 VncState *vs, *vn;
3189 int has_dirty, rects = 0;
3190
3191 if (QTAILQ_EMPTY(&vd->clients)) {
3192 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3193 return;
3194 }
3195
3196 graphic_hw_update(vd->dcl.con);
3197
3198 if (vnc_trylock_display(vd)) {
3199 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3200 return;
3201 }
3202
3203 has_dirty = vnc_refresh_server_surface(vd);
3204 vnc_unlock_display(vd);
3205
3206 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3207 rects += vnc_update_client(vs, has_dirty);
3208
3209 }
3210
3211 if (has_dirty && rects) {
3212 vd->dcl.update_interval /= 2;
3213 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3214 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3215 }
3216 } else {
3217 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3218 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3219 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3220 }
3221 }
3222}
3223
3224static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3225 bool skipauth, bool websocket)
3226{
3227 VncState *vs = g_new0(VncState, 1);
3228 bool first_client = QTAILQ_EMPTY(&vd->clients);
3229 int i;
3230
3231 trace_vnc_client_connect(vs, sioc);
3232 vs->zrle = g_new0(VncZrle, 1);
3233 vs->tight = g_new0(VncTight, 1);
3234 vs->magic = VNC_MAGIC;
3235 vs->sioc = sioc;
3236 object_ref(OBJECT(vs->sioc));
3237 vs->ioc = QIO_CHANNEL(sioc);
3238 object_ref(OBJECT(vs->ioc));
3239 vs->vd = vd;
3240
3241 buffer_init(&vs->input, "vnc-input/%p", sioc);
3242 buffer_init(&vs->output, "vnc-output/%p", sioc);
3243 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3244
3245 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3246 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3247 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3248#ifdef CONFIG_VNC_JPEG
3249 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3250#endif
3251#ifdef CONFIG_VNC_PNG
3252 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3253#endif
3254 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3255 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3256 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3257 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3258
3259 if (skipauth) {
3260 vs->auth = VNC_AUTH_NONE;
3261 vs->subauth = VNC_AUTH_INVALID;
3262 } else {
3263 if (websocket) {
3264 vs->auth = vd->ws_auth;
3265 vs->subauth = VNC_AUTH_INVALID;
3266 } else {
3267 vs->auth = vd->auth;
3268 vs->subauth = vd->subauth;
3269 }
3270 }
3271 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3272 sioc, websocket, vs->auth, vs->subauth);
3273
3274 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3275 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3276 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3277 }
3278
3279 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3280 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3281 qio_channel_set_blocking(vs->ioc, false, NULL);
3282 if (vs->ioc_tag) {
3283 g_source_remove(vs->ioc_tag);
3284 }
3285 if (websocket) {
3286 vs->websocket = 1;
3287 if (vd->tlscreds) {
3288 vs->ioc_tag = qio_channel_add_watch(
3289 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3290 vncws_tls_handshake_io, vs, NULL);
3291 } else {
3292 vs->ioc_tag = qio_channel_add_watch(
3293 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3294 vncws_handshake_io, vs, NULL);
3295 }
3296 } else {
3297 vs->ioc_tag = qio_channel_add_watch(
3298 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3299 vnc_client_io, vs, NULL);
3300 }
3301
3302 vnc_client_cache_addr(vs);
3303 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3304 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3305
3306 vs->last_x = -1;
3307 vs->last_y = -1;
3308
3309 vs->as.freq = 44100;
3310 vs->as.nchannels = 2;
3311 vs->as.fmt = AUDIO_FORMAT_S16;
3312 vs->as.endianness = 0;
3313
3314 qemu_mutex_init(&vs->output_mutex);
3315 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3316
3317 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3318 if (first_client) {
3319 vnc_update_server_surface(vd);
3320 }
3321
3322 graphic_hw_update(vd->dcl.con);
3323
3324 if (!vs->websocket) {
3325 vnc_start_protocol(vs);
3326 }
3327
3328 if (vd->num_connecting > vd->connections_limit) {
3329 QTAILQ_FOREACH(vs, &vd->clients, next) {
3330 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3331 vnc_disconnect_start(vs);
3332 return;
3333 }
3334 }
3335 }
3336}
3337
3338void vnc_start_protocol(VncState *vs)
3339{
3340 vnc_write(vs, "RFB 003.008\n", 12);
3341 vnc_flush(vs);
3342 vnc_read_when(vs, protocol_version, 12);
3343
3344 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3345 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3346}
3347
3348static void vnc_listen_io(QIONetListener *listener,
3349 QIOChannelSocket *cioc,
3350 void *opaque)
3351{
3352 VncDisplay *vd = opaque;
3353 bool isWebsock = listener == vd->wslistener;
3354
3355 qio_channel_set_name(QIO_CHANNEL(cioc),
3356 isWebsock ? "vnc-ws-server" : "vnc-server");
3357 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3358 vnc_connect(vd, cioc, false, isWebsock);
3359}
3360
3361static const DisplayChangeListenerOps dcl_ops = {
3362 .dpy_name = "vnc",
3363 .dpy_refresh = vnc_refresh,
3364 .dpy_gfx_update = vnc_dpy_update,
3365 .dpy_gfx_switch = vnc_dpy_switch,
3366 .dpy_gfx_check_format = qemu_pixman_check_format,
3367 .dpy_mouse_set = vnc_mouse_set,
3368 .dpy_cursor_define = vnc_dpy_cursor_define,
3369};
3370
3371void vnc_display_init(const char *id, Error **errp)
3372{
3373 VncDisplay *vd;
3374
3375 if (vnc_display_find(id) != NULL) {
3376 return;
3377 }
3378 vd = g_malloc0(sizeof(*vd));
3379
3380 vd->id = strdup(id);
3381 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3382
3383 QTAILQ_INIT(&vd->clients);
3384 vd->expires = TIME_MAX;
3385
3386 if (keyboard_layout) {
3387 trace_vnc_key_map_init(keyboard_layout);
3388 vd->kbd_layout = init_keyboard_layout(name2keysym,
3389 keyboard_layout, errp);
3390 } else {
3391 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3392 }
3393
3394 if (!vd->kbd_layout) {
3395 return;
3396 }
3397
3398 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3399 vd->connections_limit = 32;
3400
3401 qemu_mutex_init(&vd->mutex);
3402 vnc_start_worker_thread();
3403
3404 vd->dcl.ops = &dcl_ops;
3405 register_displaychangelistener(&vd->dcl);
3406 vd->kbd = qkbd_state_init(vd->dcl.con);
3407}
3408
3409
3410static void vnc_display_close(VncDisplay *vd)
3411{
3412 if (!vd) {
3413 return;
3414 }
3415 vd->is_unix = false;
3416
3417 if (vd->listener) {
3418 qio_net_listener_disconnect(vd->listener);
3419 object_unref(OBJECT(vd->listener));
3420 }
3421 vd->listener = NULL;
3422
3423 if (vd->wslistener) {
3424 qio_net_listener_disconnect(vd->wslistener);
3425 object_unref(OBJECT(vd->wslistener));
3426 }
3427 vd->wslistener = NULL;
3428
3429 vd->auth = VNC_AUTH_INVALID;
3430 vd->subauth = VNC_AUTH_INVALID;
3431 if (vd->tlscreds) {
3432 object_unref(OBJECT(vd->tlscreds));
3433 vd->tlscreds = NULL;
3434 }
3435 if (vd->tlsauthz) {
3436 object_unparent(OBJECT(vd->tlsauthz));
3437 vd->tlsauthz = NULL;
3438 }
3439 g_free(vd->tlsauthzid);
3440 vd->tlsauthzid = NULL;
3441 if (vd->lock_key_sync) {
3442 qemu_remove_led_event_handler(vd->led);
3443 vd->led = NULL;
3444 }
3445#ifdef CONFIG_VNC_SASL
3446 if (vd->sasl.authz) {
3447 object_unparent(OBJECT(vd->sasl.authz));
3448 vd->sasl.authz = NULL;
3449 }
3450 g_free(vd->sasl.authzid);
3451 vd->sasl.authzid = NULL;
3452#endif
3453}
3454
3455int vnc_display_password(const char *id, const char *password)
3456{
3457 VncDisplay *vd = vnc_display_find(id);
3458
3459 if (!vd) {
3460 return -EINVAL;
3461 }
3462 if (vd->auth == VNC_AUTH_NONE) {
3463 error_printf_unless_qmp("If you want use passwords please enable "
3464 "password auth using '-vnc ${dpy},password'.\n");
3465 return -EINVAL;
3466 }
3467
3468 g_free(vd->password);
3469 vd->password = g_strdup(password);
3470
3471 return 0;
3472}
3473
3474int vnc_display_pw_expire(const char *id, time_t expires)
3475{
3476 VncDisplay *vd = vnc_display_find(id);
3477
3478 if (!vd) {
3479 return -EINVAL;
3480 }
3481
3482 vd->expires = expires;
3483 return 0;
3484}
3485
3486static void vnc_display_print_local_addr(VncDisplay *vd)
3487{
3488 SocketAddress *addr;
3489
3490 if (!vd->listener || !vd->listener->nsioc) {
3491 return;
3492 }
3493
3494 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3495 if (!addr) {
3496 return;
3497 }
3498
3499 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3500 qapi_free_SocketAddress(addr);
3501 return;
3502 }
3503 error_printf_unless_qmp("VNC server running on %s:%s\n",
3504 addr->u.inet.host,
3505 addr->u.inet.port);
3506 qapi_free_SocketAddress(addr);
3507}
3508
3509static QemuOptsList qemu_vnc_opts = {
3510 .name = "vnc",
3511 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3512 .implied_opt_name = "vnc",
3513 .desc = {
3514 {
3515 .name = "vnc",
3516 .type = QEMU_OPT_STRING,
3517 },{
3518 .name = "websocket",
3519 .type = QEMU_OPT_STRING,
3520 },{
3521 .name = "tls-creds",
3522 .type = QEMU_OPT_STRING,
3523 },{
3524 .name = "share",
3525 .type = QEMU_OPT_STRING,
3526 },{
3527 .name = "display",
3528 .type = QEMU_OPT_STRING,
3529 },{
3530 .name = "head",
3531 .type = QEMU_OPT_NUMBER,
3532 },{
3533 .name = "connections",
3534 .type = QEMU_OPT_NUMBER,
3535 },{
3536 .name = "to",
3537 .type = QEMU_OPT_NUMBER,
3538 },{
3539 .name = "ipv4",
3540 .type = QEMU_OPT_BOOL,
3541 },{
3542 .name = "ipv6",
3543 .type = QEMU_OPT_BOOL,
3544 },{
3545 .name = "password",
3546 .type = QEMU_OPT_BOOL,
3547 },{
3548 .name = "password-secret",
3549 .type = QEMU_OPT_STRING,
3550 },{
3551 .name = "reverse",
3552 .type = QEMU_OPT_BOOL,
3553 },{
3554 .name = "lock-key-sync",
3555 .type = QEMU_OPT_BOOL,
3556 },{
3557 .name = "key-delay-ms",
3558 .type = QEMU_OPT_NUMBER,
3559 },{
3560 .name = "sasl",
3561 .type = QEMU_OPT_BOOL,
3562 },{
3563 .name = "tls-authz",
3564 .type = QEMU_OPT_STRING,
3565 },{
3566 .name = "sasl-authz",
3567 .type = QEMU_OPT_STRING,
3568 },{
3569 .name = "lossy",
3570 .type = QEMU_OPT_BOOL,
3571 },{
3572 .name = "non-adaptive",
3573 .type = QEMU_OPT_BOOL,
3574 },{
3575 .name = "audiodev",
3576 .type = QEMU_OPT_STRING,
3577 },{
3578 .name = "power-control",
3579 .type = QEMU_OPT_BOOL,
3580 },
3581 { }
3582 },
3583};
3584
3585
3586static int
3587vnc_display_setup_auth(int *auth,
3588 int *subauth,
3589 QCryptoTLSCreds *tlscreds,
3590 bool password,
3591 bool sasl,
3592 bool websocket,
3593 Error **errp)
3594{
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642 if (websocket || !tlscreds) {
3643 if (password) {
3644 VNC_DEBUG("Initializing VNC server with password auth\n");
3645 *auth = VNC_AUTH_VNC;
3646 } else if (sasl) {
3647 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3648 *auth = VNC_AUTH_SASL;
3649 } else {
3650 VNC_DEBUG("Initializing VNC server with no auth\n");
3651 *auth = VNC_AUTH_NONE;
3652 }
3653 *subauth = VNC_AUTH_INVALID;
3654 } else {
3655 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3656 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3657 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3658 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3659
3660 if (!is_x509 && !is_anon) {
3661 error_setg(errp,
3662 "Unsupported TLS cred type %s",
3663 object_get_typename(OBJECT(tlscreds)));
3664 return -1;
3665 }
3666 *auth = VNC_AUTH_VENCRYPT;
3667 if (password) {
3668 if (is_x509) {
3669 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3670 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3671 } else {
3672 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3673 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3674 }
3675
3676 } else if (sasl) {
3677 if (is_x509) {
3678 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3679 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3680 } else {
3681 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3682 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3683 }
3684 } else {
3685 if (is_x509) {
3686 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3687 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3688 } else {
3689 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3690 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3691 }
3692 }
3693 }
3694 return 0;
3695}
3696
3697
3698static int vnc_display_get_address(const char *addrstr,
3699 bool websocket,
3700 bool reverse,
3701 int displaynum,
3702 int to,
3703 bool has_ipv4,
3704 bool has_ipv6,
3705 bool ipv4,
3706 bool ipv6,
3707 SocketAddress **retaddr,
3708 Error **errp)
3709{
3710 int ret = -1;
3711 SocketAddress *addr = NULL;
3712
3713 addr = g_new0(SocketAddress, 1);
3714
3715 if (strncmp(addrstr, "unix:", 5) == 0) {
3716 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3717 addr->u.q_unix.path = g_strdup(addrstr + 5);
3718
3719 if (websocket) {
3720 error_setg(errp, "UNIX sockets not supported with websock");
3721 goto cleanup;
3722 }
3723
3724 if (to) {
3725 error_setg(errp, "Port range not support with UNIX socket");
3726 goto cleanup;
3727 }
3728 ret = 0;
3729 } else {
3730 const char *port;
3731 size_t hostlen;
3732 unsigned long long baseport = 0;
3733 InetSocketAddress *inet;
3734
3735 port = strrchr(addrstr, ':');
3736 if (!port) {
3737 if (websocket) {
3738 hostlen = 0;
3739 port = addrstr;
3740 } else {
3741 error_setg(errp, "no vnc port specified");
3742 goto cleanup;
3743 }
3744 } else {
3745 hostlen = port - addrstr;
3746 port++;
3747 if (*port == '\0') {
3748 error_setg(errp, "vnc port cannot be empty");
3749 goto cleanup;
3750 }
3751 }
3752
3753 addr->type = SOCKET_ADDRESS_TYPE_INET;
3754 inet = &addr->u.inet;
3755 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3756 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3757 } else {
3758 inet->host = g_strndup(addrstr, hostlen);
3759 }
3760
3761
3762 if (websocket) {
3763 if (g_str_equal(addrstr, "") ||
3764 g_str_equal(addrstr, "on")) {
3765 if (displaynum == -1) {
3766 error_setg(errp, "explicit websocket port is required");
3767 goto cleanup;
3768 }
3769 inet->port = g_strdup_printf(
3770 "%d", displaynum + 5700);
3771 if (to) {
3772 inet->has_to = true;
3773 inet->to = to + 5700;
3774 }
3775 } else {
3776 inet->port = g_strdup(port);
3777 }
3778 } else {
3779 int offset = reverse ? 0 : 5900;
3780 if (parse_uint_full(port, &baseport, 10) < 0) {
3781 error_setg(errp, "can't convert to a number: %s", port);
3782 goto cleanup;
3783 }
3784 if (baseport > 65535 ||
3785 baseport + offset > 65535) {
3786 error_setg(errp, "port %s out of range", port);
3787 goto cleanup;
3788 }
3789 inet->port = g_strdup_printf(
3790 "%d", (int)baseport + offset);
3791
3792 if (to) {
3793 inet->has_to = true;
3794 inet->to = to + offset;
3795 }
3796 }
3797
3798 inet->ipv4 = ipv4;
3799 inet->has_ipv4 = has_ipv4;
3800 inet->ipv6 = ipv6;
3801 inet->has_ipv6 = has_ipv6;
3802
3803 ret = baseport;
3804 }
3805
3806 *retaddr = addr;
3807
3808 cleanup:
3809 if (ret < 0) {
3810 qapi_free_SocketAddress(addr);
3811 }
3812 return ret;
3813}
3814
3815static void vnc_free_addresses(SocketAddress ***retsaddr,
3816 size_t *retnsaddr)
3817{
3818 size_t i;
3819
3820 for (i = 0; i < *retnsaddr; i++) {
3821 qapi_free_SocketAddress((*retsaddr)[i]);
3822 }
3823 g_free(*retsaddr);
3824
3825 *retsaddr = NULL;
3826 *retnsaddr = 0;
3827}
3828
3829static int vnc_display_get_addresses(QemuOpts *opts,
3830 bool reverse,
3831 SocketAddress ***retsaddr,
3832 size_t *retnsaddr,
3833 SocketAddress ***retwsaddr,
3834 size_t *retnwsaddr,
3835 Error **errp)
3836{
3837 SocketAddress *saddr = NULL;
3838 SocketAddress *wsaddr = NULL;
3839 QemuOptsIter addriter;
3840 const char *addr;
3841 int to = qemu_opt_get_number(opts, "to", 0);
3842 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3843 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3844 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3845 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3846 int displaynum = -1;
3847 int ret = -1;
3848
3849 *retsaddr = NULL;
3850 *retnsaddr = 0;
3851 *retwsaddr = NULL;
3852 *retnwsaddr = 0;
3853
3854 addr = qemu_opt_get(opts, "vnc");
3855 if (addr == NULL || g_str_equal(addr, "none")) {
3856 ret = 0;
3857 goto cleanup;
3858 }
3859 if (qemu_opt_get(opts, "websocket") &&
3860 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3861 error_setg(errp,
3862 "SHA1 hash support is required for websockets");
3863 goto cleanup;
3864 }
3865
3866 qemu_opt_iter_init(&addriter, opts, "vnc");
3867 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3868 int rv;
3869 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3870 has_ipv4, has_ipv6,
3871 ipv4, ipv6,
3872 &saddr, errp);
3873 if (rv < 0) {
3874 goto cleanup;
3875 }
3876
3877
3878
3879 if (displaynum == -1) {
3880 displaynum = rv;
3881 }
3882 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3883 (*retsaddr)[(*retnsaddr)++] = saddr;
3884 }
3885
3886
3887
3888 if (*retnsaddr > 1) {
3889 displaynum = -1;
3890 }
3891
3892 qemu_opt_iter_init(&addriter, opts, "websocket");
3893 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3894 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3895 has_ipv4, has_ipv6,
3896 ipv4, ipv6,
3897 &wsaddr, errp) < 0) {
3898 goto cleanup;
3899 }
3900
3901
3902
3903
3904
3905 if (*retnsaddr == 1 &&
3906 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3907 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3908 g_str_equal(wsaddr->u.inet.host, "") &&
3909 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3910 g_free(wsaddr->u.inet.host);
3911 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3912 }
3913
3914 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3915 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3916 }
3917
3918 ret = 0;
3919 cleanup:
3920 if (ret < 0) {
3921 vnc_free_addresses(retsaddr, retnsaddr);
3922 vnc_free_addresses(retwsaddr, retnwsaddr);
3923 }
3924 return ret;
3925}
3926
3927static int vnc_display_connect(VncDisplay *vd,
3928 SocketAddress **saddr,
3929 size_t nsaddr,
3930 SocketAddress **wsaddr,
3931 size_t nwsaddr,
3932 Error **errp)
3933{
3934
3935 QIOChannelSocket *sioc = NULL;
3936 if (nwsaddr != 0) {
3937 error_setg(errp, "Cannot use websockets in reverse mode");
3938 return -1;
3939 }
3940 if (nsaddr != 1) {
3941 error_setg(errp, "Expected a single address in reverse mode");
3942 return -1;
3943 }
3944
3945 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3946 sioc = qio_channel_socket_new();
3947 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3948 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3949 object_unref(OBJECT(sioc));
3950 return -1;
3951 }
3952 vnc_connect(vd, sioc, false, false);
3953 object_unref(OBJECT(sioc));
3954 return 0;
3955}
3956
3957
3958static int vnc_display_listen(VncDisplay *vd,
3959 SocketAddress **saddr,
3960 size_t nsaddr,
3961 SocketAddress **wsaddr,
3962 size_t nwsaddr,
3963 Error **errp)
3964{
3965 size_t i;
3966
3967 if (nsaddr) {
3968 vd->listener = qio_net_listener_new();
3969 qio_net_listener_set_name(vd->listener, "vnc-listen");
3970 for (i = 0; i < nsaddr; i++) {
3971 if (qio_net_listener_open_sync(vd->listener,
3972 saddr[i], 1,
3973 errp) < 0) {
3974 return -1;
3975 }
3976 }
3977
3978 qio_net_listener_set_client_func(vd->listener,
3979 vnc_listen_io, vd, NULL);
3980 }
3981
3982 if (nwsaddr) {
3983 vd->wslistener = qio_net_listener_new();
3984 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3985 for (i = 0; i < nwsaddr; i++) {
3986 if (qio_net_listener_open_sync(vd->wslistener,
3987 wsaddr[i], 1,
3988 errp) < 0) {
3989 return -1;
3990 }
3991 }
3992
3993 qio_net_listener_set_client_func(vd->wslistener,
3994 vnc_listen_io, vd, NULL);
3995 }
3996
3997 return 0;
3998}
3999
4000
4001void vnc_display_open(const char *id, Error **errp)
4002{
4003 VncDisplay *vd = vnc_display_find(id);
4004 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
4005 SocketAddress **saddr = NULL, **wsaddr = NULL;
4006 size_t nsaddr, nwsaddr;
4007 const char *share, *device_id;
4008 QemuConsole *con;
4009 bool password = false;
4010 bool reverse = false;
4011 const char *credid;
4012 bool sasl = false;
4013 const char *tlsauthz;
4014 const char *saslauthz;
4015 int lock_key_sync = 1;
4016 int key_delay_ms;
4017 const char *audiodev;
4018 const char *passwordSecret;
4019
4020 if (!vd) {
4021 error_setg(errp, "VNC display not active");
4022 return;
4023 }
4024 vnc_display_close(vd);
4025
4026 if (!opts) {
4027 return;
4028 }
4029
4030 reverse = qemu_opt_get_bool(opts, "reverse", false);
4031 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
4032 &wsaddr, &nwsaddr, errp) < 0) {
4033 goto fail;
4034 }
4035
4036
4037 passwordSecret = qemu_opt_get(opts, "password-secret");
4038 if (passwordSecret) {
4039 if (qemu_opt_get(opts, "password")) {
4040 error_setg(errp,
4041 "'password' flag is redundant with 'password-secret'");
4042 goto fail;
4043 }
4044 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret,
4045 errp);
4046 if (!vd->password) {
4047 goto fail;
4048 }
4049 password = true;
4050 } else {
4051 password = qemu_opt_get_bool(opts, "password", false);
4052 }
4053 if (password) {
4054 if (fips_get_state()) {
4055 error_setg(errp,
4056 "VNC password auth disabled due to FIPS mode, "
4057 "consider using the VeNCrypt or SASL authentication "
4058 "methods as an alternative");
4059 goto fail;
4060 }
4061 if (!qcrypto_cipher_supports(
4062 QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB)) {
4063 error_setg(errp,
4064 "Cipher backend does not support DES algorithm");
4065 goto fail;
4066 }
4067 }
4068
4069 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
4070 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
4071 sasl = qemu_opt_get_bool(opts, "sasl", false);
4072#ifndef CONFIG_VNC_SASL
4073 if (sasl) {
4074 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4075 goto fail;
4076 }
4077#endif
4078 credid = qemu_opt_get(opts, "tls-creds");
4079 if (credid) {
4080 Object *creds;
4081 creds = object_resolve_path_component(
4082 object_get_objects_root(), credid);
4083 if (!creds) {
4084 error_setg(errp, "No TLS credentials with id '%s'",
4085 credid);
4086 goto fail;
4087 }
4088 vd->tlscreds = (QCryptoTLSCreds *)
4089 object_dynamic_cast(creds,
4090 TYPE_QCRYPTO_TLS_CREDS);
4091 if (!vd->tlscreds) {
4092 error_setg(errp, "Object with id '%s' is not TLS credentials",
4093 credid);
4094 goto fail;
4095 }
4096 object_ref(OBJECT(vd->tlscreds));
4097
4098 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds,
4099 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
4100 errp)) {
4101 goto fail;
4102 }
4103 }
4104 tlsauthz = qemu_opt_get(opts, "tls-authz");
4105 if (tlsauthz && !vd->tlscreds) {
4106 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
4107 goto fail;
4108 }
4109
4110 saslauthz = qemu_opt_get(opts, "sasl-authz");
4111 if (saslauthz && !sasl) {
4112 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4113 goto fail;
4114 }
4115
4116 share = qemu_opt_get(opts, "share");
4117 if (share) {
4118 if (strcmp(share, "ignore") == 0) {
4119 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
4120 } else if (strcmp(share, "allow-exclusive") == 0) {
4121 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4122 } else if (strcmp(share, "force-shared") == 0) {
4123 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4124 } else {
4125 error_setg(errp, "unknown vnc share= option");
4126 goto fail;
4127 }
4128 } else {
4129 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4130 }
4131 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4132
4133#ifdef CONFIG_VNC_JPEG
4134 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4135#endif
4136 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4137
4138
4139
4140 if (!vd->lossy) {
4141 vd->non_adaptive = true;
4142 }
4143
4144 vd->power_control = qemu_opt_get_bool(opts, "power-control", false);
4145
4146 if (tlsauthz) {
4147 vd->tlsauthzid = g_strdup(tlsauthz);
4148 }
4149#ifdef CONFIG_VNC_SASL
4150 if (sasl) {
4151 if (saslauthz) {
4152 vd->sasl.authzid = g_strdup(saslauthz);
4153 }
4154 }
4155#endif
4156
4157 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4158 vd->tlscreds, password,
4159 sasl, false, errp) < 0) {
4160 goto fail;
4161 }
4162 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4163
4164 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4165 vd->tlscreds, password,
4166 sasl, true, errp) < 0) {
4167 goto fail;
4168 }
4169 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4170
4171#ifdef CONFIG_VNC_SASL
4172 if (sasl && !vnc_sasl_server_init(errp)) {
4173 goto fail;
4174 }
4175#endif
4176 vd->lock_key_sync = lock_key_sync;
4177 if (lock_key_sync) {
4178 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4179 }
4180 vd->ledstate = 0;
4181
4182 audiodev = qemu_opt_get(opts, "audiodev");
4183 if (audiodev) {
4184 vd->audio_state = audio_state_by_name(audiodev);
4185 if (!vd->audio_state) {
4186 error_setg(errp, "Audiodev '%s' not found", audiodev);
4187 goto fail;
4188 }
4189 }
4190
4191 device_id = qemu_opt_get(opts, "display");
4192 if (device_id) {
4193 int head = qemu_opt_get_number(opts, "head", 0);
4194 Error *err = NULL;
4195
4196 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4197 if (err) {
4198 error_propagate(errp, err);
4199 goto fail;
4200 }
4201 } else {
4202 con = NULL;
4203 }
4204
4205 if (con != vd->dcl.con) {
4206 qkbd_state_free(vd->kbd);
4207 unregister_displaychangelistener(&vd->dcl);
4208 vd->dcl.con = con;
4209 register_displaychangelistener(&vd->dcl);
4210 vd->kbd = qkbd_state_init(vd->dcl.con);
4211 }
4212 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4213
4214 if (saddr == NULL) {
4215 goto cleanup;
4216 }
4217
4218 if (reverse) {
4219 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4220 goto fail;
4221 }
4222 } else {
4223 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4224 goto fail;
4225 }
4226 }
4227
4228 if (qemu_opt_get(opts, "to")) {
4229 vnc_display_print_local_addr(vd);
4230 }
4231
4232 cleanup:
4233 vnc_free_addresses(&saddr, &nsaddr);
4234 vnc_free_addresses(&wsaddr, &nwsaddr);
4235 return;
4236
4237fail:
4238 vnc_display_close(vd);
4239 goto cleanup;
4240}
4241
4242void vnc_display_add_client(const char *id, int csock, bool skipauth)
4243{
4244 VncDisplay *vd = vnc_display_find(id);
4245 QIOChannelSocket *sioc;
4246
4247 if (!vd) {
4248 return;
4249 }
4250
4251 sioc = qio_channel_socket_new_fd(csock, NULL);
4252 if (sioc) {
4253 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4254 vnc_connect(vd, sioc, skipauth, false);
4255 object_unref(OBJECT(sioc));
4256 }
4257}
4258
4259static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4260{
4261 int i = 2;
4262 char *id;
4263
4264 id = g_strdup("default");
4265 while (qemu_opts_find(olist, id)) {
4266 g_free(id);
4267 id = g_strdup_printf("vnc%d", i++);
4268 }
4269 qemu_opts_set_id(opts, id);
4270}
4271
4272void vnc_parse(const char *str)
4273{
4274 QemuOptsList *olist = qemu_find_opts("vnc");
4275 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str));
4276 const char *id;
4277
4278 if (!opts) {
4279 exit(1);
4280 }
4281
4282 id = qemu_opts_id(opts);
4283 if (!id) {
4284
4285 vnc_auto_assign_id(olist, opts);
4286 }
4287}
4288
4289int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4290{
4291 Error *local_err = NULL;
4292 char *id = (char *)qemu_opts_id(opts);
4293
4294 assert(id);
4295 vnc_display_init(id, &local_err);
4296 if (local_err) {
4297 error_propagate(errp, local_err);
4298 return -1;
4299 }
4300 vnc_display_open(id, &local_err);
4301 if (local_err != NULL) {
4302 error_propagate(errp, local_err);
4303 return -1;
4304 }
4305 return 0;
4306}
4307
4308static void vnc_register_config(void)
4309{
4310 qemu_add_opts(&qemu_vnc_opts);
4311}
4312opts_init(vnc_register_config);
4313
