]> git.proxmox.com Git - mirror_qemu.git/blob - ui/vnc.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
qmp-shell: learn to send commands with quoted arguments
[mirror_qemu.git] / ui / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "sysemu/sysemu.h"
32 #include "qemu/error-report.h"
33 #include "qemu/option.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
36 #include "qemu/acl.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qapi-events.h"
39 #include "qapi/error.h"
40 #include "qapi/qapi-commands-ui.h"
41 #include "ui/input.h"
42 #include "crypto/hash.h"
43 #include "crypto/tlscredsanon.h"
44 #include "crypto/tlscredsx509.h"
45 #include "qom/object_interfaces.h"
46 #include "qemu/cutils.h"
47 #include "io/dns-resolver.h"
48
49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50 #define VNC_REFRESH_INTERVAL_INC 50
51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55 #include "vnc_keysym.h"
56 #include "crypto/cipher.h"
57
58 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61 static int vnc_cursor_define(VncState *vs);
62 static void vnc_release_modifiers(VncState *vs);
63 static void vnc_update_throttle_offset(VncState *vs);
64
65 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
66 {
67 #ifdef _VNC_DEBUG
68 static const char *mn[] = {
69 [0] = "undefined",
70 [VNC_SHARE_MODE_CONNECTING] = "connecting",
71 [VNC_SHARE_MODE_SHARED] = "shared",
72 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
73 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
74 };
75 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
76 vs->ioc, mn[vs->share_mode], mn[mode]);
77 #endif
78
79 switch (vs->share_mode) {
80 case VNC_SHARE_MODE_CONNECTING:
81 vs->vd->num_connecting--;
82 break;
83 case VNC_SHARE_MODE_SHARED:
84 vs->vd->num_shared--;
85 break;
86 case VNC_SHARE_MODE_EXCLUSIVE:
87 vs->vd->num_exclusive--;
88 break;
89 default:
90 break;
91 }
92
93 vs->share_mode = mode;
94
95 switch (vs->share_mode) {
96 case VNC_SHARE_MODE_CONNECTING:
97 vs->vd->num_connecting++;
98 break;
99 case VNC_SHARE_MODE_SHARED:
100 vs->vd->num_shared++;
101 break;
102 case VNC_SHARE_MODE_EXCLUSIVE:
103 vs->vd->num_exclusive++;
104 break;
105 default:
106 break;
107 }
108 }
109
110
111 static void vnc_init_basic_info(SocketAddress *addr,
112 VncBasicInfo *info,
113 Error **errp)
114 {
115 switch (addr->type) {
116 case SOCKET_ADDRESS_TYPE_INET:
117 info->host = g_strdup(addr->u.inet.host);
118 info->service = g_strdup(addr->u.inet.port);
119 if (addr->u.inet.ipv6) {
120 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
121 } else {
122 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
123 }
124 break;
125
126 case SOCKET_ADDRESS_TYPE_UNIX:
127 info->host = g_strdup("");
128 info->service = g_strdup(addr->u.q_unix.path);
129 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
130 break;
131
132 case SOCKET_ADDRESS_TYPE_VSOCK:
133 case SOCKET_ADDRESS_TYPE_FD:
134 error_setg(errp, "Unsupported socket address type %s",
135 SocketAddressType_str(addr->type));
136 break;
137 default:
138 abort();
139 }
140
141 return;
142 }
143
144 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
145 VncBasicInfo *info,
146 Error **errp)
147 {
148 SocketAddress *addr = NULL;
149
150 if (!ioc) {
151 error_setg(errp, "No listener socket available");
152 return;
153 }
154
155 addr = qio_channel_socket_get_local_address(ioc, errp);
156 if (!addr) {
157 return;
158 }
159
160 vnc_init_basic_info(addr, info, errp);
161 qapi_free_SocketAddress(addr);
162 }
163
164 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
165 VncBasicInfo *info,
166 Error **errp)
167 {
168 SocketAddress *addr = NULL;
169
170 addr = qio_channel_socket_get_remote_address(ioc, errp);
171 if (!addr) {
172 return;
173 }
174
175 vnc_init_basic_info(addr, info, errp);
176 qapi_free_SocketAddress(addr);
177 }
178
179 static const char *vnc_auth_name(VncDisplay *vd) {
180 switch (vd->auth) {
181 case VNC_AUTH_INVALID:
182 return "invalid";
183 case VNC_AUTH_NONE:
184 return "none";
185 case VNC_AUTH_VNC:
186 return "vnc";
187 case VNC_AUTH_RA2:
188 return "ra2";
189 case VNC_AUTH_RA2NE:
190 return "ra2ne";
191 case VNC_AUTH_TIGHT:
192 return "tight";
193 case VNC_AUTH_ULTRA:
194 return "ultra";
195 case VNC_AUTH_TLS:
196 return "tls";
197 case VNC_AUTH_VENCRYPT:
198 switch (vd->subauth) {
199 case VNC_AUTH_VENCRYPT_PLAIN:
200 return "vencrypt+plain";
201 case VNC_AUTH_VENCRYPT_TLSNONE:
202 return "vencrypt+tls+none";
203 case VNC_AUTH_VENCRYPT_TLSVNC:
204 return "vencrypt+tls+vnc";
205 case VNC_AUTH_VENCRYPT_TLSPLAIN:
206 return "vencrypt+tls+plain";
207 case VNC_AUTH_VENCRYPT_X509NONE:
208 return "vencrypt+x509+none";
209 case VNC_AUTH_VENCRYPT_X509VNC:
210 return "vencrypt+x509+vnc";
211 case VNC_AUTH_VENCRYPT_X509PLAIN:
212 return "vencrypt+x509+plain";
213 case VNC_AUTH_VENCRYPT_TLSSASL:
214 return "vencrypt+tls+sasl";
215 case VNC_AUTH_VENCRYPT_X509SASL:
216 return "vencrypt+x509+sasl";
217 default:
218 return "vencrypt";
219 }
220 case VNC_AUTH_SASL:
221 return "sasl";
222 }
223 return "unknown";
224 }
225
226 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
227 {
228 VncServerInfo *info;
229 Error *err = NULL;
230
231 if (!vd->listener || !vd->listener->nsioc) {
232 return NULL;
233 }
234
235 info = g_malloc0(sizeof(*info));
236 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
237 qapi_VncServerInfo_base(info), &err);
238 info->has_auth = true;
239 info->auth = g_strdup(vnc_auth_name(vd));
240 if (err) {
241 qapi_free_VncServerInfo(info);
242 info = NULL;
243 error_free(err);
244 }
245 return info;
246 }
247
248 static void vnc_client_cache_auth(VncState *client)
249 {
250 if (!client->info) {
251 return;
252 }
253
254 if (client->tls) {
255 client->info->x509_dname =
256 qcrypto_tls_session_get_peer_name(client->tls);
257 client->info->has_x509_dname =
258 client->info->x509_dname != NULL;
259 }
260 #ifdef CONFIG_VNC_SASL
261 if (client->sasl.conn &&
262 client->sasl.username) {
263 client->info->has_sasl_username = true;
264 client->info->sasl_username = g_strdup(client->sasl.username);
265 }
266 #endif
267 }
268
269 static void vnc_client_cache_addr(VncState *client)
270 {
271 Error *err = NULL;
272
273 client->info = g_malloc0(sizeof(*client->info));
274 vnc_init_basic_info_from_remote_addr(client->sioc,
275 qapi_VncClientInfo_base(client->info),
276 &err);
277 if (err) {
278 qapi_free_VncClientInfo(client->info);
279 client->info = NULL;
280 error_free(err);
281 }
282 }
283
284 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
285 {
286 VncServerInfo *si;
287
288 if (!vs->info) {
289 return;
290 }
291
292 si = vnc_server_info_get(vs->vd);
293 if (!si) {
294 return;
295 }
296
297 switch (event) {
298 case QAPI_EVENT_VNC_CONNECTED:
299 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
300 &error_abort);
301 break;
302 case QAPI_EVENT_VNC_INITIALIZED:
303 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
304 break;
305 case QAPI_EVENT_VNC_DISCONNECTED:
306 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
307 break;
308 default:
309 break;
310 }
311
312 qapi_free_VncServerInfo(si);
313 }
314
315 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
316 {
317 VncClientInfo *info;
318 Error *err = NULL;
319
320 info = g_malloc0(sizeof(*info));
321
322 vnc_init_basic_info_from_remote_addr(client->sioc,
323 qapi_VncClientInfo_base(info),
324 &err);
325 if (err) {
326 error_free(err);
327 qapi_free_VncClientInfo(info);
328 return NULL;
329 }
330
331 info->websocket = client->websocket;
332
333 if (client->tls) {
334 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
335 info->has_x509_dname = info->x509_dname != NULL;
336 }
337 #ifdef CONFIG_VNC_SASL
338 if (client->sasl.conn && client->sasl.username) {
339 info->has_sasl_username = true;
340 info->sasl_username = g_strdup(client->sasl.username);
341 }
342 #endif
343
344 return info;
345 }
346
347 static VncDisplay *vnc_display_find(const char *id)
348 {
349 VncDisplay *vd;
350
351 if (id == NULL) {
352 return QTAILQ_FIRST(&vnc_displays);
353 }
354 QTAILQ_FOREACH(vd, &vnc_displays, next) {
355 if (strcmp(id, vd->id) == 0) {
356 return vd;
357 }
358 }
359 return NULL;
360 }
361
362 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
363 {
364 VncClientInfoList *cinfo, *prev = NULL;
365 VncState *client;
366
367 QTAILQ_FOREACH(client, &vd->clients, next) {
368 cinfo = g_new0(VncClientInfoList, 1);
369 cinfo->value = qmp_query_vnc_client(client);
370 cinfo->next = prev;
371 prev = cinfo;
372 }
373 return prev;
374 }
375
376 VncInfo *qmp_query_vnc(Error **errp)
377 {
378 VncInfo *info = g_malloc0(sizeof(*info));
379 VncDisplay *vd = vnc_display_find(NULL);
380 SocketAddress *addr = NULL;
381
382 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
383 info->enabled = false;
384 } else {
385 info->enabled = true;
386
387 /* for compatibility with the original command */
388 info->has_clients = true;
389 info->clients = qmp_query_client_list(vd);
390
391 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
392 errp);
393 if (!addr) {
394 goto out_error;
395 }
396
397 switch (addr->type) {
398 case SOCKET_ADDRESS_TYPE_INET:
399 info->host = g_strdup(addr->u.inet.host);
400 info->service = g_strdup(addr->u.inet.port);
401 if (addr->u.inet.ipv6) {
402 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
403 } else {
404 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
405 }
406 break;
407
408 case SOCKET_ADDRESS_TYPE_UNIX:
409 info->host = g_strdup("");
410 info->service = g_strdup(addr->u.q_unix.path);
411 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
412 break;
413
414 case SOCKET_ADDRESS_TYPE_VSOCK:
415 case SOCKET_ADDRESS_TYPE_FD:
416 error_setg(errp, "Unsupported socket address type %s",
417 SocketAddressType_str(addr->type));
418 goto out_error;
419 default:
420 abort();
421 }
422
423 info->has_host = true;
424 info->has_service = true;
425 info->has_family = true;
426
427 info->has_auth = true;
428 info->auth = g_strdup(vnc_auth_name(vd));
429 }
430
431 qapi_free_SocketAddress(addr);
432 return info;
433
434 out_error:
435 qapi_free_SocketAddress(addr);
436 qapi_free_VncInfo(info);
437 return NULL;
438 }
439
440
441 static void qmp_query_auth(int auth, int subauth,
442 VncPrimaryAuth *qmp_auth,
443 VncVencryptSubAuth *qmp_vencrypt,
444 bool *qmp_has_vencrypt);
445
446 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
447 bool websocket,
448 int auth,
449 int subauth,
450 VncServerInfo2List *prev)
451 {
452 VncServerInfo2List *list;
453 VncServerInfo2 *info;
454 Error *err = NULL;
455 SocketAddress *addr;
456
457 addr = qio_channel_socket_get_local_address(ioc, &err);
458 if (!addr) {
459 error_free(err);
460 return prev;
461 }
462
463 info = g_new0(VncServerInfo2, 1);
464 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
465 qapi_free_SocketAddress(addr);
466 if (err) {
467 qapi_free_VncServerInfo2(info);
468 error_free(err);
469 return prev;
470 }
471 info->websocket = websocket;
472
473 qmp_query_auth(auth, subauth, &info->auth,
474 &info->vencrypt, &info->has_vencrypt);
475
476 list = g_new0(VncServerInfo2List, 1);
477 list->value = info;
478 list->next = prev;
479 return list;
480 }
481
482 static void qmp_query_auth(int auth, int subauth,
483 VncPrimaryAuth *qmp_auth,
484 VncVencryptSubAuth *qmp_vencrypt,
485 bool *qmp_has_vencrypt)
486 {
487 switch (auth) {
488 case VNC_AUTH_VNC:
489 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
490 break;
491 case VNC_AUTH_RA2:
492 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
493 break;
494 case VNC_AUTH_RA2NE:
495 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
496 break;
497 case VNC_AUTH_TIGHT:
498 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
499 break;
500 case VNC_AUTH_ULTRA:
501 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
502 break;
503 case VNC_AUTH_TLS:
504 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
505 break;
506 case VNC_AUTH_VENCRYPT:
507 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
508 *qmp_has_vencrypt = true;
509 switch (subauth) {
510 case VNC_AUTH_VENCRYPT_PLAIN:
511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
512 break;
513 case VNC_AUTH_VENCRYPT_TLSNONE:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
515 break;
516 case VNC_AUTH_VENCRYPT_TLSVNC:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
518 break;
519 case VNC_AUTH_VENCRYPT_TLSPLAIN:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
521 break;
522 case VNC_AUTH_VENCRYPT_X509NONE:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
524 break;
525 case VNC_AUTH_VENCRYPT_X509VNC:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
527 break;
528 case VNC_AUTH_VENCRYPT_X509PLAIN:
529 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
530 break;
531 case VNC_AUTH_VENCRYPT_TLSSASL:
532 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
533 break;
534 case VNC_AUTH_VENCRYPT_X509SASL:
535 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
536 break;
537 default:
538 *qmp_has_vencrypt = false;
539 break;
540 }
541 break;
542 case VNC_AUTH_SASL:
543 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
544 break;
545 case VNC_AUTH_NONE:
546 default:
547 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
548 break;
549 }
550 }
551
552 VncInfo2List *qmp_query_vnc_servers(Error **errp)
553 {
554 VncInfo2List *item, *prev = NULL;
555 VncInfo2 *info;
556 VncDisplay *vd;
557 DeviceState *dev;
558 size_t i;
559
560 QTAILQ_FOREACH(vd, &vnc_displays, next) {
561 info = g_new0(VncInfo2, 1);
562 info->id = g_strdup(vd->id);
563 info->clients = qmp_query_client_list(vd);
564 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
565 &info->vencrypt, &info->has_vencrypt);
566 if (vd->dcl.con) {
567 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
568 "device", NULL));
569 info->has_display = true;
570 info->display = g_strdup(dev->id);
571 }
572 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
573 info->server = qmp_query_server_entry(
574 vd->listener->sioc[i], false, vd->auth, vd->subauth,
575 info->server);
576 }
577 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
578 info->server = qmp_query_server_entry(
579 vd->wslistener->sioc[i], true, vd->ws_auth,
580 vd->ws_subauth, info->server);
581 }
582
583 item = g_new0(VncInfo2List, 1);
584 item->value = info;
585 item->next = prev;
586 prev = item;
587 }
588 return prev;
589 }
590
591 /* TODO
592 1) Get the queue working for IO.
593 2) there is some weirdness when using the -S option (the screen is grey
594 and not totally invalidated
595 3) resolutions > 1024
596 */
597
598 static int vnc_update_client(VncState *vs, int has_dirty);
599 static void vnc_disconnect_start(VncState *vs);
600
601 static void vnc_colordepth(VncState *vs);
602 static void framebuffer_update_request(VncState *vs, int incremental,
603 int x_position, int y_position,
604 int w, int h);
605 static void vnc_refresh(DisplayChangeListener *dcl);
606 static int vnc_refresh_server_surface(VncDisplay *vd);
607
608 static int vnc_width(VncDisplay *vd)
609 {
610 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
611 VNC_DIRTY_PIXELS_PER_BIT));
612 }
613
614 static int vnc_height(VncDisplay *vd)
615 {
616 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
617 }
618
619 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
620 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
621 VncDisplay *vd,
622 int x, int y, int w, int h)
623 {
624 int width = vnc_width(vd);
625 int height = vnc_height(vd);
626
627 /* this is needed this to ensure we updated all affected
628 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
629 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
630 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
631
632 x = MIN(x, width);
633 y = MIN(y, height);
634 w = MIN(x + w, width) - x;
635 h = MIN(y + h, height);
636
637 for (; y < h; y++) {
638 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
639 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
640 }
641 }
642
643 static void vnc_dpy_update(DisplayChangeListener *dcl,
644 int x, int y, int w, int h)
645 {
646 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
647 struct VncSurface *s = &vd->guest;
648
649 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
650 }
651
652 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
653 int32_t encoding)
654 {
655 vnc_write_u16(vs, x);
656 vnc_write_u16(vs, y);
657 vnc_write_u16(vs, w);
658 vnc_write_u16(vs, h);
659
660 vnc_write_s32(vs, encoding);
661 }
662
663
664 static void vnc_desktop_resize(VncState *vs)
665 {
666 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
667 return;
668 }
669 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
670 vs->client_height == pixman_image_get_height(vs->vd->server)) {
671 return;
672 }
673
674 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
675 pixman_image_get_width(vs->vd->server) >= 0);
676 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
677 pixman_image_get_height(vs->vd->server) >= 0);
678 vs->client_width = pixman_image_get_width(vs->vd->server);
679 vs->client_height = pixman_image_get_height(vs->vd->server);
680 vnc_lock_output(vs);
681 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
682 vnc_write_u8(vs, 0);
683 vnc_write_u16(vs, 1); /* number of rects */
684 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
685 VNC_ENCODING_DESKTOPRESIZE);
686 vnc_unlock_output(vs);
687 vnc_flush(vs);
688 }
689
690 static void vnc_abort_display_jobs(VncDisplay *vd)
691 {
692 VncState *vs;
693
694 QTAILQ_FOREACH(vs, &vd->clients, next) {
695 vnc_lock_output(vs);
696 vs->abort = true;
697 vnc_unlock_output(vs);
698 }
699 QTAILQ_FOREACH(vs, &vd->clients, next) {
700 vnc_jobs_join(vs);
701 }
702 QTAILQ_FOREACH(vs, &vd->clients, next) {
703 vnc_lock_output(vs);
704 vs->abort = false;
705 vnc_unlock_output(vs);
706 }
707 }
708
709 int vnc_server_fb_stride(VncDisplay *vd)
710 {
711 return pixman_image_get_stride(vd->server);
712 }
713
714 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
715 {
716 uint8_t *ptr;
717
718 ptr = (uint8_t *)pixman_image_get_data(vd->server);
719 ptr += y * vnc_server_fb_stride(vd);
720 ptr += x * VNC_SERVER_FB_BYTES;
721 return ptr;
722 }
723
724 static void vnc_update_server_surface(VncDisplay *vd)
725 {
726 int width, height;
727
728 qemu_pixman_image_unref(vd->server);
729 vd->server = NULL;
730
731 if (QTAILQ_EMPTY(&vd->clients)) {
732 return;
733 }
734
735 width = vnc_width(vd);
736 height = vnc_height(vd);
737 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
738 width, height,
739 NULL, 0);
740
741 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
742 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
743 width, height);
744 }
745
746 static void vnc_dpy_switch(DisplayChangeListener *dcl,
747 DisplaySurface *surface)
748 {
749 static const char placeholder_msg[] =
750 "Display output is not active.";
751 static DisplaySurface *placeholder;
752 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
753 VncState *vs;
754
755 if (surface == NULL) {
756 if (placeholder == NULL) {
757 placeholder = qemu_create_message_surface(640, 480, placeholder_msg);
758 }
759 surface = placeholder;
760 }
761
762 vnc_abort_display_jobs(vd);
763 vd->ds = surface;
764
765 /* server surface */
766 vnc_update_server_surface(vd);
767
768 /* guest surface */
769 qemu_pixman_image_unref(vd->guest.fb);
770 vd->guest.fb = pixman_image_ref(surface->image);
771 vd->guest.format = surface->format;
772
773 QTAILQ_FOREACH(vs, &vd->clients, next) {
774 vnc_colordepth(vs);
775 vnc_desktop_resize(vs);
776 if (vs->vd->cursor) {
777 vnc_cursor_define(vs);
778 }
779 memset(vs->dirty, 0x00, sizeof(vs->dirty));
780 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
781 vnc_width(vd),
782 vnc_height(vd));
783 vnc_update_throttle_offset(vs);
784 }
785 }
786
787 /* fastest code */
788 static void vnc_write_pixels_copy(VncState *vs,
789 void *pixels, int size)
790 {
791 vnc_write(vs, pixels, size);
792 }
793
794 /* slowest but generic code. */
795 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
796 {
797 uint8_t r, g, b;
798
799 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
800 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
801 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
802 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
803 #else
804 # error need some bits here if you change VNC_SERVER_FB_FORMAT
805 #endif
806 v = (r << vs->client_pf.rshift) |
807 (g << vs->client_pf.gshift) |
808 (b << vs->client_pf.bshift);
809 switch (vs->client_pf.bytes_per_pixel) {
810 case 1:
811 buf[0] = v;
812 break;
813 case 2:
814 if (vs->client_be) {
815 buf[0] = v >> 8;
816 buf[1] = v;
817 } else {
818 buf[1] = v >> 8;
819 buf[0] = v;
820 }
821 break;
822 default:
823 case 4:
824 if (vs->client_be) {
825 buf[0] = v >> 24;
826 buf[1] = v >> 16;
827 buf[2] = v >> 8;
828 buf[3] = v;
829 } else {
830 buf[3] = v >> 24;
831 buf[2] = v >> 16;
832 buf[1] = v >> 8;
833 buf[0] = v;
834 }
835 break;
836 }
837 }
838
839 static void vnc_write_pixels_generic(VncState *vs,
840 void *pixels1, int size)
841 {
842 uint8_t buf[4];
843
844 if (VNC_SERVER_FB_BYTES == 4) {
845 uint32_t *pixels = pixels1;
846 int n, i;
847 n = size >> 2;
848 for (i = 0; i < n; i++) {
849 vnc_convert_pixel(vs, buf, pixels[i]);
850 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
851 }
852 }
853 }
854
855 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
856 {
857 int i;
858 uint8_t *row;
859 VncDisplay *vd = vs->vd;
860
861 row = vnc_server_fb_ptr(vd, x, y);
862 for (i = 0; i < h; i++) {
863 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
864 row += vnc_server_fb_stride(vd);
865 }
866 return 1;
867 }
868
869 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
870 {
871 int n = 0;
872 bool encode_raw = false;
873 size_t saved_offs = vs->output.offset;
874
875 switch(vs->vnc_encoding) {
876 case VNC_ENCODING_ZLIB:
877 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
878 break;
879 case VNC_ENCODING_HEXTILE:
880 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
881 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
882 break;
883 case VNC_ENCODING_TIGHT:
884 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
885 break;
886 case VNC_ENCODING_TIGHT_PNG:
887 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
888 break;
889 case VNC_ENCODING_ZRLE:
890 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
891 break;
892 case VNC_ENCODING_ZYWRLE:
893 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
894 break;
895 default:
896 encode_raw = true;
897 break;
898 }
899
900 /* If the client has the same pixel format as our internal buffer and
901 * a RAW encoding would need less space fall back to RAW encoding to
902 * save bandwidth and processing power in the client. */
903 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
904 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
905 vs->output.offset = saved_offs;
906 encode_raw = true;
907 }
908
909 if (encode_raw) {
910 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
911 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
912 }
913
914 return n;
915 }
916
917 static void vnc_mouse_set(DisplayChangeListener *dcl,
918 int x, int y, int visible)
919 {
920 /* can we ask the client(s) to move the pointer ??? */
921 }
922
923 static int vnc_cursor_define(VncState *vs)
924 {
925 QEMUCursor *c = vs->vd->cursor;
926 int isize;
927
928 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
929 vnc_lock_output(vs);
930 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
931 vnc_write_u8(vs, 0); /* padding */
932 vnc_write_u16(vs, 1); /* # of rects */
933 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
934 VNC_ENCODING_RICH_CURSOR);
935 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
936 vnc_write_pixels_generic(vs, c->data, isize);
937 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
938 vnc_unlock_output(vs);
939 return 0;
940 }
941 return -1;
942 }
943
944 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
945 QEMUCursor *c)
946 {
947 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
948 VncState *vs;
949
950 cursor_put(vd->cursor);
951 g_free(vd->cursor_mask);
952
953 vd->cursor = c;
954 cursor_get(vd->cursor);
955 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
956 vd->cursor_mask = g_malloc0(vd->cursor_msize);
957 cursor_get_mono_mask(c, 0, vd->cursor_mask);
958
959 QTAILQ_FOREACH(vs, &vd->clients, next) {
960 vnc_cursor_define(vs);
961 }
962 }
963
964 static int find_and_clear_dirty_height(VncState *vs,
965 int y, int last_x, int x, int height)
966 {
967 int h;
968
969 for (h = 1; h < (height - y); h++) {
970 if (!test_bit(last_x, vs->dirty[y + h])) {
971 break;
972 }
973 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
974 }
975
976 return h;
977 }
978
979 /*
980 * Figure out how much pending data we should allow in the output
981 * buffer before we throttle incremental display updates, and/or
982 * drop audio samples.
983 *
984 * We allow for equiv of 1 full display's worth of FB updates,
985 * and 1 second of audio samples. If audio backlog was larger
986 * than that the client would already suffering awful audio
987 * glitches, so dropping samples is no worse really).
988 */
989 static void vnc_update_throttle_offset(VncState *vs)
990 {
991 size_t offset =
992 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
993
994 if (vs->audio_cap) {
995 int bps;
996 switch (vs->as.fmt) {
997 default:
998 case AUD_FMT_U8:
999 case AUD_FMT_S8:
1000 bps = 1;
1001 break;
1002 case AUD_FMT_U16:
1003 case AUD_FMT_S16:
1004 bps = 2;
1005 break;
1006 case AUD_FMT_U32:
1007 case AUD_FMT_S32:
1008 bps = 4;
1009 break;
1010 }
1011 offset += vs->as.freq * bps * vs->as.nchannels;
1012 }
1013
1014 /* Put a floor of 1MB on offset, so that if we have a large pending
1015 * buffer and the display is resized to a small size & back again
1016 * we don't suddenly apply a tiny send limit
1017 */
1018 offset = MAX(offset, 1024 * 1024);
1019
1020 if (vs->throttle_output_offset != offset) {
1021 trace_vnc_client_throttle_threshold(
1022 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1023 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1024 }
1025
1026 vs->throttle_output_offset = offset;
1027 }
1028
1029 static bool vnc_should_update(VncState *vs)
1030 {
1031 switch (vs->update) {
1032 case VNC_STATE_UPDATE_NONE:
1033 break;
1034 case VNC_STATE_UPDATE_INCREMENTAL:
1035 /* Only allow incremental updates if the pending send queue
1036 * is less than the permitted threshold, and the job worker
1037 * is completely idle.
1038 */
1039 if (vs->output.offset < vs->throttle_output_offset &&
1040 vs->job_update == VNC_STATE_UPDATE_NONE) {
1041 return true;
1042 }
1043 trace_vnc_client_throttle_incremental(
1044 vs, vs->ioc, vs->job_update, vs->output.offset);
1045 break;
1046 case VNC_STATE_UPDATE_FORCE:
1047 /* Only allow forced updates if the pending send queue
1048 * does not contain a previous forced update, and the
1049 * job worker is completely idle.
1050 *
1051 * Note this means we'll queue a forced update, even if
1052 * the output buffer size is otherwise over the throttle
1053 * output limit.
1054 */
1055 if (vs->force_update_offset == 0 &&
1056 vs->job_update == VNC_STATE_UPDATE_NONE) {
1057 return true;
1058 }
1059 trace_vnc_client_throttle_forced(
1060 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1061 break;
1062 }
1063 return false;
1064 }
1065
1066 static int vnc_update_client(VncState *vs, int has_dirty)
1067 {
1068 VncDisplay *vd = vs->vd;
1069 VncJob *job;
1070 int y;
1071 int height, width;
1072 int n = 0;
1073
1074 if (vs->disconnecting) {
1075 vnc_disconnect_finish(vs);
1076 return 0;
1077 }
1078
1079 vs->has_dirty += has_dirty;
1080 if (!vnc_should_update(vs)) {
1081 return 0;
1082 }
1083
1084 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1085 return 0;
1086 }
1087
1088 /*
1089 * Send screen updates to the vnc client using the server
1090 * surface and server dirty map. guest surface updates
1091 * happening in parallel don't disturb us, the next pass will
1092 * send them to the client.
1093 */
1094 job = vnc_job_new(vs);
1095
1096 height = pixman_image_get_height(vd->server);
1097 width = pixman_image_get_width(vd->server);
1098
1099 y = 0;
1100 for (;;) {
1101 int x, h;
1102 unsigned long x2;
1103 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1104 height * VNC_DIRTY_BPL(vs),
1105 y * VNC_DIRTY_BPL(vs));
1106 if (offset == height * VNC_DIRTY_BPL(vs)) {
1107 /* no more dirty bits */
1108 break;
1109 }
1110 y = offset / VNC_DIRTY_BPL(vs);
1111 x = offset % VNC_DIRTY_BPL(vs);
1112 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1113 VNC_DIRTY_BPL(vs), x);
1114 bitmap_clear(vs->dirty[y], x, x2 - x);
1115 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1116 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1117 if (x2 > x) {
1118 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1119 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1120 }
1121 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1122 y += h;
1123 if (y == height) {
1124 break;
1125 }
1126 }
1127 }
1128
1129 vs->job_update = vs->update;
1130 vs->update = VNC_STATE_UPDATE_NONE;
1131 vnc_job_push(job);
1132 vs->has_dirty = 0;
1133 return n;
1134 }
1135
1136 /* audio */
1137 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1138 {
1139 VncState *vs = opaque;
1140
1141 assert(vs->magic == VNC_MAGIC);
1142 switch (cmd) {
1143 case AUD_CNOTIFY_DISABLE:
1144 vnc_lock_output(vs);
1145 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1146 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1147 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1148 vnc_unlock_output(vs);
1149 vnc_flush(vs);
1150 break;
1151
1152 case AUD_CNOTIFY_ENABLE:
1153 vnc_lock_output(vs);
1154 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1155 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1156 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1157 vnc_unlock_output(vs);
1158 vnc_flush(vs);
1159 break;
1160 }
1161 }
1162
1163 static void audio_capture_destroy(void *opaque)
1164 {
1165 }
1166
1167 static void audio_capture(void *opaque, void *buf, int size)
1168 {
1169 VncState *vs = opaque;
1170
1171 assert(vs->magic == VNC_MAGIC);
1172 vnc_lock_output(vs);
1173 if (vs->output.offset < vs->throttle_output_offset) {
1174 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1175 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1176 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1177 vnc_write_u32(vs, size);
1178 vnc_write(vs, buf, size);
1179 } else {
1180 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1181 }
1182 vnc_unlock_output(vs);
1183 vnc_flush(vs);
1184 }
1185
1186 static void audio_add(VncState *vs)
1187 {
1188 struct audio_capture_ops ops;
1189
1190 if (vs->audio_cap) {
1191 error_report("audio already running");
1192 return;
1193 }
1194
1195 ops.notify = audio_capture_notify;
1196 ops.destroy = audio_capture_destroy;
1197 ops.capture = audio_capture;
1198
1199 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1200 if (!vs->audio_cap) {
1201 error_report("Failed to add audio capture");
1202 }
1203 }
1204
1205 static void audio_del(VncState *vs)
1206 {
1207 if (vs->audio_cap) {
1208 AUD_del_capture(vs->audio_cap, vs);
1209 vs->audio_cap = NULL;
1210 }
1211 }
1212
1213 static void vnc_disconnect_start(VncState *vs)
1214 {
1215 if (vs->disconnecting) {
1216 return;
1217 }
1218 trace_vnc_client_disconnect_start(vs, vs->ioc);
1219 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1220 if (vs->ioc_tag) {
1221 g_source_remove(vs->ioc_tag);
1222 vs->ioc_tag = 0;
1223 }
1224 qio_channel_close(vs->ioc, NULL);
1225 vs->disconnecting = TRUE;
1226 }
1227
1228 void vnc_disconnect_finish(VncState *vs)
1229 {
1230 int i;
1231
1232 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1233
1234 vnc_jobs_join(vs); /* Wait encoding jobs */
1235
1236 vnc_lock_output(vs);
1237 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1238
1239 buffer_free(&vs->input);
1240 buffer_free(&vs->output);
1241
1242 qapi_free_VncClientInfo(vs->info);
1243
1244 vnc_zlib_clear(vs);
1245 vnc_tight_clear(vs);
1246 vnc_zrle_clear(vs);
1247
1248 #ifdef CONFIG_VNC_SASL
1249 vnc_sasl_client_cleanup(vs);
1250 #endif /* CONFIG_VNC_SASL */
1251 audio_del(vs);
1252 vnc_release_modifiers(vs);
1253
1254 if (vs->mouse_mode_notifier.notify != NULL) {
1255 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1256 }
1257 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1258 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1259 /* last client gone */
1260 vnc_update_server_surface(vs->vd);
1261 }
1262
1263 vnc_unlock_output(vs);
1264
1265 qemu_mutex_destroy(&vs->output_mutex);
1266 if (vs->bh != NULL) {
1267 qemu_bh_delete(vs->bh);
1268 }
1269 buffer_free(&vs->jobs_buffer);
1270
1271 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1272 g_free(vs->lossy_rect[i]);
1273 }
1274 g_free(vs->lossy_rect);
1275
1276 object_unref(OBJECT(vs->ioc));
1277 vs->ioc = NULL;
1278 object_unref(OBJECT(vs->sioc));
1279 vs->sioc = NULL;
1280 vs->magic = 0;
1281 g_free(vs);
1282 }
1283
1284 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1285 {
1286 if (ret <= 0) {
1287 if (ret == 0) {
1288 trace_vnc_client_eof(vs, vs->ioc);
1289 vnc_disconnect_start(vs);
1290 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1291 trace_vnc_client_io_error(vs, vs->ioc,
1292 errp ? error_get_pretty(*errp) :
1293 "Unknown");
1294 vnc_disconnect_start(vs);
1295 }
1296
1297 if (errp) {
1298 error_free(*errp);
1299 *errp = NULL;
1300 }
1301 return 0;
1302 }
1303 return ret;
1304 }
1305
1306
1307 void vnc_client_error(VncState *vs)
1308 {
1309 VNC_DEBUG("Closing down client sock: protocol error\n");
1310 vnc_disconnect_start(vs);
1311 }
1312
1313
1314 /*
1315 * Called to write a chunk of data to the client socket. The data may
1316 * be the raw data, or may have already been encoded by SASL.
1317 * The data will be written either straight onto the socket, or
1318 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1319 *
1320 * NB, it is theoretically possible to have 2 layers of encryption,
1321 * both SASL, and this TLS layer. It is highly unlikely in practice
1322 * though, since SASL encryption will typically be a no-op if TLS
1323 * is active
1324 *
1325 * Returns the number of bytes written, which may be less than
1326 * the requested 'datalen' if the socket would block. Returns
1327 * 0 on I/O error, and disconnects the client socket.
1328 */
1329 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1330 {
1331 Error *err = NULL;
1332 ssize_t ret;
1333 ret = qio_channel_write(
1334 vs->ioc, (const char *)data, datalen, &err);
1335 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1336 return vnc_client_io_error(vs, ret, &err);
1337 }
1338
1339
1340 /*
1341 * Called to write buffered data to the client socket, when not
1342 * using any SASL SSF encryption layers. Will write as much data
1343 * as possible without blocking. If all buffered data is written,
1344 * will switch the FD poll() handler back to read monitoring.
1345 *
1346 * Returns the number of bytes written, which may be less than
1347 * the buffered output data if the socket would block. Returns
1348 * 0 on I/O error, and disconnects the client socket.
1349 */
1350 static size_t vnc_client_write_plain(VncState *vs)
1351 {
1352 size_t offset;
1353 size_t ret;
1354
1355 #ifdef CONFIG_VNC_SASL
1356 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1357 vs->output.buffer, vs->output.capacity, vs->output.offset,
1358 vs->sasl.waitWriteSSF);
1359
1360 if (vs->sasl.conn &&
1361 vs->sasl.runSSF &&
1362 vs->sasl.waitWriteSSF) {
1363 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1364 if (ret)
1365 vs->sasl.waitWriteSSF -= ret;
1366 } else
1367 #endif /* CONFIG_VNC_SASL */
1368 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1369 if (!ret)
1370 return 0;
1371
1372 if (ret >= vs->force_update_offset) {
1373 if (vs->force_update_offset != 0) {
1374 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1375 }
1376 vs->force_update_offset = 0;
1377 } else {
1378 vs->force_update_offset -= ret;
1379 }
1380 offset = vs->output.offset;
1381 buffer_advance(&vs->output, ret);
1382 if (offset >= vs->throttle_output_offset &&
1383 vs->output.offset < vs->throttle_output_offset) {
1384 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1385 }
1386
1387 if (vs->output.offset == 0) {
1388 if (vs->ioc_tag) {
1389 g_source_remove(vs->ioc_tag);
1390 }
1391 vs->ioc_tag = qio_channel_add_watch(
1392 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1393 }
1394
1395 return ret;
1396 }
1397
1398
1399 /*
1400 * First function called whenever there is data to be written to
1401 * the client socket. Will delegate actual work according to whether
1402 * SASL SSF layers are enabled (thus requiring encryption calls)
1403 */
1404 static void vnc_client_write_locked(VncState *vs)
1405 {
1406 #ifdef CONFIG_VNC_SASL
1407 if (vs->sasl.conn &&
1408 vs->sasl.runSSF &&
1409 !vs->sasl.waitWriteSSF) {
1410 vnc_client_write_sasl(vs);
1411 } else
1412 #endif /* CONFIG_VNC_SASL */
1413 {
1414 vnc_client_write_plain(vs);
1415 }
1416 }
1417
1418 static void vnc_client_write(VncState *vs)
1419 {
1420 assert(vs->magic == VNC_MAGIC);
1421 vnc_lock_output(vs);
1422 if (vs->output.offset) {
1423 vnc_client_write_locked(vs);
1424 } else if (vs->ioc != NULL) {
1425 if (vs->ioc_tag) {
1426 g_source_remove(vs->ioc_tag);
1427 }
1428 vs->ioc_tag = qio_channel_add_watch(
1429 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1430 }
1431 vnc_unlock_output(vs);
1432 }
1433
1434 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1435 {
1436 vs->read_handler = func;
1437 vs->read_handler_expect = expecting;
1438 }
1439
1440
1441 /*
1442 * Called to read a chunk of data from the client socket. The data may
1443 * be the raw data, or may need to be further decoded by SASL.
1444 * The data will be read either straight from to the socket, or
1445 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1446 *
1447 * NB, it is theoretically possible to have 2 layers of encryption,
1448 * both SASL, and this TLS layer. It is highly unlikely in practice
1449 * though, since SASL encryption will typically be a no-op if TLS
1450 * is active
1451 *
1452 * Returns the number of bytes read, which may be less than
1453 * the requested 'datalen' if the socket would block. Returns
1454 * 0 on I/O error or EOF, and disconnects the client socket.
1455 */
1456 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1457 {
1458 ssize_t ret;
1459 Error *err = NULL;
1460 ret = qio_channel_read(
1461 vs->ioc, (char *)data, datalen, &err);
1462 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1463 return vnc_client_io_error(vs, ret, &err);
1464 }
1465
1466
1467 /*
1468 * Called to read data from the client socket to the input buffer,
1469 * when not using any SASL SSF encryption layers. Will read as much
1470 * data as possible without blocking.
1471 *
1472 * Returns the number of bytes read, which may be less than
1473 * the requested 'datalen' if the socket would block. Returns
1474 * 0 on I/O error or EOF, and disconnects the client socket.
1475 */
1476 static size_t vnc_client_read_plain(VncState *vs)
1477 {
1478 size_t ret;
1479 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1480 vs->input.buffer, vs->input.capacity, vs->input.offset);
1481 buffer_reserve(&vs->input, 4096);
1482 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1483 if (!ret)
1484 return 0;
1485 vs->input.offset += ret;
1486 return ret;
1487 }
1488
1489 static void vnc_jobs_bh(void *opaque)
1490 {
1491 VncState *vs = opaque;
1492
1493 assert(vs->magic == VNC_MAGIC);
1494 vnc_jobs_consume_buffer(vs);
1495 }
1496
1497 /*
1498 * First function called whenever there is more data to be read from
1499 * the client socket. Will delegate actual work according to whether
1500 * SASL SSF layers are enabled (thus requiring decryption calls)
1501 * Returns 0 on success, -1 if client disconnected
1502 */
1503 static int vnc_client_read(VncState *vs)
1504 {
1505 size_t ret;
1506
1507 #ifdef CONFIG_VNC_SASL
1508 if (vs->sasl.conn && vs->sasl.runSSF)
1509 ret = vnc_client_read_sasl(vs);
1510 else
1511 #endif /* CONFIG_VNC_SASL */
1512 ret = vnc_client_read_plain(vs);
1513 if (!ret) {
1514 if (vs->disconnecting) {
1515 vnc_disconnect_finish(vs);
1516 return -1;
1517 }
1518 return 0;
1519 }
1520
1521 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1522 size_t len = vs->read_handler_expect;
1523 int ret;
1524
1525 ret = vs->read_handler(vs, vs->input.buffer, len);
1526 if (vs->disconnecting) {
1527 vnc_disconnect_finish(vs);
1528 return -1;
1529 }
1530
1531 if (!ret) {
1532 buffer_advance(&vs->input, len);
1533 } else {
1534 vs->read_handler_expect = ret;
1535 }
1536 }
1537 return 0;
1538 }
1539
1540 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1541 GIOCondition condition, void *opaque)
1542 {
1543 VncState *vs = opaque;
1544
1545 assert(vs->magic == VNC_MAGIC);
1546 if (condition & G_IO_IN) {
1547 if (vnc_client_read(vs) < 0) {
1548 /* vs is free()ed here */
1549 return TRUE;
1550 }
1551 }
1552 if (condition & G_IO_OUT) {
1553 vnc_client_write(vs);
1554 }
1555
1556 if (vs->disconnecting) {
1557 if (vs->ioc_tag != 0) {
1558 g_source_remove(vs->ioc_tag);
1559 }
1560 vs->ioc_tag = 0;
1561 }
1562 return TRUE;
1563 }
1564
1565
1566 /*
1567 * Scale factor to apply to vs->throttle_output_offset when checking for
1568 * hard limit. Worst case normal usage could be x2, if we have a complete
1569 * incremental update and complete forced update in the output buffer.
1570 * So x3 should be good enough, but we pick x5 to be conservative and thus
1571 * (hopefully) never trigger incorrectly.
1572 */
1573 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1574
1575 void vnc_write(VncState *vs, const void *data, size_t len)
1576 {
1577 assert(vs->magic == VNC_MAGIC);
1578 if (vs->disconnecting) {
1579 return;
1580 }
1581 /* Protection against malicious client/guest to prevent our output
1582 * buffer growing without bound if client stops reading data. This
1583 * should rarely trigger, because we have earlier throttling code
1584 * which stops issuing framebuffer updates and drops audio data
1585 * if the throttle_output_offset value is exceeded. So we only reach
1586 * this higher level if a huge number of pseudo-encodings get
1587 * triggered while data can't be sent on the socket.
1588 *
1589 * NB throttle_output_offset can be zero during early protocol
1590 * handshake, or from the job thread's VncState clone
1591 */
1592 if (vs->throttle_output_offset != 0 &&
1593 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1594 vs->throttle_output_offset) {
1595 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1596 vs->throttle_output_offset);
1597 vnc_disconnect_start(vs);
1598 return;
1599 }
1600 buffer_reserve(&vs->output, len);
1601
1602 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1603 if (vs->ioc_tag) {
1604 g_source_remove(vs->ioc_tag);
1605 }
1606 vs->ioc_tag = qio_channel_add_watch(
1607 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1608 }
1609
1610 buffer_append(&vs->output, data, len);
1611 }
1612
1613 void vnc_write_s32(VncState *vs, int32_t value)
1614 {
1615 vnc_write_u32(vs, *(uint32_t *)&value);
1616 }
1617
1618 void vnc_write_u32(VncState *vs, uint32_t value)
1619 {
1620 uint8_t buf[4];
1621
1622 buf[0] = (value >> 24) & 0xFF;
1623 buf[1] = (value >> 16) & 0xFF;
1624 buf[2] = (value >> 8) & 0xFF;
1625 buf[3] = value & 0xFF;
1626
1627 vnc_write(vs, buf, 4);
1628 }
1629
1630 void vnc_write_u16(VncState *vs, uint16_t value)
1631 {
1632 uint8_t buf[2];
1633
1634 buf[0] = (value >> 8) & 0xFF;
1635 buf[1] = value & 0xFF;
1636
1637 vnc_write(vs, buf, 2);
1638 }
1639
1640 void vnc_write_u8(VncState *vs, uint8_t value)
1641 {
1642 vnc_write(vs, (char *)&value, 1);
1643 }
1644
1645 void vnc_flush(VncState *vs)
1646 {
1647 vnc_lock_output(vs);
1648 if (vs->ioc != NULL && vs->output.offset) {
1649 vnc_client_write_locked(vs);
1650 }
1651 if (vs->disconnecting) {
1652 if (vs->ioc_tag != 0) {
1653 g_source_remove(vs->ioc_tag);
1654 }
1655 vs->ioc_tag = 0;
1656 }
1657 vnc_unlock_output(vs);
1658 }
1659
1660 static uint8_t read_u8(uint8_t *data, size_t offset)
1661 {
1662 return data[offset];
1663 }
1664
1665 static uint16_t read_u16(uint8_t *data, size_t offset)
1666 {
1667 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1668 }
1669
1670 static int32_t read_s32(uint8_t *data, size_t offset)
1671 {
1672 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1673 (data[offset + 2] << 8) | data[offset + 3]);
1674 }
1675
1676 uint32_t read_u32(uint8_t *data, size_t offset)
1677 {
1678 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1679 (data[offset + 2] << 8) | data[offset + 3]);
1680 }
1681
1682 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1683 {
1684 }
1685
1686 static void check_pointer_type_change(Notifier *notifier, void *data)
1687 {
1688 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1689 int absolute = qemu_input_is_absolute();
1690
1691 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1692 vnc_lock_output(vs);
1693 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1694 vnc_write_u8(vs, 0);
1695 vnc_write_u16(vs, 1);
1696 vnc_framebuffer_update(vs, absolute, 0,
1697 pixman_image_get_width(vs->vd->server),
1698 pixman_image_get_height(vs->vd->server),
1699 VNC_ENCODING_POINTER_TYPE_CHANGE);
1700 vnc_unlock_output(vs);
1701 vnc_flush(vs);
1702 }
1703 vs->absolute = absolute;
1704 }
1705
1706 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1707 {
1708 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1709 [INPUT_BUTTON_LEFT] = 0x01,
1710 [INPUT_BUTTON_MIDDLE] = 0x02,
1711 [INPUT_BUTTON_RIGHT] = 0x04,
1712 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1713 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1714 };
1715 QemuConsole *con = vs->vd->dcl.con;
1716 int width = pixman_image_get_width(vs->vd->server);
1717 int height = pixman_image_get_height(vs->vd->server);
1718
1719 if (vs->last_bmask != button_mask) {
1720 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1721 vs->last_bmask = button_mask;
1722 }
1723
1724 if (vs->absolute) {
1725 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1726 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1727 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1728 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1729 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1730 } else {
1731 if (vs->last_x != -1) {
1732 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1733 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1734 }
1735 vs->last_x = x;
1736 vs->last_y = y;
1737 }
1738 qemu_input_event_sync();
1739 }
1740
1741 static void reset_keys(VncState *vs)
1742 {
1743 int i;
1744 for(i = 0; i < 256; i++) {
1745 if (vs->modifiers_state[i]) {
1746 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1747 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1748 vs->modifiers_state[i] = 0;
1749 }
1750 }
1751 }
1752
1753 static void press_key(VncState *vs, int keysym)
1754 {
1755 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym,
1756 false, false, false) & SCANCODE_KEYMASK;
1757 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1758 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1759 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1760 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1761 }
1762
1763 static void vnc_led_state_change(VncState *vs)
1764 {
1765 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1766 return;
1767 }
1768
1769 vnc_lock_output(vs);
1770 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1771 vnc_write_u8(vs, 0);
1772 vnc_write_u16(vs, 1);
1773 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1774 vnc_write_u8(vs, vs->vd->ledstate);
1775 vnc_unlock_output(vs);
1776 vnc_flush(vs);
1777 }
1778
1779 static void kbd_leds(void *opaque, int ledstate)
1780 {
1781 VncDisplay *vd = opaque;
1782 VncState *client;
1783
1784 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1785 (ledstate & QEMU_NUM_LOCK_LED),
1786 (ledstate & QEMU_SCROLL_LOCK_LED));
1787
1788 if (ledstate == vd->ledstate) {
1789 return;
1790 }
1791
1792 vd->ledstate = ledstate;
1793
1794 QTAILQ_FOREACH(client, &vd->clients, next) {
1795 vnc_led_state_change(client);
1796 }
1797 }
1798
1799 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1800 {
1801 /* QEMU console switch */
1802 switch(keycode) {
1803 case 0x2a: /* Left Shift */
1804 case 0x36: /* Right Shift */
1805 case 0x1d: /* Left CTRL */
1806 case 0x9d: /* Right CTRL */
1807 case 0x38: /* Left ALT */
1808 case 0xb8: /* Right ALT */
1809 if (down)
1810 vs->modifiers_state[keycode] = 1;
1811 else
1812 vs->modifiers_state[keycode] = 0;
1813 break;
1814 case 0x02 ... 0x0a: /* '1' to '9' keys */
1815 if (vs->vd->dcl.con == NULL &&
1816 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1817 /* Reset the modifiers sent to the current console */
1818 reset_keys(vs);
1819 console_select(keycode - 0x02);
1820 return;
1821 }
1822 break;
1823 case 0x3a: /* CapsLock */
1824 case 0x45: /* NumLock */
1825 if (down)
1826 vs->modifiers_state[keycode] ^= 1;
1827 break;
1828 }
1829
1830 /* Turn off the lock state sync logic if the client support the led
1831 state extension.
1832 */
1833 if (down && vs->vd->lock_key_sync &&
1834 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1835 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1836 /* If the numlock state needs to change then simulate an additional
1837 keypress before sending this one. This will happen if the user
1838 toggles numlock away from the VNC window.
1839 */
1840 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1841 if (!vs->modifiers_state[0x45]) {
1842 trace_vnc_key_sync_numlock(true);
1843 vs->modifiers_state[0x45] = 1;
1844 press_key(vs, 0xff7f);
1845 }
1846 } else {
1847 if (vs->modifiers_state[0x45]) {
1848 trace_vnc_key_sync_numlock(false);
1849 vs->modifiers_state[0x45] = 0;
1850 press_key(vs, 0xff7f);
1851 }
1852 }
1853 }
1854
1855 if (down && vs->vd->lock_key_sync &&
1856 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1857 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1858 /* If the capslock state needs to change then simulate an additional
1859 keypress before sending this one. This will happen if the user
1860 toggles capslock away from the VNC window.
1861 */
1862 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1863 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1864 int capslock = !!(vs->modifiers_state[0x3a]);
1865 if (capslock) {
1866 if (uppercase == shift) {
1867 trace_vnc_key_sync_capslock(false);
1868 vs->modifiers_state[0x3a] = 0;
1869 press_key(vs, 0xffe5);
1870 }
1871 } else {
1872 if (uppercase != shift) {
1873 trace_vnc_key_sync_capslock(true);
1874 vs->modifiers_state[0x3a] = 1;
1875 press_key(vs, 0xffe5);
1876 }
1877 }
1878 }
1879
1880 if (qemu_console_is_graphic(NULL)) {
1881 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1882 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1883 } else {
1884 bool numlock = vs->modifiers_state[0x45];
1885 bool control = (vs->modifiers_state[0x1d] ||
1886 vs->modifiers_state[0x9d]);
1887 /* QEMU console emulation */
1888 if (down) {
1889 switch (keycode) {
1890 case 0x2a: /* Left Shift */
1891 case 0x36: /* Right Shift */
1892 case 0x1d: /* Left CTRL */
1893 case 0x9d: /* Right CTRL */
1894 case 0x38: /* Left ALT */
1895 case 0xb8: /* Right ALT */
1896 break;
1897 case 0xc8:
1898 kbd_put_keysym(QEMU_KEY_UP);
1899 break;
1900 case 0xd0:
1901 kbd_put_keysym(QEMU_KEY_DOWN);
1902 break;
1903 case 0xcb:
1904 kbd_put_keysym(QEMU_KEY_LEFT);
1905 break;
1906 case 0xcd:
1907 kbd_put_keysym(QEMU_KEY_RIGHT);
1908 break;
1909 case 0xd3:
1910 kbd_put_keysym(QEMU_KEY_DELETE);
1911 break;
1912 case 0xc7:
1913 kbd_put_keysym(QEMU_KEY_HOME);
1914 break;
1915 case 0xcf:
1916 kbd_put_keysym(QEMU_KEY_END);
1917 break;
1918 case 0xc9:
1919 kbd_put_keysym(QEMU_KEY_PAGEUP);
1920 break;
1921 case 0xd1:
1922 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1923 break;
1924
1925 case 0x47:
1926 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1927 break;
1928 case 0x48:
1929 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1930 break;
1931 case 0x49:
1932 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1933 break;
1934 case 0x4b:
1935 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1936 break;
1937 case 0x4c:
1938 kbd_put_keysym('5');
1939 break;
1940 case 0x4d:
1941 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1942 break;
1943 case 0x4f:
1944 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1945 break;
1946 case 0x50:
1947 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1948 break;
1949 case 0x51:
1950 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1951 break;
1952 case 0x52:
1953 kbd_put_keysym('0');
1954 break;
1955 case 0x53:
1956 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1957 break;
1958
1959 case 0xb5:
1960 kbd_put_keysym('/');
1961 break;
1962 case 0x37:
1963 kbd_put_keysym('*');
1964 break;
1965 case 0x4a:
1966 kbd_put_keysym('-');
1967 break;
1968 case 0x4e:
1969 kbd_put_keysym('+');
1970 break;
1971 case 0x9c:
1972 kbd_put_keysym('\n');
1973 break;
1974
1975 default:
1976 if (control) {
1977 kbd_put_keysym(sym & 0x1f);
1978 } else {
1979 kbd_put_keysym(sym);
1980 }
1981 break;
1982 }
1983 }
1984 }
1985 }
1986
1987 static void vnc_release_modifiers(VncState *vs)
1988 {
1989 static const int keycodes[] = {
1990 /* shift, control, alt keys, both left & right */
1991 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1992 };
1993 int i, keycode;
1994
1995 if (!qemu_console_is_graphic(NULL)) {
1996 return;
1997 }
1998 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1999 keycode = keycodes[i];
2000 if (!vs->modifiers_state[keycode]) {
2001 continue;
2002 }
2003 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
2004 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
2005 }
2006 }
2007
2008 static const char *code2name(int keycode)
2009 {
2010 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2011 }
2012
2013 static void key_event(VncState *vs, int down, uint32_t sym)
2014 {
2015 bool shift = vs->modifiers_state[0x2a] || vs->modifiers_state[0x36];
2016 bool altgr = vs->modifiers_state[0xb8];
2017 bool ctrl = vs->modifiers_state[0x1d] || vs->modifiers_state[0x9d];
2018 int keycode;
2019 int lsym = sym;
2020
2021 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
2022 lsym = lsym - 'A' + 'a';
2023 }
2024
2025 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2026 shift, altgr, ctrl) & SCANCODE_KEYMASK;
2027 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2028 do_key_event(vs, down, keycode, sym);
2029 }
2030
2031 static void ext_key_event(VncState *vs, int down,
2032 uint32_t sym, uint16_t keycode)
2033 {
2034 /* if the user specifies a keyboard layout, always use it */
2035 if (keyboard_layout) {
2036 key_event(vs, down, sym);
2037 } else {
2038 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2039 do_key_event(vs, down, keycode, sym);
2040 }
2041 }
2042
2043 static void framebuffer_update_request(VncState *vs, int incremental,
2044 int x, int y, int w, int h)
2045 {
2046 if (incremental) {
2047 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2048 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2049 }
2050 } else {
2051 vs->update = VNC_STATE_UPDATE_FORCE;
2052 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2053 }
2054 }
2055
2056 static void send_ext_key_event_ack(VncState *vs)
2057 {
2058 vnc_lock_output(vs);
2059 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2060 vnc_write_u8(vs, 0);
2061 vnc_write_u16(vs, 1);
2062 vnc_framebuffer_update(vs, 0, 0,
2063 pixman_image_get_width(vs->vd->server),
2064 pixman_image_get_height(vs->vd->server),
2065 VNC_ENCODING_EXT_KEY_EVENT);
2066 vnc_unlock_output(vs);
2067 vnc_flush(vs);
2068 }
2069
2070 static void send_ext_audio_ack(VncState *vs)
2071 {
2072 vnc_lock_output(vs);
2073 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2074 vnc_write_u8(vs, 0);
2075 vnc_write_u16(vs, 1);
2076 vnc_framebuffer_update(vs, 0, 0,
2077 pixman_image_get_width(vs->vd->server),
2078 pixman_image_get_height(vs->vd->server),
2079 VNC_ENCODING_AUDIO);
2080 vnc_unlock_output(vs);
2081 vnc_flush(vs);
2082 }
2083
2084 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2085 {
2086 int i;
2087 unsigned int enc = 0;
2088
2089 vs->features = 0;
2090 vs->vnc_encoding = 0;
2091 vs->tight.compression = 9;
2092 vs->tight.quality = -1; /* Lossless by default */
2093 vs->absolute = -1;
2094
2095 /*
2096 * Start from the end because the encodings are sent in order of preference.
2097 * This way the preferred encoding (first encoding defined in the array)
2098 * will be set at the end of the loop.
2099 */
2100 for (i = n_encodings - 1; i >= 0; i--) {
2101 enc = encodings[i];
2102 switch (enc) {
2103 case VNC_ENCODING_RAW:
2104 vs->vnc_encoding = enc;
2105 break;
2106 case VNC_ENCODING_COPYRECT:
2107 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2108 break;
2109 case VNC_ENCODING_HEXTILE:
2110 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2111 vs->vnc_encoding = enc;
2112 break;
2113 case VNC_ENCODING_TIGHT:
2114 vs->features |= VNC_FEATURE_TIGHT_MASK;
2115 vs->vnc_encoding = enc;
2116 break;
2117 #ifdef CONFIG_VNC_PNG
2118 case VNC_ENCODING_TIGHT_PNG:
2119 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2120 vs->vnc_encoding = enc;
2121 break;
2122 #endif
2123 case VNC_ENCODING_ZLIB:
2124 vs->features |= VNC_FEATURE_ZLIB_MASK;
2125 vs->vnc_encoding = enc;
2126 break;
2127 case VNC_ENCODING_ZRLE:
2128 vs->features |= VNC_FEATURE_ZRLE_MASK;
2129 vs->vnc_encoding = enc;
2130 break;
2131 case VNC_ENCODING_ZYWRLE:
2132 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2133 vs->vnc_encoding = enc;
2134 break;
2135 case VNC_ENCODING_DESKTOPRESIZE:
2136 vs->features |= VNC_FEATURE_RESIZE_MASK;
2137 break;
2138 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2139 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2140 break;
2141 case VNC_ENCODING_RICH_CURSOR:
2142 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2143 if (vs->vd->cursor) {
2144 vnc_cursor_define(vs);
2145 }
2146 break;
2147 case VNC_ENCODING_EXT_KEY_EVENT:
2148 send_ext_key_event_ack(vs);
2149 break;
2150 case VNC_ENCODING_AUDIO:
2151 send_ext_audio_ack(vs);
2152 break;
2153 case VNC_ENCODING_WMVi:
2154 vs->features |= VNC_FEATURE_WMVI_MASK;
2155 break;
2156 case VNC_ENCODING_LED_STATE:
2157 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2158 break;
2159 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2160 vs->tight.compression = (enc & 0x0F);
2161 break;
2162 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2163 if (vs->vd->lossy) {
2164 vs->tight.quality = (enc & 0x0F);
2165 }
2166 break;
2167 default:
2168 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2169 break;
2170 }
2171 }
2172 vnc_desktop_resize(vs);
2173 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2174 vnc_led_state_change(vs);
2175 }
2176
2177 static void set_pixel_conversion(VncState *vs)
2178 {
2179 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2180
2181 if (fmt == VNC_SERVER_FB_FORMAT) {
2182 vs->write_pixels = vnc_write_pixels_copy;
2183 vnc_hextile_set_pixel_conversion(vs, 0);
2184 } else {
2185 vs->write_pixels = vnc_write_pixels_generic;
2186 vnc_hextile_set_pixel_conversion(vs, 1);
2187 }
2188 }
2189
2190 static void send_color_map(VncState *vs)
2191 {
2192 int i;
2193
2194 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2195 vnc_write_u8(vs, 0); /* padding */
2196 vnc_write_u16(vs, 0); /* first color */
2197 vnc_write_u16(vs, 256); /* # of colors */
2198
2199 for (i = 0; i < 256; i++) {
2200 PixelFormat *pf = &vs->client_pf;
2201
2202 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2203 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2204 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2205 }
2206 }
2207
2208 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2209 int big_endian_flag, int true_color_flag,
2210 int red_max, int green_max, int blue_max,
2211 int red_shift, int green_shift, int blue_shift)
2212 {
2213 if (!true_color_flag) {
2214 /* Expose a reasonable default 256 color map */
2215 bits_per_pixel = 8;
2216 red_max = 7;
2217 green_max = 7;
2218 blue_max = 3;
2219 red_shift = 0;
2220 green_shift = 3;
2221 blue_shift = 6;
2222 }
2223
2224 switch (bits_per_pixel) {
2225 case 8:
2226 case 16:
2227 case 32:
2228 break;
2229 default:
2230 vnc_client_error(vs);
2231 return;
2232 }
2233
2234 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2235 vs->client_pf.rbits = ctpopl(red_max);
2236 vs->client_pf.rshift = red_shift;
2237 vs->client_pf.rmask = red_max << red_shift;
2238 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2239 vs->client_pf.gbits = ctpopl(green_max);
2240 vs->client_pf.gshift = green_shift;
2241 vs->client_pf.gmask = green_max << green_shift;
2242 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2243 vs->client_pf.bbits = ctpopl(blue_max);
2244 vs->client_pf.bshift = blue_shift;
2245 vs->client_pf.bmask = blue_max << blue_shift;
2246 vs->client_pf.bits_per_pixel = bits_per_pixel;
2247 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2248 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2249 vs->client_be = big_endian_flag;
2250
2251 if (!true_color_flag) {
2252 send_color_map(vs);
2253 }
2254
2255 set_pixel_conversion(vs);
2256
2257 graphic_hw_invalidate(vs->vd->dcl.con);
2258 graphic_hw_update(vs->vd->dcl.con);
2259 }
2260
2261 static void pixel_format_message (VncState *vs) {
2262 char pad[3] = { 0, 0, 0 };
2263
2264 vs->client_pf = qemu_default_pixelformat(32);
2265
2266 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2267 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2268
2269 #ifdef HOST_WORDS_BIGENDIAN
2270 vnc_write_u8(vs, 1); /* big-endian-flag */
2271 #else
2272 vnc_write_u8(vs, 0); /* big-endian-flag */
2273 #endif
2274 vnc_write_u8(vs, 1); /* true-color-flag */
2275 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2276 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2277 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2278 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2279 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2280 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2281 vnc_write(vs, pad, 3); /* padding */
2282
2283 vnc_hextile_set_pixel_conversion(vs, 0);
2284 vs->write_pixels = vnc_write_pixels_copy;
2285 }
2286
2287 static void vnc_colordepth(VncState *vs)
2288 {
2289 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2290 /* Sending a WMVi message to notify the client*/
2291 vnc_lock_output(vs);
2292 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2293 vnc_write_u8(vs, 0);
2294 vnc_write_u16(vs, 1); /* number of rects */
2295 vnc_framebuffer_update(vs, 0, 0,
2296 pixman_image_get_width(vs->vd->server),
2297 pixman_image_get_height(vs->vd->server),
2298 VNC_ENCODING_WMVi);
2299 pixel_format_message(vs);
2300 vnc_unlock_output(vs);
2301 vnc_flush(vs);
2302 } else {
2303 set_pixel_conversion(vs);
2304 }
2305 }
2306
2307 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2308 {
2309 int i;
2310 uint16_t limit;
2311 uint32_t freq;
2312 VncDisplay *vd = vs->vd;
2313
2314 if (data[0] > 3) {
2315 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2316 }
2317
2318 switch (data[0]) {
2319 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2320 if (len == 1)
2321 return 20;
2322
2323 set_pixel_format(vs, read_u8(data, 4),
2324 read_u8(data, 6), read_u8(data, 7),
2325 read_u16(data, 8), read_u16(data, 10),
2326 read_u16(data, 12), read_u8(data, 14),
2327 read_u8(data, 15), read_u8(data, 16));
2328 break;
2329 case VNC_MSG_CLIENT_SET_ENCODINGS:
2330 if (len == 1)
2331 return 4;
2332
2333 if (len == 4) {
2334 limit = read_u16(data, 2);
2335 if (limit > 0)
2336 return 4 + (limit * 4);
2337 } else
2338 limit = read_u16(data, 2);
2339
2340 for (i = 0; i < limit; i++) {
2341 int32_t val = read_s32(data, 4 + (i * 4));
2342 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2343 }
2344
2345 set_encodings(vs, (int32_t *)(data + 4), limit);
2346 break;
2347 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2348 if (len == 1)
2349 return 10;
2350
2351 framebuffer_update_request(vs,
2352 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2353 read_u16(data, 6), read_u16(data, 8));
2354 break;
2355 case VNC_MSG_CLIENT_KEY_EVENT:
2356 if (len == 1)
2357 return 8;
2358
2359 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2360 break;
2361 case VNC_MSG_CLIENT_POINTER_EVENT:
2362 if (len == 1)
2363 return 6;
2364
2365 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2366 break;
2367 case VNC_MSG_CLIENT_CUT_TEXT:
2368 if (len == 1) {
2369 return 8;
2370 }
2371 if (len == 8) {
2372 uint32_t dlen = read_u32(data, 4);
2373 if (dlen > (1 << 20)) {
2374 error_report("vnc: client_cut_text msg payload has %u bytes"
2375 " which exceeds our limit of 1MB.", dlen);
2376 vnc_client_error(vs);
2377 break;
2378 }
2379 if (dlen > 0) {
2380 return 8 + dlen;
2381 }
2382 }
2383
2384 client_cut_text(vs, read_u32(data, 4), data + 8);
2385 break;
2386 case VNC_MSG_CLIENT_QEMU:
2387 if (len == 1)
2388 return 2;
2389
2390 switch (read_u8(data, 1)) {
2391 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2392 if (len == 2)
2393 return 12;
2394
2395 ext_key_event(vs, read_u16(data, 2),
2396 read_u32(data, 4), read_u32(data, 8));
2397 break;
2398 case VNC_MSG_CLIENT_QEMU_AUDIO:
2399 if (len == 2)
2400 return 4;
2401
2402 switch (read_u16 (data, 2)) {
2403 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2404 audio_add(vs);
2405 break;
2406 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2407 audio_del(vs);
2408 break;
2409 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2410 if (len == 4)
2411 return 10;
2412 switch (read_u8(data, 4)) {
2413 case 0: vs->as.fmt = AUD_FMT_U8; break;
2414 case 1: vs->as.fmt = AUD_FMT_S8; break;
2415 case 2: vs->as.fmt = AUD_FMT_U16; break;
2416 case 3: vs->as.fmt = AUD_FMT_S16; break;
2417 case 4: vs->as.fmt = AUD_FMT_U32; break;
2418 case 5: vs->as.fmt = AUD_FMT_S32; break;
2419 default:
2420 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2421 vnc_client_error(vs);
2422 break;
2423 }
2424 vs->as.nchannels = read_u8(data, 5);
2425 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2426 VNC_DEBUG("Invalid audio channel count %d\n",
2427 read_u8(data, 5));
2428 vnc_client_error(vs);
2429 break;
2430 }
2431 freq = read_u32(data, 6);
2432 /* No official limit for protocol, but 48khz is a sensible
2433 * upper bound for trustworthy clients, and this limit
2434 * protects calculations involving 'vs->as.freq' later.
2435 */
2436 if (freq > 48000) {
2437 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2438 vnc_client_error(vs);
2439 break;
2440 }
2441 vs->as.freq = freq;
2442 break;
2443 default:
2444 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2445 vnc_client_error(vs);
2446 break;
2447 }
2448 break;
2449
2450 default:
2451 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2452 vnc_client_error(vs);
2453 break;
2454 }
2455 break;
2456 default:
2457 VNC_DEBUG("Msg: %d\n", data[0]);
2458 vnc_client_error(vs);
2459 break;
2460 }
2461
2462 vnc_update_throttle_offset(vs);
2463 vnc_read_when(vs, protocol_client_msg, 1);
2464 return 0;
2465 }
2466
2467 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2468 {
2469 char buf[1024];
2470 VncShareMode mode;
2471 int size;
2472
2473 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2474 switch (vs->vd->share_policy) {
2475 case VNC_SHARE_POLICY_IGNORE:
2476 /*
2477 * Ignore the shared flag. Nothing to do here.
2478 *
2479 * Doesn't conform to the rfb spec but is traditional qemu
2480 * behavior, thus left here as option for compatibility
2481 * reasons.
2482 */
2483 break;
2484 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2485 /*
2486 * Policy: Allow clients ask for exclusive access.
2487 *
2488 * Implementation: When a client asks for exclusive access,
2489 * disconnect all others. Shared connects are allowed as long
2490 * as no exclusive connection exists.
2491 *
2492 * This is how the rfb spec suggests to handle the shared flag.
2493 */
2494 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2495 VncState *client;
2496 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2497 if (vs == client) {
2498 continue;
2499 }
2500 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2501 client->share_mode != VNC_SHARE_MODE_SHARED) {
2502 continue;
2503 }
2504 vnc_disconnect_start(client);
2505 }
2506 }
2507 if (mode == VNC_SHARE_MODE_SHARED) {
2508 if (vs->vd->num_exclusive > 0) {
2509 vnc_disconnect_start(vs);
2510 return 0;
2511 }
2512 }
2513 break;
2514 case VNC_SHARE_POLICY_FORCE_SHARED:
2515 /*
2516 * Policy: Shared connects only.
2517 * Implementation: Disallow clients asking for exclusive access.
2518 *
2519 * Useful for shared desktop sessions where you don't want
2520 * someone forgetting to say -shared when running the vnc
2521 * client disconnect everybody else.
2522 */
2523 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2524 vnc_disconnect_start(vs);
2525 return 0;
2526 }
2527 break;
2528 }
2529 vnc_set_share_mode(vs, mode);
2530
2531 if (vs->vd->num_shared > vs->vd->connections_limit) {
2532 vnc_disconnect_start(vs);
2533 return 0;
2534 }
2535
2536 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2537 pixman_image_get_width(vs->vd->server) >= 0);
2538 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2539 pixman_image_get_height(vs->vd->server) >= 0);
2540 vs->client_width = pixman_image_get_width(vs->vd->server);
2541 vs->client_height = pixman_image_get_height(vs->vd->server);
2542 vnc_write_u16(vs, vs->client_width);
2543 vnc_write_u16(vs, vs->client_height);
2544
2545 pixel_format_message(vs);
2546
2547 if (qemu_name) {
2548 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2549 if (size > sizeof(buf)) {
2550 size = sizeof(buf);
2551 }
2552 } else {
2553 size = snprintf(buf, sizeof(buf), "QEMU");
2554 }
2555
2556 vnc_write_u32(vs, size);
2557 vnc_write(vs, buf, size);
2558 vnc_flush(vs);
2559
2560 vnc_client_cache_auth(vs);
2561 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2562
2563 vnc_read_when(vs, protocol_client_msg, 1);
2564
2565 return 0;
2566 }
2567
2568 void start_client_init(VncState *vs)
2569 {
2570 vnc_read_when(vs, protocol_client_init, 1);
2571 }
2572
2573 static void make_challenge(VncState *vs)
2574 {
2575 int i;
2576
2577 srand(time(NULL)+getpid()+getpid()*987654+rand());
2578
2579 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2580 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2581 }
2582
2583 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2584 {
2585 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2586 size_t i, pwlen;
2587 unsigned char key[8];
2588 time_t now = time(NULL);
2589 QCryptoCipher *cipher = NULL;
2590 Error *err = NULL;
2591
2592 if (!vs->vd->password) {
2593 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2594 goto reject;
2595 }
2596 if (vs->vd->expires < now) {
2597 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2598 goto reject;
2599 }
2600
2601 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2602
2603 /* Calculate the expected challenge response */
2604 pwlen = strlen(vs->vd->password);
2605 for (i=0; i<sizeof(key); i++)
2606 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2607
2608 cipher = qcrypto_cipher_new(
2609 QCRYPTO_CIPHER_ALG_DES_RFB,
2610 QCRYPTO_CIPHER_MODE_ECB,
2611 key, G_N_ELEMENTS(key),
2612 &err);
2613 if (!cipher) {
2614 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2615 error_get_pretty(err));
2616 error_free(err);
2617 goto reject;
2618 }
2619
2620 if (qcrypto_cipher_encrypt(cipher,
2621 vs->challenge,
2622 response,
2623 VNC_AUTH_CHALLENGE_SIZE,
2624 &err) < 0) {
2625 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2626 error_get_pretty(err));
2627 error_free(err);
2628 goto reject;
2629 }
2630
2631 /* Compare expected vs actual challenge response */
2632 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2633 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2634 goto reject;
2635 } else {
2636 trace_vnc_auth_pass(vs, vs->auth);
2637 vnc_write_u32(vs, 0); /* Accept auth */
2638 vnc_flush(vs);
2639
2640 start_client_init(vs);
2641 }
2642
2643 qcrypto_cipher_free(cipher);
2644 return 0;
2645
2646 reject:
2647 vnc_write_u32(vs, 1); /* Reject auth */
2648 if (vs->minor >= 8) {
2649 static const char err[] = "Authentication failed";
2650 vnc_write_u32(vs, sizeof(err));
2651 vnc_write(vs, err, sizeof(err));
2652 }
2653 vnc_flush(vs);
2654 vnc_client_error(vs);
2655 qcrypto_cipher_free(cipher);
2656 return 0;
2657 }
2658
2659 void start_auth_vnc(VncState *vs)
2660 {
2661 make_challenge(vs);
2662 /* Send client a 'random' challenge */
2663 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2664 vnc_flush(vs);
2665
2666 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2667 }
2668
2669
2670 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2671 {
2672 /* We only advertise 1 auth scheme at a time, so client
2673 * must pick the one we sent. Verify this */
2674 if (data[0] != vs->auth) { /* Reject auth */
2675 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2676 vnc_write_u32(vs, 1);
2677 if (vs->minor >= 8) {
2678 static const char err[] = "Authentication failed";
2679 vnc_write_u32(vs, sizeof(err));
2680 vnc_write(vs, err, sizeof(err));
2681 }
2682 vnc_client_error(vs);
2683 } else { /* Accept requested auth */
2684 trace_vnc_auth_start(vs, vs->auth);
2685 switch (vs->auth) {
2686 case VNC_AUTH_NONE:
2687 if (vs->minor >= 8) {
2688 vnc_write_u32(vs, 0); /* Accept auth completion */
2689 vnc_flush(vs);
2690 }
2691 trace_vnc_auth_pass(vs, vs->auth);
2692 start_client_init(vs);
2693 break;
2694
2695 case VNC_AUTH_VNC:
2696 start_auth_vnc(vs);
2697 break;
2698
2699 case VNC_AUTH_VENCRYPT:
2700 start_auth_vencrypt(vs);
2701 break;
2702
2703 #ifdef CONFIG_VNC_SASL
2704 case VNC_AUTH_SASL:
2705 start_auth_sasl(vs);
2706 break;
2707 #endif /* CONFIG_VNC_SASL */
2708
2709 default: /* Should not be possible, but just in case */
2710 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2711 vnc_write_u8(vs, 1);
2712 if (vs->minor >= 8) {
2713 static const char err[] = "Authentication failed";
2714 vnc_write_u32(vs, sizeof(err));
2715 vnc_write(vs, err, sizeof(err));
2716 }
2717 vnc_client_error(vs);
2718 }
2719 }
2720 return 0;
2721 }
2722
2723 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2724 {
2725 char local[13];
2726
2727 memcpy(local, version, 12);
2728 local[12] = 0;
2729
2730 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2731 VNC_DEBUG("Malformed protocol version %s\n", local);
2732 vnc_client_error(vs);
2733 return 0;
2734 }
2735 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2736 if (vs->major != 3 ||
2737 (vs->minor != 3 &&
2738 vs->minor != 4 &&
2739 vs->minor != 5 &&
2740 vs->minor != 7 &&
2741 vs->minor != 8)) {
2742 VNC_DEBUG("Unsupported client version\n");
2743 vnc_write_u32(vs, VNC_AUTH_INVALID);
2744 vnc_flush(vs);
2745 vnc_client_error(vs);
2746 return 0;
2747 }
2748 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2749 * as equivalent to v3.3 by servers
2750 */
2751 if (vs->minor == 4 || vs->minor == 5)
2752 vs->minor = 3;
2753
2754 if (vs->minor == 3) {
2755 trace_vnc_auth_start(vs, vs->auth);
2756 if (vs->auth == VNC_AUTH_NONE) {
2757 vnc_write_u32(vs, vs->auth);
2758 vnc_flush(vs);
2759 trace_vnc_auth_pass(vs, vs->auth);
2760 start_client_init(vs);
2761 } else if (vs->auth == VNC_AUTH_VNC) {
2762 VNC_DEBUG("Tell client VNC auth\n");
2763 vnc_write_u32(vs, vs->auth);
2764 vnc_flush(vs);
2765 start_auth_vnc(vs);
2766 } else {
2767 trace_vnc_auth_fail(vs, vs->auth,
2768 "Unsupported auth method for v3.3", "");
2769 vnc_write_u32(vs, VNC_AUTH_INVALID);
2770 vnc_flush(vs);
2771 vnc_client_error(vs);
2772 }
2773 } else {
2774 vnc_write_u8(vs, 1); /* num auth */
2775 vnc_write_u8(vs, vs->auth);
2776 vnc_read_when(vs, protocol_client_auth, 1);
2777 vnc_flush(vs);
2778 }
2779
2780 return 0;
2781 }
2782
2783 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2784 {
2785 struct VncSurface *vs = &vd->guest;
2786
2787 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2788 }
2789
2790 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2791 {
2792 int i, j;
2793
2794 w = (x + w) / VNC_STAT_RECT;
2795 h = (y + h) / VNC_STAT_RECT;
2796 x /= VNC_STAT_RECT;
2797 y /= VNC_STAT_RECT;
2798
2799 for (j = y; j <= h; j++) {
2800 for (i = x; i <= w; i++) {
2801 vs->lossy_rect[j][i] = 1;
2802 }
2803 }
2804 }
2805
2806 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2807 {
2808 VncState *vs;
2809 int sty = y / VNC_STAT_RECT;
2810 int stx = x / VNC_STAT_RECT;
2811 int has_dirty = 0;
2812
2813 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2814 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2815
2816 QTAILQ_FOREACH(vs, &vd->clients, next) {
2817 int j;
2818
2819 /* kernel send buffers are full -> refresh later */
2820 if (vs->output.offset) {
2821 continue;
2822 }
2823
2824 if (!vs->lossy_rect[sty][stx]) {
2825 continue;
2826 }
2827
2828 vs->lossy_rect[sty][stx] = 0;
2829 for (j = 0; j < VNC_STAT_RECT; ++j) {
2830 bitmap_set(vs->dirty[y + j],
2831 x / VNC_DIRTY_PIXELS_PER_BIT,
2832 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2833 }
2834 has_dirty++;
2835 }
2836
2837 return has_dirty;
2838 }
2839
2840 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2841 {
2842 int width = MIN(pixman_image_get_width(vd->guest.fb),
2843 pixman_image_get_width(vd->server));
2844 int height = MIN(pixman_image_get_height(vd->guest.fb),
2845 pixman_image_get_height(vd->server));
2846 int x, y;
2847 struct timeval res;
2848 int has_dirty = 0;
2849
2850 for (y = 0; y < height; y += VNC_STAT_RECT) {
2851 for (x = 0; x < width; x += VNC_STAT_RECT) {
2852 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2853
2854 rect->updated = false;
2855 }
2856 }
2857
2858 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2859
2860 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2861 return has_dirty;
2862 }
2863 vd->guest.last_freq_check = *tv;
2864
2865 for (y = 0; y < height; y += VNC_STAT_RECT) {
2866 for (x = 0; x < width; x += VNC_STAT_RECT) {
2867 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2868 int count = ARRAY_SIZE(rect->times);
2869 struct timeval min, max;
2870
2871 if (!timerisset(&rect->times[count - 1])) {
2872 continue ;
2873 }
2874
2875 max = rect->times[(rect->idx + count - 1) % count];
2876 qemu_timersub(tv, &max, &res);
2877
2878 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2879 rect->freq = 0;
2880 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2881 memset(rect->times, 0, sizeof (rect->times));
2882 continue ;
2883 }
2884
2885 min = rect->times[rect->idx];
2886 max = rect->times[(rect->idx + count - 1) % count];
2887 qemu_timersub(&max, &min, &res);
2888
2889 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2890 rect->freq /= count;
2891 rect->freq = 1. / rect->freq;
2892 }
2893 }
2894 return has_dirty;
2895 }
2896
2897 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2898 {
2899 int i, j;
2900 double total = 0;
2901 int num = 0;
2902
2903 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2904 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2905
2906 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2907 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2908 total += vnc_stat_rect(vs->vd, i, j)->freq;
2909 num++;
2910 }
2911 }
2912
2913 if (num) {
2914 return total / num;
2915 } else {
2916 return 0;
2917 }
2918 }
2919
2920 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2921 {
2922 VncRectStat *rect;
2923
2924 rect = vnc_stat_rect(vd, x, y);
2925 if (rect->updated) {
2926 return ;
2927 }
2928 rect->times[rect->idx] = *tv;
2929 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2930 rect->updated = true;
2931 }
2932
2933 static int vnc_refresh_server_surface(VncDisplay *vd)
2934 {
2935 int width = MIN(pixman_image_get_width(vd->guest.fb),
2936 pixman_image_get_width(vd->server));
2937 int height = MIN(pixman_image_get_height(vd->guest.fb),
2938 pixman_image_get_height(vd->server));
2939 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2940 uint8_t *guest_row0 = NULL, *server_row0;
2941 VncState *vs;
2942 int has_dirty = 0;
2943 pixman_image_t *tmpbuf = NULL;
2944
2945 struct timeval tv = { 0, 0 };
2946
2947 if (!vd->non_adaptive) {
2948 gettimeofday(&tv, NULL);
2949 has_dirty = vnc_update_stats(vd, &tv);
2950 }
2951
2952 /*
2953 * Walk through the guest dirty map.
2954 * Check and copy modified bits from guest to server surface.
2955 * Update server dirty map.
2956 */
2957 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2958 server_stride = guest_stride = guest_ll =
2959 pixman_image_get_stride(vd->server);
2960 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2961 server_stride);
2962 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2963 int width = pixman_image_get_width(vd->server);
2964 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2965 } else {
2966 int guest_bpp =
2967 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2968 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2969 guest_stride = pixman_image_get_stride(vd->guest.fb);
2970 guest_ll = pixman_image_get_width(vd->guest.fb) * (DIV_ROUND_UP(guest_bpp, 8));
2971 }
2972 line_bytes = MIN(server_stride, guest_ll);
2973
2974 for (;;) {
2975 int x;
2976 uint8_t *guest_ptr, *server_ptr;
2977 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2978 height * VNC_DIRTY_BPL(&vd->guest),
2979 y * VNC_DIRTY_BPL(&vd->guest));
2980 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2981 /* no more dirty bits */
2982 break;
2983 }
2984 y = offset / VNC_DIRTY_BPL(&vd->guest);
2985 x = offset % VNC_DIRTY_BPL(&vd->guest);
2986
2987 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2988
2989 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2990 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2991 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2992 } else {
2993 guest_ptr = guest_row0 + y * guest_stride;
2994 }
2995 guest_ptr += x * cmp_bytes;
2996
2997 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2998 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2999 int _cmp_bytes = cmp_bytes;
3000 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3001 continue;
3002 }
3003 if ((x + 1) * cmp_bytes > line_bytes) {
3004 _cmp_bytes = line_bytes - x * cmp_bytes;
3005 }
3006 assert(_cmp_bytes >= 0);
3007 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3008 continue;
3009 }
3010 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3011 if (!vd->non_adaptive) {
3012 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3013 y, &tv);
3014 }
3015 QTAILQ_FOREACH(vs, &vd->clients, next) {
3016 set_bit(x, vs->dirty[y]);
3017 }
3018 has_dirty++;
3019 }
3020
3021 y++;
3022 }
3023 qemu_pixman_image_unref(tmpbuf);
3024 return has_dirty;
3025 }
3026
3027 static void vnc_refresh(DisplayChangeListener *dcl)
3028 {
3029 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3030 VncState *vs, *vn;
3031 int has_dirty, rects = 0;
3032
3033 if (QTAILQ_EMPTY(&vd->clients)) {
3034 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3035 return;
3036 }
3037
3038 graphic_hw_update(vd->dcl.con);
3039
3040 if (vnc_trylock_display(vd)) {
3041 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3042 return;
3043 }
3044
3045 has_dirty = vnc_refresh_server_surface(vd);
3046 vnc_unlock_display(vd);
3047
3048 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3049 rects += vnc_update_client(vs, has_dirty);
3050 /* vs might be free()ed here */
3051 }
3052
3053 if (has_dirty && rects) {
3054 vd->dcl.update_interval /= 2;
3055 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3056 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3057 }
3058 } else {
3059 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3060 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3061 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3062 }
3063 }
3064 }
3065
3066 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3067 bool skipauth, bool websocket)
3068 {
3069 VncState *vs = g_new0(VncState, 1);
3070 bool first_client = QTAILQ_EMPTY(&vd->clients);
3071 int i;
3072
3073 trace_vnc_client_connect(vs, sioc);
3074 vs->magic = VNC_MAGIC;
3075 vs->sioc = sioc;
3076 object_ref(OBJECT(vs->sioc));
3077 vs->ioc = QIO_CHANNEL(sioc);
3078 object_ref(OBJECT(vs->ioc));
3079 vs->vd = vd;
3080
3081 buffer_init(&vs->input, "vnc-input/%p", sioc);
3082 buffer_init(&vs->output, "vnc-output/%p", sioc);
3083 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3084
3085 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
3086 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
3087 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
3088 #ifdef CONFIG_VNC_JPEG
3089 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
3090 #endif
3091 #ifdef CONFIG_VNC_PNG
3092 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
3093 #endif
3094 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3095 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
3096 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
3097 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
3098
3099 if (skipauth) {
3100 vs->auth = VNC_AUTH_NONE;
3101 vs->subauth = VNC_AUTH_INVALID;
3102 } else {
3103 if (websocket) {
3104 vs->auth = vd->ws_auth;
3105 vs->subauth = VNC_AUTH_INVALID;
3106 } else {
3107 vs->auth = vd->auth;
3108 vs->subauth = vd->subauth;
3109 }
3110 }
3111 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3112 sioc, websocket, vs->auth, vs->subauth);
3113
3114 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3115 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3116 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3117 }
3118
3119 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3120 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3121 qio_channel_set_blocking(vs->ioc, false, NULL);
3122 if (vs->ioc_tag) {
3123 g_source_remove(vs->ioc_tag);
3124 }
3125 if (websocket) {
3126 vs->websocket = 1;
3127 if (vd->tlscreds) {
3128 vs->ioc_tag = qio_channel_add_watch(
3129 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3130 } else {
3131 vs->ioc_tag = qio_channel_add_watch(
3132 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3133 }
3134 } else {
3135 vs->ioc_tag = qio_channel_add_watch(
3136 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3137 }
3138
3139 vnc_client_cache_addr(vs);
3140 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3141 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3142
3143 vs->last_x = -1;
3144 vs->last_y = -1;
3145
3146 vs->as.freq = 44100;
3147 vs->as.nchannels = 2;
3148 vs->as.fmt = AUD_FMT_S16;
3149 vs->as.endianness = 0;
3150
3151 qemu_mutex_init(&vs->output_mutex);
3152 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3153
3154 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3155 if (first_client) {
3156 vnc_update_server_surface(vd);
3157 }
3158
3159 graphic_hw_update(vd->dcl.con);
3160
3161 if (!vs->websocket) {
3162 vnc_start_protocol(vs);
3163 }
3164
3165 if (vd->num_connecting > vd->connections_limit) {
3166 QTAILQ_FOREACH(vs, &vd->clients, next) {
3167 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3168 vnc_disconnect_start(vs);
3169 return;
3170 }
3171 }
3172 }
3173 }
3174
3175 void vnc_start_protocol(VncState *vs)
3176 {
3177 vnc_write(vs, "RFB 003.008\n", 12);
3178 vnc_flush(vs);
3179 vnc_read_when(vs, protocol_version, 12);
3180
3181 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3182 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3183 }
3184
3185 static void vnc_listen_io(QIONetListener *listener,
3186 QIOChannelSocket *cioc,
3187 void *opaque)
3188 {
3189 VncDisplay *vd = opaque;
3190 bool isWebsock = listener == vd->wslistener;
3191
3192 qio_channel_set_name(QIO_CHANNEL(cioc),
3193 isWebsock ? "vnc-ws-server" : "vnc-server");
3194 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3195 vnc_connect(vd, cioc, false, isWebsock);
3196 }
3197
3198 static const DisplayChangeListenerOps dcl_ops = {
3199 .dpy_name = "vnc",
3200 .dpy_refresh = vnc_refresh,
3201 .dpy_gfx_update = vnc_dpy_update,
3202 .dpy_gfx_switch = vnc_dpy_switch,
3203 .dpy_gfx_check_format = qemu_pixman_check_format,
3204 .dpy_mouse_set = vnc_mouse_set,
3205 .dpy_cursor_define = vnc_dpy_cursor_define,
3206 };
3207
3208 void vnc_display_init(const char *id)
3209 {
3210 VncDisplay *vd;
3211
3212 if (vnc_display_find(id) != NULL) {
3213 return;
3214 }
3215 vd = g_malloc0(sizeof(*vd));
3216
3217 vd->id = strdup(id);
3218 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3219
3220 QTAILQ_INIT(&vd->clients);
3221 vd->expires = TIME_MAX;
3222
3223 if (keyboard_layout) {
3224 trace_vnc_key_map_init(keyboard_layout);
3225 vd->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3226 } else {
3227 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3228 }
3229
3230 if (!vd->kbd_layout) {
3231 exit(1);
3232 }
3233
3234 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3235 vd->connections_limit = 32;
3236
3237 qemu_mutex_init(&vd->mutex);
3238 vnc_start_worker_thread();
3239
3240 vd->dcl.ops = &dcl_ops;
3241 register_displaychangelistener(&vd->dcl);
3242 }
3243
3244
3245 static void vnc_display_close(VncDisplay *vd)
3246 {
3247 if (!vd) {
3248 return;
3249 }
3250 vd->is_unix = false;
3251
3252 if (vd->listener) {
3253 qio_net_listener_disconnect(vd->listener);
3254 object_unref(OBJECT(vd->listener));
3255 }
3256 vd->listener = NULL;
3257
3258 if (vd->wslistener) {
3259 qio_net_listener_disconnect(vd->wslistener);
3260 object_unref(OBJECT(vd->wslistener));
3261 }
3262 vd->wslistener = NULL;
3263
3264 vd->auth = VNC_AUTH_INVALID;
3265 vd->subauth = VNC_AUTH_INVALID;
3266 if (vd->tlscreds) {
3267 object_unparent(OBJECT(vd->tlscreds));
3268 vd->tlscreds = NULL;
3269 }
3270 g_free(vd->tlsaclname);
3271 vd->tlsaclname = NULL;
3272 if (vd->lock_key_sync) {
3273 qemu_remove_led_event_handler(vd->led);
3274 vd->led = NULL;
3275 }
3276 }
3277
3278 int vnc_display_password(const char *id, const char *password)
3279 {
3280 VncDisplay *vd = vnc_display_find(id);
3281
3282 if (!vd) {
3283 return -EINVAL;
3284 }
3285 if (vd->auth == VNC_AUTH_NONE) {
3286 error_printf_unless_qmp("If you want use passwords please enable "
3287 "password auth using '-vnc ${dpy},password'.\n");
3288 return -EINVAL;
3289 }
3290
3291 g_free(vd->password);
3292 vd->password = g_strdup(password);
3293
3294 return 0;
3295 }
3296
3297 int vnc_display_pw_expire(const char *id, time_t expires)
3298 {
3299 VncDisplay *vd = vnc_display_find(id);
3300
3301 if (!vd) {
3302 return -EINVAL;
3303 }
3304
3305 vd->expires = expires;
3306 return 0;
3307 }
3308
3309 static void vnc_display_print_local_addr(VncDisplay *vd)
3310 {
3311 SocketAddress *addr;
3312 Error *err = NULL;
3313
3314 if (!vd->listener || !vd->listener->nsioc) {
3315 return;
3316 }
3317
3318 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], &err);
3319 if (!addr) {
3320 return;
3321 }
3322
3323 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3324 qapi_free_SocketAddress(addr);
3325 return;
3326 }
3327 error_printf_unless_qmp("VNC server running on %s:%s\n",
3328 addr->u.inet.host,
3329 addr->u.inet.port);
3330 qapi_free_SocketAddress(addr);
3331 }
3332
3333 static QemuOptsList qemu_vnc_opts = {
3334 .name = "vnc",
3335 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3336 .implied_opt_name = "vnc",
3337 .desc = {
3338 {
3339 .name = "vnc",
3340 .type = QEMU_OPT_STRING,
3341 },{
3342 .name = "websocket",
3343 .type = QEMU_OPT_STRING,
3344 },{
3345 .name = "tls-creds",
3346 .type = QEMU_OPT_STRING,
3347 },{
3348 /* Deprecated in favour of tls-creds */
3349 .name = "x509",
3350 .type = QEMU_OPT_STRING,
3351 },{
3352 .name = "share",
3353 .type = QEMU_OPT_STRING,
3354 },{
3355 .name = "display",
3356 .type = QEMU_OPT_STRING,
3357 },{
3358 .name = "head",
3359 .type = QEMU_OPT_NUMBER,
3360 },{
3361 .name = "connections",
3362 .type = QEMU_OPT_NUMBER,
3363 },{
3364 .name = "to",
3365 .type = QEMU_OPT_NUMBER,
3366 },{
3367 .name = "ipv4",
3368 .type = QEMU_OPT_BOOL,
3369 },{
3370 .name = "ipv6",
3371 .type = QEMU_OPT_BOOL,
3372 },{
3373 .name = "password",
3374 .type = QEMU_OPT_BOOL,
3375 },{
3376 .name = "reverse",
3377 .type = QEMU_OPT_BOOL,
3378 },{
3379 .name = "lock-key-sync",
3380 .type = QEMU_OPT_BOOL,
3381 },{
3382 .name = "key-delay-ms",
3383 .type = QEMU_OPT_NUMBER,
3384 },{
3385 .name = "sasl",
3386 .type = QEMU_OPT_BOOL,
3387 },{
3388 /* Deprecated in favour of tls-creds */
3389 .name = "tls",
3390 .type = QEMU_OPT_BOOL,
3391 },{
3392 /* Deprecated in favour of tls-creds */
3393 .name = "x509verify",
3394 .type = QEMU_OPT_STRING,
3395 },{
3396 .name = "acl",
3397 .type = QEMU_OPT_BOOL,
3398 },{
3399 .name = "lossy",
3400 .type = QEMU_OPT_BOOL,
3401 },{
3402 .name = "non-adaptive",
3403 .type = QEMU_OPT_BOOL,
3404 },
3405 { /* end of list */ }
3406 },
3407 };
3408
3409
3410 static int
3411 vnc_display_setup_auth(int *auth,
3412 int *subauth,
3413 QCryptoTLSCreds *tlscreds,
3414 bool password,
3415 bool sasl,
3416 bool websocket,
3417 Error **errp)
3418 {
3419 /*
3420 * We have a choice of 3 authentication options
3421 *
3422 * 1. none
3423 * 2. vnc
3424 * 3. sasl
3425 *
3426 * The channel can be run in 2 modes
3427 *
3428 * 1. clear
3429 * 2. tls
3430 *
3431 * And TLS can use 2 types of credentials
3432 *
3433 * 1. anon
3434 * 2. x509
3435 *
3436 * We thus have 9 possible logical combinations
3437 *
3438 * 1. clear + none
3439 * 2. clear + vnc
3440 * 3. clear + sasl
3441 * 4. tls + anon + none
3442 * 5. tls + anon + vnc
3443 * 6. tls + anon + sasl
3444 * 7. tls + x509 + none
3445 * 8. tls + x509 + vnc
3446 * 9. tls + x509 + sasl
3447 *
3448 * These need to be mapped into the VNC auth schemes
3449 * in an appropriate manner. In regular VNC, all the
3450 * TLS options get mapped into VNC_AUTH_VENCRYPT
3451 * sub-auth types.
3452 *
3453 * In websockets, the https:// protocol already provides
3454 * TLS support, so there is no need to make use of the
3455 * VeNCrypt extension. Furthermore, websockets browser
3456 * clients could not use VeNCrypt even if they wanted to,
3457 * as they cannot control when the TLS handshake takes
3458 * place. Thus there is no option but to rely on https://,
3459 * meaning combinations 4->6 and 7->9 will be mapped to
3460 * VNC auth schemes in the same way as combos 1->3.
3461 *
3462 * Regardless of fact that we have a different mapping to
3463 * VNC auth mechs for plain VNC vs websockets VNC, the end
3464 * result has the same security characteristics.
3465 */
3466 if (websocket || !tlscreds) {
3467 if (password) {
3468 VNC_DEBUG("Initializing VNC server with password auth\n");
3469 *auth = VNC_AUTH_VNC;
3470 } else if (sasl) {
3471 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3472 *auth = VNC_AUTH_SASL;
3473 } else {
3474 VNC_DEBUG("Initializing VNC server with no auth\n");
3475 *auth = VNC_AUTH_NONE;
3476 }
3477 *subauth = VNC_AUTH_INVALID;
3478 } else {
3479 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3480 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3481 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3482 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3483
3484 if (!is_x509 && !is_anon) {
3485 error_setg(errp,
3486 "Unsupported TLS cred type %s",
3487 object_get_typename(OBJECT(tlscreds)));
3488 return -1;
3489 }
3490 *auth = VNC_AUTH_VENCRYPT;
3491 if (password) {
3492 if (is_x509) {
3493 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3494 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3495 } else {
3496 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3497 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3498 }
3499
3500 } else if (sasl) {
3501 if (is_x509) {
3502 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3503 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3504 } else {
3505 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3506 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3507 }
3508 } else {
3509 if (is_x509) {
3510 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3511 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3512 } else {
3513 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3514 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3515 }
3516 }
3517 }
3518 return 0;
3519 }
3520
3521
3522 /*
3523 * Handle back compat with old CLI syntax by creating some
3524 * suitable QCryptoTLSCreds objects
3525 */
3526 static QCryptoTLSCreds *
3527 vnc_display_create_creds(bool x509,
3528 bool x509verify,
3529 const char *dir,
3530 const char *id,
3531 Error **errp)
3532 {
3533 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3534 Object *parent = object_get_objects_root();
3535 Object *creds;
3536 Error *err = NULL;
3537
3538 if (x509) {
3539 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3540 parent,
3541 credsid,
3542 &err,
3543 "endpoint", "server",
3544 "dir", dir,
3545 "verify-peer", x509verify ? "yes" : "no",
3546 NULL);
3547 } else {
3548 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3549 parent,
3550 credsid,
3551 &err,
3552 "endpoint", "server",
3553 NULL);
3554 }
3555
3556 g_free(credsid);
3557
3558 if (err) {
3559 error_propagate(errp, err);
3560 return NULL;
3561 }
3562
3563 return QCRYPTO_TLS_CREDS(creds);
3564 }
3565
3566
3567 static int vnc_display_get_address(const char *addrstr,
3568 bool websocket,
3569 bool reverse,
3570 int displaynum,
3571 int to,
3572 bool has_ipv4,
3573 bool has_ipv6,
3574 bool ipv4,
3575 bool ipv6,
3576 SocketAddress **retaddr,
3577 Error **errp)
3578 {
3579 int ret = -1;
3580 SocketAddress *addr = NULL;
3581
3582 addr = g_new0(SocketAddress, 1);
3583
3584 if (strncmp(addrstr, "unix:", 5) == 0) {
3585 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3586 addr->u.q_unix.path = g_strdup(addrstr + 5);
3587
3588 if (websocket) {
3589 error_setg(errp, "UNIX sockets not supported with websock");
3590 goto cleanup;
3591 }
3592
3593 if (to) {
3594 error_setg(errp, "Port range not support with UNIX socket");
3595 goto cleanup;
3596 }
3597 ret = 0;
3598 } else {
3599 const char *port;
3600 size_t hostlen;
3601 unsigned long long baseport = 0;
3602 InetSocketAddress *inet;
3603
3604 port = strrchr(addrstr, ':');
3605 if (!port) {
3606 if (websocket) {
3607 hostlen = 0;
3608 port = addrstr;
3609 } else {
3610 error_setg(errp, "no vnc port specified");
3611 goto cleanup;
3612 }
3613 } else {
3614 hostlen = port - addrstr;
3615 port++;
3616 if (*port == '\0') {
3617 error_setg(errp, "vnc port cannot be empty");
3618 goto cleanup;
3619 }
3620 }
3621
3622 addr->type = SOCKET_ADDRESS_TYPE_INET;
3623 inet = &addr->u.inet;
3624 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3625 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3626 } else {
3627 inet->host = g_strndup(addrstr, hostlen);
3628 }
3629 /* plain VNC port is just an offset, for websocket
3630 * port is absolute */
3631 if (websocket) {
3632 if (g_str_equal(addrstr, "") ||
3633 g_str_equal(addrstr, "on")) {
3634 if (displaynum == -1) {
3635 error_setg(errp, "explicit websocket port is required");
3636 goto cleanup;
3637 }
3638 inet->port = g_strdup_printf(
3639 "%d", displaynum + 5700);
3640 if (to) {
3641 inet->has_to = true;
3642 inet->to = to + 5700;
3643 }
3644 } else {
3645 inet->port = g_strdup(port);
3646 }
3647 } else {
3648 int offset = reverse ? 0 : 5900;
3649 if (parse_uint_full(port, &baseport, 10) < 0) {
3650 error_setg(errp, "can't convert to a number: %s", port);
3651 goto cleanup;
3652 }
3653 if (baseport > 65535 ||
3654 baseport + offset > 65535) {
3655 error_setg(errp, "port %s out of range", port);
3656 goto cleanup;
3657 }
3658 inet->port = g_strdup_printf(
3659 "%d", (int)baseport + offset);
3660
3661 if (to) {
3662 inet->has_to = true;
3663 inet->to = to + offset;
3664 }
3665 }
3666
3667 inet->ipv4 = ipv4;
3668 inet->has_ipv4 = has_ipv4;
3669 inet->ipv6 = ipv6;
3670 inet->has_ipv6 = has_ipv6;
3671
3672 ret = baseport;
3673 }
3674
3675 *retaddr = addr;
3676
3677 cleanup:
3678 if (ret < 0) {
3679 qapi_free_SocketAddress(addr);
3680 }
3681 return ret;
3682 }
3683
3684 static void vnc_free_addresses(SocketAddress ***retsaddr,
3685 size_t *retnsaddr)
3686 {
3687 size_t i;
3688
3689 for (i = 0; i < *retnsaddr; i++) {
3690 qapi_free_SocketAddress((*retsaddr)[i]);
3691 }
3692 g_free(*retsaddr);
3693
3694 *retsaddr = NULL;
3695 *retnsaddr = 0;
3696 }
3697
3698 static int vnc_display_get_addresses(QemuOpts *opts,
3699 bool reverse,
3700 SocketAddress ***retsaddr,
3701 size_t *retnsaddr,
3702 SocketAddress ***retwsaddr,
3703 size_t *retnwsaddr,
3704 Error **errp)
3705 {
3706 SocketAddress *saddr = NULL;
3707 SocketAddress *wsaddr = NULL;
3708 QemuOptsIter addriter;
3709 const char *addr;
3710 int to = qemu_opt_get_number(opts, "to", 0);
3711 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3712 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3713 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3714 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3715 int displaynum = -1;
3716 int ret = -1;
3717
3718 *retsaddr = NULL;
3719 *retnsaddr = 0;
3720 *retwsaddr = NULL;
3721 *retnwsaddr = 0;
3722
3723 addr = qemu_opt_get(opts, "vnc");
3724 if (addr == NULL || g_str_equal(addr, "none")) {
3725 ret = 0;
3726 goto cleanup;
3727 }
3728 if (qemu_opt_get(opts, "websocket") &&
3729 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3730 error_setg(errp,
3731 "SHA1 hash support is required for websockets");
3732 goto cleanup;
3733 }
3734
3735 qemu_opt_iter_init(&addriter, opts, "vnc");
3736 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3737 int rv;
3738 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3739 has_ipv4, has_ipv6,
3740 ipv4, ipv6,
3741 &saddr, errp);
3742 if (rv < 0) {
3743 goto cleanup;
3744 }
3745 /* Historical compat - first listen address can be used
3746 * to set the default websocket port
3747 */
3748 if (displaynum == -1) {
3749 displaynum = rv;
3750 }
3751 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3752 (*retsaddr)[(*retnsaddr)++] = saddr;
3753 }
3754
3755 /* If we had multiple primary displays, we don't do defaults
3756 * for websocket, and require explicit config instead. */
3757 if (*retnsaddr > 1) {
3758 displaynum = -1;
3759 }
3760
3761 qemu_opt_iter_init(&addriter, opts, "websocket");
3762 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3763 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3764 has_ipv4, has_ipv6,
3765 ipv4, ipv6,
3766 &wsaddr, errp) < 0) {
3767 goto cleanup;
3768 }
3769
3770 /* Historical compat - if only a single listen address was
3771 * provided, then this is used to set the default listen
3772 * address for websocket too
3773 */
3774 if (*retnsaddr == 1 &&
3775 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3776 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3777 g_str_equal(wsaddr->u.inet.host, "") &&
3778 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3779 g_free(wsaddr->u.inet.host);
3780 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3781 }
3782
3783 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3784 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3785 }
3786
3787 ret = 0;
3788 cleanup:
3789 if (ret < 0) {
3790 vnc_free_addresses(retsaddr, retnsaddr);
3791 vnc_free_addresses(retwsaddr, retnwsaddr);
3792 }
3793 return ret;
3794 }
3795
3796 static int vnc_display_connect(VncDisplay *vd,
3797 SocketAddress **saddr,
3798 size_t nsaddr,
3799 SocketAddress **wsaddr,
3800 size_t nwsaddr,
3801 Error **errp)
3802 {
3803 /* connect to viewer */
3804 QIOChannelSocket *sioc = NULL;
3805 if (nwsaddr != 0) {
3806 error_setg(errp, "Cannot use websockets in reverse mode");
3807 return -1;
3808 }
3809 if (nsaddr != 1) {
3810 error_setg(errp, "Expected a single address in reverse mode");
3811 return -1;
3812 }
3813 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3814 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3815 sioc = qio_channel_socket_new();
3816 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3817 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3818 return -1;
3819 }
3820 vnc_connect(vd, sioc, false, false);
3821 object_unref(OBJECT(sioc));
3822 return 0;
3823 }
3824
3825
3826 static int vnc_display_listen(VncDisplay *vd,
3827 SocketAddress **saddr,
3828 size_t nsaddr,
3829 SocketAddress **wsaddr,
3830 size_t nwsaddr,
3831 Error **errp)
3832 {
3833 size_t i;
3834
3835 if (nsaddr) {
3836 vd->listener = qio_net_listener_new();
3837 qio_net_listener_set_name(vd->listener, "vnc-listen");
3838 for (i = 0; i < nsaddr; i++) {
3839 if (qio_net_listener_open_sync(vd->listener,
3840 saddr[i],
3841 errp) < 0) {
3842 return -1;
3843 }
3844 }
3845
3846 qio_net_listener_set_client_func(vd->listener,
3847 vnc_listen_io, vd, NULL);
3848 }
3849
3850 if (nwsaddr) {
3851 vd->wslistener = qio_net_listener_new();
3852 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3853 for (i = 0; i < nwsaddr; i++) {
3854 if (qio_net_listener_open_sync(vd->wslistener,
3855 wsaddr[i],
3856 errp) < 0) {
3857 return -1;
3858 }
3859 }
3860
3861 qio_net_listener_set_client_func(vd->wslistener,
3862 vnc_listen_io, vd, NULL);
3863 }
3864
3865 return 0;
3866 }
3867
3868
3869 void vnc_display_open(const char *id, Error **errp)
3870 {
3871 VncDisplay *vd = vnc_display_find(id);
3872 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3873 SocketAddress **saddr = NULL, **wsaddr = NULL;
3874 size_t nsaddr, nwsaddr;
3875 const char *share, *device_id;
3876 QemuConsole *con;
3877 bool password = false;
3878 bool reverse = false;
3879 const char *credid;
3880 bool sasl = false;
3881 #ifdef CONFIG_VNC_SASL
3882 int saslErr;
3883 #endif
3884 int acl = 0;
3885 int lock_key_sync = 1;
3886 int key_delay_ms;
3887
3888 if (!vd) {
3889 error_setg(errp, "VNC display not active");
3890 return;
3891 }
3892 vnc_display_close(vd);
3893
3894 if (!opts) {
3895 return;
3896 }
3897
3898 reverse = qemu_opt_get_bool(opts, "reverse", false);
3899 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3900 &wsaddr, &nwsaddr, errp) < 0) {
3901 goto fail;
3902 }
3903
3904 password = qemu_opt_get_bool(opts, "password", false);
3905 if (password) {
3906 if (fips_get_state()) {
3907 error_setg(errp,
3908 "VNC password auth disabled due to FIPS mode, "
3909 "consider using the VeNCrypt or SASL authentication "
3910 "methods as an alternative");
3911 goto fail;
3912 }
3913 if (!qcrypto_cipher_supports(
3914 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3915 error_setg(errp,
3916 "Cipher backend does not support DES RFB algorithm");
3917 goto fail;
3918 }
3919 }
3920
3921 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3922 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3923 sasl = qemu_opt_get_bool(opts, "sasl", false);
3924 #ifndef CONFIG_VNC_SASL
3925 if (sasl) {
3926 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3927 goto fail;
3928 }
3929 #endif /* CONFIG_VNC_SASL */
3930 credid = qemu_opt_get(opts, "tls-creds");
3931 if (credid) {
3932 Object *creds;
3933 if (qemu_opt_get(opts, "tls") ||
3934 qemu_opt_get(opts, "x509") ||
3935 qemu_opt_get(opts, "x509verify")) {
3936 error_setg(errp,
3937 "'tls-creds' parameter is mutually exclusive with "
3938 "'tls', 'x509' and 'x509verify' parameters");
3939 goto fail;
3940 }
3941
3942 creds = object_resolve_path_component(
3943 object_get_objects_root(), credid);
3944 if (!creds) {
3945 error_setg(errp, "No TLS credentials with id '%s'",
3946 credid);
3947 goto fail;
3948 }
3949 vd->tlscreds = (QCryptoTLSCreds *)
3950 object_dynamic_cast(creds,
3951 TYPE_QCRYPTO_TLS_CREDS);
3952 if (!vd->tlscreds) {
3953 error_setg(errp, "Object with id '%s' is not TLS credentials",
3954 credid);
3955 goto fail;
3956 }
3957 object_ref(OBJECT(vd->tlscreds));
3958
3959 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3960 error_setg(errp,
3961 "Expecting TLS credentials with a server endpoint");
3962 goto fail;
3963 }
3964 } else {
3965 const char *path;
3966 bool tls = false, x509 = false, x509verify = false;
3967 tls = qemu_opt_get_bool(opts, "tls", false);
3968 if (tls) {
3969 path = qemu_opt_get(opts, "x509");
3970
3971 if (path) {
3972 x509 = true;
3973 } else {
3974 path = qemu_opt_get(opts, "x509verify");
3975 if (path) {
3976 x509 = true;
3977 x509verify = true;
3978 }
3979 }
3980 vd->tlscreds = vnc_display_create_creds(x509,
3981 x509verify,
3982 path,
3983 vd->id,
3984 errp);
3985 if (!vd->tlscreds) {
3986 goto fail;
3987 }
3988 }
3989 }
3990 acl = qemu_opt_get_bool(opts, "acl", false);
3991
3992 share = qemu_opt_get(opts, "share");
3993 if (share) {
3994 if (strcmp(share, "ignore") == 0) {
3995 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3996 } else if (strcmp(share, "allow-exclusive") == 0) {
3997 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3998 } else if (strcmp(share, "force-shared") == 0) {
3999 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4000 } else {
4001 error_setg(errp, "unknown vnc share= option");
4002 goto fail;
4003 }
4004 } else {
4005 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4006 }
4007 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4008
4009 #ifdef CONFIG_VNC_JPEG
4010 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4011 #endif
4012 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4013 /* adaptive updates are only used with tight encoding and
4014 * if lossy updates are enabled so we can disable all the
4015 * calculations otherwise */
4016 if (!vd->lossy) {
4017 vd->non_adaptive = true;
4018 }
4019
4020 if (acl) {
4021 if (strcmp(vd->id, "default") == 0) {
4022 vd->tlsaclname = g_strdup("vnc.x509dname");
4023 } else {
4024 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id);
4025 }
4026 qemu_acl_init(vd->tlsaclname);
4027 }
4028 #ifdef CONFIG_VNC_SASL
4029 if (acl && sasl) {
4030 char *aclname;
4031
4032 if (strcmp(vd->id, "default") == 0) {
4033 aclname = g_strdup("vnc.username");
4034 } else {
4035 aclname = g_strdup_printf("vnc.%s.username", vd->id);
4036 }
4037 vd->sasl.acl = qemu_acl_init(aclname);
4038 g_free(aclname);
4039 }
4040 #endif
4041
4042 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4043 vd->tlscreds, password,
4044 sasl, false, errp) < 0) {
4045 goto fail;
4046 }
4047 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4048
4049 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4050 vd->tlscreds, password,
4051 sasl, true, errp) < 0) {
4052 goto fail;
4053 }
4054 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4055
4056 #ifdef CONFIG_VNC_SASL
4057 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
4058 error_setg(errp, "Failed to initialize SASL auth: %s",
4059 sasl_errstring(saslErr, NULL, NULL));
4060 goto fail;
4061 }
4062 #endif
4063 vd->lock_key_sync = lock_key_sync;
4064 if (lock_key_sync) {
4065 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4066 }
4067 vd->ledstate = 0;
4068 vd->key_delay_ms = key_delay_ms;
4069
4070 device_id = qemu_opt_get(opts, "display");
4071 if (device_id) {
4072 int head = qemu_opt_get_number(opts, "head", 0);
4073 Error *err = NULL;
4074
4075 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4076 if (err) {
4077 error_propagate(errp, err);
4078 goto fail;
4079 }
4080 } else {
4081 con = NULL;
4082 }
4083
4084 if (con != vd->dcl.con) {
4085 unregister_displaychangelistener(&vd->dcl);
4086 vd->dcl.con = con;
4087 register_displaychangelistener(&vd->dcl);
4088 }
4089
4090 if (saddr == NULL) {
4091 goto cleanup;
4092 }
4093
4094 if (reverse) {
4095 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4096 goto fail;
4097 }
4098 } else {
4099 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4100 goto fail;
4101 }
4102 }
4103
4104 if (qemu_opt_get(opts, "to")) {
4105 vnc_display_print_local_addr(vd);
4106 }
4107
4108 cleanup:
4109 vnc_free_addresses(&saddr, &nsaddr);
4110 vnc_free_addresses(&wsaddr, &nwsaddr);
4111 return;
4112
4113 fail:
4114 vnc_display_close(vd);
4115 goto cleanup;
4116 }
4117
4118 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4119 {
4120 VncDisplay *vd = vnc_display_find(id);
4121 QIOChannelSocket *sioc;
4122
4123 if (!vd) {
4124 return;
4125 }
4126
4127 sioc = qio_channel_socket_new_fd(csock, NULL);
4128 if (sioc) {
4129 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4130 vnc_connect(vd, sioc, skipauth, false);
4131 object_unref(OBJECT(sioc));
4132 }
4133 }
4134
4135 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4136 {
4137 int i = 2;
4138 char *id;
4139
4140 id = g_strdup("default");
4141 while (qemu_opts_find(olist, id)) {
4142 g_free(id);
4143 id = g_strdup_printf("vnc%d", i++);
4144 }
4145 qemu_opts_set_id(opts, id);
4146 }
4147
4148 QemuOpts *vnc_parse(const char *str, Error **errp)
4149 {
4150 QemuOptsList *olist = qemu_find_opts("vnc");
4151 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4152 const char *id;
4153
4154 if (!opts) {
4155 return NULL;
4156 }
4157
4158 id = qemu_opts_id(opts);
4159 if (!id) {
4160 /* auto-assign id if not present */
4161 vnc_auto_assign_id(olist, opts);
4162 }
4163 return opts;
4164 }
4165
4166 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4167 {
4168 Error *local_err = NULL;
4169 char *id = (char *)qemu_opts_id(opts);
4170
4171 assert(id);
4172 vnc_display_init(id);
4173 vnc_display_open(id, &local_err);
4174 if (local_err != NULL) {
4175 error_reportf_err(local_err, "Failed to start VNC server: ");
4176 exit(1);
4177 }
4178 return 0;
4179 }
4180
4181 static void vnc_register_config(void)
4182 {
4183 qemu_add_opts(&qemu_vnc_opts);
4184 }
4185 opts_init(vnc_register_config);
QEMU mirror