1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "vnc.h"
29#include "vnc-jobs.h"
30#include "trace.h"
31#include "hw/qdev-core.h"
32#include "sysemu/sysemu.h"
33#include "sysemu/runstate.h"
34#include "qemu/error-report.h"
35#include "qemu/main-loop.h"
36#include "qemu/module.h"
37#include "qemu/option.h"
38#include "qemu/sockets.h"
39#include "qemu/timer.h"
40#include "authz/list.h"
41#include "qemu/config-file.h"
42#include "qapi/qapi-emit-events.h"
43#include "qapi/qapi-events-ui.h"
44#include "qapi/error.h"
45#include "qapi/qapi-commands-ui.h"
46#include "ui/input.h"
47#include "crypto/hash.h"
48#include "crypto/tlscreds.h"
49#include "crypto/tlscredsanon.h"
50#include "crypto/tlscredsx509.h"
51#include "crypto/random.h"
52#include "crypto/secret_common.h"
53#include "qom/object_interfaces.h"
54#include "qemu/cutils.h"
55#include "qemu/help_option.h"
56#include "io/dns-resolver.h"
57#include "monitor/monitor.h"
58
59#define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
60#define VNC_REFRESH_INTERVAL_INC 50
61#define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
62static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
63static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
64
65#include "vnc_keysym.h"
66#include "crypto/cipher.h"
67
68static QTAILQ_HEAD(, VncDisplay) vnc_displays =
69 QTAILQ_HEAD_INITIALIZER(vnc_displays);
70
71static int vnc_cursor_define(VncState *vs);
72static void vnc_update_throttle_offset(VncState *vs);
73
74static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
75{
76#ifdef _VNC_DEBUG
77 static const char *mn[] = {
78 [0] = "undefined",
79 [VNC_SHARE_MODE_CONNECTING] = "connecting",
80 [VNC_SHARE_MODE_SHARED] = "shared",
81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
83 };
84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
85 vs->ioc, mn[vs->share_mode], mn[mode]);
86#endif
87
88 switch (vs->share_mode) {
89 case VNC_SHARE_MODE_CONNECTING:
90 vs->vd->num_connecting--;
91 break;
92 case VNC_SHARE_MODE_SHARED:
93 vs->vd->num_shared--;
94 break;
95 case VNC_SHARE_MODE_EXCLUSIVE:
96 vs->vd->num_exclusive--;
97 break;
98 default:
99 break;
100 }
101
102 vs->share_mode = mode;
103
104 switch (vs->share_mode) {
105 case VNC_SHARE_MODE_CONNECTING:
106 vs->vd->num_connecting++;
107 break;
108 case VNC_SHARE_MODE_SHARED:
109 vs->vd->num_shared++;
110 break;
111 case VNC_SHARE_MODE_EXCLUSIVE:
112 vs->vd->num_exclusive++;
113 break;
114 default:
115 break;
116 }
117}
118
119
120static void vnc_init_basic_info(SocketAddress *addr,
121 VncBasicInfo *info,
122 Error **errp)
123{
124 switch (addr->type) {
125 case SOCKET_ADDRESS_TYPE_INET:
126 info->host = g_strdup(addr->u.inet.host);
127 info->service = g_strdup(addr->u.inet.port);
128 if (addr->u.inet.ipv6) {
129 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
130 } else {
131 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
132 }
133 break;
134
135 case SOCKET_ADDRESS_TYPE_UNIX:
136 info->host = g_strdup("");
137 info->service = g_strdup(addr->u.q_unix.path);
138 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
139 break;
140
141 case SOCKET_ADDRESS_TYPE_VSOCK:
142 case SOCKET_ADDRESS_TYPE_FD:
143 error_setg(errp, "Unsupported socket address type %s",
144 SocketAddressType_str(addr->type));
145 break;
146 default:
147 abort();
148 }
149
150 return;
151}
152
153static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
154 VncBasicInfo *info,
155 Error **errp)
156{
157 SocketAddress *addr = NULL;
158
159 if (!ioc) {
160 error_setg(errp, "No listener socket available");
161 return;
162 }
163
164 addr = qio_channel_socket_get_local_address(ioc, errp);
165 if (!addr) {
166 return;
167 }
168
169 vnc_init_basic_info(addr, info, errp);
170 qapi_free_SocketAddress(addr);
171}
172
173static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
174 VncBasicInfo *info,
175 Error **errp)
176{
177 SocketAddress *addr = NULL;
178
179 addr = qio_channel_socket_get_remote_address(ioc, errp);
180 if (!addr) {
181 return;
182 }
183
184 vnc_init_basic_info(addr, info, errp);
185 qapi_free_SocketAddress(addr);
186}
187
188static const char *vnc_auth_name(VncDisplay *vd) {
189 switch (vd->auth) {
190 case VNC_AUTH_INVALID:
191 return "invalid";
192 case VNC_AUTH_NONE:
193 return "none";
194 case VNC_AUTH_VNC:
195 return "vnc";
196 case VNC_AUTH_RA2:
197 return "ra2";
198 case VNC_AUTH_RA2NE:
199 return "ra2ne";
200 case VNC_AUTH_TIGHT:
201 return "tight";
202 case VNC_AUTH_ULTRA:
203 return "ultra";
204 case VNC_AUTH_TLS:
205 return "tls";
206 case VNC_AUTH_VENCRYPT:
207 switch (vd->subauth) {
208 case VNC_AUTH_VENCRYPT_PLAIN:
209 return "vencrypt+plain";
210 case VNC_AUTH_VENCRYPT_TLSNONE:
211 return "vencrypt+tls+none";
212 case VNC_AUTH_VENCRYPT_TLSVNC:
213 return "vencrypt+tls+vnc";
214 case VNC_AUTH_VENCRYPT_TLSPLAIN:
215 return "vencrypt+tls+plain";
216 case VNC_AUTH_VENCRYPT_X509NONE:
217 return "vencrypt+x509+none";
218 case VNC_AUTH_VENCRYPT_X509VNC:
219 return "vencrypt+x509+vnc";
220 case VNC_AUTH_VENCRYPT_X509PLAIN:
221 return "vencrypt+x509+plain";
222 case VNC_AUTH_VENCRYPT_TLSSASL:
223 return "vencrypt+tls+sasl";
224 case VNC_AUTH_VENCRYPT_X509SASL:
225 return "vencrypt+x509+sasl";
226 default:
227 return "vencrypt";
228 }
229 case VNC_AUTH_SASL:
230 return "sasl";
231 }
232 return "unknown";
233}
234
235static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
236{
237 VncServerInfo *info;
238 Error *err = NULL;
239
240 if (!vd->listener || !vd->listener->nsioc) {
241 return NULL;
242 }
243
244 info = g_malloc0(sizeof(*info));
245 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
246 qapi_VncServerInfo_base(info), &err);
247 info->auth = g_strdup(vnc_auth_name(vd));
248 if (err) {
249 qapi_free_VncServerInfo(info);
250 info = NULL;
251 error_free(err);
252 }
253 return info;
254}
255
256static void vnc_client_cache_auth(VncState *client)
257{
258 if (!client->info) {
259 return;
260 }
261
262 if (client->tls) {
263 client->info->x509_dname =
264 qcrypto_tls_session_get_peer_name(client->tls);
265 }
266#ifdef CONFIG_VNC_SASL
267 if (client->sasl.conn &&
268 client->sasl.username) {
269 client->info->sasl_username = g_strdup(client->sasl.username);
270 }
271#endif
272}
273
274static void vnc_client_cache_addr(VncState *client)
275{
276 Error *err = NULL;
277
278 client->info = g_malloc0(sizeof(*client->info));
279 vnc_init_basic_info_from_remote_addr(client->sioc,
280 qapi_VncClientInfo_base(client->info),
281 &err);
282 client->info->websocket = client->websocket;
283 if (err) {
284 qapi_free_VncClientInfo(client->info);
285 client->info = NULL;
286 error_free(err);
287 }
288}
289
290static void vnc_qmp_event(VncState *vs, QAPIEvent event)
291{
292 VncServerInfo *si;
293
294 if (!vs->info) {
295 return;
296 }
297
298 si = vnc_server_info_get(vs->vd);
299 if (!si) {
300 return;
301 }
302
303 switch (event) {
304 case QAPI_EVENT_VNC_CONNECTED:
305 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
306 break;
307 case QAPI_EVENT_VNC_INITIALIZED:
308 qapi_event_send_vnc_initialized(si, vs->info);
309 break;
310 case QAPI_EVENT_VNC_DISCONNECTED:
311 qapi_event_send_vnc_disconnected(si, vs->info);
312 break;
313 default:
314 break;
315 }
316
317 qapi_free_VncServerInfo(si);
318}
319
320static VncClientInfo *qmp_query_vnc_client(const VncState *client)
321{
322 VncClientInfo *info;
323 Error *err = NULL;
324
325 info = g_malloc0(sizeof(*info));
326
327 vnc_init_basic_info_from_remote_addr(client->sioc,
328 qapi_VncClientInfo_base(info),
329 &err);
330 if (err) {
331 error_free(err);
332 qapi_free_VncClientInfo(info);
333 return NULL;
334 }
335
336 info->websocket = client->websocket;
337
338 if (client->tls) {
339 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
340 }
341#ifdef CONFIG_VNC_SASL
342 if (client->sasl.conn && client->sasl.username) {
343 info->sasl_username = g_strdup(client->sasl.username);
344 }
345#endif
346
347 return info;
348}
349
350static VncDisplay *vnc_display_find(const char *id)
351{
352 VncDisplay *vd;
353
354 if (id == NULL) {
355 return QTAILQ_FIRST(&vnc_displays);
356 }
357 QTAILQ_FOREACH(vd, &vnc_displays, next) {
358 if (strcmp(id, vd->id) == 0) {
359 return vd;
360 }
361 }
362 return NULL;
363}
364
365static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
366{
367 VncClientInfoList *prev = NULL;
368 VncState *client;
369
370 QTAILQ_FOREACH(client, &vd->clients, next) {
371 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client));
372 }
373 return prev;
374}
375
376VncInfo *qmp_query_vnc(Error **errp)
377{
378 VncInfo *info = g_malloc0(sizeof(*info));
379 VncDisplay *vd = vnc_display_find(NULL);
380 SocketAddress *addr = NULL;
381
382 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
383 info->enabled = false;
384 } else {
385 info->enabled = true;
386
387
388 info->has_clients = true;
389 info->clients = qmp_query_client_list(vd);
390
391 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
392 errp);
393 if (!addr) {
394 goto out_error;
395 }
396
397 switch (addr->type) {
398 case SOCKET_ADDRESS_TYPE_INET:
399 info->host = g_strdup(addr->u.inet.host);
400 info->service = g_strdup(addr->u.inet.port);
401 if (addr->u.inet.ipv6) {
402 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
403 } else {
404 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
405 }
406 break;
407
408 case SOCKET_ADDRESS_TYPE_UNIX:
409 info->host = g_strdup("");
410 info->service = g_strdup(addr->u.q_unix.path);
411 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
412 break;
413
414 case SOCKET_ADDRESS_TYPE_VSOCK:
415 case SOCKET_ADDRESS_TYPE_FD:
416 error_setg(errp, "Unsupported socket address type %s",
417 SocketAddressType_str(addr->type));
418 goto out_error;
419 default:
420 abort();
421 }
422
423 info->has_family = true;
424
425 info->auth = g_strdup(vnc_auth_name(vd));
426 }
427
428 qapi_free_SocketAddress(addr);
429 return info;
430
431out_error:
432 qapi_free_SocketAddress(addr);
433 qapi_free_VncInfo(info);
434 return NULL;
435}
436
437
438static void qmp_query_auth(int auth, int subauth,
439 VncPrimaryAuth *qmp_auth,
440 VncVencryptSubAuth *qmp_vencrypt,
441 bool *qmp_has_vencrypt);
442
443static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
444 bool websocket,
445 int auth,
446 int subauth,
447 VncServerInfo2List *prev)
448{
449 VncServerInfo2 *info;
450 Error *err = NULL;
451 SocketAddress *addr;
452
453 addr = qio_channel_socket_get_local_address(ioc, NULL);
454 if (!addr) {
455 return prev;
456 }
457
458 info = g_new0(VncServerInfo2, 1);
459 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
460 qapi_free_SocketAddress(addr);
461 if (err) {
462 qapi_free_VncServerInfo2(info);
463 error_free(err);
464 return prev;
465 }
466 info->websocket = websocket;
467
468 qmp_query_auth(auth, subauth, &info->auth,
469 &info->vencrypt, &info->has_vencrypt);
470
471 QAPI_LIST_PREPEND(prev, info);
472 return prev;
473}
474
475static void qmp_query_auth(int auth, int subauth,
476 VncPrimaryAuth *qmp_auth,
477 VncVencryptSubAuth *qmp_vencrypt,
478 bool *qmp_has_vencrypt)
479{
480 switch (auth) {
481 case VNC_AUTH_VNC:
482 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
483 break;
484 case VNC_AUTH_RA2:
485 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
486 break;
487 case VNC_AUTH_RA2NE:
488 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
489 break;
490 case VNC_AUTH_TIGHT:
491 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
492 break;
493 case VNC_AUTH_ULTRA:
494 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
495 break;
496 case VNC_AUTH_TLS:
497 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
498 break;
499 case VNC_AUTH_VENCRYPT:
500 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
501 *qmp_has_vencrypt = true;
502 switch (subauth) {
503 case VNC_AUTH_VENCRYPT_PLAIN:
504 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
505 break;
506 case VNC_AUTH_VENCRYPT_TLSNONE:
507 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
508 break;
509 case VNC_AUTH_VENCRYPT_TLSVNC:
510 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
511 break;
512 case VNC_AUTH_VENCRYPT_TLSPLAIN:
513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
514 break;
515 case VNC_AUTH_VENCRYPT_X509NONE:
516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
517 break;
518 case VNC_AUTH_VENCRYPT_X509VNC:
519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
520 break;
521 case VNC_AUTH_VENCRYPT_X509PLAIN:
522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
523 break;
524 case VNC_AUTH_VENCRYPT_TLSSASL:
525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
526 break;
527 case VNC_AUTH_VENCRYPT_X509SASL:
528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
529 break;
530 default:
531 *qmp_has_vencrypt = false;
532 break;
533 }
534 break;
535 case VNC_AUTH_SASL:
536 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
537 break;
538 case VNC_AUTH_NONE:
539 default:
540 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
541 break;
542 }
543}
544
545VncInfo2List *qmp_query_vnc_servers(Error **errp)
546{
547 VncInfo2List *prev = NULL;
548 VncInfo2 *info;
549 VncDisplay *vd;
550 DeviceState *dev;
551 size_t i;
552
553 QTAILQ_FOREACH(vd, &vnc_displays, next) {
554 info = g_new0(VncInfo2, 1);
555 info->id = g_strdup(vd->id);
556 info->clients = qmp_query_client_list(vd);
557 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
558 &info->vencrypt, &info->has_vencrypt);
559 if (vd->dcl.con) {
560 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
561 "device", &error_abort));
562 info->display = g_strdup(dev->id);
563 }
564 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
565 info->server = qmp_query_server_entry(
566 vd->listener->sioc[i], false, vd->auth, vd->subauth,
567 info->server);
568 }
569 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
570 info->server = qmp_query_server_entry(
571 vd->wslistener->sioc[i], true, vd->ws_auth,
572 vd->ws_subauth, info->server);
573 }
574
575 QAPI_LIST_PREPEND(prev, info);
576 }
577 return prev;
578}
579
580bool vnc_display_reload_certs(const char *id, Error **errp)
581{
582 VncDisplay *vd = vnc_display_find(id);
583 QCryptoTLSCredsClass *creds = NULL;
584
585 if (!vd) {
586 error_setg(errp, "Can not find vnc display");
587 return false;
588 }
589
590 if (!vd->tlscreds) {
591 error_setg(errp, "vnc tls is not enabled");
592 return false;
593 }
594
595 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
596 if (creds->reload == NULL) {
597 error_setg(errp, "%s doesn't support to reload TLS credential",
598 object_get_typename(OBJECT(vd->tlscreds)));
599 return false;
600 }
601 if (!creds->reload(vd->tlscreds, errp)) {
602 return false;
603 }
604
605 return true;
606}
607
608
609
610
611
612
613
614
615static int vnc_update_client(VncState *vs, int has_dirty);
616static void vnc_disconnect_start(VncState *vs);
617
618static void vnc_colordepth(VncState *vs);
619static void framebuffer_update_request(VncState *vs, int incremental,
620 int x_position, int y_position,
621 int w, int h);
622static void vnc_refresh(DisplayChangeListener *dcl);
623static int vnc_refresh_server_surface(VncDisplay *vd);
624
625static int vnc_width(VncDisplay *vd)
626{
627 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
628 VNC_DIRTY_PIXELS_PER_BIT));
629}
630
631static int vnc_true_width(VncDisplay *vd)
632{
633 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds));
634}
635
636static int vnc_height(VncDisplay *vd)
637{
638 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
639}
640
641static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
642 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
643 VncDisplay *vd,
644 int x, int y, int w, int h)
645{
646 int width = vnc_width(vd);
647 int height = vnc_height(vd);
648
649
650
651 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
652 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
653
654 x = MIN(x, width);
655 y = MIN(y, height);
656 w = MIN(x + w, width) - x;
657 h = MIN(y + h, height);
658
659 for (; y < h; y++) {
660 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
661 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
662 }
663}
664
665static void vnc_dpy_update(DisplayChangeListener *dcl,
666 int x, int y, int w, int h)
667{
668 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
669 struct VncSurface *s = &vd->guest;
670
671 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
672}
673
674void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
675 int32_t encoding)
676{
677 vnc_write_u16(vs, x);
678 vnc_write_u16(vs, y);
679 vnc_write_u16(vs, w);
680 vnc_write_u16(vs, h);
681
682 vnc_write_s32(vs, encoding);
683}
684
685static void vnc_desktop_resize_ext(VncState *vs, int reject_reason)
686{
687 trace_vnc_msg_server_ext_desktop_resize(
688 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason);
689
690 vnc_lock_output(vs);
691 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
692 vnc_write_u8(vs, 0);
693 vnc_write_u16(vs, 1);
694 vnc_framebuffer_update(vs,
695 reject_reason ? 1 : 0,
696 reject_reason,
697 vs->client_width, vs->client_height,
698 VNC_ENCODING_DESKTOP_RESIZE_EXT);
699 vnc_write_u8(vs, 1);
700 vnc_write_u8(vs, 0);
701 vnc_write_u8(vs, 0);
702 vnc_write_u8(vs, 0);
703 vnc_write_u32(vs, 0);
704 vnc_write_u16(vs, 0);
705 vnc_write_u16(vs, 0);
706 vnc_write_u16(vs, vs->client_width);
707 vnc_write_u16(vs, vs->client_height);
708 vnc_write_u32(vs, 0);
709 vnc_unlock_output(vs);
710 vnc_flush(vs);
711}
712
713static void vnc_desktop_resize(VncState *vs)
714{
715 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) &&
716 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) {
717 return;
718 }
719 if (vs->client_width == vs->vd->true_width &&
720 vs->client_height == pixman_image_get_height(vs->vd->server)) {
721 return;
722 }
723
724 assert(vs->vd->true_width < 65536 &&
725 vs->vd->true_width >= 0);
726 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
727 pixman_image_get_height(vs->vd->server) >= 0);
728 vs->client_width = vs->vd->true_width;
729 vs->client_height = pixman_image_get_height(vs->vd->server);
730
731 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
732 vnc_desktop_resize_ext(vs, 0);
733 return;
734 }
735
736 trace_vnc_msg_server_desktop_resize(
737 vs, vs->ioc, vs->client_width, vs->client_height);
738
739 vnc_lock_output(vs);
740 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
741 vnc_write_u8(vs, 0);
742 vnc_write_u16(vs, 1);
743 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
744 VNC_ENCODING_DESKTOPRESIZE);
745 vnc_unlock_output(vs);
746 vnc_flush(vs);
747}
748
749static void vnc_abort_display_jobs(VncDisplay *vd)
750{
751 VncState *vs;
752
753 QTAILQ_FOREACH(vs, &vd->clients, next) {
754 vnc_lock_output(vs);
755 vs->abort = true;
756 vnc_unlock_output(vs);
757 }
758 QTAILQ_FOREACH(vs, &vd->clients, next) {
759 vnc_jobs_join(vs);
760 }
761 QTAILQ_FOREACH(vs, &vd->clients, next) {
762 vnc_lock_output(vs);
763 if (vs->update == VNC_STATE_UPDATE_NONE &&
764 vs->job_update != VNC_STATE_UPDATE_NONE) {
765
766 vs->update = vs->job_update;
767 vs->job_update = VNC_STATE_UPDATE_NONE;
768 }
769 vs->abort = false;
770 vnc_unlock_output(vs);
771 }
772}
773
774int vnc_server_fb_stride(VncDisplay *vd)
775{
776 return pixman_image_get_stride(vd->server);
777}
778
779void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
780{
781 uint8_t *ptr;
782
783 ptr = (uint8_t *)pixman_image_get_data(vd->server);
784 ptr += y * vnc_server_fb_stride(vd);
785 ptr += x * VNC_SERVER_FB_BYTES;
786 return ptr;
787}
788
789static void vnc_update_server_surface(VncDisplay *vd)
790{
791 int width, height;
792
793 qemu_pixman_image_unref(vd->server);
794 vd->server = NULL;
795
796 if (QTAILQ_EMPTY(&vd->clients)) {
797 return;
798 }
799
800 width = vnc_width(vd);
801 height = vnc_height(vd);
802 vd->true_width = vnc_true_width(vd);
803 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
804 width, height,
805 NULL, 0);
806
807 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
808 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
809 width, height);
810}
811
812static bool vnc_check_pageflip(DisplaySurface *s1,
813 DisplaySurface *s2)
814{
815 return (s1 != NULL &&
816 s2 != NULL &&
817 surface_width(s1) == surface_width(s2) &&
818 surface_height(s1) == surface_height(s2) &&
819 surface_format(s1) == surface_format(s2));
820
821}
822
823static void vnc_dpy_switch(DisplayChangeListener *dcl,
824 DisplaySurface *surface)
825{
826 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
827 bool pageflip = vnc_check_pageflip(vd->ds, surface);
828 VncState *vs;
829
830 vnc_abort_display_jobs(vd);
831 vd->ds = surface;
832
833
834 qemu_pixman_image_unref(vd->guest.fb);
835 vd->guest.fb = pixman_image_ref(surface->image);
836 vd->guest.format = surface->format;
837
838
839 if (pageflip) {
840 trace_vnc_server_dpy_pageflip(vd,
841 surface_width(surface),
842 surface_height(surface),
843 surface_format(surface));
844 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
845 surface_width(surface),
846 surface_height(surface));
847 return;
848 }
849
850 trace_vnc_server_dpy_recreate(vd,
851 surface_width(surface),
852 surface_height(surface),
853 surface_format(surface));
854
855 vnc_update_server_surface(vd);
856
857 QTAILQ_FOREACH(vs, &vd->clients, next) {
858 vnc_colordepth(vs);
859 vnc_desktop_resize(vs);
860 vnc_cursor_define(vs);
861 memset(vs->dirty, 0x00, sizeof(vs->dirty));
862 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
863 vnc_width(vd),
864 vnc_height(vd));
865 vnc_update_throttle_offset(vs);
866 }
867}
868
869
870static void vnc_write_pixels_copy(VncState *vs,
871 void *pixels, int size)
872{
873 vnc_write(vs, pixels, size);
874}
875
876
877void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
878{
879 uint8_t r, g, b;
880
881#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
882 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
883 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
884 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
885#else
886# error need some bits here if you change VNC_SERVER_FB_FORMAT
887#endif
888 v = (r << vs->client_pf.rshift) |
889 (g << vs->client_pf.gshift) |
890 (b << vs->client_pf.bshift);
891 switch (vs->client_pf.bytes_per_pixel) {
892 case 1:
893 buf[0] = v;
894 break;
895 case 2:
896 if (vs->client_be) {
897 buf[0] = v >> 8;
898 buf[1] = v;
899 } else {
900 buf[1] = v >> 8;
901 buf[0] = v;
902 }
903 break;
904 default:
905 case 4:
906 if (vs->client_be) {
907 buf[0] = v >> 24;
908 buf[1] = v >> 16;
909 buf[2] = v >> 8;
910 buf[3] = v;
911 } else {
912 buf[3] = v >> 24;
913 buf[2] = v >> 16;
914 buf[1] = v >> 8;
915 buf[0] = v;
916 }
917 break;
918 }
919}
920
921static void vnc_write_pixels_generic(VncState *vs,
922 void *pixels1, int size)
923{
924 uint8_t buf[4];
925
926 if (VNC_SERVER_FB_BYTES == 4) {
927 uint32_t *pixels = pixels1;
928 int n, i;
929 n = size >> 2;
930 for (i = 0; i < n; i++) {
931 vnc_convert_pixel(vs, buf, pixels[i]);
932 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
933 }
934 }
935}
936
937int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
938{
939 int i;
940 uint8_t *row;
941 VncDisplay *vd = vs->vd;
942
943 row = vnc_server_fb_ptr(vd, x, y);
944 for (i = 0; i < h; i++) {
945 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
946 row += vnc_server_fb_stride(vd);
947 }
948 return 1;
949}
950
951int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
952{
953 int n = 0;
954
955 switch(vs->vnc_encoding) {
956 case VNC_ENCODING_ZLIB:
957 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
958 break;
959 case VNC_ENCODING_HEXTILE:
960 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
961 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
962 break;
963 case VNC_ENCODING_TIGHT:
964 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
965 break;
966 case VNC_ENCODING_TIGHT_PNG:
967 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
968 break;
969 case VNC_ENCODING_ZRLE:
970 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
971 break;
972 case VNC_ENCODING_ZYWRLE:
973 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
974 break;
975 default:
976 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
977 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
978 break;
979 }
980 return n;
981}
982
983static void vnc_mouse_set(DisplayChangeListener *dcl,
984 int x, int y, int visible)
985{
986
987}
988
989static int vnc_cursor_define(VncState *vs)
990{
991 QEMUCursor *c = qemu_console_get_cursor(vs->vd->dcl.con);
992 int isize;
993
994 if (!c) {
995 return -1;
996 }
997
998 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) {
999 vnc_lock_output(vs);
1000 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1001 vnc_write_u8(vs, 0);
1002 vnc_write_u16(vs, 1);
1003 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1004 VNC_ENCODING_ALPHA_CURSOR);
1005 vnc_write_s32(vs, VNC_ENCODING_RAW);
1006 vnc_write(vs, c->data, c->width * c->height * 4);
1007 vnc_unlock_output(vs);
1008 return 0;
1009 }
1010 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1011 vnc_lock_output(vs);
1012 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1013 vnc_write_u8(vs, 0);
1014 vnc_write_u16(vs, 1);
1015 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1016 VNC_ENCODING_RICH_CURSOR);
1017 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1018 vnc_write_pixels_generic(vs, c->data, isize);
1019 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1020 vnc_unlock_output(vs);
1021 return 0;
1022 }
1023 return -1;
1024}
1025
1026static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1027 QEMUCursor *c)
1028{
1029 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1030 VncState *vs;
1031
1032 g_free(vd->cursor_mask);
1033 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1034 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1035 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1036
1037 QTAILQ_FOREACH(vs, &vd->clients, next) {
1038 vnc_cursor_define(vs);
1039 }
1040}
1041
1042static int find_and_clear_dirty_height(VncState *vs,
1043 int y, int last_x, int x, int height)
1044{
1045 int h;
1046
1047 for (h = 1; h < (height - y); h++) {
1048 if (!test_bit(last_x, vs->dirty[y + h])) {
1049 break;
1050 }
1051 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1052 }
1053
1054 return h;
1055}
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067static void vnc_update_throttle_offset(VncState *vs)
1068{
1069 size_t offset =
1070 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1071
1072 if (vs->audio_cap) {
1073 int bps;
1074 switch (vs->as.fmt) {
1075 default:
1076 case AUDIO_FORMAT_U8:
1077 case AUDIO_FORMAT_S8:
1078 bps = 1;
1079 break;
1080 case AUDIO_FORMAT_U16:
1081 case AUDIO_FORMAT_S16:
1082 bps = 2;
1083 break;
1084 case AUDIO_FORMAT_U32:
1085 case AUDIO_FORMAT_S32:
1086 bps = 4;
1087 break;
1088 }
1089 offset += vs->as.freq * bps * vs->as.nchannels;
1090 }
1091
1092
1093
1094
1095
1096 offset = MAX(offset, 1024 * 1024);
1097
1098 if (vs->throttle_output_offset != offset) {
1099 trace_vnc_client_throttle_threshold(
1100 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1101 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1102 }
1103
1104 vs->throttle_output_offset = offset;
1105}
1106
1107static bool vnc_should_update(VncState *vs)
1108{
1109 switch (vs->update) {
1110 case VNC_STATE_UPDATE_NONE:
1111 break;
1112 case VNC_STATE_UPDATE_INCREMENTAL:
1113
1114
1115
1116
1117 if (vs->output.offset < vs->throttle_output_offset &&
1118 vs->job_update == VNC_STATE_UPDATE_NONE) {
1119 return true;
1120 }
1121 trace_vnc_client_throttle_incremental(
1122 vs, vs->ioc, vs->job_update, vs->output.offset);
1123 break;
1124 case VNC_STATE_UPDATE_FORCE:
1125
1126
1127
1128
1129
1130
1131
1132
1133 if (vs->force_update_offset == 0 &&
1134 vs->job_update == VNC_STATE_UPDATE_NONE) {
1135 return true;
1136 }
1137 trace_vnc_client_throttle_forced(
1138 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1139 break;
1140 }
1141 return false;
1142}
1143
1144static int vnc_update_client(VncState *vs, int has_dirty)
1145{
1146 VncDisplay *vd = vs->vd;
1147 VncJob *job;
1148 int y;
1149 int height, width;
1150 int n = 0;
1151
1152 if (vs->disconnecting) {
1153 vnc_disconnect_finish(vs);
1154 return 0;
1155 }
1156
1157 vs->has_dirty += has_dirty;
1158 if (!vnc_should_update(vs)) {
1159 return 0;
1160 }
1161
1162 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1163 return 0;
1164 }
1165
1166
1167
1168
1169
1170
1171
1172 job = vnc_job_new(vs);
1173
1174 height = pixman_image_get_height(vd->server);
1175 width = pixman_image_get_width(vd->server);
1176
1177 y = 0;
1178 for (;;) {
1179 int x, h;
1180 unsigned long x2;
1181 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1182 height * VNC_DIRTY_BPL(vs),
1183 y * VNC_DIRTY_BPL(vs));
1184 if (offset == height * VNC_DIRTY_BPL(vs)) {
1185
1186 break;
1187 }
1188 y = offset / VNC_DIRTY_BPL(vs);
1189 x = offset % VNC_DIRTY_BPL(vs);
1190 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1191 VNC_DIRTY_BPL(vs), x);
1192 bitmap_clear(vs->dirty[y], x, x2 - x);
1193 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1194 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1195 if (x2 > x) {
1196 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1197 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1198 }
1199 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1200 y += h;
1201 if (y == height) {
1202 break;
1203 }
1204 }
1205 }
1206
1207 vs->job_update = vs->update;
1208 vs->update = VNC_STATE_UPDATE_NONE;
1209 vnc_job_push(job);
1210 vs->has_dirty = 0;
1211 return n;
1212}
1213
1214
1215static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1216{
1217 VncState *vs = opaque;
1218
1219 assert(vs->magic == VNC_MAGIC);
1220 switch (cmd) {
1221 case AUD_CNOTIFY_DISABLE:
1222 trace_vnc_msg_server_audio_end(vs, vs->ioc);
1223 vnc_lock_output(vs);
1224 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1225 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1226 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1227 vnc_unlock_output(vs);
1228 vnc_flush(vs);
1229 break;
1230
1231 case AUD_CNOTIFY_ENABLE:
1232 trace_vnc_msg_server_audio_begin(vs, vs->ioc);
1233 vnc_lock_output(vs);
1234 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1235 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1236 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1237 vnc_unlock_output(vs);
1238 vnc_flush(vs);
1239 break;
1240 }
1241}
1242
1243static void audio_capture_destroy(void *opaque)
1244{
1245}
1246
1247static void audio_capture(void *opaque, const void *buf, int size)
1248{
1249 VncState *vs = opaque;
1250
1251 assert(vs->magic == VNC_MAGIC);
1252 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size);
1253 vnc_lock_output(vs);
1254 if (vs->output.offset < vs->throttle_output_offset) {
1255 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1256 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1257 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1258 vnc_write_u32(vs, size);
1259 vnc_write(vs, buf, size);
1260 } else {
1261 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1262 }
1263 vnc_unlock_output(vs);
1264 vnc_flush(vs);
1265}
1266
1267static void audio_add(VncState *vs)
1268{
1269 struct audio_capture_ops ops;
1270
1271 if (vs->audio_cap) {
1272 error_report("audio already running");
1273 return;
1274 }
1275
1276 ops.notify = audio_capture_notify;
1277 ops.destroy = audio_capture_destroy;
1278 ops.capture = audio_capture;
1279
1280 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1281 if (!vs->audio_cap) {
1282 error_report("Failed to add audio capture");
1283 }
1284}
1285
1286static void audio_del(VncState *vs)
1287{
1288 if (vs->audio_cap) {
1289 AUD_del_capture(vs->audio_cap, vs);
1290 vs->audio_cap = NULL;
1291 }
1292}
1293
1294static void vnc_disconnect_start(VncState *vs)
1295{
1296 if (vs->disconnecting) {
1297 return;
1298 }
1299 trace_vnc_client_disconnect_start(vs, vs->ioc);
1300 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1301 if (vs->ioc_tag) {
1302 g_source_remove(vs->ioc_tag);
1303 vs->ioc_tag = 0;
1304 }
1305 qio_channel_close(vs->ioc, NULL);
1306 vs->disconnecting = TRUE;
1307}
1308
1309void vnc_disconnect_finish(VncState *vs)
1310{
1311 int i;
1312
1313 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1314
1315 vnc_jobs_join(vs);
1316
1317 vnc_lock_output(vs);
1318 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1319
1320 buffer_free(&vs->input);
1321 buffer_free(&vs->output);
1322
1323 qapi_free_VncClientInfo(vs->info);
1324
1325 vnc_zlib_clear(vs);
1326 vnc_tight_clear(vs);
1327 vnc_zrle_clear(vs);
1328
1329#ifdef CONFIG_VNC_SASL
1330 vnc_sasl_client_cleanup(vs);
1331#endif
1332 audio_del(vs);
1333 qkbd_state_lift_all_keys(vs->vd->kbd);
1334
1335 if (vs->mouse_mode_notifier.notify != NULL) {
1336 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1337 }
1338 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1339 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1340
1341 vnc_update_server_surface(vs->vd);
1342 }
1343 vnc_unlock_output(vs);
1344
1345 if (vs->cbpeer.notifier.notify) {
1346 qemu_clipboard_peer_unregister(&vs->cbpeer);
1347 }
1348
1349 qemu_mutex_destroy(&vs->output_mutex);
1350 if (vs->bh != NULL) {
1351 qemu_bh_delete(vs->bh);
1352 }
1353 buffer_free(&vs->jobs_buffer);
1354
1355 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1356 g_free(vs->lossy_rect[i]);
1357 }
1358 g_free(vs->lossy_rect);
1359
1360 object_unref(OBJECT(vs->ioc));
1361 vs->ioc = NULL;
1362 object_unref(OBJECT(vs->sioc));
1363 vs->sioc = NULL;
1364 vs->magic = 0;
1365 g_free(vs->zrle);
1366 g_free(vs->tight);
1367 g_free(vs);
1368}
1369
1370size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1371{
1372 if (ret <= 0) {
1373 if (ret == 0) {
1374 trace_vnc_client_eof(vs, vs->ioc);
1375 vnc_disconnect_start(vs);
1376 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1377 trace_vnc_client_io_error(vs, vs->ioc,
1378 err ? error_get_pretty(err) : "Unknown");
1379 vnc_disconnect_start(vs);
1380 }
1381
1382 error_free(err);
1383 return 0;
1384 }
1385 return ret;
1386}
1387
1388
1389void vnc_client_error(VncState *vs)
1390{
1391 VNC_DEBUG("Closing down client sock: protocol error\n");
1392 vnc_disconnect_start(vs);
1393}
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1412{
1413 Error *err = NULL;
1414 ssize_t ret;
1415 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1416 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1417 return vnc_client_io_error(vs, ret, err);
1418}
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431static size_t vnc_client_write_plain(VncState *vs)
1432{
1433 size_t offset;
1434 size_t ret;
1435
1436#ifdef CONFIG_VNC_SASL
1437 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1438 vs->output.buffer, vs->output.capacity, vs->output.offset,
1439 vs->sasl.waitWriteSSF);
1440
1441 if (vs->sasl.conn &&
1442 vs->sasl.runSSF &&
1443 vs->sasl.waitWriteSSF) {
1444 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1445 if (ret)
1446 vs->sasl.waitWriteSSF -= ret;
1447 } else
1448#endif
1449 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1450 if (!ret)
1451 return 0;
1452
1453 if (ret >= vs->force_update_offset) {
1454 if (vs->force_update_offset != 0) {
1455 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1456 }
1457 vs->force_update_offset = 0;
1458 } else {
1459 vs->force_update_offset -= ret;
1460 }
1461 offset = vs->output.offset;
1462 buffer_advance(&vs->output, ret);
1463 if (offset >= vs->throttle_output_offset &&
1464 vs->output.offset < vs->throttle_output_offset) {
1465 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1466 }
1467
1468 if (vs->output.offset == 0) {
1469 if (vs->ioc_tag) {
1470 g_source_remove(vs->ioc_tag);
1471 }
1472 vs->ioc_tag = qio_channel_add_watch(
1473 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1474 vnc_client_io, vs, NULL);
1475 }
1476
1477 return ret;
1478}
1479
1480
1481
1482
1483
1484
1485
1486static void vnc_client_write_locked(VncState *vs)
1487{
1488#ifdef CONFIG_VNC_SASL
1489 if (vs->sasl.conn &&
1490 vs->sasl.runSSF &&
1491 !vs->sasl.waitWriteSSF) {
1492 vnc_client_write_sasl(vs);
1493 } else
1494#endif
1495 {
1496 vnc_client_write_plain(vs);
1497 }
1498}
1499
1500static void vnc_client_write(VncState *vs)
1501{
1502 assert(vs->magic == VNC_MAGIC);
1503 vnc_lock_output(vs);
1504 if (vs->output.offset) {
1505 vnc_client_write_locked(vs);
1506 } else if (vs->ioc != NULL) {
1507 if (vs->ioc_tag) {
1508 g_source_remove(vs->ioc_tag);
1509 }
1510 vs->ioc_tag = qio_channel_add_watch(
1511 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1512 vnc_client_io, vs, NULL);
1513 }
1514 vnc_unlock_output(vs);
1515}
1516
1517void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1518{
1519 vs->read_handler = func;
1520 vs->read_handler_expect = expecting;
1521}
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1540{
1541 ssize_t ret;
1542 Error *err = NULL;
1543 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1544 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1545 return vnc_client_io_error(vs, ret, err);
1546}
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558static size_t vnc_client_read_plain(VncState *vs)
1559{
1560 size_t ret;
1561 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1562 vs->input.buffer, vs->input.capacity, vs->input.offset);
1563 buffer_reserve(&vs->input, 4096);
1564 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1565 if (!ret)
1566 return 0;
1567 vs->input.offset += ret;
1568 return ret;
1569}
1570
1571static void vnc_jobs_bh(void *opaque)
1572{
1573 VncState *vs = opaque;
1574
1575 assert(vs->magic == VNC_MAGIC);
1576 vnc_jobs_consume_buffer(vs);
1577}
1578
1579
1580
1581
1582
1583
1584
1585static int vnc_client_read(VncState *vs)
1586{
1587 size_t ret;
1588
1589#ifdef CONFIG_VNC_SASL
1590 if (vs->sasl.conn && vs->sasl.runSSF)
1591 ret = vnc_client_read_sasl(vs);
1592 else
1593#endif
1594 ret = vnc_client_read_plain(vs);
1595 if (!ret) {
1596 if (vs->disconnecting) {
1597 vnc_disconnect_finish(vs);
1598 return -1;
1599 }
1600 return 0;
1601 }
1602
1603 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1604 size_t len = vs->read_handler_expect;
1605 int ret;
1606
1607 ret = vs->read_handler(vs, vs->input.buffer, len);
1608 if (vs->disconnecting) {
1609 vnc_disconnect_finish(vs);
1610 return -1;
1611 }
1612
1613 if (!ret) {
1614 buffer_advance(&vs->input, len);
1615 } else {
1616 vs->read_handler_expect = ret;
1617 }
1618 }
1619 return 0;
1620}
1621
1622gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1623 GIOCondition condition, void *opaque)
1624{
1625 VncState *vs = opaque;
1626
1627 assert(vs->magic == VNC_MAGIC);
1628
1629 if (condition & (G_IO_HUP | G_IO_ERR)) {
1630 vnc_disconnect_start(vs);
1631 return TRUE;
1632 }
1633
1634 if (condition & G_IO_IN) {
1635 if (vnc_client_read(vs) < 0) {
1636
1637 return TRUE;
1638 }
1639 }
1640 if (condition & G_IO_OUT) {
1641 vnc_client_write(vs);
1642 }
1643
1644 if (vs->disconnecting) {
1645 if (vs->ioc_tag != 0) {
1646 g_source_remove(vs->ioc_tag);
1647 }
1648 vs->ioc_tag = 0;
1649 }
1650 return TRUE;
1651}
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661#define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1662
1663void vnc_write(VncState *vs, const void *data, size_t len)
1664{
1665 assert(vs->magic == VNC_MAGIC);
1666 if (vs->disconnecting) {
1667 return;
1668 }
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680 if (vs->throttle_output_offset != 0 &&
1681 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1682 vs->throttle_output_offset) {
1683 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1684 vs->throttle_output_offset);
1685 vnc_disconnect_start(vs);
1686 return;
1687 }
1688 buffer_reserve(&vs->output, len);
1689
1690 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1691 if (vs->ioc_tag) {
1692 g_source_remove(vs->ioc_tag);
1693 }
1694 vs->ioc_tag = qio_channel_add_watch(
1695 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
1696 vnc_client_io, vs, NULL);
1697 }
1698
1699 buffer_append(&vs->output, data, len);
1700}
1701
1702void vnc_write_s32(VncState *vs, int32_t value)
1703{
1704 vnc_write_u32(vs, *(uint32_t *)&value);
1705}
1706
1707void vnc_write_u32(VncState *vs, uint32_t value)
1708{
1709 uint8_t buf[4];
1710
1711 buf[0] = (value >> 24) & 0xFF;
1712 buf[1] = (value >> 16) & 0xFF;
1713 buf[2] = (value >> 8) & 0xFF;
1714 buf[3] = value & 0xFF;
1715
1716 vnc_write(vs, buf, 4);
1717}
1718
1719void vnc_write_u16(VncState *vs, uint16_t value)
1720{
1721 uint8_t buf[2];
1722
1723 buf[0] = (value >> 8) & 0xFF;
1724 buf[1] = value & 0xFF;
1725
1726 vnc_write(vs, buf, 2);
1727}
1728
1729void vnc_write_u8(VncState *vs, uint8_t value)
1730{
1731 vnc_write(vs, (char *)&value, 1);
1732}
1733
1734void vnc_flush(VncState *vs)
1735{
1736 vnc_lock_output(vs);
1737 if (vs->ioc != NULL && vs->output.offset) {
1738 vnc_client_write_locked(vs);
1739 }
1740 if (vs->disconnecting) {
1741 if (vs->ioc_tag != 0) {
1742 g_source_remove(vs->ioc_tag);
1743 }
1744 vs->ioc_tag = 0;
1745 }
1746 vnc_unlock_output(vs);
1747}
1748
1749static uint8_t read_u8(uint8_t *data, size_t offset)
1750{
1751 return data[offset];
1752}
1753
1754static uint16_t read_u16(uint8_t *data, size_t offset)
1755{
1756 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1757}
1758
1759static int32_t read_s32(uint8_t *data, size_t offset)
1760{
1761 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1762 (data[offset + 2] << 8) | data[offset + 3]);
1763}
1764
1765uint32_t read_u32(uint8_t *data, size_t offset)
1766{
1767 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1768 (data[offset + 2] << 8) | data[offset + 3]);
1769}
1770
1771static void check_pointer_type_change(Notifier *notifier, void *data)
1772{
1773 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1774 int absolute = qemu_input_is_absolute();
1775
1776 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1777 vnc_lock_output(vs);
1778 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1779 vnc_write_u8(vs, 0);
1780 vnc_write_u16(vs, 1);
1781 vnc_framebuffer_update(vs, absolute, 0,
1782 pixman_image_get_width(vs->vd->server),
1783 pixman_image_get_height(vs->vd->server),
1784 VNC_ENCODING_POINTER_TYPE_CHANGE);
1785 vnc_unlock_output(vs);
1786 vnc_flush(vs);
1787 }
1788 vs->absolute = absolute;
1789}
1790
1791static void pointer_event(VncState *vs, int button_mask, int x, int y)
1792{
1793 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1794 [INPUT_BUTTON_LEFT] = 0x01,
1795 [INPUT_BUTTON_MIDDLE] = 0x02,
1796 [INPUT_BUTTON_RIGHT] = 0x04,
1797 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1798 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1799 };
1800 QemuConsole *con = vs->vd->dcl.con;
1801 int width = pixman_image_get_width(vs->vd->server);
1802 int height = pixman_image_get_height(vs->vd->server);
1803
1804 if (vs->last_bmask != button_mask) {
1805 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1806 vs->last_bmask = button_mask;
1807 }
1808
1809 if (vs->absolute) {
1810 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1811 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1812 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1813 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1814 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1815 } else {
1816 if (vs->last_x != -1) {
1817 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1818 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1819 }
1820 vs->last_x = x;
1821 vs->last_y = y;
1822 }
1823 qemu_input_event_sync();
1824}
1825
1826static void press_key(VncState *vs, QKeyCode qcode)
1827{
1828 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1829 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1830}
1831
1832static void vnc_led_state_change(VncState *vs)
1833{
1834 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1835 return;
1836 }
1837
1838 vnc_lock_output(vs);
1839 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1840 vnc_write_u8(vs, 0);
1841 vnc_write_u16(vs, 1);
1842 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1843 vnc_write_u8(vs, vs->vd->ledstate);
1844 vnc_unlock_output(vs);
1845 vnc_flush(vs);
1846}
1847
1848static void kbd_leds(void *opaque, int ledstate)
1849{
1850 VncDisplay *vd = opaque;
1851 VncState *client;
1852
1853 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1854 (ledstate & QEMU_NUM_LOCK_LED),
1855 (ledstate & QEMU_SCROLL_LOCK_LED));
1856
1857 if (ledstate == vd->ledstate) {
1858 return;
1859 }
1860
1861 vd->ledstate = ledstate;
1862
1863 QTAILQ_FOREACH(client, &vd->clients, next) {
1864 vnc_led_state_change(client);
1865 }
1866}
1867
1868static void do_key_event(VncState *vs, int down, int keycode, int sym)
1869{
1870 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1871
1872
1873 switch (qcode) {
1874 case Q_KEY_CODE_1 ... Q_KEY_CODE_9:
1875 if (vs->vd->dcl.con == NULL && down &&
1876 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1877 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1878
1879 qkbd_state_lift_all_keys(vs->vd->kbd);
1880 console_select(qcode - Q_KEY_CODE_1);
1881 return;
1882 }
1883 default:
1884 break;
1885 }
1886
1887
1888
1889
1890 if (down && vs->vd->lock_key_sync &&
1891 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1892 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1893
1894
1895
1896
1897 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1898 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1899 trace_vnc_key_sync_numlock(true);
1900 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1901 }
1902 } else {
1903 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1904 trace_vnc_key_sync_numlock(false);
1905 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1906 }
1907 }
1908 }
1909
1910 if (down && vs->vd->lock_key_sync &&
1911 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1912 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1913
1914
1915
1916
1917 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1918 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1919 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1920 if (capslock) {
1921 if (uppercase == shift) {
1922 trace_vnc_key_sync_capslock(false);
1923 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1924 }
1925 } else {
1926 if (uppercase != shift) {
1927 trace_vnc_key_sync_capslock(true);
1928 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1929 }
1930 }
1931 }
1932
1933 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1934 if (!qemu_console_is_graphic(NULL)) {
1935 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1936 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1937
1938 if (down) {
1939 switch (keycode) {
1940 case 0x2a:
1941 case 0x36:
1942 case 0x1d:
1943 case 0x9d:
1944 case 0x38:
1945 case 0xb8:
1946 break;
1947 case 0xc8:
1948 kbd_put_keysym(QEMU_KEY_UP);
1949 break;
1950 case 0xd0:
1951 kbd_put_keysym(QEMU_KEY_DOWN);
1952 break;
1953 case 0xcb:
1954 kbd_put_keysym(QEMU_KEY_LEFT);
1955 break;
1956 case 0xcd:
1957 kbd_put_keysym(QEMU_KEY_RIGHT);
1958 break;
1959 case 0xd3:
1960 kbd_put_keysym(QEMU_KEY_DELETE);
1961 break;
1962 case 0xc7:
1963 kbd_put_keysym(QEMU_KEY_HOME);
1964 break;
1965 case 0xcf:
1966 kbd_put_keysym(QEMU_KEY_END);
1967 break;
1968 case 0xc9:
1969 kbd_put_keysym(QEMU_KEY_PAGEUP);
1970 break;
1971 case 0xd1:
1972 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1973 break;
1974
1975 case 0x47:
1976 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1977 break;
1978 case 0x48:
1979 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1980 break;
1981 case 0x49:
1982 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1983 break;
1984 case 0x4b:
1985 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1986 break;
1987 case 0x4c:
1988 kbd_put_keysym('5');
1989 break;
1990 case 0x4d:
1991 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1992 break;
1993 case 0x4f:
1994 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1995 break;
1996 case 0x50:
1997 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1998 break;
1999 case 0x51:
2000 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
2001 break;
2002 case 0x52:
2003 kbd_put_keysym('0');
2004 break;
2005 case 0x53:
2006 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
2007 break;
2008
2009 case 0xb5:
2010 kbd_put_keysym('/');
2011 break;
2012 case 0x37:
2013 kbd_put_keysym('*');
2014 break;
2015 case 0x4a:
2016 kbd_put_keysym('-');
2017 break;
2018 case 0x4e:
2019 kbd_put_keysym('+');
2020 break;
2021 case 0x9c:
2022 kbd_put_keysym('\n');
2023 break;
2024
2025 default:
2026 if (control) {
2027 kbd_put_keysym(sym & 0x1f);
2028 } else {
2029 kbd_put_keysym(sym);
2030 }
2031 break;
2032 }
2033 }
2034 }
2035}
2036
2037static const char *code2name(int keycode)
2038{
2039 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2040}
2041
2042static void key_event(VncState *vs, int down, uint32_t sym)
2043{
2044 int keycode;
2045 int lsym = sym;
2046
2047 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
2048 lsym = lsym - 'A' + 'a';
2049 }
2050
2051 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2052 vs->vd->kbd, down) & SCANCODE_KEYMASK;
2053 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2054 do_key_event(vs, down, keycode, sym);
2055}
2056
2057static void ext_key_event(VncState *vs, int down,
2058 uint32_t sym, uint16_t keycode)
2059{
2060
2061 if (keyboard_layout) {
2062 key_event(vs, down, sym);
2063 } else {
2064 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2065 do_key_event(vs, down, keycode, sym);
2066 }
2067}
2068
2069static void framebuffer_update_request(VncState *vs, int incremental,
2070 int x, int y, int w, int h)
2071{
2072 if (incremental) {
2073 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2074 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2075 }
2076 } else {
2077 vs->update = VNC_STATE_UPDATE_FORCE;
2078 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2079 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
2080 vnc_desktop_resize_ext(vs, 0);
2081 }
2082 }
2083}
2084
2085static void send_ext_key_event_ack(VncState *vs)
2086{
2087 vnc_lock_output(vs);
2088 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2089 vnc_write_u8(vs, 0);
2090 vnc_write_u16(vs, 1);
2091 vnc_framebuffer_update(vs, 0, 0,
2092 pixman_image_get_width(vs->vd->server),
2093 pixman_image_get_height(vs->vd->server),
2094 VNC_ENCODING_EXT_KEY_EVENT);
2095 vnc_unlock_output(vs);
2096 vnc_flush(vs);
2097}
2098
2099static void send_ext_audio_ack(VncState *vs)
2100{
2101 vnc_lock_output(vs);
2102 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2103 vnc_write_u8(vs, 0);
2104 vnc_write_u16(vs, 1);
2105 vnc_framebuffer_update(vs, 0, 0,
2106 pixman_image_get_width(vs->vd->server),
2107 pixman_image_get_height(vs->vd->server),
2108 VNC_ENCODING_AUDIO);
2109 vnc_unlock_output(vs);
2110 vnc_flush(vs);
2111}
2112
2113static void send_xvp_message(VncState *vs, int code)
2114{
2115 vnc_lock_output(vs);
2116 vnc_write_u8(vs, VNC_MSG_SERVER_XVP);
2117 vnc_write_u8(vs, 0);
2118 vnc_write_u8(vs, 1);
2119 vnc_write_u8(vs, code);
2120 vnc_unlock_output(vs);
2121 vnc_flush(vs);
2122}
2123
2124static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2125{
2126 int i;
2127 unsigned int enc = 0;
2128
2129 vs->features = 0;
2130 vs->vnc_encoding = 0;
2131 vs->tight->compression = 9;
2132 vs->tight->quality = -1;
2133 vs->absolute = -1;
2134
2135
2136
2137
2138
2139
2140 for (i = n_encodings - 1; i >= 0; i--) {
2141 enc = encodings[i];
2142 switch (enc) {
2143 case VNC_ENCODING_RAW:
2144 vs->vnc_encoding = enc;
2145 break;
2146 case VNC_ENCODING_HEXTILE:
2147 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2148 vs->vnc_encoding = enc;
2149 break;
2150 case VNC_ENCODING_TIGHT:
2151 vs->features |= VNC_FEATURE_TIGHT_MASK;
2152 vs->vnc_encoding = enc;
2153 break;
2154#ifdef CONFIG_PNG
2155 case VNC_ENCODING_TIGHT_PNG:
2156 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2157 vs->vnc_encoding = enc;
2158 break;
2159#endif
2160 case VNC_ENCODING_ZLIB:
2161
2162
2163
2164
2165
2166 if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) {
2167 vs->features |= VNC_FEATURE_ZLIB_MASK;
2168 vs->vnc_encoding = enc;
2169 }
2170 break;
2171 case VNC_ENCODING_ZRLE:
2172 vs->features |= VNC_FEATURE_ZRLE_MASK;
2173 vs->vnc_encoding = enc;
2174 break;
2175 case VNC_ENCODING_ZYWRLE:
2176 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2177 vs->vnc_encoding = enc;
2178 break;
2179 case VNC_ENCODING_DESKTOPRESIZE:
2180 vs->features |= VNC_FEATURE_RESIZE_MASK;
2181 break;
2182 case VNC_ENCODING_DESKTOP_RESIZE_EXT:
2183 vs->features |= VNC_FEATURE_RESIZE_EXT_MASK;
2184 break;
2185 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2186 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2187 break;
2188 case VNC_ENCODING_RICH_CURSOR:
2189 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2190 break;
2191 case VNC_ENCODING_ALPHA_CURSOR:
2192 vs->features |= VNC_FEATURE_ALPHA_CURSOR_MASK;
2193 break;
2194 case VNC_ENCODING_EXT_KEY_EVENT:
2195 send_ext_key_event_ack(vs);
2196 break;
2197 case VNC_ENCODING_AUDIO:
2198 send_ext_audio_ack(vs);
2199 break;
2200 case VNC_ENCODING_WMVi:
2201 vs->features |= VNC_FEATURE_WMVI_MASK;
2202 break;
2203 case VNC_ENCODING_LED_STATE:
2204 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2205 break;
2206 case VNC_ENCODING_XVP:
2207 if (vs->vd->power_control) {
2208 vs->features |= VNC_FEATURE_XVP;
2209 send_xvp_message(vs, VNC_XVP_CODE_INIT);
2210 }
2211 break;
2212 case VNC_ENCODING_CLIPBOARD_EXT:
2213 vs->features |= VNC_FEATURE_CLIPBOARD_EXT_MASK;
2214 vnc_server_cut_text_caps(vs);
2215 break;
2216 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2217 vs->tight->compression = (enc & 0x0F);
2218 break;
2219 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2220 if (vs->vd->lossy) {
2221 vs->tight->quality = (enc & 0x0F);
2222 }
2223 break;
2224 default:
2225 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2226 break;
2227 }
2228 }
2229 vnc_desktop_resize(vs);
2230 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2231 vnc_led_state_change(vs);
2232 vnc_cursor_define(vs);
2233}
2234
2235static void set_pixel_conversion(VncState *vs)
2236{
2237 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2238
2239 if (fmt == VNC_SERVER_FB_FORMAT) {
2240 vs->write_pixels = vnc_write_pixels_copy;
2241 vnc_hextile_set_pixel_conversion(vs, 0);
2242 } else {
2243 vs->write_pixels = vnc_write_pixels_generic;
2244 vnc_hextile_set_pixel_conversion(vs, 1);
2245 }
2246}
2247
2248static void send_color_map(VncState *vs)
2249{
2250 int i;
2251
2252 vnc_lock_output(vs);
2253 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2254 vnc_write_u8(vs, 0);
2255 vnc_write_u16(vs, 0);
2256 vnc_write_u16(vs, 256);
2257
2258 for (i = 0; i < 256; i++) {
2259 PixelFormat *pf = &vs->client_pf;
2260
2261 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2262 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2263 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2264 }
2265 vnc_unlock_output(vs);
2266}
2267
2268static void set_pixel_format(VncState *vs, int bits_per_pixel,
2269 int big_endian_flag, int true_color_flag,
2270 int red_max, int green_max, int blue_max,
2271 int red_shift, int green_shift, int blue_shift)
2272{
2273 if (!true_color_flag) {
2274
2275 bits_per_pixel = 8;
2276 red_max = 7;
2277 green_max = 7;
2278 blue_max = 3;
2279 red_shift = 0;
2280 green_shift = 3;
2281 blue_shift = 6;
2282 }
2283
2284 switch (bits_per_pixel) {
2285 case 8:
2286 case 16:
2287 case 32:
2288 break;
2289 default:
2290 vnc_client_error(vs);
2291 return;
2292 }
2293
2294 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2295 vs->client_pf.rbits = ctpopl(red_max);
2296 vs->client_pf.rshift = red_shift;
2297 vs->client_pf.rmask = red_max << red_shift;
2298 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2299 vs->client_pf.gbits = ctpopl(green_max);
2300 vs->client_pf.gshift = green_shift;
2301 vs->client_pf.gmask = green_max << green_shift;
2302 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2303 vs->client_pf.bbits = ctpopl(blue_max);
2304 vs->client_pf.bshift = blue_shift;
2305 vs->client_pf.bmask = blue_max << blue_shift;
2306 vs->client_pf.bits_per_pixel = bits_per_pixel;
2307 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2308 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2309 vs->client_be = big_endian_flag;
2310
2311 if (!true_color_flag) {
2312 send_color_map(vs);
2313 }
2314
2315 set_pixel_conversion(vs);
2316
2317 graphic_hw_invalidate(vs->vd->dcl.con);
2318 graphic_hw_update(vs->vd->dcl.con);
2319}
2320
2321static void pixel_format_message (VncState *vs) {
2322 char pad[3] = { 0, 0, 0 };
2323
2324 vs->client_pf = qemu_default_pixelformat(32);
2325
2326 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
2327 vnc_write_u8(vs, vs->client_pf.depth);
2328
2329#if HOST_BIG_ENDIAN
2330 vnc_write_u8(vs, 1);
2331#else
2332 vnc_write_u8(vs, 0);
2333#endif
2334 vnc_write_u8(vs, 1);
2335 vnc_write_u16(vs, vs->client_pf.rmax);
2336 vnc_write_u16(vs, vs->client_pf.gmax);
2337 vnc_write_u16(vs, vs->client_pf.bmax);
2338 vnc_write_u8(vs, vs->client_pf.rshift);
2339 vnc_write_u8(vs, vs->client_pf.gshift);
2340 vnc_write_u8(vs, vs->client_pf.bshift);
2341 vnc_write(vs, pad, 3);
2342
2343 vnc_hextile_set_pixel_conversion(vs, 0);
2344 vs->write_pixels = vnc_write_pixels_copy;
2345}
2346
2347static void vnc_colordepth(VncState *vs)
2348{
2349 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2350
2351 vnc_lock_output(vs);
2352 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2353 vnc_write_u8(vs, 0);
2354 vnc_write_u16(vs, 1);
2355 vnc_framebuffer_update(vs, 0, 0,
2356 vs->client_width,
2357 vs->client_height,
2358 VNC_ENCODING_WMVi);
2359 pixel_format_message(vs);
2360 vnc_unlock_output(vs);
2361 vnc_flush(vs);
2362 } else {
2363 set_pixel_conversion(vs);
2364 }
2365}
2366
2367static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2368{
2369 int i;
2370 uint16_t limit;
2371 uint32_t freq;
2372 VncDisplay *vd = vs->vd;
2373
2374 if (data[0] > 3) {
2375 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2376 }
2377
2378 switch (data[0]) {
2379 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2380 if (len == 1)
2381 return 20;
2382
2383 set_pixel_format(vs, read_u8(data, 4),
2384 read_u8(data, 6), read_u8(data, 7),
2385 read_u16(data, 8), read_u16(data, 10),
2386 read_u16(data, 12), read_u8(data, 14),
2387 read_u8(data, 15), read_u8(data, 16));
2388 break;
2389 case VNC_MSG_CLIENT_SET_ENCODINGS:
2390 if (len == 1)
2391 return 4;
2392
2393 if (len == 4) {
2394 limit = read_u16(data, 2);
2395 if (limit > 0)
2396 return 4 + (limit * 4);
2397 } else
2398 limit = read_u16(data, 2);
2399
2400 for (i = 0; i < limit; i++) {
2401 int32_t val = read_s32(data, 4 + (i * 4));
2402 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2403 }
2404
2405 set_encodings(vs, (int32_t *)(data + 4), limit);
2406 break;
2407 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2408 if (len == 1)
2409 return 10;
2410
2411 framebuffer_update_request(vs,
2412 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2413 read_u16(data, 6), read_u16(data, 8));
2414 break;
2415 case VNC_MSG_CLIENT_KEY_EVENT:
2416 if (len == 1)
2417 return 8;
2418
2419 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2420 break;
2421 case VNC_MSG_CLIENT_POINTER_EVENT:
2422 if (len == 1)
2423 return 6;
2424
2425 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2426 break;
2427 case VNC_MSG_CLIENT_CUT_TEXT:
2428 if (len == 1) {
2429 return 8;
2430 }
2431 uint32_t dlen = abs(read_s32(data, 4));
2432 if (len == 8) {
2433 if (dlen > (1 << 20)) {
2434 error_report("vnc: client_cut_text msg payload has %u bytes"
2435 " which exceeds our limit of 1MB.", dlen);
2436 vnc_client_error(vs);
2437 break;
2438 }
2439 if (dlen > 0) {
2440 return 8 + dlen;
2441 }
2442 }
2443
2444 if (read_s32(data, 4) < 0) {
2445 if (dlen < 4) {
2446 error_report("vnc: malformed payload (header less than 4 bytes)"
2447 " in extended clipboard pseudo-encoding.");
2448 vnc_client_error(vs);
2449 break;
2450 }
2451 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
2452 break;
2453 }
2454 vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
2455 break;
2456 case VNC_MSG_CLIENT_XVP:
2457 if (!(vs->features & VNC_FEATURE_XVP)) {
2458 error_report("vnc: xvp client message while disabled");
2459 vnc_client_error(vs);
2460 break;
2461 }
2462 if (len == 1) {
2463 return 4;
2464 }
2465 if (len == 4) {
2466 uint8_t version = read_u8(data, 2);
2467 uint8_t action = read_u8(data, 3);
2468
2469 if (version != 1) {
2470 error_report("vnc: xvp client message version %d != 1",
2471 version);
2472 vnc_client_error(vs);
2473 break;
2474 }
2475
2476 switch (action) {
2477 case VNC_XVP_ACTION_SHUTDOWN:
2478 qemu_system_powerdown_request();
2479 break;
2480 case VNC_XVP_ACTION_REBOOT:
2481 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2482 break;
2483 case VNC_XVP_ACTION_RESET:
2484 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET);
2485 break;
2486 default:
2487 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2488 break;
2489 }
2490 }
2491 break;
2492 case VNC_MSG_CLIENT_QEMU:
2493 if (len == 1)
2494 return 2;
2495
2496 switch (read_u8(data, 1)) {
2497 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2498 if (len == 2)
2499 return 12;
2500
2501 ext_key_event(vs, read_u16(data, 2),
2502 read_u32(data, 4), read_u32(data, 8));
2503 break;
2504 case VNC_MSG_CLIENT_QEMU_AUDIO:
2505 if (len == 2)
2506 return 4;
2507
2508 switch (read_u16 (data, 2)) {
2509 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2510 trace_vnc_msg_client_audio_enable(vs, vs->ioc);
2511 audio_add(vs);
2512 break;
2513 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2514 trace_vnc_msg_client_audio_disable(vs, vs->ioc);
2515 audio_del(vs);
2516 break;
2517 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2518 if (len == 4)
2519 return 10;
2520 switch (read_u8(data, 4)) {
2521 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2522 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2523 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2524 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2525 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2526 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2527 default:
2528 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2529 vnc_client_error(vs);
2530 break;
2531 }
2532 vs->as.nchannels = read_u8(data, 5);
2533 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2534 VNC_DEBUG("Invalid audio channel count %d\n",
2535 read_u8(data, 5));
2536 vnc_client_error(vs);
2537 break;
2538 }
2539 freq = read_u32(data, 6);
2540
2541
2542
2543
2544 if (freq > 48000) {
2545 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2546 vnc_client_error(vs);
2547 break;
2548 }
2549 vs->as.freq = freq;
2550 trace_vnc_msg_client_audio_format(
2551 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq);
2552 break;
2553 default:
2554 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2555 vnc_client_error(vs);
2556 break;
2557 }
2558 break;
2559
2560 default:
2561 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2562 vnc_client_error(vs);
2563 break;
2564 }
2565 break;
2566 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE:
2567 {
2568 size_t size;
2569 uint8_t screens;
2570 int w, h;
2571
2572 if (len < 8) {
2573 return 8;
2574 }
2575
2576 screens = read_u8(data, 6);
2577 size = 8 + screens * 16;
2578 if (len < size) {
2579 return size;
2580 }
2581 w = read_u16(data, 2);
2582 h = read_u16(data, 4);
2583
2584 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens);
2585 if (dpy_ui_info_supported(vs->vd->dcl.con)) {
2586 QemuUIInfo info;
2587 memset(&info, 0, sizeof(info));
2588 info.width = w;
2589 info.height = h;
2590 dpy_set_ui_info(vs->vd->dcl.con, &info, false);
2591 vnc_desktop_resize_ext(vs, 4 );
2592 } else {
2593 vnc_desktop_resize_ext(vs, 3 );
2594 }
2595
2596 break;
2597 }
2598 default:
2599 VNC_DEBUG("Msg: %d\n", data[0]);
2600 vnc_client_error(vs);
2601 break;
2602 }
2603
2604 vnc_update_throttle_offset(vs);
2605 vnc_read_when(vs, protocol_client_msg, 1);
2606 return 0;
2607}
2608
2609static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2610{
2611 char buf[1024];
2612 VncShareMode mode;
2613 int size;
2614
2615 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2616 switch (vs->vd->share_policy) {
2617 case VNC_SHARE_POLICY_IGNORE:
2618
2619
2620
2621
2622
2623
2624
2625 break;
2626 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2637 VncState *client;
2638 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2639 if (vs == client) {
2640 continue;
2641 }
2642 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2643 client->share_mode != VNC_SHARE_MODE_SHARED) {
2644 continue;
2645 }
2646 vnc_disconnect_start(client);
2647 }
2648 }
2649 if (mode == VNC_SHARE_MODE_SHARED) {
2650 if (vs->vd->num_exclusive > 0) {
2651 vnc_disconnect_start(vs);
2652 return 0;
2653 }
2654 }
2655 break;
2656 case VNC_SHARE_POLICY_FORCE_SHARED:
2657
2658
2659
2660
2661
2662
2663
2664
2665 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2666 vnc_disconnect_start(vs);
2667 return 0;
2668 }
2669 break;
2670 }
2671 vnc_set_share_mode(vs, mode);
2672
2673 if (vs->vd->num_shared > vs->vd->connections_limit) {
2674 vnc_disconnect_start(vs);
2675 return 0;
2676 }
2677
2678 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2679 pixman_image_get_width(vs->vd->server) >= 0);
2680 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2681 pixman_image_get_height(vs->vd->server) >= 0);
2682 vs->client_width = pixman_image_get_width(vs->vd->server);
2683 vs->client_height = pixman_image_get_height(vs->vd->server);
2684 vnc_write_u16(vs, vs->client_width);
2685 vnc_write_u16(vs, vs->client_height);
2686
2687 pixel_format_message(vs);
2688
2689 if (qemu_name) {
2690 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2691 if (size > sizeof(buf)) {
2692 size = sizeof(buf);
2693 }
2694 } else {
2695 size = snprintf(buf, sizeof(buf), "QEMU");
2696 }
2697
2698 vnc_write_u32(vs, size);
2699 vnc_write(vs, buf, size);
2700 vnc_flush(vs);
2701
2702 vnc_client_cache_auth(vs);
2703 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2704
2705 vnc_read_when(vs, protocol_client_msg, 1);
2706
2707 return 0;
2708}
2709
2710void start_client_init(VncState *vs)
2711{
2712 vnc_read_when(vs, protocol_client_init, 1);
2713}
2714
2715static void authentication_failed(VncState *vs)
2716{
2717 vnc_write_u32(vs, 1);
2718 if (vs->minor >= 8) {
2719 static const char err[] = "Authentication failed";
2720 vnc_write_u32(vs, sizeof(err));
2721 vnc_write(vs, err, sizeof(err));
2722 }
2723 vnc_flush(vs);
2724 vnc_client_error(vs);
2725}
2726
2727static void
2728vnc_munge_des_rfb_key(unsigned char *key, size_t nkey)
2729{
2730 size_t i;
2731 for (i = 0; i < nkey; i++) {
2732 uint8_t r = key[i];
2733 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4;
2734 r = (r & 0xcc) >> 2 | (r & 0x33) << 2;
2735 r = (r & 0xaa) >> 1 | (r & 0x55) << 1;
2736 key[i] = r;
2737 }
2738}
2739
2740static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2741{
2742 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2743 size_t i, pwlen;
2744 unsigned char key[8];
2745 time_t now = time(NULL);
2746 QCryptoCipher *cipher = NULL;
2747 Error *err = NULL;
2748
2749 if (!vs->vd->password) {
2750 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2751 goto reject;
2752 }
2753 if (vs->vd->expires < now) {
2754 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2755 goto reject;
2756 }
2757
2758 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2759
2760
2761 pwlen = strlen(vs->vd->password);
2762 for (i=0; i<sizeof(key); i++)
2763 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2764 vnc_munge_des_rfb_key(key, sizeof(key));
2765
2766 cipher = qcrypto_cipher_new(
2767 QCRYPTO_CIPHER_ALG_DES,
2768 QCRYPTO_CIPHER_MODE_ECB,
2769 key, G_N_ELEMENTS(key),
2770 &err);
2771 if (!cipher) {
2772 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2773 error_get_pretty(err));
2774 error_free(err);
2775 goto reject;
2776 }
2777
2778 if (qcrypto_cipher_encrypt(cipher,
2779 vs->challenge,
2780 response,
2781 VNC_AUTH_CHALLENGE_SIZE,
2782 &err) < 0) {
2783 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2784 error_get_pretty(err));
2785 error_free(err);
2786 goto reject;
2787 }
2788
2789
2790 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2791 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2792 goto reject;
2793 } else {
2794 trace_vnc_auth_pass(vs, vs->auth);
2795 vnc_write_u32(vs, 0);
2796 vnc_flush(vs);
2797
2798 start_client_init(vs);
2799 }
2800
2801 qcrypto_cipher_free(cipher);
2802 return 0;
2803
2804reject:
2805 authentication_failed(vs);
2806 qcrypto_cipher_free(cipher);
2807 return 0;
2808}
2809
2810void start_auth_vnc(VncState *vs)
2811{
2812 Error *err = NULL;
2813
2814 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2815 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2816 error_get_pretty(err));
2817 error_free(err);
2818 authentication_failed(vs);
2819 return;
2820 }
2821
2822
2823 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2824 vnc_flush(vs);
2825
2826 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2827}
2828
2829
2830static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2831{
2832
2833
2834 if (data[0] != vs->auth) {
2835 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2836 authentication_failed(vs);
2837 } else {
2838 trace_vnc_auth_start(vs, vs->auth);
2839 switch (vs->auth) {
2840 case VNC_AUTH_NONE:
2841 if (vs->minor >= 8) {
2842 vnc_write_u32(vs, 0);
2843 vnc_flush(vs);
2844 }
2845 trace_vnc_auth_pass(vs, vs->auth);
2846 start_client_init(vs);
2847 break;
2848
2849 case VNC_AUTH_VNC:
2850 start_auth_vnc(vs);
2851 break;
2852
2853 case VNC_AUTH_VENCRYPT:
2854 start_auth_vencrypt(vs);
2855 break;
2856
2857#ifdef CONFIG_VNC_SASL
2858 case VNC_AUTH_SASL:
2859 start_auth_sasl(vs);
2860 break;
2861#endif
2862
2863 default:
2864 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2865 authentication_failed(vs);
2866 }
2867 }
2868 return 0;
2869}
2870
2871static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2872{
2873 char local[13];
2874
2875 memcpy(local, version, 12);
2876 local[12] = 0;
2877
2878 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2879 VNC_DEBUG("Malformed protocol version %s\n", local);
2880 vnc_client_error(vs);
2881 return 0;
2882 }
2883 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2884 if (vs->major != 3 ||
2885 (vs->minor != 3 &&
2886 vs->minor != 4 &&
2887 vs->minor != 5 &&
2888 vs->minor != 7 &&
2889 vs->minor != 8)) {
2890 VNC_DEBUG("Unsupported client version\n");
2891 vnc_write_u32(vs, VNC_AUTH_INVALID);
2892 vnc_flush(vs);
2893 vnc_client_error(vs);
2894 return 0;
2895 }
2896
2897
2898
2899 if (vs->minor == 4 || vs->minor == 5)
2900 vs->minor = 3;
2901
2902 if (vs->minor == 3) {
2903 trace_vnc_auth_start(vs, vs->auth);
2904 if (vs->auth == VNC_AUTH_NONE) {
2905 vnc_write_u32(vs, vs->auth);
2906 vnc_flush(vs);
2907 trace_vnc_auth_pass(vs, vs->auth);
2908 start_client_init(vs);
2909 } else if (vs->auth == VNC_AUTH_VNC) {
2910 VNC_DEBUG("Tell client VNC auth\n");
2911 vnc_write_u32(vs, vs->auth);
2912 vnc_flush(vs);
2913 start_auth_vnc(vs);
2914 } else {
2915 trace_vnc_auth_fail(vs, vs->auth,
2916 "Unsupported auth method for v3.3", "");
2917 vnc_write_u32(vs, VNC_AUTH_INVALID);
2918 vnc_flush(vs);
2919 vnc_client_error(vs);
2920 }
2921 } else {
2922 vnc_write_u8(vs, 1);
2923 vnc_write_u8(vs, vs->auth);
2924 vnc_read_when(vs, protocol_client_auth, 1);
2925 vnc_flush(vs);
2926 }
2927
2928 return 0;
2929}
2930
2931static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2932{
2933 struct VncSurface *vs = &vd->guest;
2934
2935 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2936}
2937
2938void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2939{
2940 int i, j;
2941
2942 w = (x + w) / VNC_STAT_RECT;
2943 h = (y + h) / VNC_STAT_RECT;
2944 x /= VNC_STAT_RECT;
2945 y /= VNC_STAT_RECT;
2946
2947 for (j = y; j <= h; j++) {
2948 for (i = x; i <= w; i++) {
2949 vs->lossy_rect[j][i] = 1;
2950 }
2951 }
2952}
2953
2954static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2955{
2956 VncState *vs;
2957 int sty = y / VNC_STAT_RECT;
2958 int stx = x / VNC_STAT_RECT;
2959 int has_dirty = 0;
2960
2961 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2962 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2963
2964 QTAILQ_FOREACH(vs, &vd->clients, next) {
2965 int j;
2966
2967
2968 if (vs->output.offset) {
2969 continue;
2970 }
2971
2972 if (!vs->lossy_rect[sty][stx]) {
2973 continue;
2974 }
2975
2976 vs->lossy_rect[sty][stx] = 0;
2977 for (j = 0; j < VNC_STAT_RECT; ++j) {
2978 bitmap_set(vs->dirty[y + j],
2979 x / VNC_DIRTY_PIXELS_PER_BIT,
2980 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2981 }
2982 has_dirty++;
2983 }
2984
2985 return has_dirty;
2986}
2987
2988static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2989{
2990 int width = MIN(pixman_image_get_width(vd->guest.fb),
2991 pixman_image_get_width(vd->server));
2992 int height = MIN(pixman_image_get_height(vd->guest.fb),
2993 pixman_image_get_height(vd->server));
2994 int x, y;
2995 struct timeval res;
2996 int has_dirty = 0;
2997
2998 for (y = 0; y < height; y += VNC_STAT_RECT) {
2999 for (x = 0; x < width; x += VNC_STAT_RECT) {
3000 VncRectStat *rect = vnc_stat_rect(vd, x, y);
3001
3002 rect->updated = false;
3003 }
3004 }
3005
3006 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
3007
3008 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
3009 return has_dirty;
3010 }
3011 vd->guest.last_freq_check = *tv;
3012
3013 for (y = 0; y < height; y += VNC_STAT_RECT) {
3014 for (x = 0; x < width; x += VNC_STAT_RECT) {
3015 VncRectStat *rect= vnc_stat_rect(vd, x, y);
3016 int count = ARRAY_SIZE(rect->times);
3017 struct timeval min, max;
3018
3019 if (!timerisset(&rect->times[count - 1])) {
3020 continue ;
3021 }
3022
3023 max = rect->times[(rect->idx + count - 1) % count];
3024 qemu_timersub(tv, &max, &res);
3025
3026 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
3027 rect->freq = 0;
3028 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
3029 memset(rect->times, 0, sizeof (rect->times));
3030 continue ;
3031 }
3032
3033 min = rect->times[rect->idx];
3034 max = rect->times[(rect->idx + count - 1) % count];
3035 qemu_timersub(&max, &min, &res);
3036
3037 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
3038 rect->freq /= count;
3039 rect->freq = 1. / rect->freq;
3040 }
3041 }
3042 return has_dirty;
3043}
3044
3045double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
3046{
3047 int i, j;
3048 double total = 0;
3049 int num = 0;
3050
3051 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3052 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3053
3054 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
3055 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
3056 total += vnc_stat_rect(vs->vd, i, j)->freq;
3057 num++;
3058 }
3059 }
3060
3061 if (num) {
3062 return total / num;
3063 } else {
3064 return 0;
3065 }
3066}
3067
3068static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
3069{
3070 VncRectStat *rect;
3071
3072 rect = vnc_stat_rect(vd, x, y);
3073 if (rect->updated) {
3074 return;
3075 }
3076 rect->times[rect->idx] = *tv;
3077 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
3078 rect->updated = true;
3079}
3080
3081static int vnc_refresh_server_surface(VncDisplay *vd)
3082{
3083 int width = MIN(pixman_image_get_width(vd->guest.fb),
3084 pixman_image_get_width(vd->server));
3085 int height = MIN(pixman_image_get_height(vd->guest.fb),
3086 pixman_image_get_height(vd->server));
3087 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
3088 uint8_t *guest_row0 = NULL, *server_row0;
3089 VncState *vs;
3090 int has_dirty = 0;
3091 pixman_image_t *tmpbuf = NULL;
3092 unsigned long offset;
3093 int x;
3094 uint8_t *guest_ptr, *server_ptr;
3095
3096 struct timeval tv = { 0, 0 };
3097
3098 if (!vd->non_adaptive) {
3099 gettimeofday(&tv, NULL);
3100 has_dirty = vnc_update_stats(vd, &tv);
3101 }
3102
3103 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3104 height * VNC_DIRTY_BPL(&vd->guest), 0);
3105 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3106
3107 return has_dirty;
3108 }
3109
3110
3111
3112
3113
3114
3115 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
3116 server_stride = guest_stride = guest_ll =
3117 pixman_image_get_stride(vd->server);
3118 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
3119 server_stride);
3120 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3121 int width = pixman_image_get_width(vd->server);
3122 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
3123 } else {
3124 int guest_bpp =
3125 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
3126 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
3127 guest_stride = pixman_image_get_stride(vd->guest.fb);
3128 guest_ll = pixman_image_get_width(vd->guest.fb)
3129 * DIV_ROUND_UP(guest_bpp, 8);
3130 }
3131 line_bytes = MIN(server_stride, guest_ll);
3132
3133 for (;;) {
3134 y = offset / VNC_DIRTY_BPL(&vd->guest);
3135 x = offset % VNC_DIRTY_BPL(&vd->guest);
3136
3137 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
3138
3139 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3140 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
3141 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
3142 } else {
3143 guest_ptr = guest_row0 + y * guest_stride;
3144 }
3145 guest_ptr += x * cmp_bytes;
3146
3147 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
3148 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
3149 int _cmp_bytes = cmp_bytes;
3150 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3151 continue;
3152 }
3153 if ((x + 1) * cmp_bytes > line_bytes) {
3154 _cmp_bytes = line_bytes - x * cmp_bytes;
3155 }
3156 assert(_cmp_bytes >= 0);
3157 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3158 continue;
3159 }
3160 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3161 if (!vd->non_adaptive) {
3162 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3163 y, &tv);
3164 }
3165 QTAILQ_FOREACH(vs, &vd->clients, next) {
3166 set_bit(x, vs->dirty[y]);
3167 }
3168 has_dirty++;
3169 }
3170
3171 y++;
3172 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3173 height * VNC_DIRTY_BPL(&vd->guest),
3174 y * VNC_DIRTY_BPL(&vd->guest));
3175 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3176
3177 break;
3178 }
3179 }
3180 qemu_pixman_image_unref(tmpbuf);
3181 return has_dirty;
3182}
3183
3184static void vnc_refresh(DisplayChangeListener *dcl)
3185{
3186 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3187 VncState *vs, *vn;
3188 int has_dirty, rects = 0;
3189
3190 if (QTAILQ_EMPTY(&vd->clients)) {
3191 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3192 return;
3193 }
3194
3195 graphic_hw_update(vd->dcl.con);
3196
3197 if (vnc_trylock_display(vd)) {
3198 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3199 return;
3200 }
3201
3202 has_dirty = vnc_refresh_server_surface(vd);
3203 vnc_unlock_display(vd);
3204
3205 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3206 rects += vnc_update_client(vs, has_dirty);
3207
3208 }
3209
3210 if (has_dirty && rects) {
3211 vd->dcl.update_interval /= 2;
3212 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3213 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3214 }
3215 } else {
3216 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3217 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3218 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3219 }
3220 }
3221}
3222
3223static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3224 bool skipauth, bool websocket)
3225{
3226 VncState *vs = g_new0(VncState, 1);
3227 bool first_client = QTAILQ_EMPTY(&vd->clients);
3228 int i;
3229
3230 trace_vnc_client_connect(vs, sioc);
3231 vs->zrle = g_new0(VncZrle, 1);
3232 vs->tight = g_new0(VncTight, 1);
3233 vs->magic = VNC_MAGIC;
3234 vs->sioc = sioc;
3235 object_ref(OBJECT(vs->sioc));
3236 vs->ioc = QIO_CHANNEL(sioc);
3237 object_ref(OBJECT(vs->ioc));
3238 vs->vd = vd;
3239
3240 buffer_init(&vs->input, "vnc-input/%p", sioc);
3241 buffer_init(&vs->output, "vnc-output/%p", sioc);
3242 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3243
3244 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3245 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3246 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3247#ifdef CONFIG_VNC_JPEG
3248 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3249#endif
3250#ifdef CONFIG_PNG
3251 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3252#endif
3253 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3254 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3255 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3256 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3257
3258 if (skipauth) {
3259 vs->auth = VNC_AUTH_NONE;
3260 vs->subauth = VNC_AUTH_INVALID;
3261 } else {
3262 if (websocket) {
3263 vs->auth = vd->ws_auth;
3264 vs->subauth = VNC_AUTH_INVALID;
3265 } else {
3266 vs->auth = vd->auth;
3267 vs->subauth = vd->subauth;
3268 }
3269 }
3270 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3271 sioc, websocket, vs->auth, vs->subauth);
3272
3273 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3274 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3275 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3276 }
3277
3278 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3279 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3280 qio_channel_set_blocking(vs->ioc, false, NULL);
3281 if (vs->ioc_tag) {
3282 g_source_remove(vs->ioc_tag);
3283 }
3284 if (websocket) {
3285 vs->websocket = 1;
3286 if (vd->tlscreds) {
3287 vs->ioc_tag = qio_channel_add_watch(
3288 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3289 vncws_tls_handshake_io, vs, NULL);
3290 } else {
3291 vs->ioc_tag = qio_channel_add_watch(
3292 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3293 vncws_handshake_io, vs, NULL);
3294 }
3295 } else {
3296 vs->ioc_tag = qio_channel_add_watch(
3297 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3298 vnc_client_io, vs, NULL);
3299 }
3300
3301 vnc_client_cache_addr(vs);
3302 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3303 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3304
3305 vs->last_x = -1;
3306 vs->last_y = -1;
3307
3308 vs->as.freq = 44100;
3309 vs->as.nchannels = 2;
3310 vs->as.fmt = AUDIO_FORMAT_S16;
3311 vs->as.endianness = 0;
3312
3313 qemu_mutex_init(&vs->output_mutex);
3314 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3315
3316 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3317 if (first_client) {
3318 vnc_update_server_surface(vd);
3319 }
3320
3321 graphic_hw_update(vd->dcl.con);
3322
3323 if (!vs->websocket) {
3324 vnc_start_protocol(vs);
3325 }
3326
3327 if (vd->num_connecting > vd->connections_limit) {
3328 QTAILQ_FOREACH(vs, &vd->clients, next) {
3329 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3330 vnc_disconnect_start(vs);
3331 return;
3332 }
3333 }
3334 }
3335}
3336
3337void vnc_start_protocol(VncState *vs)
3338{
3339 vnc_write(vs, "RFB 003.008\n", 12);
3340 vnc_flush(vs);
3341 vnc_read_when(vs, protocol_version, 12);
3342
3343 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3344 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3345}
3346
3347static void vnc_listen_io(QIONetListener *listener,
3348 QIOChannelSocket *cioc,
3349 void *opaque)
3350{
3351 VncDisplay *vd = opaque;
3352 bool isWebsock = listener == vd->wslistener;
3353
3354 qio_channel_set_name(QIO_CHANNEL(cioc),
3355 isWebsock ? "vnc-ws-server" : "vnc-server");
3356 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3357 vnc_connect(vd, cioc, false, isWebsock);
3358}
3359
3360static const DisplayChangeListenerOps dcl_ops = {
3361 .dpy_name = "vnc",
3362 .dpy_refresh = vnc_refresh,
3363 .dpy_gfx_update = vnc_dpy_update,
3364 .dpy_gfx_switch = vnc_dpy_switch,
3365 .dpy_gfx_check_format = qemu_pixman_check_format,
3366 .dpy_mouse_set = vnc_mouse_set,
3367 .dpy_cursor_define = vnc_dpy_cursor_define,
3368};
3369
3370void vnc_display_init(const char *id, Error **errp)
3371{
3372 VncDisplay *vd;
3373
3374 if (vnc_display_find(id) != NULL) {
3375 return;
3376 }
3377 vd = g_malloc0(sizeof(*vd));
3378
3379 vd->id = strdup(id);
3380 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3381
3382 QTAILQ_INIT(&vd->clients);
3383 vd->expires = TIME_MAX;
3384
3385 if (keyboard_layout) {
3386 trace_vnc_key_map_init(keyboard_layout);
3387 vd->kbd_layout = init_keyboard_layout(name2keysym,
3388 keyboard_layout, errp);
3389 } else {
3390 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3391 }
3392
3393 if (!vd->kbd_layout) {
3394 return;
3395 }
3396
3397 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3398 vd->connections_limit = 32;
3399
3400 qemu_mutex_init(&vd->mutex);
3401 vnc_start_worker_thread();
3402
3403 vd->dcl.ops = &dcl_ops;
3404 register_displaychangelistener(&vd->dcl);
3405 vd->kbd = qkbd_state_init(vd->dcl.con);
3406}
3407
3408
3409static void vnc_display_close(VncDisplay *vd)
3410{
3411 if (!vd) {
3412 return;
3413 }
3414 vd->is_unix = false;
3415
3416 if (vd->listener) {
3417 qio_net_listener_disconnect(vd->listener);
3418 object_unref(OBJECT(vd->listener));
3419 }
3420 vd->listener = NULL;
3421
3422 if (vd->wslistener) {
3423 qio_net_listener_disconnect(vd->wslistener);
3424 object_unref(OBJECT(vd->wslistener));
3425 }
3426 vd->wslistener = NULL;
3427
3428 vd->auth = VNC_AUTH_INVALID;
3429 vd->subauth = VNC_AUTH_INVALID;
3430 if (vd->tlscreds) {
3431 object_unref(OBJECT(vd->tlscreds));
3432 vd->tlscreds = NULL;
3433 }
3434 if (vd->tlsauthz) {
3435 object_unparent(OBJECT(vd->tlsauthz));
3436 vd->tlsauthz = NULL;
3437 }
3438 g_free(vd->tlsauthzid);
3439 vd->tlsauthzid = NULL;
3440 if (vd->lock_key_sync) {
3441 qemu_remove_led_event_handler(vd->led);
3442 vd->led = NULL;
3443 }
3444#ifdef CONFIG_VNC_SASL
3445 if (vd->sasl.authz) {
3446 object_unparent(OBJECT(vd->sasl.authz));
3447 vd->sasl.authz = NULL;
3448 }
3449 g_free(vd->sasl.authzid);
3450 vd->sasl.authzid = NULL;
3451#endif
3452}
3453
3454int vnc_display_password(const char *id, const char *password)
3455{
3456 VncDisplay *vd = vnc_display_find(id);
3457
3458 if (!vd) {
3459 return -EINVAL;
3460 }
3461 if (vd->auth == VNC_AUTH_NONE) {
3462 error_printf_unless_qmp("If you want use passwords please enable "
3463 "password auth using '-vnc ${dpy},password'.\n");
3464 return -EINVAL;
3465 }
3466
3467 g_free(vd->password);
3468 vd->password = g_strdup(password);
3469
3470 return 0;
3471}
3472
3473int vnc_display_pw_expire(const char *id, time_t expires)
3474{
3475 VncDisplay *vd = vnc_display_find(id);
3476
3477 if (!vd) {
3478 return -EINVAL;
3479 }
3480
3481 vd->expires = expires;
3482 return 0;
3483}
3484
3485static void vnc_display_print_local_addr(VncDisplay *vd)
3486{
3487 SocketAddress *addr;
3488
3489 if (!vd->listener || !vd->listener->nsioc) {
3490 return;
3491 }
3492
3493 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3494 if (!addr) {
3495 return;
3496 }
3497
3498 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3499 qapi_free_SocketAddress(addr);
3500 return;
3501 }
3502 error_printf_unless_qmp("VNC server running on %s:%s\n",
3503 addr->u.inet.host,
3504 addr->u.inet.port);
3505 qapi_free_SocketAddress(addr);
3506}
3507
3508static QemuOptsList qemu_vnc_opts = {
3509 .name = "vnc",
3510 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3511 .implied_opt_name = "vnc",
3512 .desc = {
3513 {
3514 .name = "vnc",
3515 .type = QEMU_OPT_STRING,
3516 },{
3517 .name = "websocket",
3518 .type = QEMU_OPT_STRING,
3519 },{
3520 .name = "tls-creds",
3521 .type = QEMU_OPT_STRING,
3522 },{
3523 .name = "share",
3524 .type = QEMU_OPT_STRING,
3525 },{
3526 .name = "display",
3527 .type = QEMU_OPT_STRING,
3528 },{
3529 .name = "head",
3530 .type = QEMU_OPT_NUMBER,
3531 },{
3532 .name = "connections",
3533 .type = QEMU_OPT_NUMBER,
3534 },{
3535 .name = "to",
3536 .type = QEMU_OPT_NUMBER,
3537 },{
3538 .name = "ipv4",
3539 .type = QEMU_OPT_BOOL,
3540 },{
3541 .name = "ipv6",
3542 .type = QEMU_OPT_BOOL,
3543 },{
3544 .name = "password",
3545 .type = QEMU_OPT_BOOL,
3546 },{
3547 .name = "password-secret",
3548 .type = QEMU_OPT_STRING,
3549 },{
3550 .name = "reverse",
3551 .type = QEMU_OPT_BOOL,
3552 },{
3553 .name = "lock-key-sync",
3554 .type = QEMU_OPT_BOOL,
3555 },{
3556 .name = "key-delay-ms",
3557 .type = QEMU_OPT_NUMBER,
3558 },{
3559 .name = "sasl",
3560 .type = QEMU_OPT_BOOL,
3561 },{
3562 .name = "tls-authz",
3563 .type = QEMU_OPT_STRING,
3564 },{
3565 .name = "sasl-authz",
3566 .type = QEMU_OPT_STRING,
3567 },{
3568 .name = "lossy",
3569 .type = QEMU_OPT_BOOL,
3570 },{
3571 .name = "non-adaptive",
3572 .type = QEMU_OPT_BOOL,
3573 },{
3574 .name = "audiodev",
3575 .type = QEMU_OPT_STRING,
3576 },{
3577 .name = "power-control",
3578 .type = QEMU_OPT_BOOL,
3579 },
3580 { }
3581 },
3582};
3583
3584
3585static int
3586vnc_display_setup_auth(int *auth,
3587 int *subauth,
3588 QCryptoTLSCreds *tlscreds,
3589 bool password,
3590 bool sasl,
3591 bool websocket,
3592 Error **errp)
3593{
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641 if (websocket || !tlscreds) {
3642 if (password) {
3643 VNC_DEBUG("Initializing VNC server with password auth\n");
3644 *auth = VNC_AUTH_VNC;
3645 } else if (sasl) {
3646 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3647 *auth = VNC_AUTH_SASL;
3648 } else {
3649 VNC_DEBUG("Initializing VNC server with no auth\n");
3650 *auth = VNC_AUTH_NONE;
3651 }
3652 *subauth = VNC_AUTH_INVALID;
3653 } else {
3654 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3655 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3656 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3657 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3658
3659 if (!is_x509 && !is_anon) {
3660 error_setg(errp,
3661 "Unsupported TLS cred type %s",
3662 object_get_typename(OBJECT(tlscreds)));
3663 return -1;
3664 }
3665 *auth = VNC_AUTH_VENCRYPT;
3666 if (password) {
3667 if (is_x509) {
3668 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3669 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3670 } else {
3671 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3672 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3673 }
3674
3675 } else if (sasl) {
3676 if (is_x509) {
3677 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3678 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3679 } else {
3680 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3681 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3682 }
3683 } else {
3684 if (is_x509) {
3685 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3686 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3687 } else {
3688 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3689 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3690 }
3691 }
3692 }
3693 return 0;
3694}
3695
3696
3697static int vnc_display_get_address(const char *addrstr,
3698 bool websocket,
3699 bool reverse,
3700 int displaynum,
3701 int to,
3702 bool has_ipv4,
3703 bool has_ipv6,
3704 bool ipv4,
3705 bool ipv6,
3706 SocketAddress **retaddr,
3707 Error **errp)
3708{
3709 int ret = -1;
3710 SocketAddress *addr = NULL;
3711
3712 addr = g_new0(SocketAddress, 1);
3713
3714 if (strncmp(addrstr, "unix:", 5) == 0) {
3715 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3716 addr->u.q_unix.path = g_strdup(addrstr + 5);
3717
3718 if (websocket) {
3719 error_setg(errp, "UNIX sockets not supported with websock");
3720 goto cleanup;
3721 }
3722
3723 if (to) {
3724 error_setg(errp, "Port range not support with UNIX socket");
3725 goto cleanup;
3726 }
3727 ret = 0;
3728 } else {
3729 const char *port;
3730 size_t hostlen;
3731 uint64_t baseport = 0;
3732 InetSocketAddress *inet;
3733
3734 port = strrchr(addrstr, ':');
3735 if (!port) {
3736 if (websocket) {
3737 hostlen = 0;
3738 port = addrstr;
3739 } else {
3740 error_setg(errp, "no vnc port specified");
3741 goto cleanup;
3742 }
3743 } else {
3744 hostlen = port - addrstr;
3745 port++;
3746 if (*port == '\0') {
3747 error_setg(errp, "vnc port cannot be empty");
3748 goto cleanup;
3749 }
3750 }
3751
3752 addr->type = SOCKET_ADDRESS_TYPE_INET;
3753 inet = &addr->u.inet;
3754 if (hostlen && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3755 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3756 } else {
3757 inet->host = g_strndup(addrstr, hostlen);
3758 }
3759
3760
3761 if (websocket) {
3762 if (g_str_equal(addrstr, "") ||
3763 g_str_equal(addrstr, "on")) {
3764 if (displaynum == -1) {
3765 error_setg(errp, "explicit websocket port is required");
3766 goto cleanup;
3767 }
3768 inet->port = g_strdup_printf(
3769 "%d", displaynum + 5700);
3770 if (to) {
3771 inet->has_to = true;
3772 inet->to = to + 5700;
3773 }
3774 } else {
3775 inet->port = g_strdup(port);
3776 }
3777 } else {
3778 int offset = reverse ? 0 : 5900;
3779 if (parse_uint_full(port, 10, &baseport) < 0) {
3780 error_setg(errp, "can't convert to a number: %s", port);
3781 goto cleanup;
3782 }
3783 if (baseport > 65535 ||
3784 baseport + offset > 65535) {
3785 error_setg(errp, "port %s out of range", port);
3786 goto cleanup;
3787 }
3788 inet->port = g_strdup_printf(
3789 "%d", (int)baseport + offset);
3790
3791 if (to) {
3792 inet->has_to = true;
3793 inet->to = to + offset;
3794 }
3795 }
3796
3797 inet->ipv4 = ipv4;
3798 inet->has_ipv4 = has_ipv4;
3799 inet->ipv6 = ipv6;
3800 inet->has_ipv6 = has_ipv6;
3801
3802 ret = baseport;
3803 }
3804
3805 *retaddr = addr;
3806
3807 cleanup:
3808 if (ret < 0) {
3809 qapi_free_SocketAddress(addr);
3810 }
3811 return ret;
3812}
3813
3814static int vnc_display_get_addresses(QemuOpts *opts,
3815 bool reverse,
3816 SocketAddressList **saddr_list_ret,
3817 SocketAddressList **wsaddr_list_ret,
3818 Error **errp)
3819{
3820 SocketAddress *saddr = NULL;
3821 SocketAddress *wsaddr = NULL;
3822 g_autoptr(SocketAddressList) saddr_list = NULL;
3823 SocketAddressList **saddr_tail = &saddr_list;
3824 SocketAddress *single_saddr = NULL;
3825 g_autoptr(SocketAddressList) wsaddr_list = NULL;
3826 SocketAddressList **wsaddr_tail = &wsaddr_list;
3827 QemuOptsIter addriter;
3828 const char *addr;
3829 int to = qemu_opt_get_number(opts, "to", 0);
3830 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3831 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3832 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3833 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3834 int displaynum = -1;
3835
3836 addr = qemu_opt_get(opts, "vnc");
3837 if (addr == NULL || g_str_equal(addr, "none")) {
3838 return 0;
3839 }
3840 if (qemu_opt_get(opts, "websocket") &&
3841 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3842 error_setg(errp,
3843 "SHA1 hash support is required for websockets");
3844 return -1;
3845 }
3846
3847 qemu_opt_iter_init(&addriter, opts, "vnc");
3848 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3849 int rv;
3850 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3851 has_ipv4, has_ipv6,
3852 ipv4, ipv6,
3853 &saddr, errp);
3854 if (rv < 0) {
3855 return -1;
3856 }
3857
3858
3859
3860 if (displaynum == -1) {
3861 displaynum = rv;
3862 }
3863 QAPI_LIST_APPEND(saddr_tail, saddr);
3864 }
3865
3866 if (saddr_list && !saddr_list->next) {
3867 single_saddr = saddr_list->value;
3868 } else {
3869
3870
3871
3872
3873 displaynum = -1;
3874 }
3875
3876 qemu_opt_iter_init(&addriter, opts, "websocket");
3877 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3878 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3879 has_ipv4, has_ipv6,
3880 ipv4, ipv6,
3881 &wsaddr, errp) < 0) {
3882 return -1;
3883 }
3884
3885
3886
3887
3888
3889 if (single_saddr &&
3890 single_saddr->type == SOCKET_ADDRESS_TYPE_INET &&
3891 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3892 g_str_equal(wsaddr->u.inet.host, "") &&
3893 !g_str_equal(single_saddr->u.inet.host, "")) {
3894 g_free(wsaddr->u.inet.host);
3895 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host);
3896 }
3897
3898 QAPI_LIST_APPEND(wsaddr_tail, wsaddr);
3899 }
3900
3901 *saddr_list_ret = g_steal_pointer(&saddr_list);
3902 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list);
3903 return 0;
3904}
3905
3906static int vnc_display_connect(VncDisplay *vd,
3907 SocketAddressList *saddr_list,
3908 SocketAddressList *wsaddr_list,
3909 Error **errp)
3910{
3911
3912 QIOChannelSocket *sioc = NULL;
3913 if (wsaddr_list) {
3914 error_setg(errp, "Cannot use websockets in reverse mode");
3915 return -1;
3916 }
3917 if (!saddr_list || saddr_list->next) {
3918 error_setg(errp, "Expected a single address in reverse mode");
3919 return -1;
3920 }
3921
3922 vd->is_unix = saddr_list->value->type == SOCKET_ADDRESS_TYPE_UNIX;
3923 sioc = qio_channel_socket_new();
3924 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3925 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) {
3926 object_unref(OBJECT(sioc));
3927 return -1;
3928 }
3929 vnc_connect(vd, sioc, false, false);
3930 object_unref(OBJECT(sioc));
3931 return 0;
3932}
3933
3934
3935static int vnc_display_listen(VncDisplay *vd,
3936 SocketAddressList *saddr_list,
3937 SocketAddressList *wsaddr_list,
3938 Error **errp)
3939{
3940 SocketAddressList *el;
3941
3942 if (saddr_list) {
3943 vd->listener = qio_net_listener_new();
3944 qio_net_listener_set_name(vd->listener, "vnc-listen");
3945 for (el = saddr_list; el; el = el->next) {
3946 if (qio_net_listener_open_sync(vd->listener,
3947 el->value, 1,
3948 errp) < 0) {
3949 return -1;
3950 }
3951 }
3952
3953 qio_net_listener_set_client_func(vd->listener,
3954 vnc_listen_io, vd, NULL);
3955 }
3956
3957 if (wsaddr_list) {
3958 vd->wslistener = qio_net_listener_new();
3959 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3960 for (el = wsaddr_list; el; el = el->next) {
3961 if (qio_net_listener_open_sync(vd->wslistener,
3962 el->value, 1,
3963 errp) < 0) {
3964 return -1;
3965 }
3966 }
3967
3968 qio_net_listener_set_client_func(vd->wslistener,
3969 vnc_listen_io, vd, NULL);
3970 }
3971
3972 return 0;
3973}
3974
3975bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp)
3976{
3977 VncDisplay *vd = vnc_display_find(NULL);
3978
3979 if (!vd) {
3980 error_setg(errp, "Can not find vnc display");
3981 return false;
3982 }
3983
3984 if (arg->has_addresses) {
3985 if (vd->listener) {
3986 qio_net_listener_disconnect(vd->listener);
3987 object_unref(OBJECT(vd->listener));
3988 vd->listener = NULL;
3989 }
3990
3991 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) {
3992 return false;
3993 }
3994 }
3995
3996 return true;
3997}
3998
3999void vnc_display_open(const char *id, Error **errp)
4000{
4001 VncDisplay *vd = vnc_display_find(id);
4002 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
4003 g_autoptr(SocketAddressList) saddr_list = NULL;
4004 g_autoptr(SocketAddressList) wsaddr_list = NULL;
4005 const char *share, *device_id;
4006 QemuConsole *con;
4007 bool password = false;
4008 bool reverse = false;
4009 const char *credid;
4010 bool sasl = false;
4011 const char *tlsauthz;
4012 const char *saslauthz;
4013 int lock_key_sync = 1;
4014 int key_delay_ms;
4015 const char *audiodev;
4016 const char *passwordSecret;
4017
4018 if (!vd) {
4019 error_setg(errp, "VNC display not active");
4020 return;
4021 }
4022 vnc_display_close(vd);
4023
4024 if (!opts) {
4025 return;
4026 }
4027
4028 reverse = qemu_opt_get_bool(opts, "reverse", false);
4029 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list,
4030 errp) < 0) {
4031 goto fail;
4032 }
4033
4034
4035 passwordSecret = qemu_opt_get(opts, "password-secret");
4036 if (passwordSecret) {
4037 if (qemu_opt_get(opts, "password")) {
4038 error_setg(errp,
4039 "'password' flag is redundant with 'password-secret'");
4040 goto fail;
4041 }
4042 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret,
4043 errp);
4044 if (!vd->password) {
4045 goto fail;
4046 }
4047 password = true;
4048 } else {
4049 password = qemu_opt_get_bool(opts, "password", false);
4050 }
4051 if (password) {
4052 if (!qcrypto_cipher_supports(
4053 QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB)) {
4054 error_setg(errp,
4055 "Cipher backend does not support DES algorithm");
4056 goto fail;
4057 }
4058 }
4059
4060 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
4061 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
4062 sasl = qemu_opt_get_bool(opts, "sasl", false);
4063#ifndef CONFIG_VNC_SASL
4064 if (sasl) {
4065 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4066 goto fail;
4067 }
4068#endif
4069 credid = qemu_opt_get(opts, "tls-creds");
4070 if (credid) {
4071 Object *creds;
4072 creds = object_resolve_path_component(
4073 object_get_objects_root(), credid);
4074 if (!creds) {
4075 error_setg(errp, "No TLS credentials with id '%s'",
4076 credid);
4077 goto fail;
4078 }
4079 vd->tlscreds = (QCryptoTLSCreds *)
4080 object_dynamic_cast(creds,
4081 TYPE_QCRYPTO_TLS_CREDS);
4082 if (!vd->tlscreds) {
4083 error_setg(errp, "Object with id '%s' is not TLS credentials",
4084 credid);
4085 goto fail;
4086 }
4087 object_ref(OBJECT(vd->tlscreds));
4088
4089 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds,
4090 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
4091 errp)) {
4092 goto fail;
4093 }
4094 }
4095 tlsauthz = qemu_opt_get(opts, "tls-authz");
4096 if (tlsauthz && !vd->tlscreds) {
4097 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
4098 goto fail;
4099 }
4100
4101 saslauthz = qemu_opt_get(opts, "sasl-authz");
4102 if (saslauthz && !sasl) {
4103 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4104 goto fail;
4105 }
4106
4107 share = qemu_opt_get(opts, "share");
4108 if (share) {
4109 if (strcmp(share, "ignore") == 0) {
4110 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
4111 } else if (strcmp(share, "allow-exclusive") == 0) {
4112 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4113 } else if (strcmp(share, "force-shared") == 0) {
4114 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4115 } else {
4116 error_setg(errp, "unknown vnc share= option");
4117 goto fail;
4118 }
4119 } else {
4120 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4121 }
4122 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4123
4124#ifdef CONFIG_VNC_JPEG
4125 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4126#endif
4127 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4128
4129
4130
4131 if (!vd->lossy) {
4132 vd->non_adaptive = true;
4133 }
4134
4135 vd->power_control = qemu_opt_get_bool(opts, "power-control", false);
4136
4137 if (tlsauthz) {
4138 vd->tlsauthzid = g_strdup(tlsauthz);
4139 }
4140#ifdef CONFIG_VNC_SASL
4141 if (sasl) {
4142 if (saslauthz) {
4143 vd->sasl.authzid = g_strdup(saslauthz);
4144 }
4145 }
4146#endif
4147
4148 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4149 vd->tlscreds, password,
4150 sasl, false, errp) < 0) {
4151 goto fail;
4152 }
4153 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4154
4155 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4156 vd->tlscreds, password,
4157 sasl, true, errp) < 0) {
4158 goto fail;
4159 }
4160 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4161
4162#ifdef CONFIG_VNC_SASL
4163 if (sasl && !vnc_sasl_server_init(errp)) {
4164 goto fail;
4165 }
4166#endif
4167 vd->lock_key_sync = lock_key_sync;
4168 if (lock_key_sync) {
4169 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4170 }
4171 vd->ledstate = 0;
4172
4173 audiodev = qemu_opt_get(opts, "audiodev");
4174 if (audiodev) {
4175 vd->audio_state = audio_state_by_name(audiodev);
4176 if (!vd->audio_state) {
4177 error_setg(errp, "Audiodev '%s' not found", audiodev);
4178 goto fail;
4179 }
4180 }
4181
4182 device_id = qemu_opt_get(opts, "display");
4183 if (device_id) {
4184 int head = qemu_opt_get_number(opts, "head", 0);
4185 Error *err = NULL;
4186
4187 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4188 if (err) {
4189 error_propagate(errp, err);
4190 goto fail;
4191 }
4192 } else {
4193 con = NULL;
4194 }
4195
4196 if (con != vd->dcl.con) {
4197 qkbd_state_free(vd->kbd);
4198 unregister_displaychangelistener(&vd->dcl);
4199 vd->dcl.con = con;
4200 register_displaychangelistener(&vd->dcl);
4201 vd->kbd = qkbd_state_init(vd->dcl.con);
4202 }
4203 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4204
4205 if (saddr_list == NULL) {
4206 return;
4207 }
4208
4209 if (reverse) {
4210 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) {
4211 goto fail;
4212 }
4213 } else {
4214 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) {
4215 goto fail;
4216 }
4217 }
4218
4219 if (qemu_opt_get(opts, "to")) {
4220 vnc_display_print_local_addr(vd);
4221 }
4222
4223
4224 return;
4225
4226fail:
4227 vnc_display_close(vd);
4228}
4229
4230void vnc_display_add_client(const char *id, int csock, bool skipauth)
4231{
4232 VncDisplay *vd = vnc_display_find(id);
4233 QIOChannelSocket *sioc;
4234
4235 if (!vd) {
4236 return;
4237 }
4238
4239 sioc = qio_channel_socket_new_fd(csock, NULL);
4240 if (sioc) {
4241 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4242 vnc_connect(vd, sioc, skipauth, false);
4243 object_unref(OBJECT(sioc));
4244 }
4245}
4246
4247static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4248{
4249 int i = 2;
4250 char *id;
4251
4252 id = g_strdup("default");
4253 while (qemu_opts_find(olist, id)) {
4254 g_free(id);
4255 id = g_strdup_printf("vnc%d", i++);
4256 }
4257 qemu_opts_set_id(opts, id);
4258}
4259
4260void vnc_parse(const char *str)
4261{
4262 QemuOptsList *olist = qemu_find_opts("vnc");
4263 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str));
4264 const char *id;
4265
4266 if (!opts) {
4267 exit(1);
4268 }
4269
4270 id = qemu_opts_id(opts);
4271 if (!id) {
4272
4273 vnc_auto_assign_id(olist, opts);
4274 }
4275}
4276
4277int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4278{
4279 Error *local_err = NULL;
4280 char *id = (char *)qemu_opts_id(opts);
4281
4282 assert(id);
4283 vnc_display_init(id, &local_err);
4284 if (local_err) {
4285 error_propagate(errp, local_err);
4286 return -1;
4287 }
4288 vnc_display_open(id, &local_err);
4289 if (local_err != NULL) {
4290 error_propagate(errp, local_err);
4291 return -1;
4292 }
4293 return 0;
4294}
4295
4296static void vnc_register_config(void)
4297{
4298 qemu_add_opts(&qemu_vnc_opts);
4299}
4300opts_init(vnc_register_config);
4301
