1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "vnc.h"
29#include "vnc-jobs.h"
30#include "trace.h"
31#include "hw/qdev.h"
32#include "sysemu/sysemu.h"
33#include "qemu/error-report.h"
34#include "qemu/sockets.h"
35#include "qemu/timer.h"
36#include "qemu/acl.h"
37#include "qemu/config-file.h"
38#include "qapi/qmp/qerror.h"
39#include "qapi/qmp/types.h"
40#include "qmp-commands.h"
41#include "ui/input.h"
42#include "qapi-event.h"
43#include "crypto/hash.h"
44#include "crypto/tlscredsanon.h"
45#include "crypto/tlscredsx509.h"
46#include "qom/object_interfaces.h"
47#include "qemu/cutils.h"
48
49#define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50#define VNC_REFRESH_INTERVAL_INC 50
51#define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55#include "vnc_keysym.h"
56#include "crypto/cipher.h"
57
58static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61static int vnc_cursor_define(VncState *vs);
62static void vnc_release_modifiers(VncState *vs);
63
64static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
65{
66#ifdef _VNC_DEBUG
67 static const char *mn[] = {
68 [0] = "undefined",
69 [VNC_SHARE_MODE_CONNECTING] = "connecting",
70 [VNC_SHARE_MODE_SHARED] = "shared",
71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
73 };
74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
75 vs->ioc, mn[vs->share_mode], mn[mode]);
76#endif
77
78 switch (vs->share_mode) {
79 case VNC_SHARE_MODE_CONNECTING:
80 vs->vd->num_connecting--;
81 break;
82 case VNC_SHARE_MODE_SHARED:
83 vs->vd->num_shared--;
84 break;
85 case VNC_SHARE_MODE_EXCLUSIVE:
86 vs->vd->num_exclusive--;
87 break;
88 default:
89 break;
90 }
91
92 vs->share_mode = mode;
93
94 switch (vs->share_mode) {
95 case VNC_SHARE_MODE_CONNECTING:
96 vs->vd->num_connecting++;
97 break;
98 case VNC_SHARE_MODE_SHARED:
99 vs->vd->num_shared++;
100 break;
101 case VNC_SHARE_MODE_EXCLUSIVE:
102 vs->vd->num_exclusive++;
103 break;
104 default:
105 break;
106 }
107}
108
109
110static void vnc_init_basic_info(SocketAddress *addr,
111 VncBasicInfo *info,
112 Error **errp)
113{
114 switch (addr->type) {
115 case SOCKET_ADDRESS_KIND_INET:
116 info->host = g_strdup(addr->u.inet.data->host);
117 info->service = g_strdup(addr->u.inet.data->port);
118 if (addr->u.inet.data->ipv6) {
119 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
120 } else {
121 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
122 }
123 break;
124
125 case SOCKET_ADDRESS_KIND_UNIX:
126 info->host = g_strdup("");
127 info->service = g_strdup(addr->u.q_unix.data->path);
128 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
129 break;
130
131 default:
132 error_setg(errp, "Unsupported socket kind %d",
133 addr->type);
134 break;
135 }
136
137 return;
138}
139
140static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
141 VncBasicInfo *info,
142 Error **errp)
143{
144 SocketAddress *addr = NULL;
145
146 addr = qio_channel_socket_get_local_address(ioc, errp);
147 if (!addr) {
148 return;
149 }
150
151 vnc_init_basic_info(addr, info, errp);
152 qapi_free_SocketAddress(addr);
153}
154
155static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
156 VncBasicInfo *info,
157 Error **errp)
158{
159 SocketAddress *addr = NULL;
160
161 addr = qio_channel_socket_get_remote_address(ioc, errp);
162 if (!addr) {
163 return;
164 }
165
166 vnc_init_basic_info(addr, info, errp);
167 qapi_free_SocketAddress(addr);
168}
169
170static const char *vnc_auth_name(VncDisplay *vd) {
171 switch (vd->auth) {
172 case VNC_AUTH_INVALID:
173 return "invalid";
174 case VNC_AUTH_NONE:
175 return "none";
176 case VNC_AUTH_VNC:
177 return "vnc";
178 case VNC_AUTH_RA2:
179 return "ra2";
180 case VNC_AUTH_RA2NE:
181 return "ra2ne";
182 case VNC_AUTH_TIGHT:
183 return "tight";
184 case VNC_AUTH_ULTRA:
185 return "ultra";
186 case VNC_AUTH_TLS:
187 return "tls";
188 case VNC_AUTH_VENCRYPT:
189 switch (vd->subauth) {
190 case VNC_AUTH_VENCRYPT_PLAIN:
191 return "vencrypt+plain";
192 case VNC_AUTH_VENCRYPT_TLSNONE:
193 return "vencrypt+tls+none";
194 case VNC_AUTH_VENCRYPT_TLSVNC:
195 return "vencrypt+tls+vnc";
196 case VNC_AUTH_VENCRYPT_TLSPLAIN:
197 return "vencrypt+tls+plain";
198 case VNC_AUTH_VENCRYPT_X509NONE:
199 return "vencrypt+x509+none";
200 case VNC_AUTH_VENCRYPT_X509VNC:
201 return "vencrypt+x509+vnc";
202 case VNC_AUTH_VENCRYPT_X509PLAIN:
203 return "vencrypt+x509+plain";
204 case VNC_AUTH_VENCRYPT_TLSSASL:
205 return "vencrypt+tls+sasl";
206 case VNC_AUTH_VENCRYPT_X509SASL:
207 return "vencrypt+x509+sasl";
208 default:
209 return "vencrypt";
210 }
211 case VNC_AUTH_SASL:
212 return "sasl";
213 }
214 return "unknown";
215}
216
217static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
218{
219 VncServerInfo *info;
220 Error *err = NULL;
221
222 info = g_malloc(sizeof(*info));
223 vnc_init_basic_info_from_server_addr(vd->lsock,
224 qapi_VncServerInfo_base(info), &err);
225 info->has_auth = true;
226 info->auth = g_strdup(vnc_auth_name(vd));
227 if (err) {
228 qapi_free_VncServerInfo(info);
229 info = NULL;
230 error_free(err);
231 }
232 return info;
233}
234
235static void vnc_client_cache_auth(VncState *client)
236{
237 if (!client->info) {
238 return;
239 }
240
241 if (client->tls) {
242 client->info->x509_dname =
243 qcrypto_tls_session_get_peer_name(client->tls);
244 client->info->has_x509_dname =
245 client->info->x509_dname != NULL;
246 }
247#ifdef CONFIG_VNC_SASL
248 if (client->sasl.conn &&
249 client->sasl.username) {
250 client->info->has_sasl_username = true;
251 client->info->sasl_username = g_strdup(client->sasl.username);
252 }
253#endif
254}
255
256static void vnc_client_cache_addr(VncState *client)
257{
258 Error *err = NULL;
259
260 client->info = g_malloc0(sizeof(*client->info));
261 vnc_init_basic_info_from_remote_addr(client->sioc,
262 qapi_VncClientInfo_base(client->info),
263 &err);
264 if (err) {
265 qapi_free_VncClientInfo(client->info);
266 client->info = NULL;
267 error_free(err);
268 }
269}
270
271static void vnc_qmp_event(VncState *vs, QAPIEvent event)
272{
273 VncServerInfo *si;
274
275 if (!vs->info) {
276 return;
277 }
278
279 si = vnc_server_info_get(vs->vd);
280 if (!si) {
281 return;
282 }
283
284 switch (event) {
285 case QAPI_EVENT_VNC_CONNECTED:
286 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
287 &error_abort);
288 break;
289 case QAPI_EVENT_VNC_INITIALIZED:
290 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
291 break;
292 case QAPI_EVENT_VNC_DISCONNECTED:
293 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
294 break;
295 default:
296 break;
297 }
298
299 qapi_free_VncServerInfo(si);
300}
301
302static VncClientInfo *qmp_query_vnc_client(const VncState *client)
303{
304 VncClientInfo *info;
305 Error *err = NULL;
306
307 info = g_malloc0(sizeof(*info));
308
309 vnc_init_basic_info_from_remote_addr(client->sioc,
310 qapi_VncClientInfo_base(info),
311 &err);
312 if (err) {
313 error_free(err);
314 qapi_free_VncClientInfo(info);
315 return NULL;
316 }
317
318 info->websocket = client->websocket;
319
320 if (client->tls) {
321 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
322 info->has_x509_dname = info->x509_dname != NULL;
323 }
324#ifdef CONFIG_VNC_SASL
325 if (client->sasl.conn && client->sasl.username) {
326 info->has_sasl_username = true;
327 info->sasl_username = g_strdup(client->sasl.username);
328 }
329#endif
330
331 return info;
332}
333
334static VncDisplay *vnc_display_find(const char *id)
335{
336 VncDisplay *vd;
337
338 if (id == NULL) {
339 return QTAILQ_FIRST(&vnc_displays);
340 }
341 QTAILQ_FOREACH(vd, &vnc_displays, next) {
342 if (strcmp(id, vd->id) == 0) {
343 return vd;
344 }
345 }
346 return NULL;
347}
348
349static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
350{
351 VncClientInfoList *cinfo, *prev = NULL;
352 VncState *client;
353
354 QTAILQ_FOREACH(client, &vd->clients, next) {
355 cinfo = g_new0(VncClientInfoList, 1);
356 cinfo->value = qmp_query_vnc_client(client);
357 cinfo->next = prev;
358 prev = cinfo;
359 }
360 return prev;
361}
362
363VncInfo *qmp_query_vnc(Error **errp)
364{
365 VncInfo *info = g_malloc0(sizeof(*info));
366 VncDisplay *vd = vnc_display_find(NULL);
367 SocketAddress *addr = NULL;
368
369 if (vd == NULL || !vd->enabled) {
370 info->enabled = false;
371 } else {
372 info->enabled = true;
373
374
375 info->has_clients = true;
376 info->clients = qmp_query_client_list(vd);
377
378 if (vd->lsock == NULL) {
379 return info;
380 }
381
382 addr = qio_channel_socket_get_local_address(vd->lsock, errp);
383 if (!addr) {
384 goto out_error;
385 }
386
387 switch (addr->type) {
388 case SOCKET_ADDRESS_KIND_INET:
389 info->host = g_strdup(addr->u.inet.data->host);
390 info->service = g_strdup(addr->u.inet.data->port);
391 if (addr->u.inet.data->ipv6) {
392 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
393 } else {
394 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
395 }
396 break;
397
398 case SOCKET_ADDRESS_KIND_UNIX:
399 info->host = g_strdup("");
400 info->service = g_strdup(addr->u.q_unix.data->path);
401 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
402 break;
403
404 default:
405 error_setg(errp, "Unsupported socket kind %d",
406 addr->type);
407 goto out_error;
408 }
409
410 info->has_host = true;
411 info->has_service = true;
412 info->has_family = true;
413
414 info->has_auth = true;
415 info->auth = g_strdup(vnc_auth_name(vd));
416 }
417
418 qapi_free_SocketAddress(addr);
419 return info;
420
421out_error:
422 qapi_free_SocketAddress(addr);
423 qapi_free_VncInfo(info);
424 return NULL;
425}
426
427static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc,
428 bool websocket,
429 VncBasicInfoList *prev)
430{
431 VncBasicInfoList *list;
432 VncBasicInfo *info;
433 Error *err = NULL;
434 SocketAddress *addr;
435
436 addr = qio_channel_socket_get_local_address(ioc, &err);
437 if (!addr) {
438 error_free(err);
439 return prev;
440 }
441
442 info = g_new0(VncBasicInfo, 1);
443 vnc_init_basic_info(addr, info, &err);
444 qapi_free_SocketAddress(addr);
445 if (err) {
446 qapi_free_VncBasicInfo(info);
447 error_free(err);
448 return prev;
449 }
450 info->websocket = websocket;
451
452 list = g_new0(VncBasicInfoList, 1);
453 list->value = info;
454 list->next = prev;
455 return list;
456}
457
458static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info)
459{
460 switch (vd->auth) {
461 case VNC_AUTH_VNC:
462 info->auth = VNC_PRIMARY_AUTH_VNC;
463 break;
464 case VNC_AUTH_RA2:
465 info->auth = VNC_PRIMARY_AUTH_RA2;
466 break;
467 case VNC_AUTH_RA2NE:
468 info->auth = VNC_PRIMARY_AUTH_RA2NE;
469 break;
470 case VNC_AUTH_TIGHT:
471 info->auth = VNC_PRIMARY_AUTH_TIGHT;
472 break;
473 case VNC_AUTH_ULTRA:
474 info->auth = VNC_PRIMARY_AUTH_ULTRA;
475 break;
476 case VNC_AUTH_TLS:
477 info->auth = VNC_PRIMARY_AUTH_TLS;
478 break;
479 case VNC_AUTH_VENCRYPT:
480 info->auth = VNC_PRIMARY_AUTH_VENCRYPT;
481 info->has_vencrypt = true;
482 switch (vd->subauth) {
483 case VNC_AUTH_VENCRYPT_PLAIN:
484 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
485 break;
486 case VNC_AUTH_VENCRYPT_TLSNONE:
487 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
488 break;
489 case VNC_AUTH_VENCRYPT_TLSVNC:
490 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
491 break;
492 case VNC_AUTH_VENCRYPT_TLSPLAIN:
493 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
494 break;
495 case VNC_AUTH_VENCRYPT_X509NONE:
496 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
497 break;
498 case VNC_AUTH_VENCRYPT_X509VNC:
499 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
500 break;
501 case VNC_AUTH_VENCRYPT_X509PLAIN:
502 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
503 break;
504 case VNC_AUTH_VENCRYPT_TLSSASL:
505 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
506 break;
507 case VNC_AUTH_VENCRYPT_X509SASL:
508 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
509 break;
510 default:
511 info->has_vencrypt = false;
512 break;
513 }
514 break;
515 case VNC_AUTH_SASL:
516 info->auth = VNC_PRIMARY_AUTH_SASL;
517 break;
518 case VNC_AUTH_NONE:
519 default:
520 info->auth = VNC_PRIMARY_AUTH_NONE;
521 break;
522 }
523}
524
525VncInfo2List *qmp_query_vnc_servers(Error **errp)
526{
527 VncInfo2List *item, *prev = NULL;
528 VncInfo2 *info;
529 VncDisplay *vd;
530 DeviceState *dev;
531
532 QTAILQ_FOREACH(vd, &vnc_displays, next) {
533 info = g_new0(VncInfo2, 1);
534 info->id = g_strdup(vd->id);
535 info->clients = qmp_query_client_list(vd);
536 qmp_query_auth(vd, info);
537 if (vd->dcl.con) {
538 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
539 "device", NULL));
540 info->has_display = true;
541 info->display = g_strdup(dev->id);
542 }
543 if (vd->lsock != NULL) {
544 info->server = qmp_query_server_entry(
545 vd->lsock, false, info->server);
546 }
547 if (vd->lwebsock != NULL) {
548 info->server = qmp_query_server_entry(
549 vd->lwebsock, true, info->server);
550 }
551
552 item = g_new0(VncInfo2List, 1);
553 item->value = info;
554 item->next = prev;
555 prev = item;
556 }
557 return prev;
558}
559
560
561
562
563
564
565
566
567static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
568static void vnc_disconnect_start(VncState *vs);
569
570static void vnc_colordepth(VncState *vs);
571static void framebuffer_update_request(VncState *vs, int incremental,
572 int x_position, int y_position,
573 int w, int h);
574static void vnc_refresh(DisplayChangeListener *dcl);
575static int vnc_refresh_server_surface(VncDisplay *vd);
576
577static int vnc_width(VncDisplay *vd)
578{
579 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
580 VNC_DIRTY_PIXELS_PER_BIT));
581}
582
583static int vnc_height(VncDisplay *vd)
584{
585 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
586}
587
588static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
589 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
590 VncDisplay *vd,
591 int x, int y, int w, int h)
592{
593 int width = vnc_width(vd);
594 int height = vnc_height(vd);
595
596
597
598 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
599 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
600
601 x = MIN(x, width);
602 y = MIN(y, height);
603 w = MIN(x + w, width) - x;
604 h = MIN(y + h, height);
605
606 for (; y < h; y++) {
607 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
608 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
609 }
610}
611
612static void vnc_dpy_update(DisplayChangeListener *dcl,
613 int x, int y, int w, int h)
614{
615 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
616 struct VncSurface *s = &vd->guest;
617
618 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
619}
620
621void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
622 int32_t encoding)
623{
624 vnc_write_u16(vs, x);
625 vnc_write_u16(vs, y);
626 vnc_write_u16(vs, w);
627 vnc_write_u16(vs, h);
628
629 vnc_write_s32(vs, encoding);
630}
631
632
633static void vnc_desktop_resize(VncState *vs)
634{
635 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
636 return;
637 }
638 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
639 vs->client_height == pixman_image_get_height(vs->vd->server)) {
640 return;
641 }
642 vs->client_width = pixman_image_get_width(vs->vd->server);
643 vs->client_height = pixman_image_get_height(vs->vd->server);
644 vnc_lock_output(vs);
645 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
646 vnc_write_u8(vs, 0);
647 vnc_write_u16(vs, 1);
648 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
649 VNC_ENCODING_DESKTOPRESIZE);
650 vnc_unlock_output(vs);
651 vnc_flush(vs);
652}
653
654static void vnc_abort_display_jobs(VncDisplay *vd)
655{
656 VncState *vs;
657
658 QTAILQ_FOREACH(vs, &vd->clients, next) {
659 vnc_lock_output(vs);
660 vs->abort = true;
661 vnc_unlock_output(vs);
662 }
663 QTAILQ_FOREACH(vs, &vd->clients, next) {
664 vnc_jobs_join(vs);
665 }
666 QTAILQ_FOREACH(vs, &vd->clients, next) {
667 vnc_lock_output(vs);
668 vs->abort = false;
669 vnc_unlock_output(vs);
670 }
671}
672
673int vnc_server_fb_stride(VncDisplay *vd)
674{
675 return pixman_image_get_stride(vd->server);
676}
677
678void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
679{
680 uint8_t *ptr;
681
682 ptr = (uint8_t *)pixman_image_get_data(vd->server);
683 ptr += y * vnc_server_fb_stride(vd);
684 ptr += x * VNC_SERVER_FB_BYTES;
685 return ptr;
686}
687
688static void vnc_update_server_surface(VncDisplay *vd)
689{
690 qemu_pixman_image_unref(vd->server);
691 vd->server = NULL;
692
693 if (QTAILQ_EMPTY(&vd->clients)) {
694 return;
695 }
696
697 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
698 vnc_width(vd),
699 vnc_height(vd),
700 NULL, 0);
701}
702
703static void vnc_dpy_switch(DisplayChangeListener *dcl,
704 DisplaySurface *surface)
705{
706 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
707 VncState *vs;
708 int width, height;
709
710 vnc_abort_display_jobs(vd);
711 vd->ds = surface;
712
713
714 vnc_update_server_surface(vd);
715
716
717 qemu_pixman_image_unref(vd->guest.fb);
718 vd->guest.fb = pixman_image_ref(surface->image);
719 vd->guest.format = surface->format;
720 width = vnc_width(vd);
721 height = vnc_height(vd);
722 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
723 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
724 width, height);
725
726 QTAILQ_FOREACH(vs, &vd->clients, next) {
727 vnc_colordepth(vs);
728 vnc_desktop_resize(vs);
729 if (vs->vd->cursor) {
730 vnc_cursor_define(vs);
731 }
732 memset(vs->dirty, 0x00, sizeof(vs->dirty));
733 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
734 width, height);
735 }
736}
737
738
739static void vnc_write_pixels_copy(VncState *vs,
740 void *pixels, int size)
741{
742 vnc_write(vs, pixels, size);
743}
744
745
746void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
747{
748 uint8_t r, g, b;
749
750#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
751 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
752 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
753 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
754#else
755# error need some bits here if you change VNC_SERVER_FB_FORMAT
756#endif
757 v = (r << vs->client_pf.rshift) |
758 (g << vs->client_pf.gshift) |
759 (b << vs->client_pf.bshift);
760 switch (vs->client_pf.bytes_per_pixel) {
761 case 1:
762 buf[0] = v;
763 break;
764 case 2:
765 if (vs->client_be) {
766 buf[0] = v >> 8;
767 buf[1] = v;
768 } else {
769 buf[1] = v >> 8;
770 buf[0] = v;
771 }
772 break;
773 default:
774 case 4:
775 if (vs->client_be) {
776 buf[0] = v >> 24;
777 buf[1] = v >> 16;
778 buf[2] = v >> 8;
779 buf[3] = v;
780 } else {
781 buf[3] = v >> 24;
782 buf[2] = v >> 16;
783 buf[1] = v >> 8;
784 buf[0] = v;
785 }
786 break;
787 }
788}
789
790static void vnc_write_pixels_generic(VncState *vs,
791 void *pixels1, int size)
792{
793 uint8_t buf[4];
794
795 if (VNC_SERVER_FB_BYTES == 4) {
796 uint32_t *pixels = pixels1;
797 int n, i;
798 n = size >> 2;
799 for (i = 0; i < n; i++) {
800 vnc_convert_pixel(vs, buf, pixels[i]);
801 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
802 }
803 }
804}
805
806int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
807{
808 int i;
809 uint8_t *row;
810 VncDisplay *vd = vs->vd;
811
812 row = vnc_server_fb_ptr(vd, x, y);
813 for (i = 0; i < h; i++) {
814 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
815 row += vnc_server_fb_stride(vd);
816 }
817 return 1;
818}
819
820int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
821{
822 int n = 0;
823 bool encode_raw = false;
824 size_t saved_offs = vs->output.offset;
825
826 switch(vs->vnc_encoding) {
827 case VNC_ENCODING_ZLIB:
828 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
829 break;
830 case VNC_ENCODING_HEXTILE:
831 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
832 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
833 break;
834 case VNC_ENCODING_TIGHT:
835 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
836 break;
837 case VNC_ENCODING_TIGHT_PNG:
838 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
839 break;
840 case VNC_ENCODING_ZRLE:
841 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
842 break;
843 case VNC_ENCODING_ZYWRLE:
844 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
845 break;
846 default:
847 encode_raw = true;
848 break;
849 }
850
851
852
853
854 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
855 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
856 vs->output.offset = saved_offs;
857 encode_raw = true;
858 }
859
860 if (encode_raw) {
861 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
862 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
863 }
864
865 return n;
866}
867
868static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
869{
870
871 vnc_lock_output(vs);
872 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
873 vnc_write_u8(vs, 0);
874 vnc_write_u16(vs, 1);
875 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
876 vnc_write_u16(vs, src_x);
877 vnc_write_u16(vs, src_y);
878 vnc_unlock_output(vs);
879 vnc_flush(vs);
880}
881
882static void vnc_dpy_copy(DisplayChangeListener *dcl,
883 int src_x, int src_y,
884 int dst_x, int dst_y, int w, int h)
885{
886 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
887 VncState *vs, *vn;
888 uint8_t *src_row;
889 uint8_t *dst_row;
890 int i, x, y, pitch, inc, w_lim, s;
891 int cmp_bytes;
892
893 if (!vd->server) {
894
895 return;
896 }
897
898 vnc_refresh_server_surface(vd);
899 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
900 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
901 vs->force_update = 1;
902 vnc_update_client(vs, 1, true);
903
904 }
905 }
906
907
908 pitch = vnc_server_fb_stride(vd);
909 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
910 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
911 y = dst_y;
912 inc = 1;
913 if (dst_y > src_y) {
914
915 src_row += pitch * (h-1);
916 dst_row += pitch * (h-1);
917 pitch = -pitch;
918 y = dst_y + h - 1;
919 inc = -1;
920 }
921 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
922 if (w_lim < 0) {
923 w_lim = w;
924 } else {
925 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT);
926 }
927 for (i = 0; i < h; i++) {
928 for (x = 0; x <= w_lim;
929 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
930 if (x == w_lim) {
931 if ((s = w - w_lim) == 0)
932 break;
933 } else if (!x) {
934 s = (VNC_DIRTY_PIXELS_PER_BIT -
935 (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
936 s = MIN(s, w_lim);
937 } else {
938 s = VNC_DIRTY_PIXELS_PER_BIT;
939 }
940 cmp_bytes = s * VNC_SERVER_FB_BYTES;
941 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
942 continue;
943 memmove(dst_row, src_row, cmp_bytes);
944 QTAILQ_FOREACH(vs, &vd->clients, next) {
945 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
946 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT),
947 vs->dirty[y]);
948 }
949 }
950 }
951 src_row += pitch - w * VNC_SERVER_FB_BYTES;
952 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
953 y += inc;
954 }
955
956 QTAILQ_FOREACH(vs, &vd->clients, next) {
957 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
958 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
959 }
960 }
961}
962
963static void vnc_mouse_set(DisplayChangeListener *dcl,
964 int x, int y, int visible)
965{
966
967}
968
969static int vnc_cursor_define(VncState *vs)
970{
971 QEMUCursor *c = vs->vd->cursor;
972 int isize;
973
974 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
975 vnc_lock_output(vs);
976 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
977 vnc_write_u8(vs, 0);
978 vnc_write_u16(vs, 1);
979 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
980 VNC_ENCODING_RICH_CURSOR);
981 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
982 vnc_write_pixels_generic(vs, c->data, isize);
983 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
984 vnc_unlock_output(vs);
985 return 0;
986 }
987 return -1;
988}
989
990static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
991 QEMUCursor *c)
992{
993 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
994 VncState *vs;
995
996 cursor_put(vd->cursor);
997 g_free(vd->cursor_mask);
998
999 vd->cursor = c;
1000 cursor_get(vd->cursor);
1001 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1002 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1003 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1004
1005 QTAILQ_FOREACH(vs, &vd->clients, next) {
1006 vnc_cursor_define(vs);
1007 }
1008}
1009
1010static int find_and_clear_dirty_height(VncState *vs,
1011 int y, int last_x, int x, int height)
1012{
1013 int h;
1014
1015 for (h = 1; h < (height - y); h++) {
1016 if (!test_bit(last_x, vs->dirty[y + h])) {
1017 break;
1018 }
1019 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1020 }
1021
1022 return h;
1023}
1024
1025static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
1026{
1027 vs->has_dirty += has_dirty;
1028 if (vs->need_update && vs->ioc != NULL) {
1029 VncDisplay *vd = vs->vd;
1030 VncJob *job;
1031 int y;
1032 int height, width;
1033 int n = 0;
1034
1035 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
1036
1037 return 0;
1038
1039 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
1040 return 0;
1041
1042
1043
1044
1045
1046
1047
1048 job = vnc_job_new(vs);
1049
1050 height = pixman_image_get_height(vd->server);
1051 width = pixman_image_get_width(vd->server);
1052
1053 y = 0;
1054 for (;;) {
1055 int x, h;
1056 unsigned long x2;
1057 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1058 height * VNC_DIRTY_BPL(vs),
1059 y * VNC_DIRTY_BPL(vs));
1060 if (offset == height * VNC_DIRTY_BPL(vs)) {
1061
1062 break;
1063 }
1064 y = offset / VNC_DIRTY_BPL(vs);
1065 x = offset % VNC_DIRTY_BPL(vs);
1066 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1067 VNC_DIRTY_BPL(vs), x);
1068 bitmap_clear(vs->dirty[y], x, x2 - x);
1069 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1070 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1071 if (x2 > x) {
1072 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1073 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1074 }
1075 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1076 y += h;
1077 if (y == height) {
1078 break;
1079 }
1080 }
1081 }
1082
1083 vnc_job_push(job);
1084 if (sync) {
1085 vnc_jobs_join(vs);
1086 }
1087 vs->force_update = 0;
1088 vs->has_dirty = 0;
1089 return n;
1090 }
1091
1092 if (vs->disconnecting) {
1093 vnc_disconnect_finish(vs);
1094 } else if (sync) {
1095 vnc_jobs_join(vs);
1096 }
1097
1098 return 0;
1099}
1100
1101
1102static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1103{
1104 VncState *vs = opaque;
1105
1106 switch (cmd) {
1107 case AUD_CNOTIFY_DISABLE:
1108 vnc_lock_output(vs);
1109 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1110 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1111 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1112 vnc_unlock_output(vs);
1113 vnc_flush(vs);
1114 break;
1115
1116 case AUD_CNOTIFY_ENABLE:
1117 vnc_lock_output(vs);
1118 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1119 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1120 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1121 vnc_unlock_output(vs);
1122 vnc_flush(vs);
1123 break;
1124 }
1125}
1126
1127static void audio_capture_destroy(void *opaque)
1128{
1129}
1130
1131static void audio_capture(void *opaque, void *buf, int size)
1132{
1133 VncState *vs = opaque;
1134
1135 vnc_lock_output(vs);
1136 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1137 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1138 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1139 vnc_write_u32(vs, size);
1140 vnc_write(vs, buf, size);
1141 vnc_unlock_output(vs);
1142 vnc_flush(vs);
1143}
1144
1145static void audio_add(VncState *vs)
1146{
1147 struct audio_capture_ops ops;
1148
1149 if (vs->audio_cap) {
1150 error_report("audio already running");
1151 return;
1152 }
1153
1154 ops.notify = audio_capture_notify;
1155 ops.destroy = audio_capture_destroy;
1156 ops.capture = audio_capture;
1157
1158 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1159 if (!vs->audio_cap) {
1160 error_report("Failed to add audio capture");
1161 }
1162}
1163
1164static void audio_del(VncState *vs)
1165{
1166 if (vs->audio_cap) {
1167 AUD_del_capture(vs->audio_cap, vs);
1168 vs->audio_cap = NULL;
1169 }
1170}
1171
1172static void vnc_disconnect_start(VncState *vs)
1173{
1174 if (vs->disconnecting) {
1175 return;
1176 }
1177 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1178 if (vs->ioc_tag) {
1179 g_source_remove(vs->ioc_tag);
1180 }
1181 qio_channel_close(vs->ioc, NULL);
1182 vs->disconnecting = TRUE;
1183}
1184
1185void vnc_disconnect_finish(VncState *vs)
1186{
1187 int i;
1188
1189 vnc_jobs_join(vs);
1190
1191 vnc_lock_output(vs);
1192 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1193
1194 buffer_free(&vs->input);
1195 buffer_free(&vs->output);
1196
1197 qapi_free_VncClientInfo(vs->info);
1198
1199 vnc_zlib_clear(vs);
1200 vnc_tight_clear(vs);
1201 vnc_zrle_clear(vs);
1202
1203#ifdef CONFIG_VNC_SASL
1204 vnc_sasl_client_cleanup(vs);
1205#endif
1206 audio_del(vs);
1207 vnc_release_modifiers(vs);
1208
1209 if (vs->initialized) {
1210 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1211 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1212 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1213
1214 vnc_update_server_surface(vs->vd);
1215 }
1216 }
1217
1218 if (vs->vd->lock_key_sync)
1219 qemu_remove_led_event_handler(vs->led);
1220 vnc_unlock_output(vs);
1221
1222 qemu_mutex_destroy(&vs->output_mutex);
1223 if (vs->bh != NULL) {
1224 qemu_bh_delete(vs->bh);
1225 }
1226 buffer_free(&vs->jobs_buffer);
1227
1228 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1229 g_free(vs->lossy_rect[i]);
1230 }
1231 g_free(vs->lossy_rect);
1232
1233 object_unref(OBJECT(vs->ioc));
1234 vs->ioc = NULL;
1235 object_unref(OBJECT(vs->sioc));
1236 vs->sioc = NULL;
1237 g_free(vs);
1238}
1239
1240ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1241{
1242 if (ret <= 0) {
1243 if (ret == 0) {
1244 VNC_DEBUG("Closing down client sock: EOF\n");
1245 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1246 VNC_DEBUG("Closing down client sock: ret %d (%s)\n",
1247 ret, errp ? error_get_pretty(*errp) : "Unknown");
1248 }
1249
1250 vnc_disconnect_start(vs);
1251 if (errp) {
1252 error_free(*errp);
1253 *errp = NULL;
1254 }
1255 return 0;
1256 }
1257 return ret;
1258}
1259
1260
1261void vnc_client_error(VncState *vs)
1262{
1263 VNC_DEBUG("Closing down client sock: protocol error\n");
1264 vnc_disconnect_start(vs);
1265}
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1284{
1285 Error *err = NULL;
1286 ssize_t ret;
1287 ret = qio_channel_write(
1288 vs->ioc, (const char *)data, datalen, &err);
1289 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1290 return vnc_client_io_error(vs, ret, &err);
1291}
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304static ssize_t vnc_client_write_plain(VncState *vs)
1305{
1306 ssize_t ret;
1307
1308#ifdef CONFIG_VNC_SASL
1309 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1310 vs->output.buffer, vs->output.capacity, vs->output.offset,
1311 vs->sasl.waitWriteSSF);
1312
1313 if (vs->sasl.conn &&
1314 vs->sasl.runSSF &&
1315 vs->sasl.waitWriteSSF) {
1316 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1317 if (ret)
1318 vs->sasl.waitWriteSSF -= ret;
1319 } else
1320#endif
1321 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1322 if (!ret)
1323 return 0;
1324
1325 buffer_advance(&vs->output, ret);
1326
1327 if (vs->output.offset == 0) {
1328 if (vs->ioc_tag) {
1329 g_source_remove(vs->ioc_tag);
1330 }
1331 vs->ioc_tag = qio_channel_add_watch(
1332 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1333 }
1334
1335 return ret;
1336}
1337
1338
1339
1340
1341
1342
1343
1344static void vnc_client_write_locked(VncState *vs)
1345{
1346#ifdef CONFIG_VNC_SASL
1347 if (vs->sasl.conn &&
1348 vs->sasl.runSSF &&
1349 !vs->sasl.waitWriteSSF) {
1350 vnc_client_write_sasl(vs);
1351 } else
1352#endif
1353 {
1354 vnc_client_write_plain(vs);
1355 }
1356}
1357
1358static void vnc_client_write(VncState *vs)
1359{
1360
1361 vnc_lock_output(vs);
1362 if (vs->output.offset) {
1363 vnc_client_write_locked(vs);
1364 } else if (vs->ioc != NULL) {
1365 if (vs->ioc_tag) {
1366 g_source_remove(vs->ioc_tag);
1367 }
1368 vs->ioc_tag = qio_channel_add_watch(
1369 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1370 }
1371 vnc_unlock_output(vs);
1372}
1373
1374void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1375{
1376 vs->read_handler = func;
1377 vs->read_handler_expect = expecting;
1378}
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1397{
1398 ssize_t ret;
1399 Error *err = NULL;
1400 ret = qio_channel_read(
1401 vs->ioc, (char *)data, datalen, &err);
1402 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1403 return vnc_client_io_error(vs, ret, &err);
1404}
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415static ssize_t vnc_client_read_plain(VncState *vs)
1416{
1417 ssize_t ret;
1418 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1419 vs->input.buffer, vs->input.capacity, vs->input.offset);
1420 buffer_reserve(&vs->input, 4096);
1421 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1422 if (!ret)
1423 return 0;
1424 vs->input.offset += ret;
1425 return ret;
1426}
1427
1428static void vnc_jobs_bh(void *opaque)
1429{
1430 VncState *vs = opaque;
1431
1432 vnc_jobs_consume_buffer(vs);
1433}
1434
1435
1436
1437
1438
1439
1440static void vnc_client_read(VncState *vs)
1441{
1442 ssize_t ret;
1443
1444#ifdef CONFIG_VNC_SASL
1445 if (vs->sasl.conn && vs->sasl.runSSF)
1446 ret = vnc_client_read_sasl(vs);
1447 else
1448#endif
1449 ret = vnc_client_read_plain(vs);
1450 if (!ret) {
1451 if (vs->disconnecting) {
1452 vnc_disconnect_finish(vs);
1453 }
1454 return;
1455 }
1456
1457 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1458 size_t len = vs->read_handler_expect;
1459 int ret;
1460
1461 ret = vs->read_handler(vs, vs->input.buffer, len);
1462 if (vs->disconnecting) {
1463 vnc_disconnect_finish(vs);
1464 return;
1465 }
1466
1467 if (!ret) {
1468 buffer_advance(&vs->input, len);
1469 } else {
1470 vs->read_handler_expect = ret;
1471 }
1472 }
1473}
1474
1475gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1476 GIOCondition condition, void *opaque)
1477{
1478 VncState *vs = opaque;
1479 if (condition & G_IO_IN) {
1480 vnc_client_read(vs);
1481 }
1482 if (condition & G_IO_OUT) {
1483 vnc_client_write(vs);
1484 }
1485 return TRUE;
1486}
1487
1488
1489void vnc_write(VncState *vs, const void *data, size_t len)
1490{
1491 buffer_reserve(&vs->output, len);
1492
1493 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1494 if (vs->ioc_tag) {
1495 g_source_remove(vs->ioc_tag);
1496 }
1497 vs->ioc_tag = qio_channel_add_watch(
1498 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1499 }
1500
1501 buffer_append(&vs->output, data, len);
1502}
1503
1504void vnc_write_s32(VncState *vs, int32_t value)
1505{
1506 vnc_write_u32(vs, *(uint32_t *)&value);
1507}
1508
1509void vnc_write_u32(VncState *vs, uint32_t value)
1510{
1511 uint8_t buf[4];
1512
1513 buf[0] = (value >> 24) & 0xFF;
1514 buf[1] = (value >> 16) & 0xFF;
1515 buf[2] = (value >> 8) & 0xFF;
1516 buf[3] = value & 0xFF;
1517
1518 vnc_write(vs, buf, 4);
1519}
1520
1521void vnc_write_u16(VncState *vs, uint16_t value)
1522{
1523 uint8_t buf[2];
1524
1525 buf[0] = (value >> 8) & 0xFF;
1526 buf[1] = value & 0xFF;
1527
1528 vnc_write(vs, buf, 2);
1529}
1530
1531void vnc_write_u8(VncState *vs, uint8_t value)
1532{
1533 vnc_write(vs, (char *)&value, 1);
1534}
1535
1536void vnc_flush(VncState *vs)
1537{
1538 vnc_lock_output(vs);
1539 if (vs->ioc != NULL && vs->output.offset) {
1540 vnc_client_write_locked(vs);
1541 }
1542 vnc_unlock_output(vs);
1543}
1544
1545static uint8_t read_u8(uint8_t *data, size_t offset)
1546{
1547 return data[offset];
1548}
1549
1550static uint16_t read_u16(uint8_t *data, size_t offset)
1551{
1552 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1553}
1554
1555static int32_t read_s32(uint8_t *data, size_t offset)
1556{
1557 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1558 (data[offset + 2] << 8) | data[offset + 3]);
1559}
1560
1561uint32_t read_u32(uint8_t *data, size_t offset)
1562{
1563 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1564 (data[offset + 2] << 8) | data[offset + 3]);
1565}
1566
1567static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1568{
1569}
1570
1571static void check_pointer_type_change(Notifier *notifier, void *data)
1572{
1573 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1574 int absolute = qemu_input_is_absolute();
1575
1576 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1577 vnc_lock_output(vs);
1578 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1579 vnc_write_u8(vs, 0);
1580 vnc_write_u16(vs, 1);
1581 vnc_framebuffer_update(vs, absolute, 0,
1582 pixman_image_get_width(vs->vd->server),
1583 pixman_image_get_height(vs->vd->server),
1584 VNC_ENCODING_POINTER_TYPE_CHANGE);
1585 vnc_unlock_output(vs);
1586 vnc_flush(vs);
1587 }
1588 vs->absolute = absolute;
1589}
1590
1591static void pointer_event(VncState *vs, int button_mask, int x, int y)
1592{
1593 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1594 [INPUT_BUTTON_LEFT] = 0x01,
1595 [INPUT_BUTTON_MIDDLE] = 0x02,
1596 [INPUT_BUTTON_RIGHT] = 0x04,
1597 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1598 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1599 };
1600 QemuConsole *con = vs->vd->dcl.con;
1601 int width = pixman_image_get_width(vs->vd->server);
1602 int height = pixman_image_get_height(vs->vd->server);
1603
1604 if (vs->last_bmask != button_mask) {
1605 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1606 vs->last_bmask = button_mask;
1607 }
1608
1609 if (vs->absolute) {
1610 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width);
1611 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height);
1612 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1613 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1614 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1615 } else {
1616 if (vs->last_x != -1) {
1617 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1618 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1619 }
1620 vs->last_x = x;
1621 vs->last_y = y;
1622 }
1623 qemu_input_event_sync();
1624}
1625
1626static void reset_keys(VncState *vs)
1627{
1628 int i;
1629 for(i = 0; i < 256; i++) {
1630 if (vs->modifiers_state[i]) {
1631 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1632 vs->modifiers_state[i] = 0;
1633 }
1634 }
1635}
1636
1637static void press_key(VncState *vs, int keysym)
1638{
1639 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1640 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1641 qemu_input_event_send_key_delay(0);
1642 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1643 qemu_input_event_send_key_delay(0);
1644}
1645
1646static int current_led_state(VncState *vs)
1647{
1648 int ledstate = 0;
1649
1650 if (vs->modifiers_state[0x46]) {
1651 ledstate |= QEMU_SCROLL_LOCK_LED;
1652 }
1653 if (vs->modifiers_state[0x45]) {
1654 ledstate |= QEMU_NUM_LOCK_LED;
1655 }
1656 if (vs->modifiers_state[0x3a]) {
1657 ledstate |= QEMU_CAPS_LOCK_LED;
1658 }
1659
1660 return ledstate;
1661}
1662
1663static void vnc_led_state_change(VncState *vs)
1664{
1665 int ledstate = 0;
1666
1667 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1668 return;
1669 }
1670
1671 ledstate = current_led_state(vs);
1672 vnc_lock_output(vs);
1673 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1674 vnc_write_u8(vs, 0);
1675 vnc_write_u16(vs, 1);
1676 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1677 vnc_write_u8(vs, ledstate);
1678 vnc_unlock_output(vs);
1679 vnc_flush(vs);
1680}
1681
1682static void kbd_leds(void *opaque, int ledstate)
1683{
1684 VncState *vs = opaque;
1685 int caps, num, scr;
1686 bool has_changed = (ledstate != current_led_state(vs));
1687
1688 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1689 (ledstate & QEMU_NUM_LOCK_LED),
1690 (ledstate & QEMU_SCROLL_LOCK_LED));
1691
1692 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1693 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1694 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0;
1695
1696 if (vs->modifiers_state[0x3a] != caps) {
1697 vs->modifiers_state[0x3a] = caps;
1698 }
1699 if (vs->modifiers_state[0x45] != num) {
1700 vs->modifiers_state[0x45] = num;
1701 }
1702 if (vs->modifiers_state[0x46] != scr) {
1703 vs->modifiers_state[0x46] = scr;
1704 }
1705
1706
1707 if (has_changed) {
1708 vnc_led_state_change(vs);
1709 }
1710}
1711
1712static void do_key_event(VncState *vs, int down, int keycode, int sym)
1713{
1714
1715 switch(keycode) {
1716 case 0x2a:
1717 case 0x36:
1718 case 0x1d:
1719 case 0x9d:
1720 case 0x38:
1721 case 0xb8:
1722 if (down)
1723 vs->modifiers_state[keycode] = 1;
1724 else
1725 vs->modifiers_state[keycode] = 0;
1726 break;
1727 case 0x02 ... 0x0a:
1728 if (vs->vd->dcl.con == NULL &&
1729 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1730
1731 reset_keys(vs);
1732 console_select(keycode - 0x02);
1733 return;
1734 }
1735 break;
1736 case 0x3a:
1737 case 0x45:
1738 if (down)
1739 vs->modifiers_state[keycode] ^= 1;
1740 break;
1741 }
1742
1743
1744
1745
1746 if (down && vs->vd->lock_key_sync &&
1747 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1748 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1749
1750
1751
1752
1753 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1754 if (!vs->modifiers_state[0x45]) {
1755 trace_vnc_key_sync_numlock(true);
1756 vs->modifiers_state[0x45] = 1;
1757 press_key(vs, 0xff7f);
1758 }
1759 } else {
1760 if (vs->modifiers_state[0x45]) {
1761 trace_vnc_key_sync_numlock(false);
1762 vs->modifiers_state[0x45] = 0;
1763 press_key(vs, 0xff7f);
1764 }
1765 }
1766 }
1767
1768 if (down && vs->vd->lock_key_sync &&
1769 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1770 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1771
1772
1773
1774
1775 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1776 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1777 int capslock = !!(vs->modifiers_state[0x3a]);
1778 if (capslock) {
1779 if (uppercase == shift) {
1780 trace_vnc_key_sync_capslock(false);
1781 vs->modifiers_state[0x3a] = 0;
1782 press_key(vs, 0xffe5);
1783 }
1784 } else {
1785 if (uppercase != shift) {
1786 trace_vnc_key_sync_capslock(true);
1787 vs->modifiers_state[0x3a] = 1;
1788 press_key(vs, 0xffe5);
1789 }
1790 }
1791 }
1792
1793 if (qemu_console_is_graphic(NULL)) {
1794 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1795 } else {
1796 bool numlock = vs->modifiers_state[0x45];
1797 bool control = (vs->modifiers_state[0x1d] ||
1798 vs->modifiers_state[0x9d]);
1799
1800 if (down) {
1801 switch (keycode) {
1802 case 0x2a:
1803 case 0x36:
1804 case 0x1d:
1805 case 0x9d:
1806 case 0x38:
1807 case 0xb8:
1808 break;
1809 case 0xc8:
1810 kbd_put_keysym(QEMU_KEY_UP);
1811 break;
1812 case 0xd0:
1813 kbd_put_keysym(QEMU_KEY_DOWN);
1814 break;
1815 case 0xcb:
1816 kbd_put_keysym(QEMU_KEY_LEFT);
1817 break;
1818 case 0xcd:
1819 kbd_put_keysym(QEMU_KEY_RIGHT);
1820 break;
1821 case 0xd3:
1822 kbd_put_keysym(QEMU_KEY_DELETE);
1823 break;
1824 case 0xc7:
1825 kbd_put_keysym(QEMU_KEY_HOME);
1826 break;
1827 case 0xcf:
1828 kbd_put_keysym(QEMU_KEY_END);
1829 break;
1830 case 0xc9:
1831 kbd_put_keysym(QEMU_KEY_PAGEUP);
1832 break;
1833 case 0xd1:
1834 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1835 break;
1836
1837 case 0x47:
1838 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1839 break;
1840 case 0x48:
1841 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1842 break;
1843 case 0x49:
1844 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1845 break;
1846 case 0x4b:
1847 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1848 break;
1849 case 0x4c:
1850 kbd_put_keysym('5');
1851 break;
1852 case 0x4d:
1853 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1854 break;
1855 case 0x4f:
1856 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1857 break;
1858 case 0x50:
1859 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1860 break;
1861 case 0x51:
1862 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1863 break;
1864 case 0x52:
1865 kbd_put_keysym('0');
1866 break;
1867 case 0x53:
1868 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1869 break;
1870
1871 case 0xb5:
1872 kbd_put_keysym('/');
1873 break;
1874 case 0x37:
1875 kbd_put_keysym('*');
1876 break;
1877 case 0x4a:
1878 kbd_put_keysym('-');
1879 break;
1880 case 0x4e:
1881 kbd_put_keysym('+');
1882 break;
1883 case 0x9c:
1884 kbd_put_keysym('\n');
1885 break;
1886
1887 default:
1888 if (control) {
1889 kbd_put_keysym(sym & 0x1f);
1890 } else {
1891 kbd_put_keysym(sym);
1892 }
1893 break;
1894 }
1895 }
1896 }
1897}
1898
1899static void vnc_release_modifiers(VncState *vs)
1900{
1901 static const int keycodes[] = {
1902
1903 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1904 };
1905 int i, keycode;
1906
1907 if (!qemu_console_is_graphic(NULL)) {
1908 return;
1909 }
1910 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1911 keycode = keycodes[i];
1912 if (!vs->modifiers_state[keycode]) {
1913 continue;
1914 }
1915 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1916 }
1917}
1918
1919static const char *code2name(int keycode)
1920{
1921 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
1922}
1923
1924static void key_event(VncState *vs, int down, uint32_t sym)
1925{
1926 int keycode;
1927 int lsym = sym;
1928
1929 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1930 lsym = lsym - 'A' + 'a';
1931 }
1932
1933 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1934 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1935 do_key_event(vs, down, keycode, sym);
1936}
1937
1938static void ext_key_event(VncState *vs, int down,
1939 uint32_t sym, uint16_t keycode)
1940{
1941
1942 if (keyboard_layout) {
1943 key_event(vs, down, sym);
1944 } else {
1945 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1946 do_key_event(vs, down, keycode, sym);
1947 }
1948}
1949
1950static void framebuffer_update_request(VncState *vs, int incremental,
1951 int x, int y, int w, int h)
1952{
1953 vs->need_update = 1;
1954
1955 if (incremental) {
1956 return;
1957 }
1958
1959 vs->force_update = 1;
1960 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1961}
1962
1963static void send_ext_key_event_ack(VncState *vs)
1964{
1965 vnc_lock_output(vs);
1966 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1967 vnc_write_u8(vs, 0);
1968 vnc_write_u16(vs, 1);
1969 vnc_framebuffer_update(vs, 0, 0,
1970 pixman_image_get_width(vs->vd->server),
1971 pixman_image_get_height(vs->vd->server),
1972 VNC_ENCODING_EXT_KEY_EVENT);
1973 vnc_unlock_output(vs);
1974 vnc_flush(vs);
1975}
1976
1977static void send_ext_audio_ack(VncState *vs)
1978{
1979 vnc_lock_output(vs);
1980 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1981 vnc_write_u8(vs, 0);
1982 vnc_write_u16(vs, 1);
1983 vnc_framebuffer_update(vs, 0, 0,
1984 pixman_image_get_width(vs->vd->server),
1985 pixman_image_get_height(vs->vd->server),
1986 VNC_ENCODING_AUDIO);
1987 vnc_unlock_output(vs);
1988 vnc_flush(vs);
1989}
1990
1991static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1992{
1993 int i;
1994 unsigned int enc = 0;
1995
1996 vs->features = 0;
1997 vs->vnc_encoding = 0;
1998 vs->tight.compression = 9;
1999 vs->tight.quality = -1;
2000 vs->absolute = -1;
2001
2002
2003
2004
2005
2006
2007 for (i = n_encodings - 1; i >= 0; i--) {
2008 enc = encodings[i];
2009 switch (enc) {
2010 case VNC_ENCODING_RAW:
2011 vs->vnc_encoding = enc;
2012 break;
2013 case VNC_ENCODING_COPYRECT:
2014 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2015 break;
2016 case VNC_ENCODING_HEXTILE:
2017 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2018 vs->vnc_encoding = enc;
2019 break;
2020 case VNC_ENCODING_TIGHT:
2021 vs->features |= VNC_FEATURE_TIGHT_MASK;
2022 vs->vnc_encoding = enc;
2023 break;
2024#ifdef CONFIG_VNC_PNG
2025 case VNC_ENCODING_TIGHT_PNG:
2026 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2027 vs->vnc_encoding = enc;
2028 break;
2029#endif
2030 case VNC_ENCODING_ZLIB:
2031 vs->features |= VNC_FEATURE_ZLIB_MASK;
2032 vs->vnc_encoding = enc;
2033 break;
2034 case VNC_ENCODING_ZRLE:
2035 vs->features |= VNC_FEATURE_ZRLE_MASK;
2036 vs->vnc_encoding = enc;
2037 break;
2038 case VNC_ENCODING_ZYWRLE:
2039 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2040 vs->vnc_encoding = enc;
2041 break;
2042 case VNC_ENCODING_DESKTOPRESIZE:
2043 vs->features |= VNC_FEATURE_RESIZE_MASK;
2044 break;
2045 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2046 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2047 break;
2048 case VNC_ENCODING_RICH_CURSOR:
2049 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2050 if (vs->vd->cursor) {
2051 vnc_cursor_define(vs);
2052 }
2053 break;
2054 case VNC_ENCODING_EXT_KEY_EVENT:
2055 send_ext_key_event_ack(vs);
2056 break;
2057 case VNC_ENCODING_AUDIO:
2058 send_ext_audio_ack(vs);
2059 break;
2060 case VNC_ENCODING_WMVi:
2061 vs->features |= VNC_FEATURE_WMVI_MASK;
2062 break;
2063 case VNC_ENCODING_LED_STATE:
2064 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2065 break;
2066 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2067 vs->tight.compression = (enc & 0x0F);
2068 break;
2069 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2070 if (vs->vd->lossy) {
2071 vs->tight.quality = (enc & 0x0F);
2072 }
2073 break;
2074 default:
2075 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2076 break;
2077 }
2078 }
2079 vnc_desktop_resize(vs);
2080 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2081 vnc_led_state_change(vs);
2082}
2083
2084static void set_pixel_conversion(VncState *vs)
2085{
2086 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2087
2088 if (fmt == VNC_SERVER_FB_FORMAT) {
2089 vs->write_pixels = vnc_write_pixels_copy;
2090 vnc_hextile_set_pixel_conversion(vs, 0);
2091 } else {
2092 vs->write_pixels = vnc_write_pixels_generic;
2093 vnc_hextile_set_pixel_conversion(vs, 1);
2094 }
2095}
2096
2097static void set_pixel_format(VncState *vs,
2098 int bits_per_pixel, int depth,
2099 int big_endian_flag, int true_color_flag,
2100 int red_max, int green_max, int blue_max,
2101 int red_shift, int green_shift, int blue_shift)
2102{
2103 if (!true_color_flag) {
2104 vnc_client_error(vs);
2105 return;
2106 }
2107
2108 switch (bits_per_pixel) {
2109 case 8:
2110 case 16:
2111 case 32:
2112 break;
2113 default:
2114 vnc_client_error(vs);
2115 return;
2116 }
2117
2118 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2119 vs->client_pf.rbits = hweight_long(red_max);
2120 vs->client_pf.rshift = red_shift;
2121 vs->client_pf.rmask = red_max << red_shift;
2122 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2123 vs->client_pf.gbits = hweight_long(green_max);
2124 vs->client_pf.gshift = green_shift;
2125 vs->client_pf.gmask = green_max << green_shift;
2126 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2127 vs->client_pf.bbits = hweight_long(blue_max);
2128 vs->client_pf.bshift = blue_shift;
2129 vs->client_pf.bmask = blue_max << blue_shift;
2130 vs->client_pf.bits_per_pixel = bits_per_pixel;
2131 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2132 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2133 vs->client_be = big_endian_flag;
2134
2135 set_pixel_conversion(vs);
2136
2137 graphic_hw_invalidate(vs->vd->dcl.con);
2138 graphic_hw_update(vs->vd->dcl.con);
2139}
2140
2141static void pixel_format_message (VncState *vs) {
2142 char pad[3] = { 0, 0, 0 };
2143
2144 vs->client_pf = qemu_default_pixelformat(32);
2145
2146 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
2147 vnc_write_u8(vs, vs->client_pf.depth);
2148
2149#ifdef HOST_WORDS_BIGENDIAN
2150 vnc_write_u8(vs, 1);
2151#else
2152 vnc_write_u8(vs, 0);
2153#endif
2154 vnc_write_u8(vs, 1);
2155 vnc_write_u16(vs, vs->client_pf.rmax);
2156 vnc_write_u16(vs, vs->client_pf.gmax);
2157 vnc_write_u16(vs, vs->client_pf.bmax);
2158 vnc_write_u8(vs, vs->client_pf.rshift);
2159 vnc_write_u8(vs, vs->client_pf.gshift);
2160 vnc_write_u8(vs, vs->client_pf.bshift);
2161 vnc_write(vs, pad, 3);
2162
2163 vnc_hextile_set_pixel_conversion(vs, 0);
2164 vs->write_pixels = vnc_write_pixels_copy;
2165}
2166
2167static void vnc_colordepth(VncState *vs)
2168{
2169 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2170
2171 vnc_lock_output(vs);
2172 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2173 vnc_write_u8(vs, 0);
2174 vnc_write_u16(vs, 1);
2175 vnc_framebuffer_update(vs, 0, 0,
2176 pixman_image_get_width(vs->vd->server),
2177 pixman_image_get_height(vs->vd->server),
2178 VNC_ENCODING_WMVi);
2179 pixel_format_message(vs);
2180 vnc_unlock_output(vs);
2181 vnc_flush(vs);
2182 } else {
2183 set_pixel_conversion(vs);
2184 }
2185}
2186
2187static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2188{
2189 int i;
2190 uint16_t limit;
2191 VncDisplay *vd = vs->vd;
2192
2193 if (data[0] > 3) {
2194 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2195 }
2196
2197 switch (data[0]) {
2198 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2199 if (len == 1)
2200 return 20;
2201
2202 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
2203 read_u8(data, 6), read_u8(data, 7),
2204 read_u16(data, 8), read_u16(data, 10),
2205 read_u16(data, 12), read_u8(data, 14),
2206 read_u8(data, 15), read_u8(data, 16));
2207 break;
2208 case VNC_MSG_CLIENT_SET_ENCODINGS:
2209 if (len == 1)
2210 return 4;
2211
2212 if (len == 4) {
2213 limit = read_u16(data, 2);
2214 if (limit > 0)
2215 return 4 + (limit * 4);
2216 } else
2217 limit = read_u16(data, 2);
2218
2219 for (i = 0; i < limit; i++) {
2220 int32_t val = read_s32(data, 4 + (i * 4));
2221 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2222 }
2223
2224 set_encodings(vs, (int32_t *)(data + 4), limit);
2225 break;
2226 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2227 if (len == 1)
2228 return 10;
2229
2230 framebuffer_update_request(vs,
2231 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2232 read_u16(data, 6), read_u16(data, 8));
2233 break;
2234 case VNC_MSG_CLIENT_KEY_EVENT:
2235 if (len == 1)
2236 return 8;
2237
2238 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2239 break;
2240 case VNC_MSG_CLIENT_POINTER_EVENT:
2241 if (len == 1)
2242 return 6;
2243
2244 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2245 break;
2246 case VNC_MSG_CLIENT_CUT_TEXT:
2247 if (len == 1) {
2248 return 8;
2249 }
2250 if (len == 8) {
2251 uint32_t dlen = read_u32(data, 4);
2252 if (dlen > (1 << 20)) {
2253 error_report("vnc: client_cut_text msg payload has %u bytes"
2254 " which exceeds our limit of 1MB.", dlen);
2255 vnc_client_error(vs);
2256 break;
2257 }
2258 if (dlen > 0) {
2259 return 8 + dlen;
2260 }
2261 }
2262
2263 client_cut_text(vs, read_u32(data, 4), data + 8);
2264 break;
2265 case VNC_MSG_CLIENT_QEMU:
2266 if (len == 1)
2267 return 2;
2268
2269 switch (read_u8(data, 1)) {
2270 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2271 if (len == 2)
2272 return 12;
2273
2274 ext_key_event(vs, read_u16(data, 2),
2275 read_u32(data, 4), read_u32(data, 8));
2276 break;
2277 case VNC_MSG_CLIENT_QEMU_AUDIO:
2278 if (len == 2)
2279 return 4;
2280
2281 switch (read_u16 (data, 2)) {
2282 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2283 audio_add(vs);
2284 break;
2285 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2286 audio_del(vs);
2287 break;
2288 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2289 if (len == 4)
2290 return 10;
2291 switch (read_u8(data, 4)) {
2292 case 0: vs->as.fmt = AUD_FMT_U8; break;
2293 case 1: vs->as.fmt = AUD_FMT_S8; break;
2294 case 2: vs->as.fmt = AUD_FMT_U16; break;
2295 case 3: vs->as.fmt = AUD_FMT_S16; break;
2296 case 4: vs->as.fmt = AUD_FMT_U32; break;
2297 case 5: vs->as.fmt = AUD_FMT_S32; break;
2298 default:
2299 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2300 vnc_client_error(vs);
2301 break;
2302 }
2303 vs->as.nchannels = read_u8(data, 5);
2304 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2305 VNC_DEBUG("Invalid audio channel coount %d\n",
2306 read_u8(data, 5));
2307 vnc_client_error(vs);
2308 break;
2309 }
2310 vs->as.freq = read_u32(data, 6);
2311 break;
2312 default:
2313 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2314 vnc_client_error(vs);
2315 break;
2316 }
2317 break;
2318
2319 default:
2320 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2321 vnc_client_error(vs);
2322 break;
2323 }
2324 break;
2325 default:
2326 VNC_DEBUG("Msg: %d\n", data[0]);
2327 vnc_client_error(vs);
2328 break;
2329 }
2330
2331 vnc_read_when(vs, protocol_client_msg, 1);
2332 return 0;
2333}
2334
2335static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2336{
2337 char buf[1024];
2338 VncShareMode mode;
2339 int size;
2340
2341 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2342 switch (vs->vd->share_policy) {
2343 case VNC_SHARE_POLICY_IGNORE:
2344
2345
2346
2347
2348
2349
2350
2351 break;
2352 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2363 VncState *client;
2364 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2365 if (vs == client) {
2366 continue;
2367 }
2368 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2369 client->share_mode != VNC_SHARE_MODE_SHARED) {
2370 continue;
2371 }
2372 vnc_disconnect_start(client);
2373 }
2374 }
2375 if (mode == VNC_SHARE_MODE_SHARED) {
2376 if (vs->vd->num_exclusive > 0) {
2377 vnc_disconnect_start(vs);
2378 return 0;
2379 }
2380 }
2381 break;
2382 case VNC_SHARE_POLICY_FORCE_SHARED:
2383
2384
2385
2386
2387
2388
2389
2390
2391 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2392 vnc_disconnect_start(vs);
2393 return 0;
2394 }
2395 break;
2396 }
2397 vnc_set_share_mode(vs, mode);
2398
2399 if (vs->vd->num_shared > vs->vd->connections_limit) {
2400 vnc_disconnect_start(vs);
2401 return 0;
2402 }
2403
2404 vs->client_width = pixman_image_get_width(vs->vd->server);
2405 vs->client_height = pixman_image_get_height(vs->vd->server);
2406 vnc_write_u16(vs, vs->client_width);
2407 vnc_write_u16(vs, vs->client_height);
2408
2409 pixel_format_message(vs);
2410
2411 if (qemu_name)
2412 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2413 else
2414 size = snprintf(buf, sizeof(buf), "QEMU");
2415
2416 vnc_write_u32(vs, size);
2417 vnc_write(vs, buf, size);
2418 vnc_flush(vs);
2419
2420 vnc_client_cache_auth(vs);
2421 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2422
2423 vnc_read_when(vs, protocol_client_msg, 1);
2424
2425 return 0;
2426}
2427
2428void start_client_init(VncState *vs)
2429{
2430 vnc_read_when(vs, protocol_client_init, 1);
2431}
2432
2433static void make_challenge(VncState *vs)
2434{
2435 int i;
2436
2437 srand(time(NULL)+getpid()+getpid()*987654+rand());
2438
2439 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2440 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2441}
2442
2443static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2444{
2445 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2446 size_t i, pwlen;
2447 unsigned char key[8];
2448 time_t now = time(NULL);
2449 QCryptoCipher *cipher = NULL;
2450 Error *err = NULL;
2451
2452 if (!vs->vd->password) {
2453 VNC_DEBUG("No password configured on server");
2454 goto reject;
2455 }
2456 if (vs->vd->expires < now) {
2457 VNC_DEBUG("Password is expired");
2458 goto reject;
2459 }
2460
2461 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2462
2463
2464 pwlen = strlen(vs->vd->password);
2465 for (i=0; i<sizeof(key); i++)
2466 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2467
2468 cipher = qcrypto_cipher_new(
2469 QCRYPTO_CIPHER_ALG_DES_RFB,
2470 QCRYPTO_CIPHER_MODE_ECB,
2471 key, G_N_ELEMENTS(key),
2472 &err);
2473 if (!cipher) {
2474 VNC_DEBUG("Cannot initialize cipher %s",
2475 error_get_pretty(err));
2476 error_free(err);
2477 goto reject;
2478 }
2479
2480 if (qcrypto_cipher_encrypt(cipher,
2481 vs->challenge,
2482 response,
2483 VNC_AUTH_CHALLENGE_SIZE,
2484 &err) < 0) {
2485 VNC_DEBUG("Cannot encrypt challenge %s",
2486 error_get_pretty(err));
2487 error_free(err);
2488 goto reject;
2489 }
2490
2491
2492 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2493 VNC_DEBUG("Client challenge response did not match\n");
2494 goto reject;
2495 } else {
2496 VNC_DEBUG("Accepting VNC challenge response\n");
2497 vnc_write_u32(vs, 0);
2498 vnc_flush(vs);
2499
2500 start_client_init(vs);
2501 }
2502
2503 qcrypto_cipher_free(cipher);
2504 return 0;
2505
2506reject:
2507 vnc_write_u32(vs, 1);
2508 if (vs->minor >= 8) {
2509 static const char err[] = "Authentication failed";
2510 vnc_write_u32(vs, sizeof(err));
2511 vnc_write(vs, err, sizeof(err));
2512 }
2513 vnc_flush(vs);
2514 vnc_client_error(vs);
2515 qcrypto_cipher_free(cipher);
2516 return 0;
2517}
2518
2519void start_auth_vnc(VncState *vs)
2520{
2521 make_challenge(vs);
2522
2523 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2524 vnc_flush(vs);
2525
2526 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2527}
2528
2529
2530static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2531{
2532
2533
2534 if (data[0] != vs->auth) {
2535 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2536 vnc_write_u32(vs, 1);
2537 if (vs->minor >= 8) {
2538 static const char err[] = "Authentication failed";
2539 vnc_write_u32(vs, sizeof(err));
2540 vnc_write(vs, err, sizeof(err));
2541 }
2542 vnc_client_error(vs);
2543 } else {
2544 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2545 switch (vs->auth) {
2546 case VNC_AUTH_NONE:
2547 VNC_DEBUG("Accept auth none\n");
2548 if (vs->minor >= 8) {
2549 vnc_write_u32(vs, 0);
2550 vnc_flush(vs);
2551 }
2552 start_client_init(vs);
2553 break;
2554
2555 case VNC_AUTH_VNC:
2556 VNC_DEBUG("Start VNC auth\n");
2557 start_auth_vnc(vs);
2558 break;
2559
2560 case VNC_AUTH_VENCRYPT:
2561 VNC_DEBUG("Accept VeNCrypt auth\n");
2562 start_auth_vencrypt(vs);
2563 break;
2564
2565#ifdef CONFIG_VNC_SASL
2566 case VNC_AUTH_SASL:
2567 VNC_DEBUG("Accept SASL auth\n");
2568 start_auth_sasl(vs);
2569 break;
2570#endif
2571
2572 default:
2573 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2574 vnc_write_u8(vs, 1);
2575 if (vs->minor >= 8) {
2576 static const char err[] = "Authentication failed";
2577 vnc_write_u32(vs, sizeof(err));
2578 vnc_write(vs, err, sizeof(err));
2579 }
2580 vnc_client_error(vs);
2581 }
2582 }
2583 return 0;
2584}
2585
2586static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2587{
2588 char local[13];
2589
2590 memcpy(local, version, 12);
2591 local[12] = 0;
2592
2593 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2594 VNC_DEBUG("Malformed protocol version %s\n", local);
2595 vnc_client_error(vs);
2596 return 0;
2597 }
2598 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2599 if (vs->major != 3 ||
2600 (vs->minor != 3 &&
2601 vs->minor != 4 &&
2602 vs->minor != 5 &&
2603 vs->minor != 7 &&
2604 vs->minor != 8)) {
2605 VNC_DEBUG("Unsupported client version\n");
2606 vnc_write_u32(vs, VNC_AUTH_INVALID);
2607 vnc_flush(vs);
2608 vnc_client_error(vs);
2609 return 0;
2610 }
2611
2612
2613
2614 if (vs->minor == 4 || vs->minor == 5)
2615 vs->minor = 3;
2616
2617 if (vs->minor == 3) {
2618 if (vs->auth == VNC_AUTH_NONE) {
2619 VNC_DEBUG("Tell client auth none\n");
2620 vnc_write_u32(vs, vs->auth);
2621 vnc_flush(vs);
2622 start_client_init(vs);
2623 } else if (vs->auth == VNC_AUTH_VNC) {
2624 VNC_DEBUG("Tell client VNC auth\n");
2625 vnc_write_u32(vs, vs->auth);
2626 vnc_flush(vs);
2627 start_auth_vnc(vs);
2628 } else {
2629 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2630 vnc_write_u32(vs, VNC_AUTH_INVALID);
2631 vnc_flush(vs);
2632 vnc_client_error(vs);
2633 }
2634 } else {
2635 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2636 vnc_write_u8(vs, 1);
2637 vnc_write_u8(vs, vs->auth);
2638 vnc_read_when(vs, protocol_client_auth, 1);
2639 vnc_flush(vs);
2640 }
2641
2642 return 0;
2643}
2644
2645static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2646{
2647 struct VncSurface *vs = &vd->guest;
2648
2649 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2650}
2651
2652void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2653{
2654 int i, j;
2655
2656 w = (x + w) / VNC_STAT_RECT;
2657 h = (y + h) / VNC_STAT_RECT;
2658 x /= VNC_STAT_RECT;
2659 y /= VNC_STAT_RECT;
2660
2661 for (j = y; j <= h; j++) {
2662 for (i = x; i <= w; i++) {
2663 vs->lossy_rect[j][i] = 1;
2664 }
2665 }
2666}
2667
2668static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2669{
2670 VncState *vs;
2671 int sty = y / VNC_STAT_RECT;
2672 int stx = x / VNC_STAT_RECT;
2673 int has_dirty = 0;
2674
2675 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2676 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2677
2678 QTAILQ_FOREACH(vs, &vd->clients, next) {
2679 int j;
2680
2681
2682 if (vs->output.offset) {
2683 continue;
2684 }
2685
2686 if (!vs->lossy_rect[sty][stx]) {
2687 continue;
2688 }
2689
2690 vs->lossy_rect[sty][stx] = 0;
2691 for (j = 0; j < VNC_STAT_RECT; ++j) {
2692 bitmap_set(vs->dirty[y + j],
2693 x / VNC_DIRTY_PIXELS_PER_BIT,
2694 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2695 }
2696 has_dirty++;
2697 }
2698
2699 return has_dirty;
2700}
2701
2702static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2703{
2704 int width = pixman_image_get_width(vd->guest.fb);
2705 int height = pixman_image_get_height(vd->guest.fb);
2706 int x, y;
2707 struct timeval res;
2708 int has_dirty = 0;
2709
2710 for (y = 0; y < height; y += VNC_STAT_RECT) {
2711 for (x = 0; x < width; x += VNC_STAT_RECT) {
2712 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2713
2714 rect->updated = false;
2715 }
2716 }
2717
2718 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2719
2720 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2721 return has_dirty;
2722 }
2723 vd->guest.last_freq_check = *tv;
2724
2725 for (y = 0; y < height; y += VNC_STAT_RECT) {
2726 for (x = 0; x < width; x += VNC_STAT_RECT) {
2727 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2728 int count = ARRAY_SIZE(rect->times);
2729 struct timeval min, max;
2730
2731 if (!timerisset(&rect->times[count - 1])) {
2732 continue ;
2733 }
2734
2735 max = rect->times[(rect->idx + count - 1) % count];
2736 qemu_timersub(tv, &max, &res);
2737
2738 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2739 rect->freq = 0;
2740 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2741 memset(rect->times, 0, sizeof (rect->times));
2742 continue ;
2743 }
2744
2745 min = rect->times[rect->idx];
2746 max = rect->times[(rect->idx + count - 1) % count];
2747 qemu_timersub(&max, &min, &res);
2748
2749 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2750 rect->freq /= count;
2751 rect->freq = 1. / rect->freq;
2752 }
2753 }
2754 return has_dirty;
2755}
2756
2757double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2758{
2759 int i, j;
2760 double total = 0;
2761 int num = 0;
2762
2763 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2764 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2765
2766 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2767 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2768 total += vnc_stat_rect(vs->vd, i, j)->freq;
2769 num++;
2770 }
2771 }
2772
2773 if (num) {
2774 return total / num;
2775 } else {
2776 return 0;
2777 }
2778}
2779
2780static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2781{
2782 VncRectStat *rect;
2783
2784 rect = vnc_stat_rect(vd, x, y);
2785 if (rect->updated) {
2786 return ;
2787 }
2788 rect->times[rect->idx] = *tv;
2789 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2790 rect->updated = true;
2791}
2792
2793static int vnc_refresh_server_surface(VncDisplay *vd)
2794{
2795 int width = MIN(pixman_image_get_width(vd->guest.fb),
2796 pixman_image_get_width(vd->server));
2797 int height = MIN(pixman_image_get_height(vd->guest.fb),
2798 pixman_image_get_height(vd->server));
2799 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2800 uint8_t *guest_row0 = NULL, *server_row0;
2801 VncState *vs;
2802 int has_dirty = 0;
2803 pixman_image_t *tmpbuf = NULL;
2804
2805 struct timeval tv = { 0, 0 };
2806
2807 if (!vd->non_adaptive) {
2808 gettimeofday(&tv, NULL);
2809 has_dirty = vnc_update_stats(vd, &tv);
2810 }
2811
2812
2813
2814
2815
2816
2817 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2818 server_stride = guest_stride = guest_ll =
2819 pixman_image_get_stride(vd->server);
2820 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2821 server_stride);
2822 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2823 int width = pixman_image_get_width(vd->server);
2824 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2825 } else {
2826 int guest_bpp =
2827 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2828 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2829 guest_stride = pixman_image_get_stride(vd->guest.fb);
2830 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
2831 }
2832 line_bytes = MIN(server_stride, guest_ll);
2833
2834 for (;;) {
2835 int x;
2836 uint8_t *guest_ptr, *server_ptr;
2837 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2838 height * VNC_DIRTY_BPL(&vd->guest),
2839 y * VNC_DIRTY_BPL(&vd->guest));
2840 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2841
2842 break;
2843 }
2844 y = offset / VNC_DIRTY_BPL(&vd->guest);
2845 x = offset % VNC_DIRTY_BPL(&vd->guest);
2846
2847 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2848
2849 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2850 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2851 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2852 } else {
2853 guest_ptr = guest_row0 + y * guest_stride;
2854 }
2855 guest_ptr += x * cmp_bytes;
2856
2857 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2858 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2859 int _cmp_bytes = cmp_bytes;
2860 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2861 continue;
2862 }
2863 if ((x + 1) * cmp_bytes > line_bytes) {
2864 _cmp_bytes = line_bytes - x * cmp_bytes;
2865 }
2866 assert(_cmp_bytes >= 0);
2867 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2868 continue;
2869 }
2870 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2871 if (!vd->non_adaptive) {
2872 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2873 y, &tv);
2874 }
2875 QTAILQ_FOREACH(vs, &vd->clients, next) {
2876 set_bit(x, vs->dirty[y]);
2877 }
2878 has_dirty++;
2879 }
2880
2881 y++;
2882 }
2883 qemu_pixman_image_unref(tmpbuf);
2884 return has_dirty;
2885}
2886
2887static void vnc_refresh(DisplayChangeListener *dcl)
2888{
2889 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2890 VncState *vs, *vn;
2891 int has_dirty, rects = 0;
2892
2893 if (QTAILQ_EMPTY(&vd->clients)) {
2894 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2895 return;
2896 }
2897
2898 graphic_hw_update(vd->dcl.con);
2899
2900 if (vnc_trylock_display(vd)) {
2901 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2902 return;
2903 }
2904
2905 has_dirty = vnc_refresh_server_surface(vd);
2906 vnc_unlock_display(vd);
2907
2908 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2909 rects += vnc_update_client(vs, has_dirty, false);
2910
2911 }
2912
2913 if (has_dirty && rects) {
2914 vd->dcl.update_interval /= 2;
2915 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2916 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2917 }
2918 } else {
2919 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2920 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2921 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2922 }
2923 }
2924}
2925
2926static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2927 bool skipauth, bool websocket)
2928{
2929 VncState *vs = g_new0(VncState, 1);
2930 int i;
2931
2932 vs->sioc = sioc;
2933 object_ref(OBJECT(vs->sioc));
2934 vs->ioc = QIO_CHANNEL(sioc);
2935 object_ref(OBJECT(vs->ioc));
2936 vs->vd = vd;
2937
2938 buffer_init(&vs->input, "vnc-input/%p", sioc);
2939 buffer_init(&vs->output, "vnc-output/%p", sioc);
2940 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2941
2942 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2943 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2944 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2945#ifdef CONFIG_VNC_JPEG
2946 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2947#endif
2948#ifdef CONFIG_VNC_PNG
2949 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2950#endif
2951 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2952 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
2953 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
2954 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
2955
2956 if (skipauth) {
2957 vs->auth = VNC_AUTH_NONE;
2958 vs->subauth = VNC_AUTH_INVALID;
2959 } else {
2960 if (websocket) {
2961 vs->auth = vd->ws_auth;
2962 vs->subauth = VNC_AUTH_INVALID;
2963 } else {
2964 vs->auth = vd->auth;
2965 vs->subauth = vd->subauth;
2966 }
2967 }
2968 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
2969 sioc, websocket, vs->auth, vs->subauth);
2970
2971 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2972 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2973 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
2974 }
2975
2976 VNC_DEBUG("New client on socket %p\n", vs->sioc);
2977 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2978 qio_channel_set_blocking(vs->ioc, false, NULL);
2979 if (websocket) {
2980 vs->websocket = 1;
2981 if (vd->ws_tls) {
2982 vs->ioc_tag = qio_channel_add_watch(
2983 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
2984 } else {
2985 vs->ioc_tag = qio_channel_add_watch(
2986 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
2987 }
2988 } else {
2989 vs->ioc_tag = qio_channel_add_watch(
2990 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
2991 }
2992
2993 vnc_client_cache_addr(vs);
2994 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
2995 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2996
2997 if (!vs->websocket) {
2998 vnc_init_state(vs);
2999 }
3000
3001 if (vd->num_connecting > vd->connections_limit) {
3002 QTAILQ_FOREACH(vs, &vd->clients, next) {
3003 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3004 vnc_disconnect_start(vs);
3005 return;
3006 }
3007 }
3008 }
3009}
3010
3011void vnc_init_state(VncState *vs)
3012{
3013 vs->initialized = true;
3014 VncDisplay *vd = vs->vd;
3015 bool first_client = QTAILQ_EMPTY(&vd->clients);
3016
3017 vs->last_x = -1;
3018 vs->last_y = -1;
3019
3020 vs->as.freq = 44100;
3021 vs->as.nchannels = 2;
3022 vs->as.fmt = AUD_FMT_S16;
3023 vs->as.endianness = 0;
3024
3025 qemu_mutex_init(&vs->output_mutex);
3026 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3027
3028 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3029 if (first_client) {
3030 vnc_update_server_surface(vd);
3031 }
3032
3033 graphic_hw_update(vd->dcl.con);
3034
3035 vnc_write(vs, "RFB 003.008\n", 12);
3036 vnc_flush(vs);
3037 vnc_read_when(vs, protocol_version, 12);
3038 reset_keys(vs);
3039 if (vs->vd->lock_key_sync)
3040 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
3041
3042 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3043 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3044
3045
3046}
3047
3048static gboolean vnc_listen_io(QIOChannel *ioc,
3049 GIOCondition condition,
3050 void *opaque)
3051{
3052 VncDisplay *vs = opaque;
3053 QIOChannelSocket *sioc = NULL;
3054 Error *err = NULL;
3055
3056
3057 graphic_hw_update(vs->dcl.con);
3058 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3059 if (sioc != NULL) {
3060 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3061 vnc_connect(vs, sioc, false,
3062 ioc != QIO_CHANNEL(vs->lsock));
3063 object_unref(OBJECT(sioc));
3064 } else {
3065
3066 error_free(err);
3067 }
3068
3069 return TRUE;
3070}
3071
3072static const DisplayChangeListenerOps dcl_ops = {
3073 .dpy_name = "vnc",
3074 .dpy_refresh = vnc_refresh,
3075 .dpy_gfx_copy = vnc_dpy_copy,
3076 .dpy_gfx_update = vnc_dpy_update,
3077 .dpy_gfx_switch = vnc_dpy_switch,
3078 .dpy_gfx_check_format = qemu_pixman_check_format,
3079 .dpy_mouse_set = vnc_mouse_set,
3080 .dpy_cursor_define = vnc_dpy_cursor_define,
3081};
3082
3083void vnc_display_init(const char *id)
3084{
3085 VncDisplay *vs;
3086
3087 if (vnc_display_find(id) != NULL) {
3088 return;
3089 }
3090 vs = g_malloc0(sizeof(*vs));
3091
3092 vs->id = strdup(id);
3093 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next);
3094
3095 QTAILQ_INIT(&vs->clients);
3096 vs->expires = TIME_MAX;
3097
3098 if (keyboard_layout) {
3099 trace_vnc_key_map_init(keyboard_layout);
3100 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3101 } else {
3102 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3103 }
3104
3105 if (!vs->kbd_layout)
3106 exit(1);
3107
3108 qemu_mutex_init(&vs->mutex);
3109 vnc_start_worker_thread();
3110
3111 vs->dcl.ops = &dcl_ops;
3112 register_displaychangelistener(&vs->dcl);
3113}
3114
3115
3116static void vnc_display_close(VncDisplay *vs)
3117{
3118 if (!vs)
3119 return;
3120 vs->enabled = false;
3121 vs->is_unix = false;
3122 if (vs->lsock != NULL) {
3123 if (vs->lsock_tag) {
3124 g_source_remove(vs->lsock_tag);
3125 }
3126 object_unref(OBJECT(vs->lsock));
3127 vs->lsock = NULL;
3128 }
3129 vs->ws_enabled = false;
3130 if (vs->lwebsock != NULL) {
3131 if (vs->lwebsock_tag) {
3132 g_source_remove(vs->lwebsock_tag);
3133 }
3134 object_unref(OBJECT(vs->lwebsock));
3135 vs->lwebsock = NULL;
3136 }
3137 vs->auth = VNC_AUTH_INVALID;
3138 vs->subauth = VNC_AUTH_INVALID;
3139 if (vs->tlscreds) {
3140 object_unparent(OBJECT(vs->tlscreds));
3141 vs->tlscreds = NULL;
3142 }
3143 g_free(vs->tlsaclname);
3144 vs->tlsaclname = NULL;
3145}
3146
3147int vnc_display_password(const char *id, const char *password)
3148{
3149 VncDisplay *vs = vnc_display_find(id);
3150
3151 if (!vs) {
3152 return -EINVAL;
3153 }
3154 if (vs->auth == VNC_AUTH_NONE) {
3155 error_printf_unless_qmp("If you want use passwords please enable "
3156 "password auth using '-vnc ${dpy},password'.");
3157 return -EINVAL;
3158 }
3159
3160 g_free(vs->password);
3161 vs->password = g_strdup(password);
3162
3163 return 0;
3164}
3165
3166int vnc_display_pw_expire(const char *id, time_t expires)
3167{
3168 VncDisplay *vs = vnc_display_find(id);
3169
3170 if (!vs) {
3171 return -EINVAL;
3172 }
3173
3174 vs->expires = expires;
3175 return 0;
3176}
3177
3178char *vnc_display_local_addr(const char *id)
3179{
3180 VncDisplay *vs = vnc_display_find(id);
3181 SocketAddress *addr;
3182 char *ret;
3183 Error *err = NULL;
3184
3185 assert(vs);
3186
3187 addr = qio_channel_socket_get_local_address(vs->lsock, &err);
3188 if (!addr) {
3189 return NULL;
3190 }
3191
3192 if (addr->type != SOCKET_ADDRESS_KIND_INET) {
3193 qapi_free_SocketAddress(addr);
3194 return NULL;
3195 }
3196 ret = g_strdup_printf("%s;%s", addr->u.inet.data->host,
3197 addr->u.inet.data->port);
3198 qapi_free_SocketAddress(addr);
3199
3200 return ret;
3201}
3202
3203static QemuOptsList qemu_vnc_opts = {
3204 .name = "vnc",
3205 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3206 .implied_opt_name = "vnc",
3207 .desc = {
3208 {
3209 .name = "vnc",
3210 .type = QEMU_OPT_STRING,
3211 },{
3212 .name = "websocket",
3213 .type = QEMU_OPT_STRING,
3214 },{
3215 .name = "tls-creds",
3216 .type = QEMU_OPT_STRING,
3217 },{
3218
3219 .name = "x509",
3220 .type = QEMU_OPT_STRING,
3221 },{
3222 .name = "share",
3223 .type = QEMU_OPT_STRING,
3224 },{
3225 .name = "display",
3226 .type = QEMU_OPT_STRING,
3227 },{
3228 .name = "head",
3229 .type = QEMU_OPT_NUMBER,
3230 },{
3231 .name = "connections",
3232 .type = QEMU_OPT_NUMBER,
3233 },{
3234 .name = "to",
3235 .type = QEMU_OPT_NUMBER,
3236 },{
3237 .name = "ipv4",
3238 .type = QEMU_OPT_BOOL,
3239 },{
3240 .name = "ipv6",
3241 .type = QEMU_OPT_BOOL,
3242 },{
3243 .name = "password",
3244 .type = QEMU_OPT_BOOL,
3245 },{
3246 .name = "reverse",
3247 .type = QEMU_OPT_BOOL,
3248 },{
3249 .name = "lock-key-sync",
3250 .type = QEMU_OPT_BOOL,
3251 },{
3252 .name = "sasl",
3253 .type = QEMU_OPT_BOOL,
3254 },{
3255
3256 .name = "tls",
3257 .type = QEMU_OPT_BOOL,
3258 },{
3259
3260 .name = "x509verify",
3261 .type = QEMU_OPT_STRING,
3262 },{
3263 .name = "acl",
3264 .type = QEMU_OPT_BOOL,
3265 },{
3266 .name = "lossy",
3267 .type = QEMU_OPT_BOOL,
3268 },{
3269 .name = "non-adaptive",
3270 .type = QEMU_OPT_BOOL,
3271 },
3272 { }
3273 },
3274};
3275
3276
3277static int
3278vnc_display_setup_auth(VncDisplay *vs,
3279 bool password,
3280 bool sasl,
3281 bool websocket,
3282 Error **errp)
3283{
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331 if (password) {
3332 if (vs->tlscreds) {
3333 vs->auth = VNC_AUTH_VENCRYPT;
3334 if (websocket) {
3335 vs->ws_tls = true;
3336 }
3337 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3338 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3339 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3340 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3341 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3342 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3343 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3344 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3345 } else {
3346 error_setg(errp,
3347 "Unsupported TLS cred type %s",
3348 object_get_typename(OBJECT(vs->tlscreds)));
3349 return -1;
3350 }
3351 } else {
3352 VNC_DEBUG("Initializing VNC server with password auth\n");
3353 vs->auth = VNC_AUTH_VNC;
3354 vs->subauth = VNC_AUTH_INVALID;
3355 }
3356 if (websocket) {
3357 vs->ws_auth = VNC_AUTH_VNC;
3358 } else {
3359 vs->ws_auth = VNC_AUTH_INVALID;
3360 }
3361 } else if (sasl) {
3362 if (vs->tlscreds) {
3363 vs->auth = VNC_AUTH_VENCRYPT;
3364 if (websocket) {
3365 vs->ws_tls = true;
3366 }
3367 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3368 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3369 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3370 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3371 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3372 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3373 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3374 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3375 } else {
3376 error_setg(errp,
3377 "Unsupported TLS cred type %s",
3378 object_get_typename(OBJECT(vs->tlscreds)));
3379 return -1;
3380 }
3381 } else {
3382 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3383 vs->auth = VNC_AUTH_SASL;
3384 vs->subauth = VNC_AUTH_INVALID;
3385 }
3386 if (websocket) {
3387 vs->ws_auth = VNC_AUTH_SASL;
3388 } else {
3389 vs->ws_auth = VNC_AUTH_INVALID;
3390 }
3391 } else {
3392 if (vs->tlscreds) {
3393 vs->auth = VNC_AUTH_VENCRYPT;
3394 if (websocket) {
3395 vs->ws_tls = true;
3396 }
3397 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3398 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3399 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3400 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3401 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3402 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3403 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3404 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3405 } else {
3406 error_setg(errp,
3407 "Unsupported TLS cred type %s",
3408 object_get_typename(OBJECT(vs->tlscreds)));
3409 return -1;
3410 }
3411 } else {
3412 VNC_DEBUG("Initializing VNC server with no auth\n");
3413 vs->auth = VNC_AUTH_NONE;
3414 vs->subauth = VNC_AUTH_INVALID;
3415 }
3416 if (websocket) {
3417 vs->ws_auth = VNC_AUTH_NONE;
3418 } else {
3419 vs->ws_auth = VNC_AUTH_INVALID;
3420 }
3421 }
3422 return 0;
3423}
3424
3425
3426
3427
3428
3429
3430static QCryptoTLSCreds *
3431vnc_display_create_creds(bool x509,
3432 bool x509verify,
3433 const char *dir,
3434 const char *id,
3435 Error **errp)
3436{
3437 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3438 Object *parent = object_get_objects_root();
3439 Object *creds;
3440 Error *err = NULL;
3441
3442 if (x509) {
3443 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3444 parent,
3445 credsid,
3446 &err,
3447 "endpoint", "server",
3448 "dir", dir,
3449 "verify-peer", x509verify ? "yes" : "no",
3450 NULL);
3451 } else {
3452 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3453 parent,
3454 credsid,
3455 &err,
3456 "endpoint", "server",
3457 NULL);
3458 }
3459
3460 g_free(credsid);
3461
3462 if (err) {
3463 error_propagate(errp, err);
3464 return NULL;
3465 }
3466
3467 return QCRYPTO_TLS_CREDS(creds);
3468}
3469
3470
3471void vnc_display_open(const char *id, Error **errp)
3472{
3473 VncDisplay *vs = vnc_display_find(id);
3474 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3475 SocketAddress *saddr = NULL, *wsaddr = NULL;
3476 const char *share, *device_id;
3477 QemuConsole *con;
3478 bool password = false;
3479 bool reverse = false;
3480 const char *vnc;
3481 char *h;
3482 const char *credid;
3483 bool sasl = false;
3484#ifdef CONFIG_VNC_SASL
3485 int saslErr;
3486#endif
3487 int acl = 0;
3488 int lock_key_sync = 1;
3489
3490 if (!vs) {
3491 error_setg(errp, "VNC display not active");
3492 return;
3493 }
3494 vnc_display_close(vs);
3495
3496 if (!opts) {
3497 return;
3498 }
3499 vnc = qemu_opt_get(opts, "vnc");
3500 if (!vnc || strcmp(vnc, "none") == 0) {
3501 return;
3502 }
3503
3504 h = strrchr(vnc, ':');
3505 if (h) {
3506 size_t hlen = h - vnc;
3507
3508 const char *websocket = qemu_opt_get(opts, "websocket");
3509 int to = qemu_opt_get_number(opts, "to", 0);
3510 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3511 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3512 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3513 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3514
3515 saddr = g_new0(SocketAddress, 1);
3516 if (websocket) {
3517 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3518 error_setg(errp,
3519 "SHA1 hash support is required for websockets");
3520 goto fail;
3521 }
3522
3523 wsaddr = g_new0(SocketAddress, 1);
3524 vs->ws_enabled = true;
3525 }
3526
3527 if (strncmp(vnc, "unix:", 5) == 0) {
3528 saddr->type = SOCKET_ADDRESS_KIND_UNIX;
3529 saddr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
3530 saddr->u.q_unix.data->path = g_strdup(vnc + 5);
3531
3532 if (vs->ws_enabled) {
3533 error_setg(errp, "UNIX sockets not supported with websock");
3534 goto fail;
3535 }
3536 } else {
3537 unsigned long long baseport;
3538 InetSocketAddress *inet;
3539 saddr->type = SOCKET_ADDRESS_KIND_INET;
3540 inet = saddr->u.inet.data = g_new0(InetSocketAddress, 1);
3541 if (vnc[0] == '[' && vnc[hlen - 1] == ']') {
3542 inet->host = g_strndup(vnc + 1, hlen - 2);
3543 } else {
3544 inet->host = g_strndup(vnc, hlen);
3545 }
3546 if (parse_uint_full(h + 1, &baseport, 10) < 0) {
3547 error_setg(errp, "can't convert to a number: %s", h + 1);
3548 goto fail;
3549 }
3550 if (baseport > 65535 ||
3551 baseport + 5900 > 65535) {
3552 error_setg(errp, "port %s out of range", h + 1);
3553 goto fail;
3554 }
3555 inet->port = g_strdup_printf(
3556 "%d", (int)baseport + 5900);
3557
3558 if (to) {
3559 inet->has_to = true;
3560 inet->to = to + 5900;
3561 }
3562 inet->ipv4 = ipv4;
3563 inet->has_ipv4 = has_ipv4;
3564 inet->ipv6 = ipv6;
3565 inet->has_ipv6 = has_ipv6;
3566
3567 if (vs->ws_enabled) {
3568 wsaddr->type = SOCKET_ADDRESS_KIND_INET;
3569 inet = wsaddr->u.inet.data = g_new0(InetSocketAddress, 1);
3570 inet->host = g_strdup(saddr->u.inet.data->host);
3571 inet->port = g_strdup(websocket);
3572
3573 if (to) {
3574 inet->has_to = true;
3575 inet->to = to;
3576 }
3577 inet->ipv4 = ipv4;
3578 inet->has_ipv4 = has_ipv4;
3579 inet->ipv6 = ipv6;
3580 inet->has_ipv6 = has_ipv6;
3581 }
3582 }
3583 } else {
3584 error_setg(errp, "no vnc port specified");
3585 goto fail;
3586 }
3587
3588 password = qemu_opt_get_bool(opts, "password", false);
3589 if (password) {
3590 if (fips_get_state()) {
3591 error_setg(errp,
3592 "VNC password auth disabled due to FIPS mode, "
3593 "consider using the VeNCrypt or SASL authentication "
3594 "methods as an alternative");
3595 goto fail;
3596 }
3597 if (!qcrypto_cipher_supports(
3598 QCRYPTO_CIPHER_ALG_DES_RFB)) {
3599 error_setg(errp,
3600 "Cipher backend does not support DES RFB algorithm");
3601 goto fail;
3602 }
3603 }
3604
3605 reverse = qemu_opt_get_bool(opts, "reverse", false);
3606 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3607 sasl = qemu_opt_get_bool(opts, "sasl", false);
3608#ifndef CONFIG_VNC_SASL
3609 if (sasl) {
3610 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3611 goto fail;
3612 }
3613#endif
3614 credid = qemu_opt_get(opts, "tls-creds");
3615 if (credid) {
3616 Object *creds;
3617 if (qemu_opt_get(opts, "tls") ||
3618 qemu_opt_get(opts, "x509") ||
3619 qemu_opt_get(opts, "x509verify")) {
3620 error_setg(errp,
3621 "'tls-creds' parameter is mutually exclusive with "
3622 "'tls', 'x509' and 'x509verify' parameters");
3623 goto fail;
3624 }
3625
3626 creds = object_resolve_path_component(
3627 object_get_objects_root(), credid);
3628 if (!creds) {
3629 error_setg(errp, "No TLS credentials with id '%s'",
3630 credid);
3631 goto fail;
3632 }
3633 vs->tlscreds = (QCryptoTLSCreds *)
3634 object_dynamic_cast(creds,
3635 TYPE_QCRYPTO_TLS_CREDS);
3636 if (!vs->tlscreds) {
3637 error_setg(errp, "Object with id '%s' is not TLS credentials",
3638 credid);
3639 goto fail;
3640 }
3641 object_ref(OBJECT(vs->tlscreds));
3642
3643 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3644 error_setg(errp,
3645 "Expecting TLS credentials with a server endpoint");
3646 goto fail;
3647 }
3648 } else {
3649 const char *path;
3650 bool tls = false, x509 = false, x509verify = false;
3651 tls = qemu_opt_get_bool(opts, "tls", false);
3652 if (tls) {
3653 path = qemu_opt_get(opts, "x509");
3654
3655 if (path) {
3656 x509 = true;
3657 } else {
3658 path = qemu_opt_get(opts, "x509verify");
3659 if (path) {
3660 x509 = true;
3661 x509verify = true;
3662 }
3663 }
3664 vs->tlscreds = vnc_display_create_creds(x509,
3665 x509verify,
3666 path,
3667 vs->id,
3668 errp);
3669 if (!vs->tlscreds) {
3670 goto fail;
3671 }
3672 }
3673 }
3674 acl = qemu_opt_get_bool(opts, "acl", false);
3675
3676 share = qemu_opt_get(opts, "share");
3677 if (share) {
3678 if (strcmp(share, "ignore") == 0) {
3679 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3680 } else if (strcmp(share, "allow-exclusive") == 0) {
3681 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3682 } else if (strcmp(share, "force-shared") == 0) {
3683 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3684 } else {
3685 error_setg(errp, "unknown vnc share= option");
3686 goto fail;
3687 }
3688 } else {
3689 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3690 }
3691 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3692
3693#ifdef CONFIG_VNC_JPEG
3694 vs->lossy = qemu_opt_get_bool(opts, "lossy", false);
3695#endif
3696 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3697
3698
3699
3700 if (!vs->lossy) {
3701 vs->non_adaptive = true;
3702 }
3703
3704 if (acl) {
3705 if (strcmp(vs->id, "default") == 0) {
3706 vs->tlsaclname = g_strdup("vnc.x509dname");
3707 } else {
3708 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id);
3709 }
3710 qemu_acl_init(vs->tlsaclname);
3711 }
3712#ifdef CONFIG_VNC_SASL
3713 if (acl && sasl) {
3714 char *aclname;
3715
3716 if (strcmp(vs->id, "default") == 0) {
3717 aclname = g_strdup("vnc.username");
3718 } else {
3719 aclname = g_strdup_printf("vnc.%s.username", vs->id);
3720 }
3721 vs->sasl.acl = qemu_acl_init(aclname);
3722 g_free(aclname);
3723 }
3724#endif
3725
3726 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) {
3727 goto fail;
3728 }
3729
3730#ifdef CONFIG_VNC_SASL
3731 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3732 error_setg(errp, "Failed to initialize SASL auth: %s",
3733 sasl_errstring(saslErr, NULL, NULL));
3734 goto fail;
3735 }
3736#endif
3737 vs->lock_key_sync = lock_key_sync;
3738
3739 device_id = qemu_opt_get(opts, "display");
3740 if (device_id) {
3741 int head = qemu_opt_get_number(opts, "head", 0);
3742 Error *err = NULL;
3743
3744 con = qemu_console_lookup_by_device_name(device_id, head, &err);
3745 if (err) {
3746 error_propagate(errp, err);
3747 goto fail;
3748 }
3749 } else {
3750 con = NULL;
3751 }
3752
3753 if (con != vs->dcl.con) {
3754 unregister_displaychangelistener(&vs->dcl);
3755 vs->dcl.con = con;
3756 register_displaychangelistener(&vs->dcl);
3757 }
3758
3759 if (reverse) {
3760
3761 QIOChannelSocket *sioc = NULL;
3762 vs->lsock = NULL;
3763 vs->lwebsock = NULL;
3764 if (vs->ws_enabled) {
3765 error_setg(errp, "Cannot use websockets in reverse mode");
3766 goto fail;
3767 }
3768 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3769 sioc = qio_channel_socket_new();
3770 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) {
3771 goto fail;
3772 }
3773 vnc_connect(vs, sioc, false, false);
3774 object_unref(OBJECT(sioc));
3775 } else {
3776 vs->lsock = qio_channel_socket_new();
3777 if (qio_channel_socket_listen_sync(vs->lsock, saddr, errp) < 0) {
3778 goto fail;
3779 }
3780 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3781 vs->enabled = true;
3782
3783 if (vs->ws_enabled) {
3784 vs->lwebsock = qio_channel_socket_new();
3785 if (qio_channel_socket_listen_sync(vs->lwebsock,
3786 wsaddr, errp) < 0) {
3787 object_unref(OBJECT(vs->lsock));
3788 vs->lsock = NULL;
3789 goto fail;
3790 }
3791 }
3792
3793 vs->lsock_tag = qio_channel_add_watch(
3794 QIO_CHANNEL(vs->lsock),
3795 G_IO_IN, vnc_listen_io, vs, NULL);
3796 if (vs->ws_enabled) {
3797 vs->lwebsock_tag = qio_channel_add_watch(
3798 QIO_CHANNEL(vs->lwebsock),
3799 G_IO_IN, vnc_listen_io, vs, NULL);
3800 }
3801 }
3802
3803 qapi_free_SocketAddress(saddr);
3804 qapi_free_SocketAddress(wsaddr);
3805 return;
3806
3807fail:
3808 qapi_free_SocketAddress(saddr);
3809 qapi_free_SocketAddress(wsaddr);
3810 vs->enabled = false;
3811 vs->ws_enabled = false;
3812}
3813
3814void vnc_display_add_client(const char *id, int csock, bool skipauth)
3815{
3816 VncDisplay *vs = vnc_display_find(id);
3817 QIOChannelSocket *sioc;
3818
3819 if (!vs) {
3820 return;
3821 }
3822
3823 sioc = qio_channel_socket_new_fd(csock, NULL);
3824 if (sioc) {
3825 vnc_connect(vs, sioc, skipauth, false);
3826 object_unref(OBJECT(sioc));
3827 }
3828}
3829
3830static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
3831{
3832 int i = 2;
3833 char *id;
3834
3835 id = g_strdup("default");
3836 while (qemu_opts_find(olist, id)) {
3837 g_free(id);
3838 id = g_strdup_printf("vnc%d", i++);
3839 }
3840 qemu_opts_set_id(opts, id);
3841}
3842
3843QemuOpts *vnc_parse(const char *str, Error **errp)
3844{
3845 QemuOptsList *olist = qemu_find_opts("vnc");
3846 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
3847 const char *id;
3848
3849 if (!opts) {
3850 return NULL;
3851 }
3852
3853 id = qemu_opts_id(opts);
3854 if (!id) {
3855
3856 vnc_auto_assign_id(olist, opts);
3857 }
3858 return opts;
3859}
3860
3861int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
3862{
3863 Error *local_err = NULL;
3864 char *id = (char *)qemu_opts_id(opts);
3865
3866 assert(id);
3867 vnc_display_init(id);
3868 vnc_display_open(id, &local_err);
3869 if (local_err != NULL) {
3870 error_reportf_err(local_err, "Failed to start VNC server: ");
3871 exit(1);
3872 }
3873 return 0;
3874}
3875
3876static void vnc_register_config(void)
3877{
3878 qemu_add_opts(&qemu_vnc_opts);
3879}
3880opts_init(vnc_register_config);
3881
