1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "qemu-common.h"
29#include "vnc.h"
30#include "vnc-jobs.h"
31#include "trace.h"
32#include "hw/qdev-core.h"
33#include "sysemu/sysemu.h"
34#include "sysemu/runstate.h"
35#include "qemu/error-report.h"
36#include "qemu/main-loop.h"
37#include "qemu/module.h"
38#include "qemu/option.h"
39#include "qemu/sockets.h"
40#include "qemu/timer.h"
41#include "authz/list.h"
42#include "qemu/config-file.h"
43#include "qapi/qapi-emit-events.h"
44#include "qapi/qapi-events-ui.h"
45#include "qapi/error.h"
46#include "qapi/qapi-commands-ui.h"
47#include "ui/input.h"
48#include "crypto/hash.h"
49#include "crypto/tlscreds.h"
50#include "crypto/tlscredsanon.h"
51#include "crypto/tlscredsx509.h"
52#include "crypto/random.h"
53#include "crypto/secret_common.h"
54#include "qom/object_interfaces.h"
55#include "qemu/cutils.h"
56#include "qemu/help_option.h"
57#include "io/dns-resolver.h"
58
59#define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
60#define VNC_REFRESH_INTERVAL_INC 50
61#define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
62static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
63static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
64
65#include "vnc_keysym.h"
66#include "crypto/cipher.h"
67
68static QTAILQ_HEAD(, VncDisplay) vnc_displays =
69 QTAILQ_HEAD_INITIALIZER(vnc_displays);
70
71static int vnc_cursor_define(VncState *vs);
72static void vnc_update_throttle_offset(VncState *vs);
73
74static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
75{
76#ifdef _VNC_DEBUG
77 static const char *mn[] = {
78 [0] = "undefined",
79 [VNC_SHARE_MODE_CONNECTING] = "connecting",
80 [VNC_SHARE_MODE_SHARED] = "shared",
81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
83 };
84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
85 vs->ioc, mn[vs->share_mode], mn[mode]);
86#endif
87
88 switch (vs->share_mode) {
89 case VNC_SHARE_MODE_CONNECTING:
90 vs->vd->num_connecting--;
91 break;
92 case VNC_SHARE_MODE_SHARED:
93 vs->vd->num_shared--;
94 break;
95 case VNC_SHARE_MODE_EXCLUSIVE:
96 vs->vd->num_exclusive--;
97 break;
98 default:
99 break;
100 }
101
102 vs->share_mode = mode;
103
104 switch (vs->share_mode) {
105 case VNC_SHARE_MODE_CONNECTING:
106 vs->vd->num_connecting++;
107 break;
108 case VNC_SHARE_MODE_SHARED:
109 vs->vd->num_shared++;
110 break;
111 case VNC_SHARE_MODE_EXCLUSIVE:
112 vs->vd->num_exclusive++;
113 break;
114 default:
115 break;
116 }
117}
118
119
120static void vnc_init_basic_info(SocketAddress *addr,
121 VncBasicInfo *info,
122 Error **errp)
123{
124 switch (addr->type) {
125 case SOCKET_ADDRESS_TYPE_INET:
126 info->host = g_strdup(addr->u.inet.host);
127 info->service = g_strdup(addr->u.inet.port);
128 if (addr->u.inet.ipv6) {
129 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
130 } else {
131 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
132 }
133 break;
134
135 case SOCKET_ADDRESS_TYPE_UNIX:
136 info->host = g_strdup("");
137 info->service = g_strdup(addr->u.q_unix.path);
138 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
139 break;
140
141 case SOCKET_ADDRESS_TYPE_VSOCK:
142 case SOCKET_ADDRESS_TYPE_FD:
143 error_setg(errp, "Unsupported socket address type %s",
144 SocketAddressType_str(addr->type));
145 break;
146 default:
147 abort();
148 }
149
150 return;
151}
152
153static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
154 VncBasicInfo *info,
155 Error **errp)
156{
157 SocketAddress *addr = NULL;
158
159 if (!ioc) {
160 error_setg(errp, "No listener socket available");
161 return;
162 }
163
164 addr = qio_channel_socket_get_local_address(ioc, errp);
165 if (!addr) {
166 return;
167 }
168
169 vnc_init_basic_info(addr, info, errp);
170 qapi_free_SocketAddress(addr);
171}
172
173static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
174 VncBasicInfo *info,
175 Error **errp)
176{
177 SocketAddress *addr = NULL;
178
179 addr = qio_channel_socket_get_remote_address(ioc, errp);
180 if (!addr) {
181 return;
182 }
183
184 vnc_init_basic_info(addr, info, errp);
185 qapi_free_SocketAddress(addr);
186}
187
188static const char *vnc_auth_name(VncDisplay *vd) {
189 switch (vd->auth) {
190 case VNC_AUTH_INVALID:
191 return "invalid";
192 case VNC_AUTH_NONE:
193 return "none";
194 case VNC_AUTH_VNC:
195 return "vnc";
196 case VNC_AUTH_RA2:
197 return "ra2";
198 case VNC_AUTH_RA2NE:
199 return "ra2ne";
200 case VNC_AUTH_TIGHT:
201 return "tight";
202 case VNC_AUTH_ULTRA:
203 return "ultra";
204 case VNC_AUTH_TLS:
205 return "tls";
206 case VNC_AUTH_VENCRYPT:
207 switch (vd->subauth) {
208 case VNC_AUTH_VENCRYPT_PLAIN:
209 return "vencrypt+plain";
210 case VNC_AUTH_VENCRYPT_TLSNONE:
211 return "vencrypt+tls+none";
212 case VNC_AUTH_VENCRYPT_TLSVNC:
213 return "vencrypt+tls+vnc";
214 case VNC_AUTH_VENCRYPT_TLSPLAIN:
215 return "vencrypt+tls+plain";
216 case VNC_AUTH_VENCRYPT_X509NONE:
217 return "vencrypt+x509+none";
218 case VNC_AUTH_VENCRYPT_X509VNC:
219 return "vencrypt+x509+vnc";
220 case VNC_AUTH_VENCRYPT_X509PLAIN:
221 return "vencrypt+x509+plain";
222 case VNC_AUTH_VENCRYPT_TLSSASL:
223 return "vencrypt+tls+sasl";
224 case VNC_AUTH_VENCRYPT_X509SASL:
225 return "vencrypt+x509+sasl";
226 default:
227 return "vencrypt";
228 }
229 case VNC_AUTH_SASL:
230 return "sasl";
231 }
232 return "unknown";
233}
234
235static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
236{
237 VncServerInfo *info;
238 Error *err = NULL;
239
240 if (!vd->listener || !vd->listener->nsioc) {
241 return NULL;
242 }
243
244 info = g_malloc0(sizeof(*info));
245 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
246 qapi_VncServerInfo_base(info), &err);
247 info->has_auth = true;
248 info->auth = g_strdup(vnc_auth_name(vd));
249 if (err) {
250 qapi_free_VncServerInfo(info);
251 info = NULL;
252 error_free(err);
253 }
254 return info;
255}
256
257static void vnc_client_cache_auth(VncState *client)
258{
259 if (!client->info) {
260 return;
261 }
262
263 if (client->tls) {
264 client->info->x509_dname =
265 qcrypto_tls_session_get_peer_name(client->tls);
266 client->info->has_x509_dname =
267 client->info->x509_dname != NULL;
268 }
269#ifdef CONFIG_VNC_SASL
270 if (client->sasl.conn &&
271 client->sasl.username) {
272 client->info->has_sasl_username = true;
273 client->info->sasl_username = g_strdup(client->sasl.username);
274 }
275#endif
276}
277
278static void vnc_client_cache_addr(VncState *client)
279{
280 Error *err = NULL;
281
282 client->info = g_malloc0(sizeof(*client->info));
283 vnc_init_basic_info_from_remote_addr(client->sioc,
284 qapi_VncClientInfo_base(client->info),
285 &err);
286 client->info->websocket = client->websocket;
287 if (err) {
288 qapi_free_VncClientInfo(client->info);
289 client->info = NULL;
290 error_free(err);
291 }
292}
293
294static void vnc_qmp_event(VncState *vs, QAPIEvent event)
295{
296 VncServerInfo *si;
297
298 if (!vs->info) {
299 return;
300 }
301
302 si = vnc_server_info_get(vs->vd);
303 if (!si) {
304 return;
305 }
306
307 switch (event) {
308 case QAPI_EVENT_VNC_CONNECTED:
309 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
310 break;
311 case QAPI_EVENT_VNC_INITIALIZED:
312 qapi_event_send_vnc_initialized(si, vs->info);
313 break;
314 case QAPI_EVENT_VNC_DISCONNECTED:
315 qapi_event_send_vnc_disconnected(si, vs->info);
316 break;
317 default:
318 break;
319 }
320
321 qapi_free_VncServerInfo(si);
322}
323
324static VncClientInfo *qmp_query_vnc_client(const VncState *client)
325{
326 VncClientInfo *info;
327 Error *err = NULL;
328
329 info = g_malloc0(sizeof(*info));
330
331 vnc_init_basic_info_from_remote_addr(client->sioc,
332 qapi_VncClientInfo_base(info),
333 &err);
334 if (err) {
335 error_free(err);
336 qapi_free_VncClientInfo(info);
337 return NULL;
338 }
339
340 info->websocket = client->websocket;
341
342 if (client->tls) {
343 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
344 info->has_x509_dname = info->x509_dname != NULL;
345 }
346#ifdef CONFIG_VNC_SASL
347 if (client->sasl.conn && client->sasl.username) {
348 info->has_sasl_username = true;
349 info->sasl_username = g_strdup(client->sasl.username);
350 }
351#endif
352
353 return info;
354}
355
356static VncDisplay *vnc_display_find(const char *id)
357{
358 VncDisplay *vd;
359
360 if (id == NULL) {
361 return QTAILQ_FIRST(&vnc_displays);
362 }
363 QTAILQ_FOREACH(vd, &vnc_displays, next) {
364 if (strcmp(id, vd->id) == 0) {
365 return vd;
366 }
367 }
368 return NULL;
369}
370
371static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
372{
373 VncClientInfoList *prev = NULL;
374 VncState *client;
375
376 QTAILQ_FOREACH(client, &vd->clients, next) {
377 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client));
378 }
379 return prev;
380}
381
382VncInfo *qmp_query_vnc(Error **errp)
383{
384 VncInfo *info = g_malloc0(sizeof(*info));
385 VncDisplay *vd = vnc_display_find(NULL);
386 SocketAddress *addr = NULL;
387
388 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
389 info->enabled = false;
390 } else {
391 info->enabled = true;
392
393
394 info->has_clients = true;
395 info->clients = qmp_query_client_list(vd);
396
397 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
398 errp);
399 if (!addr) {
400 goto out_error;
401 }
402
403 switch (addr->type) {
404 case SOCKET_ADDRESS_TYPE_INET:
405 info->host = g_strdup(addr->u.inet.host);
406 info->service = g_strdup(addr->u.inet.port);
407 if (addr->u.inet.ipv6) {
408 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
409 } else {
410 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
411 }
412 break;
413
414 case SOCKET_ADDRESS_TYPE_UNIX:
415 info->host = g_strdup("");
416 info->service = g_strdup(addr->u.q_unix.path);
417 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
418 break;
419
420 case SOCKET_ADDRESS_TYPE_VSOCK:
421 case SOCKET_ADDRESS_TYPE_FD:
422 error_setg(errp, "Unsupported socket address type %s",
423 SocketAddressType_str(addr->type));
424 goto out_error;
425 default:
426 abort();
427 }
428
429 info->has_host = true;
430 info->has_service = true;
431 info->has_family = true;
432
433 info->has_auth = true;
434 info->auth = g_strdup(vnc_auth_name(vd));
435 }
436
437 qapi_free_SocketAddress(addr);
438 return info;
439
440out_error:
441 qapi_free_SocketAddress(addr);
442 qapi_free_VncInfo(info);
443 return NULL;
444}
445
446
447static void qmp_query_auth(int auth, int subauth,
448 VncPrimaryAuth *qmp_auth,
449 VncVencryptSubAuth *qmp_vencrypt,
450 bool *qmp_has_vencrypt);
451
452static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
453 bool websocket,
454 int auth,
455 int subauth,
456 VncServerInfo2List *prev)
457{
458 VncServerInfo2 *info;
459 Error *err = NULL;
460 SocketAddress *addr;
461
462 addr = qio_channel_socket_get_local_address(ioc, NULL);
463 if (!addr) {
464 return prev;
465 }
466
467 info = g_new0(VncServerInfo2, 1);
468 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
469 qapi_free_SocketAddress(addr);
470 if (err) {
471 qapi_free_VncServerInfo2(info);
472 error_free(err);
473 return prev;
474 }
475 info->websocket = websocket;
476
477 qmp_query_auth(auth, subauth, &info->auth,
478 &info->vencrypt, &info->has_vencrypt);
479
480 QAPI_LIST_PREPEND(prev, info);
481 return prev;
482}
483
484static void qmp_query_auth(int auth, int subauth,
485 VncPrimaryAuth *qmp_auth,
486 VncVencryptSubAuth *qmp_vencrypt,
487 bool *qmp_has_vencrypt)
488{
489 switch (auth) {
490 case VNC_AUTH_VNC:
491 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
492 break;
493 case VNC_AUTH_RA2:
494 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
495 break;
496 case VNC_AUTH_RA2NE:
497 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
498 break;
499 case VNC_AUTH_TIGHT:
500 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
501 break;
502 case VNC_AUTH_ULTRA:
503 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
504 break;
505 case VNC_AUTH_TLS:
506 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
507 break;
508 case VNC_AUTH_VENCRYPT:
509 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
510 *qmp_has_vencrypt = true;
511 switch (subauth) {
512 case VNC_AUTH_VENCRYPT_PLAIN:
513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
514 break;
515 case VNC_AUTH_VENCRYPT_TLSNONE:
516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
517 break;
518 case VNC_AUTH_VENCRYPT_TLSVNC:
519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
520 break;
521 case VNC_AUTH_VENCRYPT_TLSPLAIN:
522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
523 break;
524 case VNC_AUTH_VENCRYPT_X509NONE:
525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
526 break;
527 case VNC_AUTH_VENCRYPT_X509VNC:
528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
529 break;
530 case VNC_AUTH_VENCRYPT_X509PLAIN:
531 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
532 break;
533 case VNC_AUTH_VENCRYPT_TLSSASL:
534 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
535 break;
536 case VNC_AUTH_VENCRYPT_X509SASL:
537 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
538 break;
539 default:
540 *qmp_has_vencrypt = false;
541 break;
542 }
543 break;
544 case VNC_AUTH_SASL:
545 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
546 break;
547 case VNC_AUTH_NONE:
548 default:
549 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
550 break;
551 }
552}
553
554VncInfo2List *qmp_query_vnc_servers(Error **errp)
555{
556 VncInfo2List *prev = NULL;
557 VncInfo2 *info;
558 VncDisplay *vd;
559 DeviceState *dev;
560 size_t i;
561
562 QTAILQ_FOREACH(vd, &vnc_displays, next) {
563 info = g_new0(VncInfo2, 1);
564 info->id = g_strdup(vd->id);
565 info->clients = qmp_query_client_list(vd);
566 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
567 &info->vencrypt, &info->has_vencrypt);
568 if (vd->dcl.con) {
569 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
570 "device", &error_abort));
571 info->has_display = true;
572 info->display = g_strdup(dev->id);
573 }
574 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
575 info->server = qmp_query_server_entry(
576 vd->listener->sioc[i], false, vd->auth, vd->subauth,
577 info->server);
578 }
579 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
580 info->server = qmp_query_server_entry(
581 vd->wslistener->sioc[i], true, vd->ws_auth,
582 vd->ws_subauth, info->server);
583 }
584
585 QAPI_LIST_PREPEND(prev, info);
586 }
587 return prev;
588}
589
590bool vnc_display_reload_certs(const char *id, Error **errp)
591{
592 VncDisplay *vd = vnc_display_find(id);
593 QCryptoTLSCredsClass *creds = NULL;
594
595 if (!vd) {
596 error_setg(errp, "Can not find vnc display");
597 return false;
598 }
599
600 if (!vd->tlscreds) {
601 error_setg(errp, "vnc tls is not enabled");
602 return false;
603 }
604
605 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
606 if (creds->reload == NULL) {
607 error_setg(errp, "%s doesn't support to reload TLS credential",
608 object_get_typename(OBJECT(vd->tlscreds)));
609 return false;
610 }
611 if (!creds->reload(vd->tlscreds, errp)) {
612 return false;
613 }
614
615 return true;
616}
617
618
619
620
621
622
623
624
625static int vnc_update_client(VncState *vs, int has_dirty);
626static void vnc_disconnect_start(VncState *vs);
627
628static void vnc_colordepth(VncState *vs);
629static void framebuffer_update_request(VncState *vs, int incremental,
630 int x_position, int y_position,
631 int w, int h);
632static void vnc_refresh(DisplayChangeListener *dcl);
633static int vnc_refresh_server_surface(VncDisplay *vd);
634
635static int vnc_width(VncDisplay *vd)
636{
637 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
638 VNC_DIRTY_PIXELS_PER_BIT));
639}
640
641static int vnc_true_width(VncDisplay *vd)
642{
643 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds));
644}
645
646static int vnc_height(VncDisplay *vd)
647{
648 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
649}
650
651static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
652 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
653 VncDisplay *vd,
654 int x, int y, int w, int h)
655{
656 int width = vnc_width(vd);
657 int height = vnc_height(vd);
658
659
660
661 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
662 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
663
664 x = MIN(x, width);
665 y = MIN(y, height);
666 w = MIN(x + w, width) - x;
667 h = MIN(y + h, height);
668
669 for (; y < h; y++) {
670 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
671 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
672 }
673}
674
675static void vnc_dpy_update(DisplayChangeListener *dcl,
676 int x, int y, int w, int h)
677{
678 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
679 struct VncSurface *s = &vd->guest;
680
681 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
682}
683
684void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
685 int32_t encoding)
686{
687 vnc_write_u16(vs, x);
688 vnc_write_u16(vs, y);
689 vnc_write_u16(vs, w);
690 vnc_write_u16(vs, h);
691
692 vnc_write_s32(vs, encoding);
693}
694
695static void vnc_desktop_resize_ext(VncState *vs, int reject_reason)
696{
697 trace_vnc_msg_server_ext_desktop_resize(
698 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason);
699
700 vnc_lock_output(vs);
701 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
702 vnc_write_u8(vs, 0);
703 vnc_write_u16(vs, 1);
704 vnc_framebuffer_update(vs,
705 reject_reason ? 1 : 0,
706 reject_reason,
707 vs->client_width, vs->client_height,
708 VNC_ENCODING_DESKTOP_RESIZE_EXT);
709 vnc_write_u8(vs, 1);
710 vnc_write_u8(vs, 0);
711 vnc_write_u8(vs, 0);
712 vnc_write_u8(vs, 0);
713 vnc_write_u32(vs, 0);
714 vnc_write_u16(vs, 0);
715 vnc_write_u16(vs, 0);
716 vnc_write_u16(vs, vs->client_width);
717 vnc_write_u16(vs, vs->client_height);
718 vnc_write_u32(vs, 0);
719 vnc_unlock_output(vs);
720 vnc_flush(vs);
721}
722
723static void vnc_desktop_resize(VncState *vs)
724{
725 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) &&
726 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) {
727 return;
728 }
729 if (vs->client_width == vs->vd->true_width &&
730 vs->client_height == pixman_image_get_height(vs->vd->server)) {
731 return;
732 }
733
734 assert(vs->vd->true_width < 65536 &&
735 vs->vd->true_width >= 0);
736 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
737 pixman_image_get_height(vs->vd->server) >= 0);
738 vs->client_width = vs->vd->true_width;
739 vs->client_height = pixman_image_get_height(vs->vd->server);
740
741 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
742 vnc_desktop_resize_ext(vs, 0);
743 return;
744 }
745
746 trace_vnc_msg_server_desktop_resize(
747 vs, vs->ioc, vs->client_width, vs->client_height);
748
749 vnc_lock_output(vs);
750 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
751 vnc_write_u8(vs, 0);
752 vnc_write_u16(vs, 1);
753 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
754 VNC_ENCODING_DESKTOPRESIZE);
755 vnc_unlock_output(vs);
756 vnc_flush(vs);
757}
758
759static void vnc_abort_display_jobs(VncDisplay *vd)
760{
761 VncState *vs;
762
763 QTAILQ_FOREACH(vs, &vd->clients, next) {
764 vnc_lock_output(vs);
765 vs->abort = true;
766 vnc_unlock_output(vs);
767 }
768 QTAILQ_FOREACH(vs, &vd->clients, next) {
769 vnc_jobs_join(vs);
770 }
771 QTAILQ_FOREACH(vs, &vd->clients, next) {
772 vnc_lock_output(vs);
773 if (vs->update == VNC_STATE_UPDATE_NONE &&
774 vs->job_update != VNC_STATE_UPDATE_NONE) {
775
776 vs->update = vs->job_update;
777 vs->job_update = VNC_STATE_UPDATE_NONE;
778 }
779 vs->abort = false;
780 vnc_unlock_output(vs);
781 }
782}
783
784int vnc_server_fb_stride(VncDisplay *vd)
785{
786 return pixman_image_get_stride(vd->server);
787}
788
789void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
790{
791 uint8_t *ptr;
792
793 ptr = (uint8_t *)pixman_image_get_data(vd->server);
794 ptr += y * vnc_server_fb_stride(vd);
795 ptr += x * VNC_SERVER_FB_BYTES;
796 return ptr;
797}
798
799static void vnc_update_server_surface(VncDisplay *vd)
800{
801 int width, height;
802
803 qemu_pixman_image_unref(vd->server);
804 vd->server = NULL;
805
806 if (QTAILQ_EMPTY(&vd->clients)) {
807 return;
808 }
809
810 width = vnc_width(vd);
811 height = vnc_height(vd);
812 vd->true_width = vnc_true_width(vd);
813 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
814 width, height,
815 NULL, 0);
816
817 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
818 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
819 width, height);
820}
821
822static bool vnc_check_pageflip(DisplaySurface *s1,
823 DisplaySurface *s2)
824{
825 return (s1 != NULL &&
826 s2 != NULL &&
827 surface_width(s1) == surface_width(s2) &&
828 surface_height(s1) == surface_height(s2) &&
829 surface_format(s1) == surface_format(s2));
830
831}
832
833static void vnc_dpy_switch(DisplayChangeListener *dcl,
834 DisplaySurface *surface)
835{
836 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
837 bool pageflip = vnc_check_pageflip(vd->ds, surface);
838 VncState *vs;
839
840 vnc_abort_display_jobs(vd);
841 vd->ds = surface;
842
843
844 qemu_pixman_image_unref(vd->guest.fb);
845 vd->guest.fb = pixman_image_ref(surface->image);
846 vd->guest.format = surface->format;
847
848
849 if (pageflip) {
850 trace_vnc_server_dpy_pageflip(vd,
851 surface_width(surface),
852 surface_height(surface),
853 surface_format(surface));
854 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
855 surface_width(surface),
856 surface_height(surface));
857 return;
858 }
859
860 trace_vnc_server_dpy_recreate(vd,
861 surface_width(surface),
862 surface_height(surface),
863 surface_format(surface));
864
865 vnc_update_server_surface(vd);
866
867 QTAILQ_FOREACH(vs, &vd->clients, next) {
868 vnc_colordepth(vs);
869 vnc_desktop_resize(vs);
870 vnc_cursor_define(vs);
871 memset(vs->dirty, 0x00, sizeof(vs->dirty));
872 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
873 vnc_width(vd),
874 vnc_height(vd));
875 vnc_update_throttle_offset(vs);
876 }
877}
878
879
880static void vnc_write_pixels_copy(VncState *vs,
881 void *pixels, int size)
882{
883 vnc_write(vs, pixels, size);
884}
885
886
887void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
888{
889 uint8_t r, g, b;
890
891#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
892 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
893 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
894 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
895#else
896# error need some bits here if you change VNC_SERVER_FB_FORMAT
897#endif
898 v = (r << vs->client_pf.rshift) |
899 (g << vs->client_pf.gshift) |
900 (b << vs->client_pf.bshift);
901 switch (vs->client_pf.bytes_per_pixel) {
902 case 1:
903 buf[0] = v;
904 break;
905 case 2:
906 if (vs->client_be) {
907 buf[0] = v >> 8;
908 buf[1] = v;
909 } else {
910 buf[1] = v >> 8;
911 buf[0] = v;
912 }
913 break;
914 default:
915 case 4:
916 if (vs->client_be) {
917 buf[0] = v >> 24;
918 buf[1] = v >> 16;
919 buf[2] = v >> 8;
920 buf[3] = v;
921 } else {
922 buf[3] = v >> 24;
923 buf[2] = v >> 16;
924 buf[1] = v >> 8;
925 buf[0] = v;
926 }
927 break;
928 }
929}
930
931static void vnc_write_pixels_generic(VncState *vs,
932 void *pixels1, int size)
933{
934 uint8_t buf[4];
935
936 if (VNC_SERVER_FB_BYTES == 4) {
937 uint32_t *pixels = pixels1;
938 int n, i;
939 n = size >> 2;
940 for (i = 0; i < n; i++) {
941 vnc_convert_pixel(vs, buf, pixels[i]);
942 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
943 }
944 }
945}
946
947int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
948{
949 int i;
950 uint8_t *row;
951 VncDisplay *vd = vs->vd;
952
953 row = vnc_server_fb_ptr(vd, x, y);
954 for (i = 0; i < h; i++) {
955 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
956 row += vnc_server_fb_stride(vd);
957 }
958 return 1;
959}
960
961int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
962{
963 int n = 0;
964
965 switch(vs->vnc_encoding) {
966 case VNC_ENCODING_ZLIB:
967 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
968 break;
969 case VNC_ENCODING_HEXTILE:
970 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
971 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
972 break;
973 case VNC_ENCODING_TIGHT:
974 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
975 break;
976 case VNC_ENCODING_TIGHT_PNG:
977 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
978 break;
979 case VNC_ENCODING_ZRLE:
980 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
981 break;
982 case VNC_ENCODING_ZYWRLE:
983 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
984 break;
985 default:
986 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
987 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
988 break;
989 }
990 return n;
991}
992
993static void vnc_mouse_set(DisplayChangeListener *dcl,
994 int x, int y, int visible)
995{
996
997}
998
999static int vnc_cursor_define(VncState *vs)
1000{
1001 QEMUCursor *c = vs->vd->cursor;
1002 int isize;
1003
1004 if (!vs->vd->cursor) {
1005 return -1;
1006 }
1007
1008 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) {
1009 vnc_lock_output(vs);
1010 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1011 vnc_write_u8(vs, 0);
1012 vnc_write_u16(vs, 1);
1013 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1014 VNC_ENCODING_ALPHA_CURSOR);
1015 vnc_write_s32(vs, VNC_ENCODING_RAW);
1016 vnc_write(vs, c->data, c->width * c->height * 4);
1017 vnc_unlock_output(vs);
1018 return 0;
1019 }
1020 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1021 vnc_lock_output(vs);
1022 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1023 vnc_write_u8(vs, 0);
1024 vnc_write_u16(vs, 1);
1025 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1026 VNC_ENCODING_RICH_CURSOR);
1027 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1028 vnc_write_pixels_generic(vs, c->data, isize);
1029 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1030 vnc_unlock_output(vs);
1031 return 0;
1032 }
1033 return -1;
1034}
1035
1036static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1037 QEMUCursor *c)
1038{
1039 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1040 VncState *vs;
1041
1042 cursor_put(vd->cursor);
1043 g_free(vd->cursor_mask);
1044
1045 vd->cursor = c;
1046 cursor_get(vd->cursor);
1047 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1048 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1049 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1050
1051 QTAILQ_FOREACH(vs, &vd->clients, next) {
1052 vnc_cursor_define(vs);
1053 }
1054}
1055
1056static int find_and_clear_dirty_height(VncState *vs,
1057 int y, int last_x, int x, int height)
1058{
1059 int h;
1060
1061 for (h = 1; h < (height - y); h++) {
1062 if (!test_bit(last_x, vs->dirty[y + h])) {
1063 break;
1064 }
1065 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1066 }
1067
1068 return h;
1069}
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081static void vnc_update_throttle_offset(VncState *vs)
1082{
1083 size_t offset =
1084 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1085
1086 if (vs->audio_cap) {
1087 int bps;
1088 switch (vs->as.fmt) {
1089 default:
1090 case AUDIO_FORMAT_U8:
1091 case AUDIO_FORMAT_S8:
1092 bps = 1;
1093 break;
1094 case AUDIO_FORMAT_U16:
1095 case AUDIO_FORMAT_S16:
1096 bps = 2;
1097 break;
1098 case AUDIO_FORMAT_U32:
1099 case AUDIO_FORMAT_S32:
1100 bps = 4;
1101 break;
1102 }
1103 offset += vs->as.freq * bps * vs->as.nchannels;
1104 }
1105
1106
1107
1108
1109
1110 offset = MAX(offset, 1024 * 1024);
1111
1112 if (vs->throttle_output_offset != offset) {
1113 trace_vnc_client_throttle_threshold(
1114 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1115 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1116 }
1117
1118 vs->throttle_output_offset = offset;
1119}
1120
1121static bool vnc_should_update(VncState *vs)
1122{
1123 switch (vs->update) {
1124 case VNC_STATE_UPDATE_NONE:
1125 break;
1126 case VNC_STATE_UPDATE_INCREMENTAL:
1127
1128
1129
1130
1131 if (vs->output.offset < vs->throttle_output_offset &&
1132 vs->job_update == VNC_STATE_UPDATE_NONE) {
1133 return true;
1134 }
1135 trace_vnc_client_throttle_incremental(
1136 vs, vs->ioc, vs->job_update, vs->output.offset);
1137 break;
1138 case VNC_STATE_UPDATE_FORCE:
1139
1140
1141
1142
1143
1144
1145
1146
1147 if (vs->force_update_offset == 0 &&
1148 vs->job_update == VNC_STATE_UPDATE_NONE) {
1149 return true;
1150 }
1151 trace_vnc_client_throttle_forced(
1152 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1153 break;
1154 }
1155 return false;
1156}
1157
1158static int vnc_update_client(VncState *vs, int has_dirty)
1159{
1160 VncDisplay *vd = vs->vd;
1161 VncJob *job;
1162 int y;
1163 int height, width;
1164 int n = 0;
1165
1166 if (vs->disconnecting) {
1167 vnc_disconnect_finish(vs);
1168 return 0;
1169 }
1170
1171 vs->has_dirty += has_dirty;
1172 if (!vnc_should_update(vs)) {
1173 return 0;
1174 }
1175
1176 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1177 return 0;
1178 }
1179
1180
1181
1182
1183
1184
1185
1186 job = vnc_job_new(vs);
1187
1188 height = pixman_image_get_height(vd->server);
1189 width = pixman_image_get_width(vd->server);
1190
1191 y = 0;
1192 for (;;) {
1193 int x, h;
1194 unsigned long x2;
1195 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1196 height * VNC_DIRTY_BPL(vs),
1197 y * VNC_DIRTY_BPL(vs));
1198 if (offset == height * VNC_DIRTY_BPL(vs)) {
1199
1200 break;
1201 }
1202 y = offset / VNC_DIRTY_BPL(vs);
1203 x = offset % VNC_DIRTY_BPL(vs);
1204 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1205 VNC_DIRTY_BPL(vs), x);
1206 bitmap_clear(vs->dirty[y], x, x2 - x);
1207 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1208 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1209 if (x2 > x) {
1210 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1211 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1212 }
1213 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1214 y += h;
1215 if (y == height) {
1216 break;
1217 }
1218 }
1219 }
1220
1221 vs->job_update = vs->update;
1222 vs->update = VNC_STATE_UPDATE_NONE;
1223 vnc_job_push(job);
1224 vs->has_dirty = 0;
1225 return n;
1226}
1227
1228
1229static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1230{
1231 VncState *vs = opaque;
1232
1233 assert(vs->magic == VNC_MAGIC);
1234 switch (cmd) {
1235 case AUD_CNOTIFY_DISABLE:
1236 trace_vnc_msg_server_audio_end(vs, vs->ioc);
1237 vnc_lock_output(vs);
1238 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1239 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1240 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1241 vnc_unlock_output(vs);
1242 vnc_flush(vs);
1243 break;
1244
1245 case AUD_CNOTIFY_ENABLE:
1246 trace_vnc_msg_server_audio_begin(vs, vs->ioc);
1247 vnc_lock_output(vs);
1248 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1249 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1250 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1251 vnc_unlock_output(vs);
1252 vnc_flush(vs);
1253 break;
1254 }
1255}
1256
1257static void audio_capture_destroy(void *opaque)
1258{
1259}
1260
1261static void audio_capture(void *opaque, const void *buf, int size)
1262{
1263 VncState *vs = opaque;
1264
1265 assert(vs->magic == VNC_MAGIC);
1266 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size);
1267 vnc_lock_output(vs);
1268 if (vs->output.offset < vs->throttle_output_offset) {
1269 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1270 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1271 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1272 vnc_write_u32(vs, size);
1273 vnc_write(vs, buf, size);
1274 } else {
1275 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1276 }
1277 vnc_unlock_output(vs);
1278 vnc_flush(vs);
1279}
1280
1281static void audio_add(VncState *vs)
1282{
1283 struct audio_capture_ops ops;
1284
1285 if (vs->audio_cap) {
1286 error_report("audio already running");
1287 return;
1288 }
1289
1290 ops.notify = audio_capture_notify;
1291 ops.destroy = audio_capture_destroy;
1292 ops.capture = audio_capture;
1293
1294 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1295 if (!vs->audio_cap) {
1296 error_report("Failed to add audio capture");
1297 }
1298}
1299
1300static void audio_del(VncState *vs)
1301{
1302 if (vs->audio_cap) {
1303 AUD_del_capture(vs->audio_cap, vs);
1304 vs->audio_cap = NULL;
1305 }
1306}
1307
1308static void vnc_disconnect_start(VncState *vs)
1309{
1310 if (vs->disconnecting) {
1311 return;
1312 }
1313 trace_vnc_client_disconnect_start(vs, vs->ioc);
1314 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1315 if (vs->ioc_tag) {
1316 g_source_remove(vs->ioc_tag);
1317 vs->ioc_tag = 0;
1318 }
1319 qio_channel_close(vs->ioc, NULL);
1320 vs->disconnecting = TRUE;
1321}
1322
1323void vnc_disconnect_finish(VncState *vs)
1324{
1325 int i;
1326
1327 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1328
1329 vnc_jobs_join(vs);
1330
1331 vnc_lock_output(vs);
1332 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1333
1334 buffer_free(&vs->input);
1335 buffer_free(&vs->output);
1336
1337 qapi_free_VncClientInfo(vs->info);
1338
1339 vnc_zlib_clear(vs);
1340 vnc_tight_clear(vs);
1341 vnc_zrle_clear(vs);
1342
1343#ifdef CONFIG_VNC_SASL
1344 vnc_sasl_client_cleanup(vs);
1345#endif
1346 audio_del(vs);
1347 qkbd_state_lift_all_keys(vs->vd->kbd);
1348
1349 if (vs->mouse_mode_notifier.notify != NULL) {
1350 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1351 }
1352 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1353 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1354
1355 vnc_update_server_surface(vs->vd);
1356 }
1357 vnc_unlock_output(vs);
1358
1359 if (vs->cbpeer.notifier.notify) {
1360 qemu_clipboard_peer_unregister(&vs->cbpeer);
1361 }
1362
1363 qemu_mutex_destroy(&vs->output_mutex);
1364 if (vs->bh != NULL) {
1365 qemu_bh_delete(vs->bh);
1366 }
1367 buffer_free(&vs->jobs_buffer);
1368
1369 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1370 g_free(vs->lossy_rect[i]);
1371 }
1372 g_free(vs->lossy_rect);
1373
1374 object_unref(OBJECT(vs->ioc));
1375 vs->ioc = NULL;
1376 object_unref(OBJECT(vs->sioc));
1377 vs->sioc = NULL;
1378 vs->magic = 0;
1379 g_free(vs->zrle);
1380 g_free(vs->tight);
1381 g_free(vs);
1382}
1383
1384size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1385{
1386 if (ret <= 0) {
1387 if (ret == 0) {
1388 trace_vnc_client_eof(vs, vs->ioc);
1389 vnc_disconnect_start(vs);
1390 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1391 trace_vnc_client_io_error(vs, vs->ioc,
1392 err ? error_get_pretty(err) : "Unknown");
1393 vnc_disconnect_start(vs);
1394 }
1395
1396 error_free(err);
1397 return 0;
1398 }
1399 return ret;
1400}
1401
1402
1403void vnc_client_error(VncState *vs)
1404{
1405 VNC_DEBUG("Closing down client sock: protocol error\n");
1406 vnc_disconnect_start(vs);
1407}
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1426{
1427 Error *err = NULL;
1428 ssize_t ret;
1429 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1430 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1431 return vnc_client_io_error(vs, ret, err);
1432}
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445static size_t vnc_client_write_plain(VncState *vs)
1446{
1447 size_t offset;
1448 size_t ret;
1449
1450#ifdef CONFIG_VNC_SASL
1451 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1452 vs->output.buffer, vs->output.capacity, vs->output.offset,
1453 vs->sasl.waitWriteSSF);
1454
1455 if (vs->sasl.conn &&
1456 vs->sasl.runSSF &&
1457 vs->sasl.waitWriteSSF) {
1458 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1459 if (ret)
1460 vs->sasl.waitWriteSSF -= ret;
1461 } else
1462#endif
1463 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1464 if (!ret)
1465 return 0;
1466
1467 if (ret >= vs->force_update_offset) {
1468 if (vs->force_update_offset != 0) {
1469 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1470 }
1471 vs->force_update_offset = 0;
1472 } else {
1473 vs->force_update_offset -= ret;
1474 }
1475 offset = vs->output.offset;
1476 buffer_advance(&vs->output, ret);
1477 if (offset >= vs->throttle_output_offset &&
1478 vs->output.offset < vs->throttle_output_offset) {
1479 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1480 }
1481
1482 if (vs->output.offset == 0) {
1483 if (vs->ioc_tag) {
1484 g_source_remove(vs->ioc_tag);
1485 }
1486 vs->ioc_tag = qio_channel_add_watch(
1487 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1488 vnc_client_io, vs, NULL);
1489 }
1490
1491 return ret;
1492}
1493
1494
1495
1496
1497
1498
1499
1500static void vnc_client_write_locked(VncState *vs)
1501{
1502#ifdef CONFIG_VNC_SASL
1503 if (vs->sasl.conn &&
1504 vs->sasl.runSSF &&
1505 !vs->sasl.waitWriteSSF) {
1506 vnc_client_write_sasl(vs);
1507 } else
1508#endif
1509 {
1510 vnc_client_write_plain(vs);
1511 }
1512}
1513
1514static void vnc_client_write(VncState *vs)
1515{
1516 assert(vs->magic == VNC_MAGIC);
1517 vnc_lock_output(vs);
1518 if (vs->output.offset) {
1519 vnc_client_write_locked(vs);
1520 } else if (vs->ioc != NULL) {
1521 if (vs->ioc_tag) {
1522 g_source_remove(vs->ioc_tag);
1523 }
1524 vs->ioc_tag = qio_channel_add_watch(
1525 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1526 vnc_client_io, vs, NULL);
1527 }
1528 vnc_unlock_output(vs);
1529}
1530
1531void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1532{
1533 vs->read_handler = func;
1534 vs->read_handler_expect = expecting;
1535}
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1554{
1555 ssize_t ret;
1556 Error *err = NULL;
1557 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1558 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1559 return vnc_client_io_error(vs, ret, err);
1560}
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572static size_t vnc_client_read_plain(VncState *vs)
1573{
1574 size_t ret;
1575 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1576 vs->input.buffer, vs->input.capacity, vs->input.offset);
1577 buffer_reserve(&vs->input, 4096);
1578 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1579 if (!ret)
1580 return 0;
1581 vs->input.offset += ret;
1582 return ret;
1583}
1584
1585static void vnc_jobs_bh(void *opaque)
1586{
1587 VncState *vs = opaque;
1588
1589 assert(vs->magic == VNC_MAGIC);
1590 vnc_jobs_consume_buffer(vs);
1591}
1592
1593
1594
1595
1596
1597
1598
1599static int vnc_client_read(VncState *vs)
1600{
1601 size_t ret;
1602
1603#ifdef CONFIG_VNC_SASL
1604 if (vs->sasl.conn && vs->sasl.runSSF)
1605 ret = vnc_client_read_sasl(vs);
1606 else
1607#endif
1608 ret = vnc_client_read_plain(vs);
1609 if (!ret) {
1610 if (vs->disconnecting) {
1611 vnc_disconnect_finish(vs);
1612 return -1;
1613 }
1614 return 0;
1615 }
1616
1617 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1618 size_t len = vs->read_handler_expect;
1619 int ret;
1620
1621 ret = vs->read_handler(vs, vs->input.buffer, len);
1622 if (vs->disconnecting) {
1623 vnc_disconnect_finish(vs);
1624 return -1;
1625 }
1626
1627 if (!ret) {
1628 buffer_advance(&vs->input, len);
1629 } else {
1630 vs->read_handler_expect = ret;
1631 }
1632 }
1633 return 0;
1634}
1635
1636gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1637 GIOCondition condition, void *opaque)
1638{
1639 VncState *vs = opaque;
1640
1641 assert(vs->magic == VNC_MAGIC);
1642
1643 if (condition & (G_IO_HUP | G_IO_ERR)) {
1644 vnc_disconnect_start(vs);
1645 return TRUE;
1646 }
1647
1648 if (condition & G_IO_IN) {
1649 if (vnc_client_read(vs) < 0) {
1650
1651 return TRUE;
1652 }
1653 }
1654 if (condition & G_IO_OUT) {
1655 vnc_client_write(vs);
1656 }
1657
1658 if (vs->disconnecting) {
1659 if (vs->ioc_tag != 0) {
1660 g_source_remove(vs->ioc_tag);
1661 }
1662 vs->ioc_tag = 0;
1663 }
1664 return TRUE;
1665}
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675#define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1676
1677void vnc_write(VncState *vs, const void *data, size_t len)
1678{
1679 assert(vs->magic == VNC_MAGIC);
1680 if (vs->disconnecting) {
1681 return;
1682 }
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694 if (vs->throttle_output_offset != 0 &&
1695 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1696 vs->throttle_output_offset) {
1697 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1698 vs->throttle_output_offset);
1699 vnc_disconnect_start(vs);
1700 return;
1701 }
1702 buffer_reserve(&vs->output, len);
1703
1704 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1705 if (vs->ioc_tag) {
1706 g_source_remove(vs->ioc_tag);
1707 }
1708 vs->ioc_tag = qio_channel_add_watch(
1709 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
1710 vnc_client_io, vs, NULL);
1711 }
1712
1713 buffer_append(&vs->output, data, len);
1714}
1715
1716void vnc_write_s32(VncState *vs, int32_t value)
1717{
1718 vnc_write_u32(vs, *(uint32_t *)&value);
1719}
1720
1721void vnc_write_u32(VncState *vs, uint32_t value)
1722{
1723 uint8_t buf[4];
1724
1725 buf[0] = (value >> 24) & 0xFF;
1726 buf[1] = (value >> 16) & 0xFF;
1727 buf[2] = (value >> 8) & 0xFF;
1728 buf[3] = value & 0xFF;
1729
1730 vnc_write(vs, buf, 4);
1731}
1732
1733void vnc_write_u16(VncState *vs, uint16_t value)
1734{
1735 uint8_t buf[2];
1736
1737 buf[0] = (value >> 8) & 0xFF;
1738 buf[1] = value & 0xFF;
1739
1740 vnc_write(vs, buf, 2);
1741}
1742
1743void vnc_write_u8(VncState *vs, uint8_t value)
1744{
1745 vnc_write(vs, (char *)&value, 1);
1746}
1747
1748void vnc_flush(VncState *vs)
1749{
1750 vnc_lock_output(vs);
1751 if (vs->ioc != NULL && vs->output.offset) {
1752 vnc_client_write_locked(vs);
1753 }
1754 if (vs->disconnecting) {
1755 if (vs->ioc_tag != 0) {
1756 g_source_remove(vs->ioc_tag);
1757 }
1758 vs->ioc_tag = 0;
1759 }
1760 vnc_unlock_output(vs);
1761}
1762
1763static uint8_t read_u8(uint8_t *data, size_t offset)
1764{
1765 return data[offset];
1766}
1767
1768static uint16_t read_u16(uint8_t *data, size_t offset)
1769{
1770 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1771}
1772
1773static int32_t read_s32(uint8_t *data, size_t offset)
1774{
1775 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1776 (data[offset + 2] << 8) | data[offset + 3]);
1777}
1778
1779uint32_t read_u32(uint8_t *data, size_t offset)
1780{
1781 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1782 (data[offset + 2] << 8) | data[offset + 3]);
1783}
1784
1785static void check_pointer_type_change(Notifier *notifier, void *data)
1786{
1787 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1788 int absolute = qemu_input_is_absolute();
1789
1790 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1791 vnc_lock_output(vs);
1792 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1793 vnc_write_u8(vs, 0);
1794 vnc_write_u16(vs, 1);
1795 vnc_framebuffer_update(vs, absolute, 0,
1796 pixman_image_get_width(vs->vd->server),
1797 pixman_image_get_height(vs->vd->server),
1798 VNC_ENCODING_POINTER_TYPE_CHANGE);
1799 vnc_unlock_output(vs);
1800 vnc_flush(vs);
1801 }
1802 vs->absolute = absolute;
1803}
1804
1805static void pointer_event(VncState *vs, int button_mask, int x, int y)
1806{
1807 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1808 [INPUT_BUTTON_LEFT] = 0x01,
1809 [INPUT_BUTTON_MIDDLE] = 0x02,
1810 [INPUT_BUTTON_RIGHT] = 0x04,
1811 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1812 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1813 };
1814 QemuConsole *con = vs->vd->dcl.con;
1815 int width = pixman_image_get_width(vs->vd->server);
1816 int height = pixman_image_get_height(vs->vd->server);
1817
1818 if (vs->last_bmask != button_mask) {
1819 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1820 vs->last_bmask = button_mask;
1821 }
1822
1823 if (vs->absolute) {
1824 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1825 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1826 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1827 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1828 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1829 } else {
1830 if (vs->last_x != -1) {
1831 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1832 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1833 }
1834 vs->last_x = x;
1835 vs->last_y = y;
1836 }
1837 qemu_input_event_sync();
1838}
1839
1840static void press_key(VncState *vs, QKeyCode qcode)
1841{
1842 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1843 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1844}
1845
1846static void vnc_led_state_change(VncState *vs)
1847{
1848 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1849 return;
1850 }
1851
1852 vnc_lock_output(vs);
1853 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1854 vnc_write_u8(vs, 0);
1855 vnc_write_u16(vs, 1);
1856 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1857 vnc_write_u8(vs, vs->vd->ledstate);
1858 vnc_unlock_output(vs);
1859 vnc_flush(vs);
1860}
1861
1862static void kbd_leds(void *opaque, int ledstate)
1863{
1864 VncDisplay *vd = opaque;
1865 VncState *client;
1866
1867 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1868 (ledstate & QEMU_NUM_LOCK_LED),
1869 (ledstate & QEMU_SCROLL_LOCK_LED));
1870
1871 if (ledstate == vd->ledstate) {
1872 return;
1873 }
1874
1875 vd->ledstate = ledstate;
1876
1877 QTAILQ_FOREACH(client, &vd->clients, next) {
1878 vnc_led_state_change(client);
1879 }
1880}
1881
1882static void do_key_event(VncState *vs, int down, int keycode, int sym)
1883{
1884 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1885
1886
1887 switch (qcode) {
1888 case Q_KEY_CODE_1 ... Q_KEY_CODE_9:
1889 if (vs->vd->dcl.con == NULL && down &&
1890 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1891 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1892
1893 qkbd_state_lift_all_keys(vs->vd->kbd);
1894 console_select(qcode - Q_KEY_CODE_1);
1895 return;
1896 }
1897 default:
1898 break;
1899 }
1900
1901
1902
1903
1904 if (down && vs->vd->lock_key_sync &&
1905 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1906 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1907
1908
1909
1910
1911 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1912 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1913 trace_vnc_key_sync_numlock(true);
1914 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1915 }
1916 } else {
1917 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1918 trace_vnc_key_sync_numlock(false);
1919 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1920 }
1921 }
1922 }
1923
1924 if (down && vs->vd->lock_key_sync &&
1925 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1926 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1927
1928
1929
1930
1931 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1932 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1933 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1934 if (capslock) {
1935 if (uppercase == shift) {
1936 trace_vnc_key_sync_capslock(false);
1937 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1938 }
1939 } else {
1940 if (uppercase != shift) {
1941 trace_vnc_key_sync_capslock(true);
1942 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1943 }
1944 }
1945 }
1946
1947 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1948 if (!qemu_console_is_graphic(NULL)) {
1949 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1950 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1951
1952 if (down) {
1953 switch (keycode) {
1954 case 0x2a:
1955 case 0x36:
1956 case 0x1d:
1957 case 0x9d:
1958 case 0x38:
1959 case 0xb8:
1960 break;
1961 case 0xc8:
1962 kbd_put_keysym(QEMU_KEY_UP);
1963 break;
1964 case 0xd0:
1965 kbd_put_keysym(QEMU_KEY_DOWN);
1966 break;
1967 case 0xcb:
1968 kbd_put_keysym(QEMU_KEY_LEFT);
1969 break;
1970 case 0xcd:
1971 kbd_put_keysym(QEMU_KEY_RIGHT);
1972 break;
1973 case 0xd3:
1974 kbd_put_keysym(QEMU_KEY_DELETE);
1975 break;
1976 case 0xc7:
1977 kbd_put_keysym(QEMU_KEY_HOME);
1978 break;
1979 case 0xcf:
1980 kbd_put_keysym(QEMU_KEY_END);
1981 break;
1982 case 0xc9:
1983 kbd_put_keysym(QEMU_KEY_PAGEUP);
1984 break;
1985 case 0xd1:
1986 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1987 break;
1988
1989 case 0x47:
1990 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1991 break;
1992 case 0x48:
1993 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1994 break;
1995 case 0x49:
1996 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1997 break;
1998 case 0x4b:
1999 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
2000 break;
2001 case 0x4c:
2002 kbd_put_keysym('5');
2003 break;
2004 case 0x4d:
2005 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
2006 break;
2007 case 0x4f:
2008 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
2009 break;
2010 case 0x50:
2011 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
2012 break;
2013 case 0x51:
2014 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
2015 break;
2016 case 0x52:
2017 kbd_put_keysym('0');
2018 break;
2019 case 0x53:
2020 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
2021 break;
2022
2023 case 0xb5:
2024 kbd_put_keysym('/');
2025 break;
2026 case 0x37:
2027 kbd_put_keysym('*');
2028 break;
2029 case 0x4a:
2030 kbd_put_keysym('-');
2031 break;
2032 case 0x4e:
2033 kbd_put_keysym('+');
2034 break;
2035 case 0x9c:
2036 kbd_put_keysym('\n');
2037 break;
2038
2039 default:
2040 if (control) {
2041 kbd_put_keysym(sym & 0x1f);
2042 } else {
2043 kbd_put_keysym(sym);
2044 }
2045 break;
2046 }
2047 }
2048 }
2049}
2050
2051static const char *code2name(int keycode)
2052{
2053 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2054}
2055
2056static void key_event(VncState *vs, int down, uint32_t sym)
2057{
2058 int keycode;
2059 int lsym = sym;
2060
2061 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
2062 lsym = lsym - 'A' + 'a';
2063 }
2064
2065 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2066 vs->vd->kbd, down) & SCANCODE_KEYMASK;
2067 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2068 do_key_event(vs, down, keycode, sym);
2069}
2070
2071static void ext_key_event(VncState *vs, int down,
2072 uint32_t sym, uint16_t keycode)
2073{
2074
2075 if (keyboard_layout) {
2076 key_event(vs, down, sym);
2077 } else {
2078 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2079 do_key_event(vs, down, keycode, sym);
2080 }
2081}
2082
2083static void framebuffer_update_request(VncState *vs, int incremental,
2084 int x, int y, int w, int h)
2085{
2086 if (incremental) {
2087 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2088 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2089 }
2090 } else {
2091 vs->update = VNC_STATE_UPDATE_FORCE;
2092 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2093 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
2094 vnc_desktop_resize_ext(vs, 0);
2095 }
2096 }
2097}
2098
2099static void send_ext_key_event_ack(VncState *vs)
2100{
2101 vnc_lock_output(vs);
2102 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2103 vnc_write_u8(vs, 0);
2104 vnc_write_u16(vs, 1);
2105 vnc_framebuffer_update(vs, 0, 0,
2106 pixman_image_get_width(vs->vd->server),
2107 pixman_image_get_height(vs->vd->server),
2108 VNC_ENCODING_EXT_KEY_EVENT);
2109 vnc_unlock_output(vs);
2110 vnc_flush(vs);
2111}
2112
2113static void send_ext_audio_ack(VncState *vs)
2114{
2115 vnc_lock_output(vs);
2116 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2117 vnc_write_u8(vs, 0);
2118 vnc_write_u16(vs, 1);
2119 vnc_framebuffer_update(vs, 0, 0,
2120 pixman_image_get_width(vs->vd->server),
2121 pixman_image_get_height(vs->vd->server),
2122 VNC_ENCODING_AUDIO);
2123 vnc_unlock_output(vs);
2124 vnc_flush(vs);
2125}
2126
2127static void send_xvp_message(VncState *vs, int code)
2128{
2129 vnc_lock_output(vs);
2130 vnc_write_u8(vs, VNC_MSG_SERVER_XVP);
2131 vnc_write_u8(vs, 0);
2132 vnc_write_u8(vs, 1);
2133 vnc_write_u8(vs, code);
2134 vnc_unlock_output(vs);
2135 vnc_flush(vs);
2136}
2137
2138static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2139{
2140 int i;
2141 unsigned int enc = 0;
2142
2143 vs->features = 0;
2144 vs->vnc_encoding = 0;
2145 vs->tight->compression = 9;
2146 vs->tight->quality = -1;
2147 vs->absolute = -1;
2148
2149
2150
2151
2152
2153
2154 for (i = n_encodings - 1; i >= 0; i--) {
2155 enc = encodings[i];
2156 switch (enc) {
2157 case VNC_ENCODING_RAW:
2158 vs->vnc_encoding = enc;
2159 break;
2160 case VNC_ENCODING_HEXTILE:
2161 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2162 vs->vnc_encoding = enc;
2163 break;
2164 case VNC_ENCODING_TIGHT:
2165 vs->features |= VNC_FEATURE_TIGHT_MASK;
2166 vs->vnc_encoding = enc;
2167 break;
2168#ifdef CONFIG_VNC_PNG
2169 case VNC_ENCODING_TIGHT_PNG:
2170 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2171 vs->vnc_encoding = enc;
2172 break;
2173#endif
2174 case VNC_ENCODING_ZLIB:
2175
2176
2177
2178
2179
2180 if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) {
2181 vs->features |= VNC_FEATURE_ZLIB_MASK;
2182 vs->vnc_encoding = enc;
2183 }
2184 break;
2185 case VNC_ENCODING_ZRLE:
2186 vs->features |= VNC_FEATURE_ZRLE_MASK;
2187 vs->vnc_encoding = enc;
2188 break;
2189 case VNC_ENCODING_ZYWRLE:
2190 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2191 vs->vnc_encoding = enc;
2192 break;
2193 case VNC_ENCODING_DESKTOPRESIZE:
2194 vs->features |= VNC_FEATURE_RESIZE_MASK;
2195 break;
2196 case VNC_ENCODING_DESKTOP_RESIZE_EXT:
2197 vs->features |= VNC_FEATURE_RESIZE_EXT_MASK;
2198 break;
2199 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2200 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2201 break;
2202 case VNC_ENCODING_RICH_CURSOR:
2203 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2204 break;
2205 case VNC_ENCODING_ALPHA_CURSOR:
2206 vs->features |= VNC_FEATURE_ALPHA_CURSOR_MASK;
2207 break;
2208 case VNC_ENCODING_EXT_KEY_EVENT:
2209 send_ext_key_event_ack(vs);
2210 break;
2211 case VNC_ENCODING_AUDIO:
2212 send_ext_audio_ack(vs);
2213 break;
2214 case VNC_ENCODING_WMVi:
2215 vs->features |= VNC_FEATURE_WMVI_MASK;
2216 break;
2217 case VNC_ENCODING_LED_STATE:
2218 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2219 break;
2220 case VNC_ENCODING_XVP:
2221 if (vs->vd->power_control) {
2222 vs->features |= VNC_FEATURE_XVP;
2223 send_xvp_message(vs, VNC_XVP_CODE_INIT);
2224 }
2225 break;
2226 case VNC_ENCODING_CLIPBOARD_EXT:
2227 vs->features |= VNC_FEATURE_CLIPBOARD_EXT_MASK;
2228 vnc_server_cut_text_caps(vs);
2229 break;
2230 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2231 vs->tight->compression = (enc & 0x0F);
2232 break;
2233 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2234 if (vs->vd->lossy) {
2235 vs->tight->quality = (enc & 0x0F);
2236 }
2237 break;
2238 default:
2239 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2240 break;
2241 }
2242 }
2243 vnc_desktop_resize(vs);
2244 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2245 vnc_led_state_change(vs);
2246 vnc_cursor_define(vs);
2247}
2248
2249static void set_pixel_conversion(VncState *vs)
2250{
2251 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2252
2253 if (fmt == VNC_SERVER_FB_FORMAT) {
2254 vs->write_pixels = vnc_write_pixels_copy;
2255 vnc_hextile_set_pixel_conversion(vs, 0);
2256 } else {
2257 vs->write_pixels = vnc_write_pixels_generic;
2258 vnc_hextile_set_pixel_conversion(vs, 1);
2259 }
2260}
2261
2262static void send_color_map(VncState *vs)
2263{
2264 int i;
2265
2266 vnc_lock_output(vs);
2267 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2268 vnc_write_u8(vs, 0);
2269 vnc_write_u16(vs, 0);
2270 vnc_write_u16(vs, 256);
2271
2272 for (i = 0; i < 256; i++) {
2273 PixelFormat *pf = &vs->client_pf;
2274
2275 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2276 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2277 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2278 }
2279 vnc_unlock_output(vs);
2280}
2281
2282static void set_pixel_format(VncState *vs, int bits_per_pixel,
2283 int big_endian_flag, int true_color_flag,
2284 int red_max, int green_max, int blue_max,
2285 int red_shift, int green_shift, int blue_shift)
2286{
2287 if (!true_color_flag) {
2288
2289 bits_per_pixel = 8;
2290 red_max = 7;
2291 green_max = 7;
2292 blue_max = 3;
2293 red_shift = 0;
2294 green_shift = 3;
2295 blue_shift = 6;
2296 }
2297
2298 switch (bits_per_pixel) {
2299 case 8:
2300 case 16:
2301 case 32:
2302 break;
2303 default:
2304 vnc_client_error(vs);
2305 return;
2306 }
2307
2308 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2309 vs->client_pf.rbits = ctpopl(red_max);
2310 vs->client_pf.rshift = red_shift;
2311 vs->client_pf.rmask = red_max << red_shift;
2312 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2313 vs->client_pf.gbits = ctpopl(green_max);
2314 vs->client_pf.gshift = green_shift;
2315 vs->client_pf.gmask = green_max << green_shift;
2316 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2317 vs->client_pf.bbits = ctpopl(blue_max);
2318 vs->client_pf.bshift = blue_shift;
2319 vs->client_pf.bmask = blue_max << blue_shift;
2320 vs->client_pf.bits_per_pixel = bits_per_pixel;
2321 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2322 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2323 vs->client_be = big_endian_flag;
2324
2325 if (!true_color_flag) {
2326 send_color_map(vs);
2327 }
2328
2329 set_pixel_conversion(vs);
2330
2331 graphic_hw_invalidate(vs->vd->dcl.con);
2332 graphic_hw_update(vs->vd->dcl.con);
2333}
2334
2335static void pixel_format_message (VncState *vs) {
2336 char pad[3] = { 0, 0, 0 };
2337
2338 vs->client_pf = qemu_default_pixelformat(32);
2339
2340 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
2341 vnc_write_u8(vs, vs->client_pf.depth);
2342
2343#ifdef HOST_WORDS_BIGENDIAN
2344 vnc_write_u8(vs, 1);
2345#else
2346 vnc_write_u8(vs, 0);
2347#endif
2348 vnc_write_u8(vs, 1);
2349 vnc_write_u16(vs, vs->client_pf.rmax);
2350 vnc_write_u16(vs, vs->client_pf.gmax);
2351 vnc_write_u16(vs, vs->client_pf.bmax);
2352 vnc_write_u8(vs, vs->client_pf.rshift);
2353 vnc_write_u8(vs, vs->client_pf.gshift);
2354 vnc_write_u8(vs, vs->client_pf.bshift);
2355 vnc_write(vs, pad, 3);
2356
2357 vnc_hextile_set_pixel_conversion(vs, 0);
2358 vs->write_pixels = vnc_write_pixels_copy;
2359}
2360
2361static void vnc_colordepth(VncState *vs)
2362{
2363 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2364
2365 vnc_lock_output(vs);
2366 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2367 vnc_write_u8(vs, 0);
2368 vnc_write_u16(vs, 1);
2369 vnc_framebuffer_update(vs, 0, 0,
2370 vs->client_width,
2371 vs->client_height,
2372 VNC_ENCODING_WMVi);
2373 pixel_format_message(vs);
2374 vnc_unlock_output(vs);
2375 vnc_flush(vs);
2376 } else {
2377 set_pixel_conversion(vs);
2378 }
2379}
2380
2381static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2382{
2383 int i;
2384 uint16_t limit;
2385 uint32_t freq;
2386 VncDisplay *vd = vs->vd;
2387
2388 if (data[0] > 3) {
2389 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2390 }
2391
2392 switch (data[0]) {
2393 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2394 if (len == 1)
2395 return 20;
2396
2397 set_pixel_format(vs, read_u8(data, 4),
2398 read_u8(data, 6), read_u8(data, 7),
2399 read_u16(data, 8), read_u16(data, 10),
2400 read_u16(data, 12), read_u8(data, 14),
2401 read_u8(data, 15), read_u8(data, 16));
2402 break;
2403 case VNC_MSG_CLIENT_SET_ENCODINGS:
2404 if (len == 1)
2405 return 4;
2406
2407 if (len == 4) {
2408 limit = read_u16(data, 2);
2409 if (limit > 0)
2410 return 4 + (limit * 4);
2411 } else
2412 limit = read_u16(data, 2);
2413
2414 for (i = 0; i < limit; i++) {
2415 int32_t val = read_s32(data, 4 + (i * 4));
2416 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2417 }
2418
2419 set_encodings(vs, (int32_t *)(data + 4), limit);
2420 break;
2421 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2422 if (len == 1)
2423 return 10;
2424
2425 framebuffer_update_request(vs,
2426 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2427 read_u16(data, 6), read_u16(data, 8));
2428 break;
2429 case VNC_MSG_CLIENT_KEY_EVENT:
2430 if (len == 1)
2431 return 8;
2432
2433 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2434 break;
2435 case VNC_MSG_CLIENT_POINTER_EVENT:
2436 if (len == 1)
2437 return 6;
2438
2439 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2440 break;
2441 case VNC_MSG_CLIENT_CUT_TEXT:
2442 if (len == 1) {
2443 return 8;
2444 }
2445 if (len == 8) {
2446 uint32_t dlen = abs(read_s32(data, 4));
2447 if (dlen > (1 << 20)) {
2448 error_report("vnc: client_cut_text msg payload has %u bytes"
2449 " which exceeds our limit of 1MB.", dlen);
2450 vnc_client_error(vs);
2451 break;
2452 }
2453 if (dlen > 0) {
2454 return 8 + dlen;
2455 }
2456 }
2457
2458 if (read_s32(data, 4) < 0) {
2459 vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)),
2460 read_u32(data, 8), data + 12);
2461 break;
2462 }
2463 vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
2464 break;
2465 case VNC_MSG_CLIENT_XVP:
2466 if (!(vs->features & VNC_FEATURE_XVP)) {
2467 error_report("vnc: xvp client message while disabled");
2468 vnc_client_error(vs);
2469 break;
2470 }
2471 if (len == 1) {
2472 return 4;
2473 }
2474 if (len == 4) {
2475 uint8_t version = read_u8(data, 2);
2476 uint8_t action = read_u8(data, 3);
2477
2478 if (version != 1) {
2479 error_report("vnc: xvp client message version %d != 1",
2480 version);
2481 vnc_client_error(vs);
2482 break;
2483 }
2484
2485 switch (action) {
2486 case VNC_XVP_ACTION_SHUTDOWN:
2487 qemu_system_powerdown_request();
2488 break;
2489 case VNC_XVP_ACTION_REBOOT:
2490 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2491 break;
2492 case VNC_XVP_ACTION_RESET:
2493 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET);
2494 break;
2495 default:
2496 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2497 break;
2498 }
2499 }
2500 break;
2501 case VNC_MSG_CLIENT_QEMU:
2502 if (len == 1)
2503 return 2;
2504
2505 switch (read_u8(data, 1)) {
2506 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2507 if (len == 2)
2508 return 12;
2509
2510 ext_key_event(vs, read_u16(data, 2),
2511 read_u32(data, 4), read_u32(data, 8));
2512 break;
2513 case VNC_MSG_CLIENT_QEMU_AUDIO:
2514 if (len == 2)
2515 return 4;
2516
2517 switch (read_u16 (data, 2)) {
2518 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2519 trace_vnc_msg_client_audio_enable(vs, vs->ioc);
2520 audio_add(vs);
2521 break;
2522 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2523 trace_vnc_msg_client_audio_disable(vs, vs->ioc);
2524 audio_del(vs);
2525 break;
2526 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2527 if (len == 4)
2528 return 10;
2529 switch (read_u8(data, 4)) {
2530 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2531 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2532 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2533 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2534 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2535 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2536 default:
2537 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2538 vnc_client_error(vs);
2539 break;
2540 }
2541 vs->as.nchannels = read_u8(data, 5);
2542 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2543 VNC_DEBUG("Invalid audio channel count %d\n",
2544 read_u8(data, 5));
2545 vnc_client_error(vs);
2546 break;
2547 }
2548 freq = read_u32(data, 6);
2549
2550
2551
2552
2553 if (freq > 48000) {
2554 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2555 vnc_client_error(vs);
2556 break;
2557 }
2558 vs->as.freq = freq;
2559 trace_vnc_msg_client_audio_format(
2560 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq);
2561 break;
2562 default:
2563 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2564 vnc_client_error(vs);
2565 break;
2566 }
2567 break;
2568
2569 default:
2570 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2571 vnc_client_error(vs);
2572 break;
2573 }
2574 break;
2575 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE:
2576 {
2577 size_t size;
2578 uint8_t screens;
2579 int w, h;
2580
2581 if (len < 8) {
2582 return 8;
2583 }
2584
2585 screens = read_u8(data, 6);
2586 size = 8 + screens * 16;
2587 if (len < size) {
2588 return size;
2589 }
2590 w = read_u16(data, 2);
2591 h = read_u16(data, 4);
2592
2593 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens);
2594 if (dpy_ui_info_supported(vs->vd->dcl.con)) {
2595 QemuUIInfo info;
2596 memset(&info, 0, sizeof(info));
2597 info.width = w;
2598 info.height = h;
2599 dpy_set_ui_info(vs->vd->dcl.con, &info, false);
2600 vnc_desktop_resize_ext(vs, 4 );
2601 } else {
2602 vnc_desktop_resize_ext(vs, 3 );
2603 }
2604
2605 break;
2606 }
2607 default:
2608 VNC_DEBUG("Msg: %d\n", data[0]);
2609 vnc_client_error(vs);
2610 break;
2611 }
2612
2613 vnc_update_throttle_offset(vs);
2614 vnc_read_when(vs, protocol_client_msg, 1);
2615 return 0;
2616}
2617
2618static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2619{
2620 char buf[1024];
2621 VncShareMode mode;
2622 int size;
2623
2624 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2625 switch (vs->vd->share_policy) {
2626 case VNC_SHARE_POLICY_IGNORE:
2627
2628
2629
2630
2631
2632
2633
2634 break;
2635 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2646 VncState *client;
2647 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2648 if (vs == client) {
2649 continue;
2650 }
2651 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2652 client->share_mode != VNC_SHARE_MODE_SHARED) {
2653 continue;
2654 }
2655 vnc_disconnect_start(client);
2656 }
2657 }
2658 if (mode == VNC_SHARE_MODE_SHARED) {
2659 if (vs->vd->num_exclusive > 0) {
2660 vnc_disconnect_start(vs);
2661 return 0;
2662 }
2663 }
2664 break;
2665 case VNC_SHARE_POLICY_FORCE_SHARED:
2666
2667
2668
2669
2670
2671
2672
2673
2674 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2675 vnc_disconnect_start(vs);
2676 return 0;
2677 }
2678 break;
2679 }
2680 vnc_set_share_mode(vs, mode);
2681
2682 if (vs->vd->num_shared > vs->vd->connections_limit) {
2683 vnc_disconnect_start(vs);
2684 return 0;
2685 }
2686
2687 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2688 pixman_image_get_width(vs->vd->server) >= 0);
2689 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2690 pixman_image_get_height(vs->vd->server) >= 0);
2691 vs->client_width = pixman_image_get_width(vs->vd->server);
2692 vs->client_height = pixman_image_get_height(vs->vd->server);
2693 vnc_write_u16(vs, vs->client_width);
2694 vnc_write_u16(vs, vs->client_height);
2695
2696 pixel_format_message(vs);
2697
2698 if (qemu_name) {
2699 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2700 if (size > sizeof(buf)) {
2701 size = sizeof(buf);
2702 }
2703 } else {
2704 size = snprintf(buf, sizeof(buf), "QEMU");
2705 }
2706
2707 vnc_write_u32(vs, size);
2708 vnc_write(vs, buf, size);
2709 vnc_flush(vs);
2710
2711 vnc_client_cache_auth(vs);
2712 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2713
2714 vnc_read_when(vs, protocol_client_msg, 1);
2715
2716 return 0;
2717}
2718
2719void start_client_init(VncState *vs)
2720{
2721 vnc_read_when(vs, protocol_client_init, 1);
2722}
2723
2724static void authentication_failed(VncState *vs)
2725{
2726 vnc_write_u32(vs, 1);
2727 if (vs->minor >= 8) {
2728 static const char err[] = "Authentication failed";
2729 vnc_write_u32(vs, sizeof(err));
2730 vnc_write(vs, err, sizeof(err));
2731 }
2732 vnc_flush(vs);
2733 vnc_client_error(vs);
2734}
2735
2736static void
2737vnc_munge_des_rfb_key(unsigned char *key, size_t nkey)
2738{
2739 size_t i;
2740 for (i = 0; i < nkey; i++) {
2741 uint8_t r = key[i];
2742 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4;
2743 r = (r & 0xcc) >> 2 | (r & 0x33) << 2;
2744 r = (r & 0xaa) >> 1 | (r & 0x55) << 1;
2745 key[i] = r;
2746 }
2747}
2748
2749static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2750{
2751 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2752 size_t i, pwlen;
2753 unsigned char key[8];
2754 time_t now = time(NULL);
2755 QCryptoCipher *cipher = NULL;
2756 Error *err = NULL;
2757
2758 if (!vs->vd->password) {
2759 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2760 goto reject;
2761 }
2762 if (vs->vd->expires < now) {
2763 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2764 goto reject;
2765 }
2766
2767 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2768
2769
2770 pwlen = strlen(vs->vd->password);
2771 for (i=0; i<sizeof(key); i++)
2772 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2773 vnc_munge_des_rfb_key(key, sizeof(key));
2774
2775 cipher = qcrypto_cipher_new(
2776 QCRYPTO_CIPHER_ALG_DES,
2777 QCRYPTO_CIPHER_MODE_ECB,
2778 key, G_N_ELEMENTS(key),
2779 &err);
2780 if (!cipher) {
2781 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2782 error_get_pretty(err));
2783 error_free(err);
2784 goto reject;
2785 }
2786
2787 if (qcrypto_cipher_encrypt(cipher,
2788 vs->challenge,
2789 response,
2790 VNC_AUTH_CHALLENGE_SIZE,
2791 &err) < 0) {
2792 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2793 error_get_pretty(err));
2794 error_free(err);
2795 goto reject;
2796 }
2797
2798
2799 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2800 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2801 goto reject;
2802 } else {
2803 trace_vnc_auth_pass(vs, vs->auth);
2804 vnc_write_u32(vs, 0);
2805 vnc_flush(vs);
2806
2807 start_client_init(vs);
2808 }
2809
2810 qcrypto_cipher_free(cipher);
2811 return 0;
2812
2813reject:
2814 authentication_failed(vs);
2815 qcrypto_cipher_free(cipher);
2816 return 0;
2817}
2818
2819void start_auth_vnc(VncState *vs)
2820{
2821 Error *err = NULL;
2822
2823 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2824 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2825 error_get_pretty(err));
2826 error_free(err);
2827 authentication_failed(vs);
2828 return;
2829 }
2830
2831
2832 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2833 vnc_flush(vs);
2834
2835 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2836}
2837
2838
2839static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2840{
2841
2842
2843 if (data[0] != vs->auth) {
2844 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2845 authentication_failed(vs);
2846 } else {
2847 trace_vnc_auth_start(vs, vs->auth);
2848 switch (vs->auth) {
2849 case VNC_AUTH_NONE:
2850 if (vs->minor >= 8) {
2851 vnc_write_u32(vs, 0);
2852 vnc_flush(vs);
2853 }
2854 trace_vnc_auth_pass(vs, vs->auth);
2855 start_client_init(vs);
2856 break;
2857
2858 case VNC_AUTH_VNC:
2859 start_auth_vnc(vs);
2860 break;
2861
2862 case VNC_AUTH_VENCRYPT:
2863 start_auth_vencrypt(vs);
2864 break;
2865
2866#ifdef CONFIG_VNC_SASL
2867 case VNC_AUTH_SASL:
2868 start_auth_sasl(vs);
2869 break;
2870#endif
2871
2872 default:
2873 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2874 authentication_failed(vs);
2875 }
2876 }
2877 return 0;
2878}
2879
2880static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2881{
2882 char local[13];
2883
2884 memcpy(local, version, 12);
2885 local[12] = 0;
2886
2887 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2888 VNC_DEBUG("Malformed protocol version %s\n", local);
2889 vnc_client_error(vs);
2890 return 0;
2891 }
2892 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2893 if (vs->major != 3 ||
2894 (vs->minor != 3 &&
2895 vs->minor != 4 &&
2896 vs->minor != 5 &&
2897 vs->minor != 7 &&
2898 vs->minor != 8)) {
2899 VNC_DEBUG("Unsupported client version\n");
2900 vnc_write_u32(vs, VNC_AUTH_INVALID);
2901 vnc_flush(vs);
2902 vnc_client_error(vs);
2903 return 0;
2904 }
2905
2906
2907
2908 if (vs->minor == 4 || vs->minor == 5)
2909 vs->minor = 3;
2910
2911 if (vs->minor == 3) {
2912 trace_vnc_auth_start(vs, vs->auth);
2913 if (vs->auth == VNC_AUTH_NONE) {
2914 vnc_write_u32(vs, vs->auth);
2915 vnc_flush(vs);
2916 trace_vnc_auth_pass(vs, vs->auth);
2917 start_client_init(vs);
2918 } else if (vs->auth == VNC_AUTH_VNC) {
2919 VNC_DEBUG("Tell client VNC auth\n");
2920 vnc_write_u32(vs, vs->auth);
2921 vnc_flush(vs);
2922 start_auth_vnc(vs);
2923 } else {
2924 trace_vnc_auth_fail(vs, vs->auth,
2925 "Unsupported auth method for v3.3", "");
2926 vnc_write_u32(vs, VNC_AUTH_INVALID);
2927 vnc_flush(vs);
2928 vnc_client_error(vs);
2929 }
2930 } else {
2931 vnc_write_u8(vs, 1);
2932 vnc_write_u8(vs, vs->auth);
2933 vnc_read_when(vs, protocol_client_auth, 1);
2934 vnc_flush(vs);
2935 }
2936
2937 return 0;
2938}
2939
2940static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2941{
2942 struct VncSurface *vs = &vd->guest;
2943
2944 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2945}
2946
2947void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2948{
2949 int i, j;
2950
2951 w = (x + w) / VNC_STAT_RECT;
2952 h = (y + h) / VNC_STAT_RECT;
2953 x /= VNC_STAT_RECT;
2954 y /= VNC_STAT_RECT;
2955
2956 for (j = y; j <= h; j++) {
2957 for (i = x; i <= w; i++) {
2958 vs->lossy_rect[j][i] = 1;
2959 }
2960 }
2961}
2962
2963static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2964{
2965 VncState *vs;
2966 int sty = y / VNC_STAT_RECT;
2967 int stx = x / VNC_STAT_RECT;
2968 int has_dirty = 0;
2969
2970 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2971 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2972
2973 QTAILQ_FOREACH(vs, &vd->clients, next) {
2974 int j;
2975
2976
2977 if (vs->output.offset) {
2978 continue;
2979 }
2980
2981 if (!vs->lossy_rect[sty][stx]) {
2982 continue;
2983 }
2984
2985 vs->lossy_rect[sty][stx] = 0;
2986 for (j = 0; j < VNC_STAT_RECT; ++j) {
2987 bitmap_set(vs->dirty[y + j],
2988 x / VNC_DIRTY_PIXELS_PER_BIT,
2989 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2990 }
2991 has_dirty++;
2992 }
2993
2994 return has_dirty;
2995}
2996
2997static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2998{
2999 int width = MIN(pixman_image_get_width(vd->guest.fb),
3000 pixman_image_get_width(vd->server));
3001 int height = MIN(pixman_image_get_height(vd->guest.fb),
3002 pixman_image_get_height(vd->server));
3003 int x, y;
3004 struct timeval res;
3005 int has_dirty = 0;
3006
3007 for (y = 0; y < height; y += VNC_STAT_RECT) {
3008 for (x = 0; x < width; x += VNC_STAT_RECT) {
3009 VncRectStat *rect = vnc_stat_rect(vd, x, y);
3010
3011 rect->updated = false;
3012 }
3013 }
3014
3015 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
3016
3017 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
3018 return has_dirty;
3019 }
3020 vd->guest.last_freq_check = *tv;
3021
3022 for (y = 0; y < height; y += VNC_STAT_RECT) {
3023 for (x = 0; x < width; x += VNC_STAT_RECT) {
3024 VncRectStat *rect= vnc_stat_rect(vd, x, y);
3025 int count = ARRAY_SIZE(rect->times);
3026 struct timeval min, max;
3027
3028 if (!timerisset(&rect->times[count - 1])) {
3029 continue ;
3030 }
3031
3032 max = rect->times[(rect->idx + count - 1) % count];
3033 qemu_timersub(tv, &max, &res);
3034
3035 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
3036 rect->freq = 0;
3037 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
3038 memset(rect->times, 0, sizeof (rect->times));
3039 continue ;
3040 }
3041
3042 min = rect->times[rect->idx];
3043 max = rect->times[(rect->idx + count - 1) % count];
3044 qemu_timersub(&max, &min, &res);
3045
3046 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
3047 rect->freq /= count;
3048 rect->freq = 1. / rect->freq;
3049 }
3050 }
3051 return has_dirty;
3052}
3053
3054double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
3055{
3056 int i, j;
3057 double total = 0;
3058 int num = 0;
3059
3060 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3061 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3062
3063 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
3064 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
3065 total += vnc_stat_rect(vs->vd, i, j)->freq;
3066 num++;
3067 }
3068 }
3069
3070 if (num) {
3071 return total / num;
3072 } else {
3073 return 0;
3074 }
3075}
3076
3077static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
3078{
3079 VncRectStat *rect;
3080
3081 rect = vnc_stat_rect(vd, x, y);
3082 if (rect->updated) {
3083 return ;
3084 }
3085 rect->times[rect->idx] = *tv;
3086 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
3087 rect->updated = true;
3088}
3089
3090static int vnc_refresh_server_surface(VncDisplay *vd)
3091{
3092 int width = MIN(pixman_image_get_width(vd->guest.fb),
3093 pixman_image_get_width(vd->server));
3094 int height = MIN(pixman_image_get_height(vd->guest.fb),
3095 pixman_image_get_height(vd->server));
3096 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
3097 uint8_t *guest_row0 = NULL, *server_row0;
3098 VncState *vs;
3099 int has_dirty = 0;
3100 pixman_image_t *tmpbuf = NULL;
3101 unsigned long offset;
3102 int x;
3103 uint8_t *guest_ptr, *server_ptr;
3104
3105 struct timeval tv = { 0, 0 };
3106
3107 if (!vd->non_adaptive) {
3108 gettimeofday(&tv, NULL);
3109 has_dirty = vnc_update_stats(vd, &tv);
3110 }
3111
3112 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3113 height * VNC_DIRTY_BPL(&vd->guest), 0);
3114 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3115
3116 return has_dirty;
3117 }
3118
3119
3120
3121
3122
3123
3124 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
3125 server_stride = guest_stride = guest_ll =
3126 pixman_image_get_stride(vd->server);
3127 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
3128 server_stride);
3129 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3130 int width = pixman_image_get_width(vd->server);
3131 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
3132 } else {
3133 int guest_bpp =
3134 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
3135 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
3136 guest_stride = pixman_image_get_stride(vd->guest.fb);
3137 guest_ll = pixman_image_get_width(vd->guest.fb)
3138 * DIV_ROUND_UP(guest_bpp, 8);
3139 }
3140 line_bytes = MIN(server_stride, guest_ll);
3141
3142 for (;;) {
3143 y = offset / VNC_DIRTY_BPL(&vd->guest);
3144 x = offset % VNC_DIRTY_BPL(&vd->guest);
3145
3146 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
3147
3148 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3149 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
3150 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
3151 } else {
3152 guest_ptr = guest_row0 + y * guest_stride;
3153 }
3154 guest_ptr += x * cmp_bytes;
3155
3156 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
3157 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
3158 int _cmp_bytes = cmp_bytes;
3159 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3160 continue;
3161 }
3162 if ((x + 1) * cmp_bytes > line_bytes) {
3163 _cmp_bytes = line_bytes - x * cmp_bytes;
3164 }
3165 assert(_cmp_bytes >= 0);
3166 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3167 continue;
3168 }
3169 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3170 if (!vd->non_adaptive) {
3171 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3172 y, &tv);
3173 }
3174 QTAILQ_FOREACH(vs, &vd->clients, next) {
3175 set_bit(x, vs->dirty[y]);
3176 }
3177 has_dirty++;
3178 }
3179
3180 y++;
3181 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3182 height * VNC_DIRTY_BPL(&vd->guest),
3183 y * VNC_DIRTY_BPL(&vd->guest));
3184 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3185
3186 break;
3187 }
3188 }
3189 qemu_pixman_image_unref(tmpbuf);
3190 return has_dirty;
3191}
3192
3193static void vnc_refresh(DisplayChangeListener *dcl)
3194{
3195 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3196 VncState *vs, *vn;
3197 int has_dirty, rects = 0;
3198
3199 if (QTAILQ_EMPTY(&vd->clients)) {
3200 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3201 return;
3202 }
3203
3204 graphic_hw_update(vd->dcl.con);
3205
3206 if (vnc_trylock_display(vd)) {
3207 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3208 return;
3209 }
3210
3211 has_dirty = vnc_refresh_server_surface(vd);
3212 vnc_unlock_display(vd);
3213
3214 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3215 rects += vnc_update_client(vs, has_dirty);
3216
3217 }
3218
3219 if (has_dirty && rects) {
3220 vd->dcl.update_interval /= 2;
3221 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3222 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3223 }
3224 } else {
3225 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3226 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3227 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3228 }
3229 }
3230}
3231
3232static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3233 bool skipauth, bool websocket)
3234{
3235 VncState *vs = g_new0(VncState, 1);
3236 bool first_client = QTAILQ_EMPTY(&vd->clients);
3237 int i;
3238
3239 trace_vnc_client_connect(vs, sioc);
3240 vs->zrle = g_new0(VncZrle, 1);
3241 vs->tight = g_new0(VncTight, 1);
3242 vs->magic = VNC_MAGIC;
3243 vs->sioc = sioc;
3244 object_ref(OBJECT(vs->sioc));
3245 vs->ioc = QIO_CHANNEL(sioc);
3246 object_ref(OBJECT(vs->ioc));
3247 vs->vd = vd;
3248
3249 buffer_init(&vs->input, "vnc-input/%p", sioc);
3250 buffer_init(&vs->output, "vnc-output/%p", sioc);
3251 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3252
3253 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3254 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3255 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3256#ifdef CONFIG_VNC_JPEG
3257 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3258#endif
3259#ifdef CONFIG_VNC_PNG
3260 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3261#endif
3262 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3263 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3264 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3265 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3266
3267 if (skipauth) {
3268 vs->auth = VNC_AUTH_NONE;
3269 vs->subauth = VNC_AUTH_INVALID;
3270 } else {
3271 if (websocket) {
3272 vs->auth = vd->ws_auth;
3273 vs->subauth = VNC_AUTH_INVALID;
3274 } else {
3275 vs->auth = vd->auth;
3276 vs->subauth = vd->subauth;
3277 }
3278 }
3279 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3280 sioc, websocket, vs->auth, vs->subauth);
3281
3282 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3283 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3284 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3285 }
3286
3287 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3288 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3289 qio_channel_set_blocking(vs->ioc, false, NULL);
3290 if (vs->ioc_tag) {
3291 g_source_remove(vs->ioc_tag);
3292 }
3293 if (websocket) {
3294 vs->websocket = 1;
3295 if (vd->tlscreds) {
3296 vs->ioc_tag = qio_channel_add_watch(
3297 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3298 vncws_tls_handshake_io, vs, NULL);
3299 } else {
3300 vs->ioc_tag = qio_channel_add_watch(
3301 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3302 vncws_handshake_io, vs, NULL);
3303 }
3304 } else {
3305 vs->ioc_tag = qio_channel_add_watch(
3306 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3307 vnc_client_io, vs, NULL);
3308 }
3309
3310 vnc_client_cache_addr(vs);
3311 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3312 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3313
3314 vs->last_x = -1;
3315 vs->last_y = -1;
3316
3317 vs->as.freq = 44100;
3318 vs->as.nchannels = 2;
3319 vs->as.fmt = AUDIO_FORMAT_S16;
3320 vs->as.endianness = 0;
3321
3322 qemu_mutex_init(&vs->output_mutex);
3323 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3324
3325 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3326 if (first_client) {
3327 vnc_update_server_surface(vd);
3328 }
3329
3330 graphic_hw_update(vd->dcl.con);
3331
3332 if (!vs->websocket) {
3333 vnc_start_protocol(vs);
3334 }
3335
3336 if (vd->num_connecting > vd->connections_limit) {
3337 QTAILQ_FOREACH(vs, &vd->clients, next) {
3338 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3339 vnc_disconnect_start(vs);
3340 return;
3341 }
3342 }
3343 }
3344}
3345
3346void vnc_start_protocol(VncState *vs)
3347{
3348 vnc_write(vs, "RFB 003.008\n", 12);
3349 vnc_flush(vs);
3350 vnc_read_when(vs, protocol_version, 12);
3351
3352 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3353 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3354}
3355
3356static void vnc_listen_io(QIONetListener *listener,
3357 QIOChannelSocket *cioc,
3358 void *opaque)
3359{
3360 VncDisplay *vd = opaque;
3361 bool isWebsock = listener == vd->wslistener;
3362
3363 qio_channel_set_name(QIO_CHANNEL(cioc),
3364 isWebsock ? "vnc-ws-server" : "vnc-server");
3365 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3366 vnc_connect(vd, cioc, false, isWebsock);
3367}
3368
3369static const DisplayChangeListenerOps dcl_ops = {
3370 .dpy_name = "vnc",
3371 .dpy_refresh = vnc_refresh,
3372 .dpy_gfx_update = vnc_dpy_update,
3373 .dpy_gfx_switch = vnc_dpy_switch,
3374 .dpy_gfx_check_format = qemu_pixman_check_format,
3375 .dpy_mouse_set = vnc_mouse_set,
3376 .dpy_cursor_define = vnc_dpy_cursor_define,
3377};
3378
3379void vnc_display_init(const char *id, Error **errp)
3380{
3381 VncDisplay *vd;
3382
3383 if (vnc_display_find(id) != NULL) {
3384 return;
3385 }
3386 vd = g_malloc0(sizeof(*vd));
3387
3388 vd->id = strdup(id);
3389 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3390
3391 QTAILQ_INIT(&vd->clients);
3392 vd->expires = TIME_MAX;
3393
3394 if (keyboard_layout) {
3395 trace_vnc_key_map_init(keyboard_layout);
3396 vd->kbd_layout = init_keyboard_layout(name2keysym,
3397 keyboard_layout, errp);
3398 } else {
3399 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3400 }
3401
3402 if (!vd->kbd_layout) {
3403 return;
3404 }
3405
3406 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3407 vd->connections_limit = 32;
3408
3409 qemu_mutex_init(&vd->mutex);
3410 vnc_start_worker_thread();
3411
3412 vd->dcl.ops = &dcl_ops;
3413 register_displaychangelistener(&vd->dcl);
3414 vd->kbd = qkbd_state_init(vd->dcl.con);
3415}
3416
3417
3418static void vnc_display_close(VncDisplay *vd)
3419{
3420 if (!vd) {
3421 return;
3422 }
3423 vd->is_unix = false;
3424
3425 if (vd->listener) {
3426 qio_net_listener_disconnect(vd->listener);
3427 object_unref(OBJECT(vd->listener));
3428 }
3429 vd->listener = NULL;
3430
3431 if (vd->wslistener) {
3432 qio_net_listener_disconnect(vd->wslistener);
3433 object_unref(OBJECT(vd->wslistener));
3434 }
3435 vd->wslistener = NULL;
3436
3437 vd->auth = VNC_AUTH_INVALID;
3438 vd->subauth = VNC_AUTH_INVALID;
3439 if (vd->tlscreds) {
3440 object_unref(OBJECT(vd->tlscreds));
3441 vd->tlscreds = NULL;
3442 }
3443 if (vd->tlsauthz) {
3444 object_unparent(OBJECT(vd->tlsauthz));
3445 vd->tlsauthz = NULL;
3446 }
3447 g_free(vd->tlsauthzid);
3448 vd->tlsauthzid = NULL;
3449 if (vd->lock_key_sync) {
3450 qemu_remove_led_event_handler(vd->led);
3451 vd->led = NULL;
3452 }
3453#ifdef CONFIG_VNC_SASL
3454 if (vd->sasl.authz) {
3455 object_unparent(OBJECT(vd->sasl.authz));
3456 vd->sasl.authz = NULL;
3457 }
3458 g_free(vd->sasl.authzid);
3459 vd->sasl.authzid = NULL;
3460#endif
3461}
3462
3463int vnc_display_password(const char *id, const char *password)
3464{
3465 VncDisplay *vd = vnc_display_find(id);
3466
3467 if (!vd) {
3468 return -EINVAL;
3469 }
3470 if (vd->auth == VNC_AUTH_NONE) {
3471 error_printf_unless_qmp("If you want use passwords please enable "
3472 "password auth using '-vnc ${dpy},password'.\n");
3473 return -EINVAL;
3474 }
3475
3476 g_free(vd->password);
3477 vd->password = g_strdup(password);
3478
3479 return 0;
3480}
3481
3482int vnc_display_pw_expire(const char *id, time_t expires)
3483{
3484 VncDisplay *vd = vnc_display_find(id);
3485
3486 if (!vd) {
3487 return -EINVAL;
3488 }
3489
3490 vd->expires = expires;
3491 return 0;
3492}
3493
3494static void vnc_display_print_local_addr(VncDisplay *vd)
3495{
3496 SocketAddress *addr;
3497
3498 if (!vd->listener || !vd->listener->nsioc) {
3499 return;
3500 }
3501
3502 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3503 if (!addr) {
3504 return;
3505 }
3506
3507 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3508 qapi_free_SocketAddress(addr);
3509 return;
3510 }
3511 error_printf_unless_qmp("VNC server running on %s:%s\n",
3512 addr->u.inet.host,
3513 addr->u.inet.port);
3514 qapi_free_SocketAddress(addr);
3515}
3516
3517static QemuOptsList qemu_vnc_opts = {
3518 .name = "vnc",
3519 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3520 .implied_opt_name = "vnc",
3521 .desc = {
3522 {
3523 .name = "vnc",
3524 .type = QEMU_OPT_STRING,
3525 },{
3526 .name = "websocket",
3527 .type = QEMU_OPT_STRING,
3528 },{
3529 .name = "tls-creds",
3530 .type = QEMU_OPT_STRING,
3531 },{
3532 .name = "share",
3533 .type = QEMU_OPT_STRING,
3534 },{
3535 .name = "display",
3536 .type = QEMU_OPT_STRING,
3537 },{
3538 .name = "head",
3539 .type = QEMU_OPT_NUMBER,
3540 },{
3541 .name = "connections",
3542 .type = QEMU_OPT_NUMBER,
3543 },{
3544 .name = "to",
3545 .type = QEMU_OPT_NUMBER,
3546 },{
3547 .name = "ipv4",
3548 .type = QEMU_OPT_BOOL,
3549 },{
3550 .name = "ipv6",
3551 .type = QEMU_OPT_BOOL,
3552 },{
3553 .name = "password",
3554 .type = QEMU_OPT_BOOL,
3555 },{
3556 .name = "password-secret",
3557 .type = QEMU_OPT_STRING,
3558 },{
3559 .name = "reverse",
3560 .type = QEMU_OPT_BOOL,
3561 },{
3562 .name = "lock-key-sync",
3563 .type = QEMU_OPT_BOOL,
3564 },{
3565 .name = "key-delay-ms",
3566 .type = QEMU_OPT_NUMBER,
3567 },{
3568 .name = "sasl",
3569 .type = QEMU_OPT_BOOL,
3570 },{
3571 .name = "tls-authz",
3572 .type = QEMU_OPT_STRING,
3573 },{
3574 .name = "sasl-authz",
3575 .type = QEMU_OPT_STRING,
3576 },{
3577 .name = "lossy",
3578 .type = QEMU_OPT_BOOL,
3579 },{
3580 .name = "non-adaptive",
3581 .type = QEMU_OPT_BOOL,
3582 },{
3583 .name = "audiodev",
3584 .type = QEMU_OPT_STRING,
3585 },{
3586 .name = "power-control",
3587 .type = QEMU_OPT_BOOL,
3588 },
3589 { }
3590 },
3591};
3592
3593
3594static int
3595vnc_display_setup_auth(int *auth,
3596 int *subauth,
3597 QCryptoTLSCreds *tlscreds,
3598 bool password,
3599 bool sasl,
3600 bool websocket,
3601 Error **errp)
3602{
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650 if (websocket || !tlscreds) {
3651 if (password) {
3652 VNC_DEBUG("Initializing VNC server with password auth\n");
3653 *auth = VNC_AUTH_VNC;
3654 } else if (sasl) {
3655 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3656 *auth = VNC_AUTH_SASL;
3657 } else {
3658 VNC_DEBUG("Initializing VNC server with no auth\n");
3659 *auth = VNC_AUTH_NONE;
3660 }
3661 *subauth = VNC_AUTH_INVALID;
3662 } else {
3663 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3664 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3665 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3666 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3667
3668 if (!is_x509 && !is_anon) {
3669 error_setg(errp,
3670 "Unsupported TLS cred type %s",
3671 object_get_typename(OBJECT(tlscreds)));
3672 return -1;
3673 }
3674 *auth = VNC_AUTH_VENCRYPT;
3675 if (password) {
3676 if (is_x509) {
3677 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3678 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3679 } else {
3680 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3681 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3682 }
3683
3684 } else if (sasl) {
3685 if (is_x509) {
3686 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3687 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3688 } else {
3689 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3690 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3691 }
3692 } else {
3693 if (is_x509) {
3694 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3695 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3696 } else {
3697 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3698 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3699 }
3700 }
3701 }
3702 return 0;
3703}
3704
3705
3706static int vnc_display_get_address(const char *addrstr,
3707 bool websocket,
3708 bool reverse,
3709 int displaynum,
3710 int to,
3711 bool has_ipv4,
3712 bool has_ipv6,
3713 bool ipv4,
3714 bool ipv6,
3715 SocketAddress **retaddr,
3716 Error **errp)
3717{
3718 int ret = -1;
3719 SocketAddress *addr = NULL;
3720
3721 addr = g_new0(SocketAddress, 1);
3722
3723 if (strncmp(addrstr, "unix:", 5) == 0) {
3724 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3725 addr->u.q_unix.path = g_strdup(addrstr + 5);
3726
3727 if (websocket) {
3728 error_setg(errp, "UNIX sockets not supported with websock");
3729 goto cleanup;
3730 }
3731
3732 if (to) {
3733 error_setg(errp, "Port range not support with UNIX socket");
3734 goto cleanup;
3735 }
3736 ret = 0;
3737 } else {
3738 const char *port;
3739 size_t hostlen;
3740 unsigned long long baseport = 0;
3741 InetSocketAddress *inet;
3742
3743 port = strrchr(addrstr, ':');
3744 if (!port) {
3745 if (websocket) {
3746 hostlen = 0;
3747 port = addrstr;
3748 } else {
3749 error_setg(errp, "no vnc port specified");
3750 goto cleanup;
3751 }
3752 } else {
3753 hostlen = port - addrstr;
3754 port++;
3755 if (*port == '\0') {
3756 error_setg(errp, "vnc port cannot be empty");
3757 goto cleanup;
3758 }
3759 }
3760
3761 addr->type = SOCKET_ADDRESS_TYPE_INET;
3762 inet = &addr->u.inet;
3763 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3764 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3765 } else {
3766 inet->host = g_strndup(addrstr, hostlen);
3767 }
3768
3769
3770 if (websocket) {
3771 if (g_str_equal(addrstr, "") ||
3772 g_str_equal(addrstr, "on")) {
3773 if (displaynum == -1) {
3774 error_setg(errp, "explicit websocket port is required");
3775 goto cleanup;
3776 }
3777 inet->port = g_strdup_printf(
3778 "%d", displaynum + 5700);
3779 if (to) {
3780 inet->has_to = true;
3781 inet->to = to + 5700;
3782 }
3783 } else {
3784 inet->port = g_strdup(port);
3785 }
3786 } else {
3787 int offset = reverse ? 0 : 5900;
3788 if (parse_uint_full(port, &baseport, 10) < 0) {
3789 error_setg(errp, "can't convert to a number: %s", port);
3790 goto cleanup;
3791 }
3792 if (baseport > 65535 ||
3793 baseport + offset > 65535) {
3794 error_setg(errp, "port %s out of range", port);
3795 goto cleanup;
3796 }
3797 inet->port = g_strdup_printf(
3798 "%d", (int)baseport + offset);
3799
3800 if (to) {
3801 inet->has_to = true;
3802 inet->to = to + offset;
3803 }
3804 }
3805
3806 inet->ipv4 = ipv4;
3807 inet->has_ipv4 = has_ipv4;
3808 inet->ipv6 = ipv6;
3809 inet->has_ipv6 = has_ipv6;
3810
3811 ret = baseport;
3812 }
3813
3814 *retaddr = addr;
3815
3816 cleanup:
3817 if (ret < 0) {
3818 qapi_free_SocketAddress(addr);
3819 }
3820 return ret;
3821}
3822
3823static void vnc_free_addresses(SocketAddress ***retsaddr,
3824 size_t *retnsaddr)
3825{
3826 size_t i;
3827
3828 for (i = 0; i < *retnsaddr; i++) {
3829 qapi_free_SocketAddress((*retsaddr)[i]);
3830 }
3831 g_free(*retsaddr);
3832
3833 *retsaddr = NULL;
3834 *retnsaddr = 0;
3835}
3836
3837static int vnc_display_get_addresses(QemuOpts *opts,
3838 bool reverse,
3839 SocketAddress ***retsaddr,
3840 size_t *retnsaddr,
3841 SocketAddress ***retwsaddr,
3842 size_t *retnwsaddr,
3843 Error **errp)
3844{
3845 SocketAddress *saddr = NULL;
3846 SocketAddress *wsaddr = NULL;
3847 QemuOptsIter addriter;
3848 const char *addr;
3849 int to = qemu_opt_get_number(opts, "to", 0);
3850 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3851 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3852 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3853 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3854 int displaynum = -1;
3855 int ret = -1;
3856
3857 *retsaddr = NULL;
3858 *retnsaddr = 0;
3859 *retwsaddr = NULL;
3860 *retnwsaddr = 0;
3861
3862 addr = qemu_opt_get(opts, "vnc");
3863 if (addr == NULL || g_str_equal(addr, "none")) {
3864 ret = 0;
3865 goto cleanup;
3866 }
3867 if (qemu_opt_get(opts, "websocket") &&
3868 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3869 error_setg(errp,
3870 "SHA1 hash support is required for websockets");
3871 goto cleanup;
3872 }
3873
3874 qemu_opt_iter_init(&addriter, opts, "vnc");
3875 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3876 int rv;
3877 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3878 has_ipv4, has_ipv6,
3879 ipv4, ipv6,
3880 &saddr, errp);
3881 if (rv < 0) {
3882 goto cleanup;
3883 }
3884
3885
3886
3887 if (displaynum == -1) {
3888 displaynum = rv;
3889 }
3890 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3891 (*retsaddr)[(*retnsaddr)++] = saddr;
3892 }
3893
3894
3895
3896 if (*retnsaddr > 1) {
3897 displaynum = -1;
3898 }
3899
3900 qemu_opt_iter_init(&addriter, opts, "websocket");
3901 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3902 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3903 has_ipv4, has_ipv6,
3904 ipv4, ipv6,
3905 &wsaddr, errp) < 0) {
3906 goto cleanup;
3907 }
3908
3909
3910
3911
3912
3913 if (*retnsaddr == 1 &&
3914 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3915 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3916 g_str_equal(wsaddr->u.inet.host, "") &&
3917 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3918 g_free(wsaddr->u.inet.host);
3919 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3920 }
3921
3922 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3923 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3924 }
3925
3926 ret = 0;
3927 cleanup:
3928 if (ret < 0) {
3929 vnc_free_addresses(retsaddr, retnsaddr);
3930 vnc_free_addresses(retwsaddr, retnwsaddr);
3931 }
3932 return ret;
3933}
3934
3935static int vnc_display_connect(VncDisplay *vd,
3936 SocketAddress **saddr,
3937 size_t nsaddr,
3938 SocketAddress **wsaddr,
3939 size_t nwsaddr,
3940 Error **errp)
3941{
3942
3943 QIOChannelSocket *sioc = NULL;
3944 if (nwsaddr != 0) {
3945 error_setg(errp, "Cannot use websockets in reverse mode");
3946 return -1;
3947 }
3948 if (nsaddr != 1) {
3949 error_setg(errp, "Expected a single address in reverse mode");
3950 return -1;
3951 }
3952
3953 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3954 sioc = qio_channel_socket_new();
3955 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3956 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3957 object_unref(OBJECT(sioc));
3958 return -1;
3959 }
3960 vnc_connect(vd, sioc, false, false);
3961 object_unref(OBJECT(sioc));
3962 return 0;
3963}
3964
3965
3966static int vnc_display_listen(VncDisplay *vd,
3967 SocketAddress **saddr,
3968 size_t nsaddr,
3969 SocketAddress **wsaddr,
3970 size_t nwsaddr,
3971 Error **errp)
3972{
3973 size_t i;
3974
3975 if (nsaddr) {
3976 vd->listener = qio_net_listener_new();
3977 qio_net_listener_set_name(vd->listener, "vnc-listen");
3978 for (i = 0; i < nsaddr; i++) {
3979 if (qio_net_listener_open_sync(vd->listener,
3980 saddr[i], 1,
3981 errp) < 0) {
3982 return -1;
3983 }
3984 }
3985
3986 qio_net_listener_set_client_func(vd->listener,
3987 vnc_listen_io, vd, NULL);
3988 }
3989
3990 if (nwsaddr) {
3991 vd->wslistener = qio_net_listener_new();
3992 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3993 for (i = 0; i < nwsaddr; i++) {
3994 if (qio_net_listener_open_sync(vd->wslistener,
3995 wsaddr[i], 1,
3996 errp) < 0) {
3997 return -1;
3998 }
3999 }
4000
4001 qio_net_listener_set_client_func(vd->wslistener,
4002 vnc_listen_io, vd, NULL);
4003 }
4004
4005 return 0;
4006}
4007
4008
4009void vnc_display_open(const char *id, Error **errp)
4010{
4011 VncDisplay *vd = vnc_display_find(id);
4012 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
4013 SocketAddress **saddr = NULL, **wsaddr = NULL;
4014 size_t nsaddr, nwsaddr;
4015 const char *share, *device_id;
4016 QemuConsole *con;
4017 bool password = false;
4018 bool reverse = false;
4019 const char *credid;
4020 bool sasl = false;
4021 const char *tlsauthz;
4022 const char *saslauthz;
4023 int lock_key_sync = 1;
4024 int key_delay_ms;
4025 const char *audiodev;
4026 const char *passwordSecret;
4027
4028 if (!vd) {
4029 error_setg(errp, "VNC display not active");
4030 return;
4031 }
4032 vnc_display_close(vd);
4033
4034 if (!opts) {
4035 return;
4036 }
4037
4038 reverse = qemu_opt_get_bool(opts, "reverse", false);
4039 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
4040 &wsaddr, &nwsaddr, errp) < 0) {
4041 goto fail;
4042 }
4043
4044
4045 passwordSecret = qemu_opt_get(opts, "password-secret");
4046 if (passwordSecret) {
4047 if (qemu_opt_get(opts, "password")) {
4048 error_setg(errp,
4049 "'password' flag is redundant with 'password-secret'");
4050 goto fail;
4051 }
4052 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret,
4053 errp);
4054 if (!vd->password) {
4055 goto fail;
4056 }
4057 password = true;
4058 } else {
4059 password = qemu_opt_get_bool(opts, "password", false);
4060 }
4061 if (password) {
4062 if (fips_get_state()) {
4063 error_setg(errp,
4064 "VNC password auth disabled due to FIPS mode, "
4065 "consider using the VeNCrypt or SASL authentication "
4066 "methods as an alternative");
4067 goto fail;
4068 }
4069 if (!qcrypto_cipher_supports(
4070 QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB)) {
4071 error_setg(errp,
4072 "Cipher backend does not support DES algorithm");
4073 goto fail;
4074 }
4075 }
4076
4077 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
4078 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
4079 sasl = qemu_opt_get_bool(opts, "sasl", false);
4080#ifndef CONFIG_VNC_SASL
4081 if (sasl) {
4082 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4083 goto fail;
4084 }
4085#endif
4086 credid = qemu_opt_get(opts, "tls-creds");
4087 if (credid) {
4088 Object *creds;
4089 creds = object_resolve_path_component(
4090 object_get_objects_root(), credid);
4091 if (!creds) {
4092 error_setg(errp, "No TLS credentials with id '%s'",
4093 credid);
4094 goto fail;
4095 }
4096 vd->tlscreds = (QCryptoTLSCreds *)
4097 object_dynamic_cast(creds,
4098 TYPE_QCRYPTO_TLS_CREDS);
4099 if (!vd->tlscreds) {
4100 error_setg(errp, "Object with id '%s' is not TLS credentials",
4101 credid);
4102 goto fail;
4103 }
4104 object_ref(OBJECT(vd->tlscreds));
4105
4106 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds,
4107 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
4108 errp)) {
4109 goto fail;
4110 }
4111 }
4112 tlsauthz = qemu_opt_get(opts, "tls-authz");
4113 if (tlsauthz && !vd->tlscreds) {
4114 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
4115 goto fail;
4116 }
4117
4118 saslauthz = qemu_opt_get(opts, "sasl-authz");
4119 if (saslauthz && !sasl) {
4120 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4121 goto fail;
4122 }
4123
4124 share = qemu_opt_get(opts, "share");
4125 if (share) {
4126 if (strcmp(share, "ignore") == 0) {
4127 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
4128 } else if (strcmp(share, "allow-exclusive") == 0) {
4129 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4130 } else if (strcmp(share, "force-shared") == 0) {
4131 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4132 } else {
4133 error_setg(errp, "unknown vnc share= option");
4134 goto fail;
4135 }
4136 } else {
4137 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4138 }
4139 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4140
4141#ifdef CONFIG_VNC_JPEG
4142 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4143#endif
4144 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4145
4146
4147
4148 if (!vd->lossy) {
4149 vd->non_adaptive = true;
4150 }
4151
4152 vd->power_control = qemu_opt_get_bool(opts, "power-control", false);
4153
4154 if (tlsauthz) {
4155 vd->tlsauthzid = g_strdup(tlsauthz);
4156 }
4157#ifdef CONFIG_VNC_SASL
4158 if (sasl) {
4159 if (saslauthz) {
4160 vd->sasl.authzid = g_strdup(saslauthz);
4161 }
4162 }
4163#endif
4164
4165 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4166 vd->tlscreds, password,
4167 sasl, false, errp) < 0) {
4168 goto fail;
4169 }
4170 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4171
4172 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4173 vd->tlscreds, password,
4174 sasl, true, errp) < 0) {
4175 goto fail;
4176 }
4177 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4178
4179#ifdef CONFIG_VNC_SASL
4180 if (sasl && !vnc_sasl_server_init(errp)) {
4181 goto fail;
4182 }
4183#endif
4184 vd->lock_key_sync = lock_key_sync;
4185 if (lock_key_sync) {
4186 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4187 }
4188 vd->ledstate = 0;
4189
4190 audiodev = qemu_opt_get(opts, "audiodev");
4191 if (audiodev) {
4192 vd->audio_state = audio_state_by_name(audiodev);
4193 if (!vd->audio_state) {
4194 error_setg(errp, "Audiodev '%s' not found", audiodev);
4195 goto fail;
4196 }
4197 }
4198
4199 device_id = qemu_opt_get(opts, "display");
4200 if (device_id) {
4201 int head = qemu_opt_get_number(opts, "head", 0);
4202 Error *err = NULL;
4203
4204 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4205 if (err) {
4206 error_propagate(errp, err);
4207 goto fail;
4208 }
4209 } else {
4210 con = NULL;
4211 }
4212
4213 if (con != vd->dcl.con) {
4214 qkbd_state_free(vd->kbd);
4215 unregister_displaychangelistener(&vd->dcl);
4216 vd->dcl.con = con;
4217 register_displaychangelistener(&vd->dcl);
4218 vd->kbd = qkbd_state_init(vd->dcl.con);
4219 }
4220 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4221
4222 if (saddr == NULL) {
4223 goto cleanup;
4224 }
4225
4226 if (reverse) {
4227 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4228 goto fail;
4229 }
4230 } else {
4231 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4232 goto fail;
4233 }
4234 }
4235
4236 if (qemu_opt_get(opts, "to")) {
4237 vnc_display_print_local_addr(vd);
4238 }
4239
4240 cleanup:
4241 vnc_free_addresses(&saddr, &nsaddr);
4242 vnc_free_addresses(&wsaddr, &nwsaddr);
4243 return;
4244
4245fail:
4246 vnc_display_close(vd);
4247 goto cleanup;
4248}
4249
4250void vnc_display_add_client(const char *id, int csock, bool skipauth)
4251{
4252 VncDisplay *vd = vnc_display_find(id);
4253 QIOChannelSocket *sioc;
4254
4255 if (!vd) {
4256 return;
4257 }
4258
4259 sioc = qio_channel_socket_new_fd(csock, NULL);
4260 if (sioc) {
4261 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4262 vnc_connect(vd, sioc, skipauth, false);
4263 object_unref(OBJECT(sioc));
4264 }
4265}
4266
4267static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4268{
4269 int i = 2;
4270 char *id;
4271
4272 id = g_strdup("default");
4273 while (qemu_opts_find(olist, id)) {
4274 g_free(id);
4275 id = g_strdup_printf("vnc%d", i++);
4276 }
4277 qemu_opts_set_id(opts, id);
4278}
4279
4280void vnc_parse(const char *str)
4281{
4282 QemuOptsList *olist = qemu_find_opts("vnc");
4283 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str));
4284 const char *id;
4285
4286 if (!opts) {
4287 exit(1);
4288 }
4289
4290 id = qemu_opts_id(opts);
4291 if (!id) {
4292
4293 vnc_auto_assign_id(olist, opts);
4294 }
4295}
4296
4297int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4298{
4299 Error *local_err = NULL;
4300 char *id = (char *)qemu_opts_id(opts);
4301
4302 assert(id);
4303 vnc_display_init(id, &local_err);
4304 if (local_err) {
4305 error_propagate(errp, local_err);
4306 return -1;
4307 }
4308 vnc_display_open(id, &local_err);
4309 if (local_err != NULL) {
4310 error_propagate(errp, local_err);
4311 return -1;
4312 }
4313 return 0;
4314}
4315
4316static void vnc_register_config(void)
4317{
4318 qemu_add_opts(&qemu_vnc_opts);
4319}
4320opts_init(vnc_register_config);
4321
