]> git.proxmox.com Git - mirror_qemu.git/blob - ui/vnc.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vnc: correct missing property about vnc_display
[mirror_qemu.git] / ui / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "vnc-jobs.h"
29 #include "trace.h"
30 #include "hw/qdev.h"
31 #include "sysemu/sysemu.h"
32 #include "qemu/sockets.h"
33 #include "qemu/timer.h"
34 #include "qemu/acl.h"
35 #include "qemu/config-file.h"
36 #include "qapi/qmp/types.h"
37 #include "qmp-commands.h"
38 #include "qemu/osdep.h"
39 #include "ui/input.h"
40 #include "qapi-event.h"
41
42 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
43 #define VNC_REFRESH_INTERVAL_INC 50
44 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
45 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
46 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
47
48 #include "vnc_keysym.h"
49 #include "d3des.h"
50
51 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
52 QTAILQ_HEAD_INITIALIZER(vnc_displays);
53
54 static int vnc_cursor_define(VncState *vs);
55 static void vnc_release_modifiers(VncState *vs);
56
57 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
58 {
59 #ifdef _VNC_DEBUG
60 static const char *mn[] = {
61 [0] = "undefined",
62 [VNC_SHARE_MODE_CONNECTING] = "connecting",
63 [VNC_SHARE_MODE_SHARED] = "shared",
64 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
65 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
66 };
67 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
68 vs->csock, mn[vs->share_mode], mn[mode]);
69 #endif
70
71 switch (vs->share_mode) {
72 case VNC_SHARE_MODE_CONNECTING:
73 vs->vd->num_connecting--;
74 break;
75 case VNC_SHARE_MODE_SHARED:
76 vs->vd->num_shared--;
77 break;
78 case VNC_SHARE_MODE_EXCLUSIVE:
79 vs->vd->num_exclusive--;
80 break;
81 default:
82 break;
83 }
84
85 vs->share_mode = mode;
86
87 switch (vs->share_mode) {
88 case VNC_SHARE_MODE_CONNECTING:
89 vs->vd->num_connecting++;
90 break;
91 case VNC_SHARE_MODE_SHARED:
92 vs->vd->num_shared++;
93 break;
94 case VNC_SHARE_MODE_EXCLUSIVE:
95 vs->vd->num_exclusive++;
96 break;
97 default:
98 break;
99 }
100 }
101
102 static char *addr_to_string(const char *format,
103 struct sockaddr_storage *sa,
104 socklen_t salen) {
105 char *addr;
106 char host[NI_MAXHOST];
107 char serv[NI_MAXSERV];
108 int err;
109 size_t addrlen;
110
111 if ((err = getnameinfo((struct sockaddr *)sa, salen,
112 host, sizeof(host),
113 serv, sizeof(serv),
114 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
115 VNC_DEBUG("Cannot resolve address %d: %s\n",
116 err, gai_strerror(err));
117 return NULL;
118 }
119
120 /* Enough for the existing format + the 2 vars we're
121 * substituting in. */
122 addrlen = strlen(format) + strlen(host) + strlen(serv);
123 addr = g_malloc(addrlen + 1);
124 snprintf(addr, addrlen, format, host, serv);
125 addr[addrlen] = '\0';
126
127 return addr;
128 }
129
130
131 char *vnc_socket_local_addr(const char *format, int fd) {
132 struct sockaddr_storage sa;
133 socklen_t salen;
134
135 salen = sizeof(sa);
136 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
137 return NULL;
138
139 return addr_to_string(format, &sa, salen);
140 }
141
142 char *vnc_socket_remote_addr(const char *format, int fd) {
143 struct sockaddr_storage sa;
144 socklen_t salen;
145
146 salen = sizeof(sa);
147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
148 return NULL;
149
150 return addr_to_string(format, &sa, salen);
151 }
152
153 static VncBasicInfo *vnc_basic_info_get(struct sockaddr_storage *sa,
154 socklen_t salen)
155 {
156 VncBasicInfo *info;
157 char host[NI_MAXHOST];
158 char serv[NI_MAXSERV];
159 int err;
160
161 if ((err = getnameinfo((struct sockaddr *)sa, salen,
162 host, sizeof(host),
163 serv, sizeof(serv),
164 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
165 VNC_DEBUG("Cannot resolve address %d: %s\n",
166 err, gai_strerror(err));
167 return NULL;
168 }
169
170 info = g_malloc0(sizeof(VncBasicInfo));
171 info->host = g_strdup(host);
172 info->service = g_strdup(serv);
173 info->family = inet_netfamily(sa->ss_family);
174 return info;
175 }
176
177 static VncBasicInfo *vnc_basic_info_get_from_server_addr(int fd)
178 {
179 struct sockaddr_storage sa;
180 socklen_t salen;
181
182 salen = sizeof(sa);
183 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
184 return NULL;
185 }
186
187 return vnc_basic_info_get(&sa, salen);
188 }
189
190 static VncBasicInfo *vnc_basic_info_get_from_remote_addr(int fd)
191 {
192 struct sockaddr_storage sa;
193 socklen_t salen;
194
195 salen = sizeof(sa);
196 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
197 return NULL;
198 }
199
200 return vnc_basic_info_get(&sa, salen);
201 }
202
203 static const char *vnc_auth_name(VncDisplay *vd) {
204 switch (vd->auth) {
205 case VNC_AUTH_INVALID:
206 return "invalid";
207 case VNC_AUTH_NONE:
208 return "none";
209 case VNC_AUTH_VNC:
210 return "vnc";
211 case VNC_AUTH_RA2:
212 return "ra2";
213 case VNC_AUTH_RA2NE:
214 return "ra2ne";
215 case VNC_AUTH_TIGHT:
216 return "tight";
217 case VNC_AUTH_ULTRA:
218 return "ultra";
219 case VNC_AUTH_TLS:
220 return "tls";
221 case VNC_AUTH_VENCRYPT:
222 #ifdef CONFIG_VNC_TLS
223 switch (vd->subauth) {
224 case VNC_AUTH_VENCRYPT_PLAIN:
225 return "vencrypt+plain";
226 case VNC_AUTH_VENCRYPT_TLSNONE:
227 return "vencrypt+tls+none";
228 case VNC_AUTH_VENCRYPT_TLSVNC:
229 return "vencrypt+tls+vnc";
230 case VNC_AUTH_VENCRYPT_TLSPLAIN:
231 return "vencrypt+tls+plain";
232 case VNC_AUTH_VENCRYPT_X509NONE:
233 return "vencrypt+x509+none";
234 case VNC_AUTH_VENCRYPT_X509VNC:
235 return "vencrypt+x509+vnc";
236 case VNC_AUTH_VENCRYPT_X509PLAIN:
237 return "vencrypt+x509+plain";
238 case VNC_AUTH_VENCRYPT_TLSSASL:
239 return "vencrypt+tls+sasl";
240 case VNC_AUTH_VENCRYPT_X509SASL:
241 return "vencrypt+x509+sasl";
242 default:
243 return "vencrypt";
244 }
245 #else
246 return "vencrypt";
247 #endif
248 case VNC_AUTH_SASL:
249 return "sasl";
250 }
251 return "unknown";
252 }
253
254 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
255 {
256 VncServerInfo *info;
257 VncBasicInfo *bi = vnc_basic_info_get_from_server_addr(vd->lsock);
258 if (!bi) {
259 return NULL;
260 }
261
262 info = g_malloc(sizeof(*info));
263 info->base = bi;
264 info->has_auth = true;
265 info->auth = g_strdup(vnc_auth_name(vd));
266 return info;
267 }
268
269 static void vnc_client_cache_auth(VncState *client)
270 {
271 if (!client->info) {
272 return;
273 }
274
275 #ifdef CONFIG_VNC_TLS
276 if (client->tls.session &&
277 client->tls.dname) {
278 client->info->has_x509_dname = true;
279 client->info->x509_dname = g_strdup(client->tls.dname);
280 }
281 #endif
282 #ifdef CONFIG_VNC_SASL
283 if (client->sasl.conn &&
284 client->sasl.username) {
285 client->info->has_sasl_username = true;
286 client->info->sasl_username = g_strdup(client->sasl.username);
287 }
288 #endif
289 }
290
291 static void vnc_client_cache_addr(VncState *client)
292 {
293 VncBasicInfo *bi = vnc_basic_info_get_from_remote_addr(client->csock);
294
295 if (bi) {
296 client->info = g_malloc0(sizeof(*client->info));
297 client->info->base = bi;
298 }
299 }
300
301 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
302 {
303 VncServerInfo *si;
304
305 if (!vs->info) {
306 return;
307 }
308 g_assert(vs->info->base);
309
310 si = vnc_server_info_get(vs->vd);
311 if (!si) {
312 return;
313 }
314
315 switch (event) {
316 case QAPI_EVENT_VNC_CONNECTED:
317 qapi_event_send_vnc_connected(si, vs->info->base, &error_abort);
318 break;
319 case QAPI_EVENT_VNC_INITIALIZED:
320 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
321 break;
322 case QAPI_EVENT_VNC_DISCONNECTED:
323 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
324 break;
325 default:
326 break;
327 }
328
329 qapi_free_VncServerInfo(si);
330 }
331
332 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
333 {
334 struct sockaddr_storage sa;
335 socklen_t salen = sizeof(sa);
336 char host[NI_MAXHOST];
337 char serv[NI_MAXSERV];
338 VncClientInfo *info;
339
340 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
341 return NULL;
342 }
343
344 if (getnameinfo((struct sockaddr *)&sa, salen,
345 host, sizeof(host),
346 serv, sizeof(serv),
347 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
348 return NULL;
349 }
350
351 info = g_malloc0(sizeof(*info));
352 info->base = g_malloc0(sizeof(*info->base));
353 info->base->host = g_strdup(host);
354 info->base->service = g_strdup(serv);
355 info->base->family = inet_netfamily(sa.ss_family);
356 #ifdef CONFIG_VNC_WS
357 info->base->websocket = client->websocket;
358 #endif
359
360 #ifdef CONFIG_VNC_TLS
361 if (client->tls.session && client->tls.dname) {
362 info->has_x509_dname = true;
363 info->x509_dname = g_strdup(client->tls.dname);
364 }
365 #endif
366 #ifdef CONFIG_VNC_SASL
367 if (client->sasl.conn && client->sasl.username) {
368 info->has_sasl_username = true;
369 info->sasl_username = g_strdup(client->sasl.username);
370 }
371 #endif
372
373 return info;
374 }
375
376 static VncDisplay *vnc_display_find(const char *id)
377 {
378 VncDisplay *vd;
379
380 if (id == NULL) {
381 return QTAILQ_FIRST(&vnc_displays);
382 }
383 QTAILQ_FOREACH(vd, &vnc_displays, next) {
384 if (strcmp(id, vd->id) == 0) {
385 return vd;
386 }
387 }
388 return NULL;
389 }
390
391 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
392 {
393 VncClientInfoList *cinfo, *prev = NULL;
394 VncState *client;
395
396 QTAILQ_FOREACH(client, &vd->clients, next) {
397 cinfo = g_new0(VncClientInfoList, 1);
398 cinfo->value = qmp_query_vnc_client(client);
399 cinfo->next = prev;
400 prev = cinfo;
401 }
402 return prev;
403 }
404
405 VncInfo *qmp_query_vnc(Error **errp)
406 {
407 VncInfo *info = g_malloc0(sizeof(*info));
408 VncDisplay *vd = vnc_display_find(NULL);
409
410 if (vd == NULL || vd->display == NULL) {
411 info->enabled = false;
412 } else {
413 struct sockaddr_storage sa;
414 socklen_t salen = sizeof(sa);
415 char host[NI_MAXHOST];
416 char serv[NI_MAXSERV];
417
418 info->enabled = true;
419
420 /* for compatibility with the original command */
421 info->has_clients = true;
422 info->clients = qmp_query_client_list(vd);
423
424 if (vd->lsock == -1) {
425 return info;
426 }
427
428 if (getsockname(vd->lsock, (struct sockaddr *)&sa,
429 &salen) == -1) {
430 error_set(errp, QERR_UNDEFINED_ERROR);
431 goto out_error;
432 }
433
434 if (getnameinfo((struct sockaddr *)&sa, salen,
435 host, sizeof(host),
436 serv, sizeof(serv),
437 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
438 error_set(errp, QERR_UNDEFINED_ERROR);
439 goto out_error;
440 }
441
442 info->has_host = true;
443 info->host = g_strdup(host);
444
445 info->has_service = true;
446 info->service = g_strdup(serv);
447
448 info->has_family = true;
449 info->family = inet_netfamily(sa.ss_family);
450
451 info->has_auth = true;
452 info->auth = g_strdup(vnc_auth_name(vd));
453 }
454
455 return info;
456
457 out_error:
458 qapi_free_VncInfo(info);
459 return NULL;
460 }
461
462 static VncBasicInfoList *qmp_query_server_entry(int socket,
463 bool websocket,
464 VncBasicInfoList *prev)
465 {
466 VncBasicInfoList *list;
467 VncBasicInfo *info;
468 struct sockaddr_storage sa;
469 socklen_t salen = sizeof(sa);
470 char host[NI_MAXHOST];
471 char serv[NI_MAXSERV];
472
473 if (getsockname(socket, (struct sockaddr *)&sa, &salen) < 0 ||
474 getnameinfo((struct sockaddr *)&sa, salen,
475 host, sizeof(host), serv, sizeof(serv),
476 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
477 return prev;
478 }
479
480 info = g_new0(VncBasicInfo, 1);
481 info->host = g_strdup(host);
482 info->service = g_strdup(serv);
483 info->family = inet_netfamily(sa.ss_family);
484 info->websocket = websocket;
485
486 list = g_new0(VncBasicInfoList, 1);
487 list->value = info;
488 list->next = prev;
489 return list;
490 }
491
492 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info)
493 {
494 switch (vd->auth) {
495 case VNC_AUTH_VNC:
496 info->auth = VNC_PRIMARY_AUTH_VNC;
497 break;
498 case VNC_AUTH_RA2:
499 info->auth = VNC_PRIMARY_AUTH_RA2;
500 break;
501 case VNC_AUTH_RA2NE:
502 info->auth = VNC_PRIMARY_AUTH_RA2NE;
503 break;
504 case VNC_AUTH_TIGHT:
505 info->auth = VNC_PRIMARY_AUTH_TIGHT;
506 break;
507 case VNC_AUTH_ULTRA:
508 info->auth = VNC_PRIMARY_AUTH_ULTRA;
509 break;
510 case VNC_AUTH_TLS:
511 info->auth = VNC_PRIMARY_AUTH_TLS;
512 break;
513 case VNC_AUTH_VENCRYPT:
514 info->auth = VNC_PRIMARY_AUTH_VENCRYPT;
515 #ifdef CONFIG_VNC_TLS
516 info->has_vencrypt = true;
517 switch (vd->subauth) {
518 case VNC_AUTH_VENCRYPT_PLAIN:
519 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
520 break;
521 case VNC_AUTH_VENCRYPT_TLSNONE:
522 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
523 break;
524 case VNC_AUTH_VENCRYPT_TLSVNC:
525 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
526 break;
527 case VNC_AUTH_VENCRYPT_TLSPLAIN:
528 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
529 break;
530 case VNC_AUTH_VENCRYPT_X509NONE:
531 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
532 break;
533 case VNC_AUTH_VENCRYPT_X509VNC:
534 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
535 break;
536 case VNC_AUTH_VENCRYPT_X509PLAIN:
537 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
538 break;
539 case VNC_AUTH_VENCRYPT_TLSSASL:
540 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
541 break;
542 case VNC_AUTH_VENCRYPT_X509SASL:
543 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
544 break;
545 default:
546 info->has_vencrypt = false;
547 break;
548 }
549 #endif
550 break;
551 case VNC_AUTH_SASL:
552 info->auth = VNC_PRIMARY_AUTH_SASL;
553 break;
554 case VNC_AUTH_NONE:
555 default:
556 info->auth = VNC_PRIMARY_AUTH_NONE;
557 break;
558 }
559 }
560
561 VncInfo2List *qmp_query_vnc_servers(Error **errp)
562 {
563 VncInfo2List *item, *prev = NULL;
564 VncInfo2 *info;
565 VncDisplay *vd;
566 DeviceState *dev;
567
568 QTAILQ_FOREACH(vd, &vnc_displays, next) {
569 info = g_new0(VncInfo2, 1);
570 info->id = g_strdup(vd->id);
571 info->clients = qmp_query_client_list(vd);
572 qmp_query_auth(vd, info);
573 if (vd->dcl.con) {
574 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
575 "device", NULL));
576 info->has_display = true;
577 info->display = g_strdup(dev->id);
578 }
579 if (vd->lsock != -1) {
580 info->server = qmp_query_server_entry(vd->lsock, false,
581 info->server);
582 }
583 #ifdef CONFIG_VNC_WS
584 if (vd->lwebsock != -1) {
585 info->server = qmp_query_server_entry(vd->lwebsock, true,
586 info->server);
587 }
588 #endif
589
590 item = g_new0(VncInfo2List, 1);
591 item->value = info;
592 item->next = prev;
593 prev = item;
594 }
595 return prev;
596 }
597
598 /* TODO
599 1) Get the queue working for IO.
600 2) there is some weirdness when using the -S option (the screen is grey
601 and not totally invalidated
602 3) resolutions > 1024
603 */
604
605 static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
606 static void vnc_disconnect_start(VncState *vs);
607
608 static void vnc_colordepth(VncState *vs);
609 static void framebuffer_update_request(VncState *vs, int incremental,
610 int x_position, int y_position,
611 int w, int h);
612 static void vnc_refresh(DisplayChangeListener *dcl);
613 static int vnc_refresh_server_surface(VncDisplay *vd);
614
615 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
616 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
617 int width, int height,
618 int x, int y, int w, int h) {
619 /* this is needed this to ensure we updated all affected
620 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
621 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
622 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
623
624 x = MIN(x, width);
625 y = MIN(y, height);
626 w = MIN(x + w, width) - x;
627 h = MIN(y + h, height);
628
629 for (; y < h; y++) {
630 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
631 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
632 }
633 }
634
635 static void vnc_dpy_update(DisplayChangeListener *dcl,
636 int x, int y, int w, int h)
637 {
638 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
639 struct VncSurface *s = &vd->guest;
640 int width = pixman_image_get_width(vd->server);
641 int height = pixman_image_get_height(vd->server);
642
643 vnc_set_area_dirty(s->dirty, width, height, x, y, w, h);
644 }
645
646 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
647 int32_t encoding)
648 {
649 vnc_write_u16(vs, x);
650 vnc_write_u16(vs, y);
651 vnc_write_u16(vs, w);
652 vnc_write_u16(vs, h);
653
654 vnc_write_s32(vs, encoding);
655 }
656
657 void buffer_reserve(Buffer *buffer, size_t len)
658 {
659 if ((buffer->capacity - buffer->offset) < len) {
660 buffer->capacity += (len + 1024);
661 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
662 }
663 }
664
665 static int buffer_empty(Buffer *buffer)
666 {
667 return buffer->offset == 0;
668 }
669
670 uint8_t *buffer_end(Buffer *buffer)
671 {
672 return buffer->buffer + buffer->offset;
673 }
674
675 void buffer_reset(Buffer *buffer)
676 {
677 buffer->offset = 0;
678 }
679
680 void buffer_free(Buffer *buffer)
681 {
682 g_free(buffer->buffer);
683 buffer->offset = 0;
684 buffer->capacity = 0;
685 buffer->buffer = NULL;
686 }
687
688 void buffer_append(Buffer *buffer, const void *data, size_t len)
689 {
690 memcpy(buffer->buffer + buffer->offset, data, len);
691 buffer->offset += len;
692 }
693
694 void buffer_advance(Buffer *buf, size_t len)
695 {
696 memmove(buf->buffer, buf->buffer + len,
697 (buf->offset - len));
698 buf->offset -= len;
699 }
700
701 static void vnc_desktop_resize(VncState *vs)
702 {
703 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
704 return;
705 }
706 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
707 vs->client_height == pixman_image_get_height(vs->vd->server)) {
708 return;
709 }
710 vs->client_width = pixman_image_get_width(vs->vd->server);
711 vs->client_height = pixman_image_get_height(vs->vd->server);
712 vnc_lock_output(vs);
713 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
714 vnc_write_u8(vs, 0);
715 vnc_write_u16(vs, 1); /* number of rects */
716 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
717 VNC_ENCODING_DESKTOPRESIZE);
718 vnc_unlock_output(vs);
719 vnc_flush(vs);
720 }
721
722 static void vnc_abort_display_jobs(VncDisplay *vd)
723 {
724 VncState *vs;
725
726 QTAILQ_FOREACH(vs, &vd->clients, next) {
727 vnc_lock_output(vs);
728 vs->abort = true;
729 vnc_unlock_output(vs);
730 }
731 QTAILQ_FOREACH(vs, &vd->clients, next) {
732 vnc_jobs_join(vs);
733 }
734 QTAILQ_FOREACH(vs, &vd->clients, next) {
735 vnc_lock_output(vs);
736 vs->abort = false;
737 vnc_unlock_output(vs);
738 }
739 }
740
741 int vnc_server_fb_stride(VncDisplay *vd)
742 {
743 return pixman_image_get_stride(vd->server);
744 }
745
746 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
747 {
748 uint8_t *ptr;
749
750 ptr = (uint8_t *)pixman_image_get_data(vd->server);
751 ptr += y * vnc_server_fb_stride(vd);
752 ptr += x * VNC_SERVER_FB_BYTES;
753 return ptr;
754 }
755
756 static void vnc_dpy_switch(DisplayChangeListener *dcl,
757 DisplaySurface *surface)
758 {
759 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
760 VncState *vs;
761 int width, height;
762
763 vnc_abort_display_jobs(vd);
764
765 /* server surface */
766 qemu_pixman_image_unref(vd->server);
767 vd->ds = surface;
768 width = MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
769 VNC_DIRTY_PIXELS_PER_BIT));
770 height = MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
771 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
772 width, height, NULL, 0);
773
774 /* guest surface */
775 #if 0 /* FIXME */
776 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
777 console_color_init(ds);
778 #endif
779 qemu_pixman_image_unref(vd->guest.fb);
780 vd->guest.fb = pixman_image_ref(surface->image);
781 vd->guest.format = surface->format;
782 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
783 vnc_set_area_dirty(vd->guest.dirty, width, height, 0, 0,
784 width, height);
785
786 QTAILQ_FOREACH(vs, &vd->clients, next) {
787 vnc_colordepth(vs);
788 vnc_desktop_resize(vs);
789 if (vs->vd->cursor) {
790 vnc_cursor_define(vs);
791 }
792 memset(vs->dirty, 0x00, sizeof(vs->dirty));
793 vnc_set_area_dirty(vs->dirty, width, height, 0, 0,
794 width, height);
795 }
796 }
797
798 /* fastest code */
799 static void vnc_write_pixels_copy(VncState *vs,
800 void *pixels, int size)
801 {
802 vnc_write(vs, pixels, size);
803 }
804
805 /* slowest but generic code. */
806 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
807 {
808 uint8_t r, g, b;
809
810 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
811 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
812 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
813 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
814 #else
815 # error need some bits here if you change VNC_SERVER_FB_FORMAT
816 #endif
817 v = (r << vs->client_pf.rshift) |
818 (g << vs->client_pf.gshift) |
819 (b << vs->client_pf.bshift);
820 switch (vs->client_pf.bytes_per_pixel) {
821 case 1:
822 buf[0] = v;
823 break;
824 case 2:
825 if (vs->client_be) {
826 buf[0] = v >> 8;
827 buf[1] = v;
828 } else {
829 buf[1] = v >> 8;
830 buf[0] = v;
831 }
832 break;
833 default:
834 case 4:
835 if (vs->client_be) {
836 buf[0] = v >> 24;
837 buf[1] = v >> 16;
838 buf[2] = v >> 8;
839 buf[3] = v;
840 } else {
841 buf[3] = v >> 24;
842 buf[2] = v >> 16;
843 buf[1] = v >> 8;
844 buf[0] = v;
845 }
846 break;
847 }
848 }
849
850 static void vnc_write_pixels_generic(VncState *vs,
851 void *pixels1, int size)
852 {
853 uint8_t buf[4];
854
855 if (VNC_SERVER_FB_BYTES == 4) {
856 uint32_t *pixels = pixels1;
857 int n, i;
858 n = size >> 2;
859 for (i = 0; i < n; i++) {
860 vnc_convert_pixel(vs, buf, pixels[i]);
861 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
862 }
863 }
864 }
865
866 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
867 {
868 int i;
869 uint8_t *row;
870 VncDisplay *vd = vs->vd;
871
872 row = vnc_server_fb_ptr(vd, x, y);
873 for (i = 0; i < h; i++) {
874 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
875 row += vnc_server_fb_stride(vd);
876 }
877 return 1;
878 }
879
880 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
881 {
882 int n = 0;
883
884 switch(vs->vnc_encoding) {
885 case VNC_ENCODING_ZLIB:
886 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
887 break;
888 case VNC_ENCODING_HEXTILE:
889 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
890 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
891 break;
892 case VNC_ENCODING_TIGHT:
893 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
894 break;
895 case VNC_ENCODING_TIGHT_PNG:
896 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
897 break;
898 case VNC_ENCODING_ZRLE:
899 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
900 break;
901 case VNC_ENCODING_ZYWRLE:
902 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
903 break;
904 default:
905 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
906 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
907 break;
908 }
909 return n;
910 }
911
912 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
913 {
914 /* send bitblit op to the vnc client */
915 vnc_lock_output(vs);
916 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
917 vnc_write_u8(vs, 0);
918 vnc_write_u16(vs, 1); /* number of rects */
919 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
920 vnc_write_u16(vs, src_x);
921 vnc_write_u16(vs, src_y);
922 vnc_unlock_output(vs);
923 vnc_flush(vs);
924 }
925
926 static void vnc_dpy_copy(DisplayChangeListener *dcl,
927 int src_x, int src_y,
928 int dst_x, int dst_y, int w, int h)
929 {
930 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
931 VncState *vs, *vn;
932 uint8_t *src_row;
933 uint8_t *dst_row;
934 int i, x, y, pitch, inc, w_lim, s;
935 int cmp_bytes;
936
937 vnc_refresh_server_surface(vd);
938 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
939 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
940 vs->force_update = 1;
941 vnc_update_client(vs, 1, true);
942 /* vs might be free()ed here */
943 }
944 }
945
946 /* do bitblit op on the local surface too */
947 pitch = vnc_server_fb_stride(vd);
948 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
949 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
950 y = dst_y;
951 inc = 1;
952 if (dst_y > src_y) {
953 /* copy backwards */
954 src_row += pitch * (h-1);
955 dst_row += pitch * (h-1);
956 pitch = -pitch;
957 y = dst_y + h - 1;
958 inc = -1;
959 }
960 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
961 if (w_lim < 0) {
962 w_lim = w;
963 } else {
964 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT);
965 }
966 for (i = 0; i < h; i++) {
967 for (x = 0; x <= w_lim;
968 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
969 if (x == w_lim) {
970 if ((s = w - w_lim) == 0)
971 break;
972 } else if (!x) {
973 s = (VNC_DIRTY_PIXELS_PER_BIT -
974 (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
975 s = MIN(s, w_lim);
976 } else {
977 s = VNC_DIRTY_PIXELS_PER_BIT;
978 }
979 cmp_bytes = s * VNC_SERVER_FB_BYTES;
980 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
981 continue;
982 memmove(dst_row, src_row, cmp_bytes);
983 QTAILQ_FOREACH(vs, &vd->clients, next) {
984 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
985 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT),
986 vs->dirty[y]);
987 }
988 }
989 }
990 src_row += pitch - w * VNC_SERVER_FB_BYTES;
991 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
992 y += inc;
993 }
994
995 QTAILQ_FOREACH(vs, &vd->clients, next) {
996 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
997 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
998 }
999 }
1000 }
1001
1002 static void vnc_mouse_set(DisplayChangeListener *dcl,
1003 int x, int y, int visible)
1004 {
1005 /* can we ask the client(s) to move the pointer ??? */
1006 }
1007
1008 static int vnc_cursor_define(VncState *vs)
1009 {
1010 QEMUCursor *c = vs->vd->cursor;
1011 int isize;
1012
1013 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1014 vnc_lock_output(vs);
1015 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1016 vnc_write_u8(vs, 0); /* padding */
1017 vnc_write_u16(vs, 1); /* # of rects */
1018 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1019 VNC_ENCODING_RICH_CURSOR);
1020 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1021 vnc_write_pixels_generic(vs, c->data, isize);
1022 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1023 vnc_unlock_output(vs);
1024 return 0;
1025 }
1026 return -1;
1027 }
1028
1029 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1030 QEMUCursor *c)
1031 {
1032 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1033 VncState *vs;
1034
1035 cursor_put(vd->cursor);
1036 g_free(vd->cursor_mask);
1037
1038 vd->cursor = c;
1039 cursor_get(vd->cursor);
1040 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1041 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1042 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1043
1044 QTAILQ_FOREACH(vs, &vd->clients, next) {
1045 vnc_cursor_define(vs);
1046 }
1047 }
1048
1049 static int find_and_clear_dirty_height(struct VncState *vs,
1050 int y, int last_x, int x, int height)
1051 {
1052 int h;
1053
1054 for (h = 1; h < (height - y); h++) {
1055 if (!test_bit(last_x, vs->dirty[y + h])) {
1056 break;
1057 }
1058 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1059 }
1060
1061 return h;
1062 }
1063
1064 static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
1065 {
1066 vs->has_dirty += has_dirty;
1067 if (vs->need_update && vs->csock != -1) {
1068 VncDisplay *vd = vs->vd;
1069 VncJob *job;
1070 int y;
1071 int height, width;
1072 int n = 0;
1073
1074 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
1075 /* kernel send buffers are full -> drop frames to throttle */
1076 return 0;
1077
1078 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
1079 return 0;
1080
1081 /*
1082 * Send screen updates to the vnc client using the server
1083 * surface and server dirty map. guest surface updates
1084 * happening in parallel don't disturb us, the next pass will
1085 * send them to the client.
1086 */
1087 job = vnc_job_new(vs);
1088
1089 height = pixman_image_get_height(vd->server);
1090 width = pixman_image_get_width(vd->server);
1091
1092 y = 0;
1093 for (;;) {
1094 int x, h;
1095 unsigned long x2;
1096 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1097 height * VNC_DIRTY_BPL(vs),
1098 y * VNC_DIRTY_BPL(vs));
1099 if (offset == height * VNC_DIRTY_BPL(vs)) {
1100 /* no more dirty bits */
1101 break;
1102 }
1103 y = offset / VNC_DIRTY_BPL(vs);
1104 x = offset % VNC_DIRTY_BPL(vs);
1105 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1106 VNC_DIRTY_BPL(vs), x);
1107 bitmap_clear(vs->dirty[y], x, x2 - x);
1108 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1109 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1110 if (x2 > x) {
1111 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1112 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1113 }
1114 }
1115
1116 vnc_job_push(job);
1117 if (sync) {
1118 vnc_jobs_join(vs);
1119 }
1120 vs->force_update = 0;
1121 vs->has_dirty = 0;
1122 return n;
1123 }
1124
1125 if (vs->csock == -1) {
1126 vnc_disconnect_finish(vs);
1127 } else if (sync) {
1128 vnc_jobs_join(vs);
1129 }
1130
1131 return 0;
1132 }
1133
1134 /* audio */
1135 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1136 {
1137 VncState *vs = opaque;
1138
1139 switch (cmd) {
1140 case AUD_CNOTIFY_DISABLE:
1141 vnc_lock_output(vs);
1142 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1143 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1144 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1145 vnc_unlock_output(vs);
1146 vnc_flush(vs);
1147 break;
1148
1149 case AUD_CNOTIFY_ENABLE:
1150 vnc_lock_output(vs);
1151 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1152 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1153 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1154 vnc_unlock_output(vs);
1155 vnc_flush(vs);
1156 break;
1157 }
1158 }
1159
1160 static void audio_capture_destroy(void *opaque)
1161 {
1162 }
1163
1164 static void audio_capture(void *opaque, void *buf, int size)
1165 {
1166 VncState *vs = opaque;
1167
1168 vnc_lock_output(vs);
1169 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1170 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1171 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1172 vnc_write_u32(vs, size);
1173 vnc_write(vs, buf, size);
1174 vnc_unlock_output(vs);
1175 vnc_flush(vs);
1176 }
1177
1178 static void audio_add(VncState *vs)
1179 {
1180 struct audio_capture_ops ops;
1181
1182 if (vs->audio_cap) {
1183 error_report("audio already running");
1184 return;
1185 }
1186
1187 ops.notify = audio_capture_notify;
1188 ops.destroy = audio_capture_destroy;
1189 ops.capture = audio_capture;
1190
1191 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1192 if (!vs->audio_cap) {
1193 error_report("Failed to add audio capture");
1194 }
1195 }
1196
1197 static void audio_del(VncState *vs)
1198 {
1199 if (vs->audio_cap) {
1200 AUD_del_capture(vs->audio_cap, vs);
1201 vs->audio_cap = NULL;
1202 }
1203 }
1204
1205 static void vnc_disconnect_start(VncState *vs)
1206 {
1207 if (vs->csock == -1)
1208 return;
1209 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1210 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1211 closesocket(vs->csock);
1212 vs->csock = -1;
1213 }
1214
1215 void vnc_disconnect_finish(VncState *vs)
1216 {
1217 int i;
1218
1219 vnc_jobs_join(vs); /* Wait encoding jobs */
1220
1221 vnc_lock_output(vs);
1222 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1223
1224 buffer_free(&vs->input);
1225 buffer_free(&vs->output);
1226 #ifdef CONFIG_VNC_WS
1227 buffer_free(&vs->ws_input);
1228 buffer_free(&vs->ws_output);
1229 #endif /* CONFIG_VNC_WS */
1230
1231 qapi_free_VncClientInfo(vs->info);
1232
1233 vnc_zlib_clear(vs);
1234 vnc_tight_clear(vs);
1235 vnc_zrle_clear(vs);
1236
1237 #ifdef CONFIG_VNC_TLS
1238 vnc_tls_client_cleanup(vs);
1239 #endif /* CONFIG_VNC_TLS */
1240 #ifdef CONFIG_VNC_SASL
1241 vnc_sasl_client_cleanup(vs);
1242 #endif /* CONFIG_VNC_SASL */
1243 audio_del(vs);
1244 vnc_release_modifiers(vs);
1245
1246 if (vs->initialized) {
1247 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1248 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1249 }
1250
1251 if (vs->vd->lock_key_sync)
1252 qemu_remove_led_event_handler(vs->led);
1253 vnc_unlock_output(vs);
1254
1255 qemu_mutex_destroy(&vs->output_mutex);
1256 if (vs->bh != NULL) {
1257 qemu_bh_delete(vs->bh);
1258 }
1259 buffer_free(&vs->jobs_buffer);
1260
1261 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1262 g_free(vs->lossy_rect[i]);
1263 }
1264 g_free(vs->lossy_rect);
1265 g_free(vs);
1266 }
1267
1268 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1269 {
1270 if (ret == 0 || ret == -1) {
1271 if (ret == -1) {
1272 switch (last_errno) {
1273 case EINTR:
1274 case EAGAIN:
1275 #ifdef _WIN32
1276 case WSAEWOULDBLOCK:
1277 #endif
1278 return 0;
1279 default:
1280 break;
1281 }
1282 }
1283
1284 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1285 ret, ret < 0 ? last_errno : 0);
1286 vnc_disconnect_start(vs);
1287
1288 return 0;
1289 }
1290 return ret;
1291 }
1292
1293
1294 void vnc_client_error(VncState *vs)
1295 {
1296 VNC_DEBUG("Closing down client sock: protocol error\n");
1297 vnc_disconnect_start(vs);
1298 }
1299
1300 #ifdef CONFIG_VNC_TLS
1301 static long vnc_client_write_tls(gnutls_session_t *session,
1302 const uint8_t *data,
1303 size_t datalen)
1304 {
1305 long ret = gnutls_write(*session, data, datalen);
1306 if (ret < 0) {
1307 if (ret == GNUTLS_E_AGAIN) {
1308 errno = EAGAIN;
1309 } else {
1310 errno = EIO;
1311 }
1312 ret = -1;
1313 }
1314 return ret;
1315 }
1316 #endif /* CONFIG_VNC_TLS */
1317
1318 /*
1319 * Called to write a chunk of data to the client socket. The data may
1320 * be the raw data, or may have already been encoded by SASL.
1321 * The data will be written either straight onto the socket, or
1322 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1323 *
1324 * NB, it is theoretically possible to have 2 layers of encryption,
1325 * both SASL, and this TLS layer. It is highly unlikely in practice
1326 * though, since SASL encryption will typically be a no-op if TLS
1327 * is active
1328 *
1329 * Returns the number of bytes written, which may be less than
1330 * the requested 'datalen' if the socket would block. Returns
1331 * -1 on error, and disconnects the client socket.
1332 */
1333 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1334 {
1335 long ret;
1336 #ifdef CONFIG_VNC_TLS
1337 if (vs->tls.session) {
1338 ret = vnc_client_write_tls(&vs->tls.session, data, datalen);
1339 } else {
1340 #ifdef CONFIG_VNC_WS
1341 if (vs->ws_tls.session) {
1342 ret = vnc_client_write_tls(&vs->ws_tls.session, data, datalen);
1343 } else
1344 #endif /* CONFIG_VNC_WS */
1345 #endif /* CONFIG_VNC_TLS */
1346 {
1347 ret = send(vs->csock, (const void *)data, datalen, 0);
1348 }
1349 #ifdef CONFIG_VNC_TLS
1350 }
1351 #endif /* CONFIG_VNC_TLS */
1352 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1353 return vnc_client_io_error(vs, ret, socket_error());
1354 }
1355
1356
1357 /*
1358 * Called to write buffered data to the client socket, when not
1359 * using any SASL SSF encryption layers. Will write as much data
1360 * as possible without blocking. If all buffered data is written,
1361 * will switch the FD poll() handler back to read monitoring.
1362 *
1363 * Returns the number of bytes written, which may be less than
1364 * the buffered output data if the socket would block. Returns
1365 * -1 on error, and disconnects the client socket.
1366 */
1367 static long vnc_client_write_plain(VncState *vs)
1368 {
1369 long ret;
1370
1371 #ifdef CONFIG_VNC_SASL
1372 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1373 vs->output.buffer, vs->output.capacity, vs->output.offset,
1374 vs->sasl.waitWriteSSF);
1375
1376 if (vs->sasl.conn &&
1377 vs->sasl.runSSF &&
1378 vs->sasl.waitWriteSSF) {
1379 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1380 if (ret)
1381 vs->sasl.waitWriteSSF -= ret;
1382 } else
1383 #endif /* CONFIG_VNC_SASL */
1384 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1385 if (!ret)
1386 return 0;
1387
1388 buffer_advance(&vs->output, ret);
1389
1390 if (vs->output.offset == 0) {
1391 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1392 }
1393
1394 return ret;
1395 }
1396
1397
1398 /*
1399 * First function called whenever there is data to be written to
1400 * the client socket. Will delegate actual work according to whether
1401 * SASL SSF layers are enabled (thus requiring encryption calls)
1402 */
1403 static void vnc_client_write_locked(void *opaque)
1404 {
1405 VncState *vs = opaque;
1406
1407 #ifdef CONFIG_VNC_SASL
1408 if (vs->sasl.conn &&
1409 vs->sasl.runSSF &&
1410 !vs->sasl.waitWriteSSF) {
1411 vnc_client_write_sasl(vs);
1412 } else
1413 #endif /* CONFIG_VNC_SASL */
1414 {
1415 #ifdef CONFIG_VNC_WS
1416 if (vs->encode_ws) {
1417 vnc_client_write_ws(vs);
1418 } else
1419 #endif /* CONFIG_VNC_WS */
1420 {
1421 vnc_client_write_plain(vs);
1422 }
1423 }
1424 }
1425
1426 void vnc_client_write(void *opaque)
1427 {
1428 VncState *vs = opaque;
1429
1430 vnc_lock_output(vs);
1431 if (vs->output.offset
1432 #ifdef CONFIG_VNC_WS
1433 || vs->ws_output.offset
1434 #endif
1435 ) {
1436 vnc_client_write_locked(opaque);
1437 } else if (vs->csock != -1) {
1438 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1439 }
1440 vnc_unlock_output(vs);
1441 }
1442
1443 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1444 {
1445 vs->read_handler = func;
1446 vs->read_handler_expect = expecting;
1447 }
1448
1449 #ifdef CONFIG_VNC_TLS
1450 static long vnc_client_read_tls(gnutls_session_t *session, uint8_t *data,
1451 size_t datalen)
1452 {
1453 long ret = gnutls_read(*session, data, datalen);
1454 if (ret < 0) {
1455 if (ret == GNUTLS_E_AGAIN) {
1456 errno = EAGAIN;
1457 } else {
1458 errno = EIO;
1459 }
1460 ret = -1;
1461 }
1462 return ret;
1463 }
1464 #endif /* CONFIG_VNC_TLS */
1465
1466 /*
1467 * Called to read a chunk of data from the client socket. The data may
1468 * be the raw data, or may need to be further decoded by SASL.
1469 * The data will be read either straight from to the socket, or
1470 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1471 *
1472 * NB, it is theoretically possible to have 2 layers of encryption,
1473 * both SASL, and this TLS layer. It is highly unlikely in practice
1474 * though, since SASL encryption will typically be a no-op if TLS
1475 * is active
1476 *
1477 * Returns the number of bytes read, which may be less than
1478 * the requested 'datalen' if the socket would block. Returns
1479 * -1 on error, and disconnects the client socket.
1480 */
1481 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1482 {
1483 long ret;
1484 #ifdef CONFIG_VNC_TLS
1485 if (vs->tls.session) {
1486 ret = vnc_client_read_tls(&vs->tls.session, data, datalen);
1487 } else {
1488 #ifdef CONFIG_VNC_WS
1489 if (vs->ws_tls.session) {
1490 ret = vnc_client_read_tls(&vs->ws_tls.session, data, datalen);
1491 } else
1492 #endif /* CONFIG_VNC_WS */
1493 #endif /* CONFIG_VNC_TLS */
1494 {
1495 ret = qemu_recv(vs->csock, data, datalen, 0);
1496 }
1497 #ifdef CONFIG_VNC_TLS
1498 }
1499 #endif /* CONFIG_VNC_TLS */
1500 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1501 return vnc_client_io_error(vs, ret, socket_error());
1502 }
1503
1504
1505 /*
1506 * Called to read data from the client socket to the input buffer,
1507 * when not using any SASL SSF encryption layers. Will read as much
1508 * data as possible without blocking.
1509 *
1510 * Returns the number of bytes read. Returns -1 on error, and
1511 * disconnects the client socket.
1512 */
1513 static long vnc_client_read_plain(VncState *vs)
1514 {
1515 int ret;
1516 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1517 vs->input.buffer, vs->input.capacity, vs->input.offset);
1518 buffer_reserve(&vs->input, 4096);
1519 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1520 if (!ret)
1521 return 0;
1522 vs->input.offset += ret;
1523 return ret;
1524 }
1525
1526 static void vnc_jobs_bh(void *opaque)
1527 {
1528 VncState *vs = opaque;
1529
1530 vnc_jobs_consume_buffer(vs);
1531 }
1532
1533 /*
1534 * First function called whenever there is more data to be read from
1535 * the client socket. Will delegate actual work according to whether
1536 * SASL SSF layers are enabled (thus requiring decryption calls)
1537 */
1538 void vnc_client_read(void *opaque)
1539 {
1540 VncState *vs = opaque;
1541 long ret;
1542
1543 #ifdef CONFIG_VNC_SASL
1544 if (vs->sasl.conn && vs->sasl.runSSF)
1545 ret = vnc_client_read_sasl(vs);
1546 else
1547 #endif /* CONFIG_VNC_SASL */
1548 #ifdef CONFIG_VNC_WS
1549 if (vs->encode_ws) {
1550 ret = vnc_client_read_ws(vs);
1551 if (ret == -1) {
1552 vnc_disconnect_start(vs);
1553 return;
1554 } else if (ret == -2) {
1555 vnc_client_error(vs);
1556 return;
1557 }
1558 } else
1559 #endif /* CONFIG_VNC_WS */
1560 {
1561 ret = vnc_client_read_plain(vs);
1562 }
1563 if (!ret) {
1564 if (vs->csock == -1)
1565 vnc_disconnect_finish(vs);
1566 return;
1567 }
1568
1569 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1570 size_t len = vs->read_handler_expect;
1571 int ret;
1572
1573 ret = vs->read_handler(vs, vs->input.buffer, len);
1574 if (vs->csock == -1) {
1575 vnc_disconnect_finish(vs);
1576 return;
1577 }
1578
1579 if (!ret) {
1580 buffer_advance(&vs->input, len);
1581 } else {
1582 vs->read_handler_expect = ret;
1583 }
1584 }
1585 }
1586
1587 void vnc_write(VncState *vs, const void *data, size_t len)
1588 {
1589 buffer_reserve(&vs->output, len);
1590
1591 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1592 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1593 }
1594
1595 buffer_append(&vs->output, data, len);
1596 }
1597
1598 void vnc_write_s32(VncState *vs, int32_t value)
1599 {
1600 vnc_write_u32(vs, *(uint32_t *)&value);
1601 }
1602
1603 void vnc_write_u32(VncState *vs, uint32_t value)
1604 {
1605 uint8_t buf[4];
1606
1607 buf[0] = (value >> 24) & 0xFF;
1608 buf[1] = (value >> 16) & 0xFF;
1609 buf[2] = (value >> 8) & 0xFF;
1610 buf[3] = value & 0xFF;
1611
1612 vnc_write(vs, buf, 4);
1613 }
1614
1615 void vnc_write_u16(VncState *vs, uint16_t value)
1616 {
1617 uint8_t buf[2];
1618
1619 buf[0] = (value >> 8) & 0xFF;
1620 buf[1] = value & 0xFF;
1621
1622 vnc_write(vs, buf, 2);
1623 }
1624
1625 void vnc_write_u8(VncState *vs, uint8_t value)
1626 {
1627 vnc_write(vs, (char *)&value, 1);
1628 }
1629
1630 void vnc_flush(VncState *vs)
1631 {
1632 vnc_lock_output(vs);
1633 if (vs->csock != -1 && (vs->output.offset
1634 #ifdef CONFIG_VNC_WS
1635 || vs->ws_output.offset
1636 #endif
1637 )) {
1638 vnc_client_write_locked(vs);
1639 }
1640 vnc_unlock_output(vs);
1641 }
1642
1643 static uint8_t read_u8(uint8_t *data, size_t offset)
1644 {
1645 return data[offset];
1646 }
1647
1648 static uint16_t read_u16(uint8_t *data, size_t offset)
1649 {
1650 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1651 }
1652
1653 static int32_t read_s32(uint8_t *data, size_t offset)
1654 {
1655 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1656 (data[offset + 2] << 8) | data[offset + 3]);
1657 }
1658
1659 uint32_t read_u32(uint8_t *data, size_t offset)
1660 {
1661 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1662 (data[offset + 2] << 8) | data[offset + 3]);
1663 }
1664
1665 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1666 {
1667 }
1668
1669 static void check_pointer_type_change(Notifier *notifier, void *data)
1670 {
1671 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1672 int absolute = qemu_input_is_absolute();
1673
1674 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1675 vnc_lock_output(vs);
1676 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1677 vnc_write_u8(vs, 0);
1678 vnc_write_u16(vs, 1);
1679 vnc_framebuffer_update(vs, absolute, 0,
1680 pixman_image_get_width(vs->vd->server),
1681 pixman_image_get_height(vs->vd->server),
1682 VNC_ENCODING_POINTER_TYPE_CHANGE);
1683 vnc_unlock_output(vs);
1684 vnc_flush(vs);
1685 }
1686 vs->absolute = absolute;
1687 }
1688
1689 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1690 {
1691 static uint32_t bmap[INPUT_BUTTON_MAX] = {
1692 [INPUT_BUTTON_LEFT] = 0x01,
1693 [INPUT_BUTTON_MIDDLE] = 0x02,
1694 [INPUT_BUTTON_RIGHT] = 0x04,
1695 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1696 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1697 };
1698 QemuConsole *con = vs->vd->dcl.con;
1699 int width = pixman_image_get_width(vs->vd->server);
1700 int height = pixman_image_get_height(vs->vd->server);
1701
1702 if (vs->last_bmask != button_mask) {
1703 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1704 vs->last_bmask = button_mask;
1705 }
1706
1707 if (vs->absolute) {
1708 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width);
1709 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height);
1710 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1711 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1712 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1713 } else {
1714 if (vs->last_x != -1) {
1715 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1716 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1717 }
1718 vs->last_x = x;
1719 vs->last_y = y;
1720 }
1721 qemu_input_event_sync();
1722 }
1723
1724 static void reset_keys(VncState *vs)
1725 {
1726 int i;
1727 for(i = 0; i < 256; i++) {
1728 if (vs->modifiers_state[i]) {
1729 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1730 vs->modifiers_state[i] = 0;
1731 }
1732 }
1733 }
1734
1735 static void press_key(VncState *vs, int keysym)
1736 {
1737 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1738 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1739 qemu_input_event_send_key_delay(0);
1740 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1741 qemu_input_event_send_key_delay(0);
1742 }
1743
1744 static int current_led_state(VncState *vs)
1745 {
1746 int ledstate = 0;
1747
1748 if (vs->modifiers_state[0x46]) {
1749 ledstate |= QEMU_SCROLL_LOCK_LED;
1750 }
1751 if (vs->modifiers_state[0x45]) {
1752 ledstate |= QEMU_NUM_LOCK_LED;
1753 }
1754 if (vs->modifiers_state[0x3a]) {
1755 ledstate |= QEMU_CAPS_LOCK_LED;
1756 }
1757
1758 return ledstate;
1759 }
1760
1761 static void vnc_led_state_change(VncState *vs)
1762 {
1763 int ledstate = 0;
1764
1765 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1766 return;
1767 }
1768
1769 ledstate = current_led_state(vs);
1770 vnc_lock_output(vs);
1771 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1772 vnc_write_u8(vs, 0);
1773 vnc_write_u16(vs, 1);
1774 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1775 vnc_write_u8(vs, ledstate);
1776 vnc_unlock_output(vs);
1777 vnc_flush(vs);
1778 }
1779
1780 static void kbd_leds(void *opaque, int ledstate)
1781 {
1782 VncState *vs = opaque;
1783 int caps, num, scr;
1784 bool has_changed = (ledstate != current_led_state(vs));
1785
1786 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1787 (ledstate & QEMU_NUM_LOCK_LED),
1788 (ledstate & QEMU_SCROLL_LOCK_LED));
1789
1790 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1791 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1792 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0;
1793
1794 if (vs->modifiers_state[0x3a] != caps) {
1795 vs->modifiers_state[0x3a] = caps;
1796 }
1797 if (vs->modifiers_state[0x45] != num) {
1798 vs->modifiers_state[0x45] = num;
1799 }
1800 if (vs->modifiers_state[0x46] != scr) {
1801 vs->modifiers_state[0x46] = scr;
1802 }
1803
1804 /* Sending the current led state message to the client */
1805 if (has_changed) {
1806 vnc_led_state_change(vs);
1807 }
1808 }
1809
1810 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1811 {
1812 /* QEMU console switch */
1813 switch(keycode) {
1814 case 0x2a: /* Left Shift */
1815 case 0x36: /* Right Shift */
1816 case 0x1d: /* Left CTRL */
1817 case 0x9d: /* Right CTRL */
1818 case 0x38: /* Left ALT */
1819 case 0xb8: /* Right ALT */
1820 if (down)
1821 vs->modifiers_state[keycode] = 1;
1822 else
1823 vs->modifiers_state[keycode] = 0;
1824 break;
1825 case 0x02 ... 0x0a: /* '1' to '9' keys */
1826 if (vs->vd->dcl.con == NULL &&
1827 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1828 /* Reset the modifiers sent to the current console */
1829 reset_keys(vs);
1830 console_select(keycode - 0x02);
1831 return;
1832 }
1833 break;
1834 case 0x3a: /* CapsLock */
1835 case 0x45: /* NumLock */
1836 if (down)
1837 vs->modifiers_state[keycode] ^= 1;
1838 break;
1839 }
1840
1841 /* Turn off the lock state sync logic if the client support the led
1842 state extension.
1843 */
1844 if (down && vs->vd->lock_key_sync &&
1845 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1846 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1847 /* If the numlock state needs to change then simulate an additional
1848 keypress before sending this one. This will happen if the user
1849 toggles numlock away from the VNC window.
1850 */
1851 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1852 if (!vs->modifiers_state[0x45]) {
1853 trace_vnc_key_sync_numlock(true);
1854 vs->modifiers_state[0x45] = 1;
1855 press_key(vs, 0xff7f);
1856 }
1857 } else {
1858 if (vs->modifiers_state[0x45]) {
1859 trace_vnc_key_sync_numlock(false);
1860 vs->modifiers_state[0x45] = 0;
1861 press_key(vs, 0xff7f);
1862 }
1863 }
1864 }
1865
1866 if (down && vs->vd->lock_key_sync &&
1867 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1868 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1869 /* If the capslock state needs to change then simulate an additional
1870 keypress before sending this one. This will happen if the user
1871 toggles capslock away from the VNC window.
1872 */
1873 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1874 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1875 int capslock = !!(vs->modifiers_state[0x3a]);
1876 if (capslock) {
1877 if (uppercase == shift) {
1878 trace_vnc_key_sync_capslock(false);
1879 vs->modifiers_state[0x3a] = 0;
1880 press_key(vs, 0xffe5);
1881 }
1882 } else {
1883 if (uppercase != shift) {
1884 trace_vnc_key_sync_capslock(true);
1885 vs->modifiers_state[0x3a] = 1;
1886 press_key(vs, 0xffe5);
1887 }
1888 }
1889 }
1890
1891 if (qemu_console_is_graphic(NULL)) {
1892 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1893 } else {
1894 bool numlock = vs->modifiers_state[0x45];
1895 bool control = (vs->modifiers_state[0x1d] ||
1896 vs->modifiers_state[0x9d]);
1897 /* QEMU console emulation */
1898 if (down) {
1899 switch (keycode) {
1900 case 0x2a: /* Left Shift */
1901 case 0x36: /* Right Shift */
1902 case 0x1d: /* Left CTRL */
1903 case 0x9d: /* Right CTRL */
1904 case 0x38: /* Left ALT */
1905 case 0xb8: /* Right ALT */
1906 break;
1907 case 0xc8:
1908 kbd_put_keysym(QEMU_KEY_UP);
1909 break;
1910 case 0xd0:
1911 kbd_put_keysym(QEMU_KEY_DOWN);
1912 break;
1913 case 0xcb:
1914 kbd_put_keysym(QEMU_KEY_LEFT);
1915 break;
1916 case 0xcd:
1917 kbd_put_keysym(QEMU_KEY_RIGHT);
1918 break;
1919 case 0xd3:
1920 kbd_put_keysym(QEMU_KEY_DELETE);
1921 break;
1922 case 0xc7:
1923 kbd_put_keysym(QEMU_KEY_HOME);
1924 break;
1925 case 0xcf:
1926 kbd_put_keysym(QEMU_KEY_END);
1927 break;
1928 case 0xc9:
1929 kbd_put_keysym(QEMU_KEY_PAGEUP);
1930 break;
1931 case 0xd1:
1932 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1933 break;
1934
1935 case 0x47:
1936 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1937 break;
1938 case 0x48:
1939 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1940 break;
1941 case 0x49:
1942 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1943 break;
1944 case 0x4b:
1945 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1946 break;
1947 case 0x4c:
1948 kbd_put_keysym('5');
1949 break;
1950 case 0x4d:
1951 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1952 break;
1953 case 0x4f:
1954 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1955 break;
1956 case 0x50:
1957 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1958 break;
1959 case 0x51:
1960 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1961 break;
1962 case 0x52:
1963 kbd_put_keysym('0');
1964 break;
1965 case 0x53:
1966 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1967 break;
1968
1969 case 0xb5:
1970 kbd_put_keysym('/');
1971 break;
1972 case 0x37:
1973 kbd_put_keysym('*');
1974 break;
1975 case 0x4a:
1976 kbd_put_keysym('-');
1977 break;
1978 case 0x4e:
1979 kbd_put_keysym('+');
1980 break;
1981 case 0x9c:
1982 kbd_put_keysym('\n');
1983 break;
1984
1985 default:
1986 if (control) {
1987 kbd_put_keysym(sym & 0x1f);
1988 } else {
1989 kbd_put_keysym(sym);
1990 }
1991 break;
1992 }
1993 }
1994 }
1995 }
1996
1997 static void vnc_release_modifiers(VncState *vs)
1998 {
1999 static const int keycodes[] = {
2000 /* shift, control, alt keys, both left & right */
2001 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
2002 };
2003 int i, keycode;
2004
2005 if (!qemu_console_is_graphic(NULL)) {
2006 return;
2007 }
2008 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
2009 keycode = keycodes[i];
2010 if (!vs->modifiers_state[keycode]) {
2011 continue;
2012 }
2013 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
2014 }
2015 }
2016
2017 static const char *code2name(int keycode)
2018 {
2019 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
2020 }
2021
2022 static void key_event(VncState *vs, int down, uint32_t sym)
2023 {
2024 int keycode;
2025 int lsym = sym;
2026
2027 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
2028 lsym = lsym - 'A' + 'a';
2029 }
2030
2031 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
2032 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2033 do_key_event(vs, down, keycode, sym);
2034 }
2035
2036 static void ext_key_event(VncState *vs, int down,
2037 uint32_t sym, uint16_t keycode)
2038 {
2039 /* if the user specifies a keyboard layout, always use it */
2040 if (keyboard_layout) {
2041 key_event(vs, down, sym);
2042 } else {
2043 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2044 do_key_event(vs, down, keycode, sym);
2045 }
2046 }
2047
2048 static void framebuffer_update_request(VncState *vs, int incremental,
2049 int x, int y, int w, int h)
2050 {
2051 int width = pixman_image_get_width(vs->vd->server);
2052 int height = pixman_image_get_height(vs->vd->server);
2053
2054 vs->need_update = 1;
2055
2056 if (incremental) {
2057 return;
2058 }
2059
2060 vs->force_update = 1;
2061 vnc_set_area_dirty(vs->dirty, width, height, x, y, w, h);
2062 }
2063
2064 static void send_ext_key_event_ack(VncState *vs)
2065 {
2066 vnc_lock_output(vs);
2067 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2068 vnc_write_u8(vs, 0);
2069 vnc_write_u16(vs, 1);
2070 vnc_framebuffer_update(vs, 0, 0,
2071 pixman_image_get_width(vs->vd->server),
2072 pixman_image_get_height(vs->vd->server),
2073 VNC_ENCODING_EXT_KEY_EVENT);
2074 vnc_unlock_output(vs);
2075 vnc_flush(vs);
2076 }
2077
2078 static void send_ext_audio_ack(VncState *vs)
2079 {
2080 vnc_lock_output(vs);
2081 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2082 vnc_write_u8(vs, 0);
2083 vnc_write_u16(vs, 1);
2084 vnc_framebuffer_update(vs, 0, 0,
2085 pixman_image_get_width(vs->vd->server),
2086 pixman_image_get_height(vs->vd->server),
2087 VNC_ENCODING_AUDIO);
2088 vnc_unlock_output(vs);
2089 vnc_flush(vs);
2090 }
2091
2092 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2093 {
2094 int i;
2095 unsigned int enc = 0;
2096
2097 vs->features = 0;
2098 vs->vnc_encoding = 0;
2099 vs->tight.compression = 9;
2100 vs->tight.quality = -1; /* Lossless by default */
2101 vs->absolute = -1;
2102
2103 /*
2104 * Start from the end because the encodings are sent in order of preference.
2105 * This way the preferred encoding (first encoding defined in the array)
2106 * will be set at the end of the loop.
2107 */
2108 for (i = n_encodings - 1; i >= 0; i--) {
2109 enc = encodings[i];
2110 switch (enc) {
2111 case VNC_ENCODING_RAW:
2112 vs->vnc_encoding = enc;
2113 break;
2114 case VNC_ENCODING_COPYRECT:
2115 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2116 break;
2117 case VNC_ENCODING_HEXTILE:
2118 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2119 vs->vnc_encoding = enc;
2120 break;
2121 case VNC_ENCODING_TIGHT:
2122 vs->features |= VNC_FEATURE_TIGHT_MASK;
2123 vs->vnc_encoding = enc;
2124 break;
2125 #ifdef CONFIG_VNC_PNG
2126 case VNC_ENCODING_TIGHT_PNG:
2127 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2128 vs->vnc_encoding = enc;
2129 break;
2130 #endif
2131 case VNC_ENCODING_ZLIB:
2132 vs->features |= VNC_FEATURE_ZLIB_MASK;
2133 vs->vnc_encoding = enc;
2134 break;
2135 case VNC_ENCODING_ZRLE:
2136 vs->features |= VNC_FEATURE_ZRLE_MASK;
2137 vs->vnc_encoding = enc;
2138 break;
2139 case VNC_ENCODING_ZYWRLE:
2140 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2141 vs->vnc_encoding = enc;
2142 break;
2143 case VNC_ENCODING_DESKTOPRESIZE:
2144 vs->features |= VNC_FEATURE_RESIZE_MASK;
2145 break;
2146 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2147 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2148 break;
2149 case VNC_ENCODING_RICH_CURSOR:
2150 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2151 break;
2152 case VNC_ENCODING_EXT_KEY_EVENT:
2153 send_ext_key_event_ack(vs);
2154 break;
2155 case VNC_ENCODING_AUDIO:
2156 send_ext_audio_ack(vs);
2157 break;
2158 case VNC_ENCODING_WMVi:
2159 vs->features |= VNC_FEATURE_WMVI_MASK;
2160 break;
2161 case VNC_ENCODING_LED_STATE:
2162 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2163 break;
2164 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2165 vs->tight.compression = (enc & 0x0F);
2166 break;
2167 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2168 if (vs->vd->lossy) {
2169 vs->tight.quality = (enc & 0x0F);
2170 }
2171 break;
2172 default:
2173 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2174 break;
2175 }
2176 }
2177 vnc_desktop_resize(vs);
2178 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2179 vnc_led_state_change(vs);
2180 }
2181
2182 static void set_pixel_conversion(VncState *vs)
2183 {
2184 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2185
2186 if (fmt == VNC_SERVER_FB_FORMAT) {
2187 vs->write_pixels = vnc_write_pixels_copy;
2188 vnc_hextile_set_pixel_conversion(vs, 0);
2189 } else {
2190 vs->write_pixels = vnc_write_pixels_generic;
2191 vnc_hextile_set_pixel_conversion(vs, 1);
2192 }
2193 }
2194
2195 static void set_pixel_format(VncState *vs,
2196 int bits_per_pixel, int depth,
2197 int big_endian_flag, int true_color_flag,
2198 int red_max, int green_max, int blue_max,
2199 int red_shift, int green_shift, int blue_shift)
2200 {
2201 if (!true_color_flag) {
2202 vnc_client_error(vs);
2203 return;
2204 }
2205
2206 switch (bits_per_pixel) {
2207 case 8:
2208 case 16:
2209 case 32:
2210 break;
2211 default:
2212 vnc_client_error(vs);
2213 return;
2214 }
2215
2216 vs->client_pf.rmax = red_max;
2217 vs->client_pf.rbits = hweight_long(red_max);
2218 vs->client_pf.rshift = red_shift;
2219 vs->client_pf.rmask = red_max << red_shift;
2220 vs->client_pf.gmax = green_max;
2221 vs->client_pf.gbits = hweight_long(green_max);
2222 vs->client_pf.gshift = green_shift;
2223 vs->client_pf.gmask = green_max << green_shift;
2224 vs->client_pf.bmax = blue_max;
2225 vs->client_pf.bbits = hweight_long(blue_max);
2226 vs->client_pf.bshift = blue_shift;
2227 vs->client_pf.bmask = blue_max << blue_shift;
2228 vs->client_pf.bits_per_pixel = bits_per_pixel;
2229 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2230 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2231 vs->client_be = big_endian_flag;
2232
2233 set_pixel_conversion(vs);
2234
2235 graphic_hw_invalidate(vs->vd->dcl.con);
2236 graphic_hw_update(vs->vd->dcl.con);
2237 }
2238
2239 static void pixel_format_message (VncState *vs) {
2240 char pad[3] = { 0, 0, 0 };
2241
2242 vs->client_pf = qemu_default_pixelformat(32);
2243
2244 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2245 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2246
2247 #ifdef HOST_WORDS_BIGENDIAN
2248 vnc_write_u8(vs, 1); /* big-endian-flag */
2249 #else
2250 vnc_write_u8(vs, 0); /* big-endian-flag */
2251 #endif
2252 vnc_write_u8(vs, 1); /* true-color-flag */
2253 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2254 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2255 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2256 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2257 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2258 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2259 vnc_write(vs, pad, 3); /* padding */
2260
2261 vnc_hextile_set_pixel_conversion(vs, 0);
2262 vs->write_pixels = vnc_write_pixels_copy;
2263 }
2264
2265 static void vnc_colordepth(VncState *vs)
2266 {
2267 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2268 /* Sending a WMVi message to notify the client*/
2269 vnc_lock_output(vs);
2270 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2271 vnc_write_u8(vs, 0);
2272 vnc_write_u16(vs, 1); /* number of rects */
2273 vnc_framebuffer_update(vs, 0, 0,
2274 pixman_image_get_width(vs->vd->server),
2275 pixman_image_get_height(vs->vd->server),
2276 VNC_ENCODING_WMVi);
2277 pixel_format_message(vs);
2278 vnc_unlock_output(vs);
2279 vnc_flush(vs);
2280 } else {
2281 set_pixel_conversion(vs);
2282 }
2283 }
2284
2285 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2286 {
2287 int i;
2288 uint16_t limit;
2289 VncDisplay *vd = vs->vd;
2290
2291 if (data[0] > 3) {
2292 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2293 }
2294
2295 switch (data[0]) {
2296 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2297 if (len == 1)
2298 return 20;
2299
2300 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
2301 read_u8(data, 6), read_u8(data, 7),
2302 read_u16(data, 8), read_u16(data, 10),
2303 read_u16(data, 12), read_u8(data, 14),
2304 read_u8(data, 15), read_u8(data, 16));
2305 break;
2306 case VNC_MSG_CLIENT_SET_ENCODINGS:
2307 if (len == 1)
2308 return 4;
2309
2310 if (len == 4) {
2311 limit = read_u16(data, 2);
2312 if (limit > 0)
2313 return 4 + (limit * 4);
2314 } else
2315 limit = read_u16(data, 2);
2316
2317 for (i = 0; i < limit; i++) {
2318 int32_t val = read_s32(data, 4 + (i * 4));
2319 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2320 }
2321
2322 set_encodings(vs, (int32_t *)(data + 4), limit);
2323 break;
2324 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2325 if (len == 1)
2326 return 10;
2327
2328 framebuffer_update_request(vs,
2329 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2330 read_u16(data, 6), read_u16(data, 8));
2331 break;
2332 case VNC_MSG_CLIENT_KEY_EVENT:
2333 if (len == 1)
2334 return 8;
2335
2336 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2337 break;
2338 case VNC_MSG_CLIENT_POINTER_EVENT:
2339 if (len == 1)
2340 return 6;
2341
2342 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2343 break;
2344 case VNC_MSG_CLIENT_CUT_TEXT:
2345 if (len == 1) {
2346 return 8;
2347 }
2348 if (len == 8) {
2349 uint32_t dlen = read_u32(data, 4);
2350 if (dlen > (1 << 20)) {
2351 error_report("vnc: client_cut_text msg payload has %u bytes"
2352 " which exceeds our limit of 1MB.", dlen);
2353 vnc_client_error(vs);
2354 break;
2355 }
2356 if (dlen > 0) {
2357 return 8 + dlen;
2358 }
2359 }
2360
2361 client_cut_text(vs, read_u32(data, 4), data + 8);
2362 break;
2363 case VNC_MSG_CLIENT_QEMU:
2364 if (len == 1)
2365 return 2;
2366
2367 switch (read_u8(data, 1)) {
2368 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2369 if (len == 2)
2370 return 12;
2371
2372 ext_key_event(vs, read_u16(data, 2),
2373 read_u32(data, 4), read_u32(data, 8));
2374 break;
2375 case VNC_MSG_CLIENT_QEMU_AUDIO:
2376 if (len == 2)
2377 return 4;
2378
2379 switch (read_u16 (data, 2)) {
2380 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2381 audio_add(vs);
2382 break;
2383 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2384 audio_del(vs);
2385 break;
2386 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2387 if (len == 4)
2388 return 10;
2389 switch (read_u8(data, 4)) {
2390 case 0: vs->as.fmt = AUD_FMT_U8; break;
2391 case 1: vs->as.fmt = AUD_FMT_S8; break;
2392 case 2: vs->as.fmt = AUD_FMT_U16; break;
2393 case 3: vs->as.fmt = AUD_FMT_S16; break;
2394 case 4: vs->as.fmt = AUD_FMT_U32; break;
2395 case 5: vs->as.fmt = AUD_FMT_S32; break;
2396 default:
2397 printf("Invalid audio format %d\n", read_u8(data, 4));
2398 vnc_client_error(vs);
2399 break;
2400 }
2401 vs->as.nchannels = read_u8(data, 5);
2402 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2403 printf("Invalid audio channel coount %d\n",
2404 read_u8(data, 5));
2405 vnc_client_error(vs);
2406 break;
2407 }
2408 vs->as.freq = read_u32(data, 6);
2409 break;
2410 default:
2411 printf ("Invalid audio message %d\n", read_u8(data, 4));
2412 vnc_client_error(vs);
2413 break;
2414 }
2415 break;
2416
2417 default:
2418 printf("Msg: %d\n", read_u16(data, 0));
2419 vnc_client_error(vs);
2420 break;
2421 }
2422 break;
2423 default:
2424 printf("Msg: %d\n", data[0]);
2425 vnc_client_error(vs);
2426 break;
2427 }
2428
2429 vnc_read_when(vs, protocol_client_msg, 1);
2430 return 0;
2431 }
2432
2433 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2434 {
2435 char buf[1024];
2436 VncShareMode mode;
2437 int size;
2438
2439 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2440 switch (vs->vd->share_policy) {
2441 case VNC_SHARE_POLICY_IGNORE:
2442 /*
2443 * Ignore the shared flag. Nothing to do here.
2444 *
2445 * Doesn't conform to the rfb spec but is traditional qemu
2446 * behavior, thus left here as option for compatibility
2447 * reasons.
2448 */
2449 break;
2450 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2451 /*
2452 * Policy: Allow clients ask for exclusive access.
2453 *
2454 * Implementation: When a client asks for exclusive access,
2455 * disconnect all others. Shared connects are allowed as long
2456 * as no exclusive connection exists.
2457 *
2458 * This is how the rfb spec suggests to handle the shared flag.
2459 */
2460 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2461 VncState *client;
2462 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2463 if (vs == client) {
2464 continue;
2465 }
2466 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2467 client->share_mode != VNC_SHARE_MODE_SHARED) {
2468 continue;
2469 }
2470 vnc_disconnect_start(client);
2471 }
2472 }
2473 if (mode == VNC_SHARE_MODE_SHARED) {
2474 if (vs->vd->num_exclusive > 0) {
2475 vnc_disconnect_start(vs);
2476 return 0;
2477 }
2478 }
2479 break;
2480 case VNC_SHARE_POLICY_FORCE_SHARED:
2481 /*
2482 * Policy: Shared connects only.
2483 * Implementation: Disallow clients asking for exclusive access.
2484 *
2485 * Useful for shared desktop sessions where you don't want
2486 * someone forgetting to say -shared when running the vnc
2487 * client disconnect everybody else.
2488 */
2489 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2490 vnc_disconnect_start(vs);
2491 return 0;
2492 }
2493 break;
2494 }
2495 vnc_set_share_mode(vs, mode);
2496
2497 if (vs->vd->num_shared > vs->vd->connections_limit) {
2498 vnc_disconnect_start(vs);
2499 return 0;
2500 }
2501
2502 vs->client_width = pixman_image_get_width(vs->vd->server);
2503 vs->client_height = pixman_image_get_height(vs->vd->server);
2504 vnc_write_u16(vs, vs->client_width);
2505 vnc_write_u16(vs, vs->client_height);
2506
2507 pixel_format_message(vs);
2508
2509 if (qemu_name)
2510 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2511 else
2512 size = snprintf(buf, sizeof(buf), "QEMU");
2513
2514 vnc_write_u32(vs, size);
2515 vnc_write(vs, buf, size);
2516 vnc_flush(vs);
2517
2518 vnc_client_cache_auth(vs);
2519 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2520
2521 vnc_read_when(vs, protocol_client_msg, 1);
2522
2523 return 0;
2524 }
2525
2526 void start_client_init(VncState *vs)
2527 {
2528 vnc_read_when(vs, protocol_client_init, 1);
2529 }
2530
2531 static void make_challenge(VncState *vs)
2532 {
2533 int i;
2534
2535 srand(time(NULL)+getpid()+getpid()*987654+rand());
2536
2537 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2538 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2539 }
2540
2541 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2542 {
2543 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2544 int i, j, pwlen;
2545 unsigned char key[8];
2546 time_t now = time(NULL);
2547
2548 if (!vs->vd->password) {
2549 VNC_DEBUG("No password configured on server");
2550 goto reject;
2551 }
2552 if (vs->vd->expires < now) {
2553 VNC_DEBUG("Password is expired");
2554 goto reject;
2555 }
2556
2557 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2558
2559 /* Calculate the expected challenge response */
2560 pwlen = strlen(vs->vd->password);
2561 for (i=0; i<sizeof(key); i++)
2562 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2563 deskey(key, EN0);
2564 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2565 des(response+j, response+j);
2566
2567 /* Compare expected vs actual challenge response */
2568 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2569 VNC_DEBUG("Client challenge response did not match\n");
2570 goto reject;
2571 } else {
2572 VNC_DEBUG("Accepting VNC challenge response\n");
2573 vnc_write_u32(vs, 0); /* Accept auth */
2574 vnc_flush(vs);
2575
2576 start_client_init(vs);
2577 }
2578 return 0;
2579
2580 reject:
2581 vnc_write_u32(vs, 1); /* Reject auth */
2582 if (vs->minor >= 8) {
2583 static const char err[] = "Authentication failed";
2584 vnc_write_u32(vs, sizeof(err));
2585 vnc_write(vs, err, sizeof(err));
2586 }
2587 vnc_flush(vs);
2588 vnc_client_error(vs);
2589 return 0;
2590 }
2591
2592 void start_auth_vnc(VncState *vs)
2593 {
2594 make_challenge(vs);
2595 /* Send client a 'random' challenge */
2596 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2597 vnc_flush(vs);
2598
2599 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2600 }
2601
2602
2603 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2604 {
2605 /* We only advertise 1 auth scheme at a time, so client
2606 * must pick the one we sent. Verify this */
2607 if (data[0] != vs->auth) { /* Reject auth */
2608 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2609 vnc_write_u32(vs, 1);
2610 if (vs->minor >= 8) {
2611 static const char err[] = "Authentication failed";
2612 vnc_write_u32(vs, sizeof(err));
2613 vnc_write(vs, err, sizeof(err));
2614 }
2615 vnc_client_error(vs);
2616 } else { /* Accept requested auth */
2617 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2618 switch (vs->auth) {
2619 case VNC_AUTH_NONE:
2620 VNC_DEBUG("Accept auth none\n");
2621 if (vs->minor >= 8) {
2622 vnc_write_u32(vs, 0); /* Accept auth completion */
2623 vnc_flush(vs);
2624 }
2625 start_client_init(vs);
2626 break;
2627
2628 case VNC_AUTH_VNC:
2629 VNC_DEBUG("Start VNC auth\n");
2630 start_auth_vnc(vs);
2631 break;
2632
2633 #ifdef CONFIG_VNC_TLS
2634 case VNC_AUTH_VENCRYPT:
2635 VNC_DEBUG("Accept VeNCrypt auth\n");
2636 start_auth_vencrypt(vs);
2637 break;
2638 #endif /* CONFIG_VNC_TLS */
2639
2640 #ifdef CONFIG_VNC_SASL
2641 case VNC_AUTH_SASL:
2642 VNC_DEBUG("Accept SASL auth\n");
2643 start_auth_sasl(vs);
2644 break;
2645 #endif /* CONFIG_VNC_SASL */
2646
2647 default: /* Should not be possible, but just in case */
2648 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2649 vnc_write_u8(vs, 1);
2650 if (vs->minor >= 8) {
2651 static const char err[] = "Authentication failed";
2652 vnc_write_u32(vs, sizeof(err));
2653 vnc_write(vs, err, sizeof(err));
2654 }
2655 vnc_client_error(vs);
2656 }
2657 }
2658 return 0;
2659 }
2660
2661 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2662 {
2663 char local[13];
2664
2665 memcpy(local, version, 12);
2666 local[12] = 0;
2667
2668 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2669 VNC_DEBUG("Malformed protocol version %s\n", local);
2670 vnc_client_error(vs);
2671 return 0;
2672 }
2673 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2674 if (vs->major != 3 ||
2675 (vs->minor != 3 &&
2676 vs->minor != 4 &&
2677 vs->minor != 5 &&
2678 vs->minor != 7 &&
2679 vs->minor != 8)) {
2680 VNC_DEBUG("Unsupported client version\n");
2681 vnc_write_u32(vs, VNC_AUTH_INVALID);
2682 vnc_flush(vs);
2683 vnc_client_error(vs);
2684 return 0;
2685 }
2686 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2687 * as equivalent to v3.3 by servers
2688 */
2689 if (vs->minor == 4 || vs->minor == 5)
2690 vs->minor = 3;
2691
2692 if (vs->minor == 3) {
2693 if (vs->auth == VNC_AUTH_NONE) {
2694 VNC_DEBUG("Tell client auth none\n");
2695 vnc_write_u32(vs, vs->auth);
2696 vnc_flush(vs);
2697 start_client_init(vs);
2698 } else if (vs->auth == VNC_AUTH_VNC) {
2699 VNC_DEBUG("Tell client VNC auth\n");
2700 vnc_write_u32(vs, vs->auth);
2701 vnc_flush(vs);
2702 start_auth_vnc(vs);
2703 } else {
2704 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2705 vnc_write_u32(vs, VNC_AUTH_INVALID);
2706 vnc_flush(vs);
2707 vnc_client_error(vs);
2708 }
2709 } else {
2710 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2711 vnc_write_u8(vs, 1); /* num auth */
2712 vnc_write_u8(vs, vs->auth);
2713 vnc_read_when(vs, protocol_client_auth, 1);
2714 vnc_flush(vs);
2715 }
2716
2717 return 0;
2718 }
2719
2720 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2721 {
2722 struct VncSurface *vs = &vd->guest;
2723
2724 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2725 }
2726
2727 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2728 {
2729 int i, j;
2730
2731 w = (x + w) / VNC_STAT_RECT;
2732 h = (y + h) / VNC_STAT_RECT;
2733 x /= VNC_STAT_RECT;
2734 y /= VNC_STAT_RECT;
2735
2736 for (j = y; j <= h; j++) {
2737 for (i = x; i <= w; i++) {
2738 vs->lossy_rect[j][i] = 1;
2739 }
2740 }
2741 }
2742
2743 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2744 {
2745 VncState *vs;
2746 int sty = y / VNC_STAT_RECT;
2747 int stx = x / VNC_STAT_RECT;
2748 int has_dirty = 0;
2749
2750 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2751 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2752
2753 QTAILQ_FOREACH(vs, &vd->clients, next) {
2754 int j;
2755
2756 /* kernel send buffers are full -> refresh later */
2757 if (vs->output.offset) {
2758 continue;
2759 }
2760
2761 if (!vs->lossy_rect[sty][stx]) {
2762 continue;
2763 }
2764
2765 vs->lossy_rect[sty][stx] = 0;
2766 for (j = 0; j < VNC_STAT_RECT; ++j) {
2767 bitmap_set(vs->dirty[y + j],
2768 x / VNC_DIRTY_PIXELS_PER_BIT,
2769 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2770 }
2771 has_dirty++;
2772 }
2773
2774 return has_dirty;
2775 }
2776
2777 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2778 {
2779 int width = pixman_image_get_width(vd->guest.fb);
2780 int height = pixman_image_get_height(vd->guest.fb);
2781 int x, y;
2782 struct timeval res;
2783 int has_dirty = 0;
2784
2785 for (y = 0; y < height; y += VNC_STAT_RECT) {
2786 for (x = 0; x < width; x += VNC_STAT_RECT) {
2787 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2788
2789 rect->updated = false;
2790 }
2791 }
2792
2793 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2794
2795 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2796 return has_dirty;
2797 }
2798 vd->guest.last_freq_check = *tv;
2799
2800 for (y = 0; y < height; y += VNC_STAT_RECT) {
2801 for (x = 0; x < width; x += VNC_STAT_RECT) {
2802 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2803 int count = ARRAY_SIZE(rect->times);
2804 struct timeval min, max;
2805
2806 if (!timerisset(&rect->times[count - 1])) {
2807 continue ;
2808 }
2809
2810 max = rect->times[(rect->idx + count - 1) % count];
2811 qemu_timersub(tv, &max, &res);
2812
2813 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2814 rect->freq = 0;
2815 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2816 memset(rect->times, 0, sizeof (rect->times));
2817 continue ;
2818 }
2819
2820 min = rect->times[rect->idx];
2821 max = rect->times[(rect->idx + count - 1) % count];
2822 qemu_timersub(&max, &min, &res);
2823
2824 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2825 rect->freq /= count;
2826 rect->freq = 1. / rect->freq;
2827 }
2828 }
2829 return has_dirty;
2830 }
2831
2832 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2833 {
2834 int i, j;
2835 double total = 0;
2836 int num = 0;
2837
2838 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2839 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2840
2841 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2842 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2843 total += vnc_stat_rect(vs->vd, i, j)->freq;
2844 num++;
2845 }
2846 }
2847
2848 if (num) {
2849 return total / num;
2850 } else {
2851 return 0;
2852 }
2853 }
2854
2855 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2856 {
2857 VncRectStat *rect;
2858
2859 rect = vnc_stat_rect(vd, x, y);
2860 if (rect->updated) {
2861 return ;
2862 }
2863 rect->times[rect->idx] = *tv;
2864 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2865 rect->updated = true;
2866 }
2867
2868 static int vnc_refresh_server_surface(VncDisplay *vd)
2869 {
2870 int width = MIN(pixman_image_get_width(vd->guest.fb),
2871 pixman_image_get_width(vd->server));
2872 int height = MIN(pixman_image_get_height(vd->guest.fb),
2873 pixman_image_get_height(vd->server));
2874 int cmp_bytes, server_stride, min_stride, guest_stride, y = 0;
2875 uint8_t *guest_row0 = NULL, *server_row0;
2876 VncState *vs;
2877 int has_dirty = 0;
2878 pixman_image_t *tmpbuf = NULL;
2879
2880 struct timeval tv = { 0, 0 };
2881
2882 if (!vd->non_adaptive) {
2883 gettimeofday(&tv, NULL);
2884 has_dirty = vnc_update_stats(vd, &tv);
2885 }
2886
2887 /*
2888 * Walk through the guest dirty map.
2889 * Check and copy modified bits from guest to server surface.
2890 * Update server dirty map.
2891 */
2892 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2893 server_stride = guest_stride = pixman_image_get_stride(vd->server);
2894 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2895 server_stride);
2896 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2897 int width = pixman_image_get_width(vd->server);
2898 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2899 } else {
2900 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2901 guest_stride = pixman_image_get_stride(vd->guest.fb);
2902 }
2903 min_stride = MIN(server_stride, guest_stride);
2904
2905 for (;;) {
2906 int x;
2907 uint8_t *guest_ptr, *server_ptr;
2908 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2909 height * VNC_DIRTY_BPL(&vd->guest),
2910 y * VNC_DIRTY_BPL(&vd->guest));
2911 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2912 /* no more dirty bits */
2913 break;
2914 }
2915 y = offset / VNC_DIRTY_BPL(&vd->guest);
2916 x = offset % VNC_DIRTY_BPL(&vd->guest);
2917
2918 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2919
2920 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2921 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2922 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2923 } else {
2924 guest_ptr = guest_row0 + y * guest_stride;
2925 }
2926 guest_ptr += x * cmp_bytes;
2927
2928 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2929 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2930 int _cmp_bytes = cmp_bytes;
2931 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2932 continue;
2933 }
2934 if ((x + 1) * cmp_bytes > min_stride) {
2935 _cmp_bytes = min_stride - x * cmp_bytes;
2936 }
2937 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2938 continue;
2939 }
2940 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2941 if (!vd->non_adaptive) {
2942 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2943 y, &tv);
2944 }
2945 QTAILQ_FOREACH(vs, &vd->clients, next) {
2946 set_bit(x, vs->dirty[y]);
2947 }
2948 has_dirty++;
2949 }
2950
2951 y++;
2952 }
2953 qemu_pixman_image_unref(tmpbuf);
2954 return has_dirty;
2955 }
2956
2957 static void vnc_refresh(DisplayChangeListener *dcl)
2958 {
2959 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2960 VncState *vs, *vn;
2961 int has_dirty, rects = 0;
2962
2963 if (QTAILQ_EMPTY(&vd->clients)) {
2964 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2965 return;
2966 }
2967
2968 graphic_hw_update(vd->dcl.con);
2969
2970 if (vnc_trylock_display(vd)) {
2971 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2972 return;
2973 }
2974
2975 has_dirty = vnc_refresh_server_surface(vd);
2976 vnc_unlock_display(vd);
2977
2978 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2979 rects += vnc_update_client(vs, has_dirty, false);
2980 /* vs might be free()ed here */
2981 }
2982
2983 if (has_dirty && rects) {
2984 vd->dcl.update_interval /= 2;
2985 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2986 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2987 }
2988 } else {
2989 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2990 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2991 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2992 }
2993 }
2994 }
2995
2996 static void vnc_connect(VncDisplay *vd, int csock,
2997 bool skipauth, bool websocket)
2998 {
2999 VncState *vs = g_malloc0(sizeof(VncState));
3000 int i;
3001
3002 vs->csock = csock;
3003 vs->vd = vd;
3004
3005 if (skipauth) {
3006 vs->auth = VNC_AUTH_NONE;
3007 #ifdef CONFIG_VNC_TLS
3008 vs->subauth = VNC_AUTH_INVALID;
3009 #endif
3010 } else {
3011 vs->auth = vd->auth;
3012 #ifdef CONFIG_VNC_TLS
3013 vs->subauth = vd->subauth;
3014 #endif
3015 }
3016
3017 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3018 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3019 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
3020 }
3021
3022 VNC_DEBUG("New client on socket %d\n", csock);
3023 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3024 qemu_set_nonblock(vs->csock);
3025 #ifdef CONFIG_VNC_WS
3026 if (websocket) {
3027 vs->websocket = 1;
3028 #ifdef CONFIG_VNC_TLS
3029 if (vd->tls.x509cert) {
3030 qemu_set_fd_handler2(vs->csock, NULL, vncws_tls_handshake_peek,
3031 NULL, vs);
3032 } else
3033 #endif /* CONFIG_VNC_TLS */
3034 {
3035 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read,
3036 NULL, vs);
3037 }
3038 } else
3039 #endif /* CONFIG_VNC_WS */
3040 {
3041 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
3042 }
3043
3044 vnc_client_cache_addr(vs);
3045 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3046 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3047
3048 #ifdef CONFIG_VNC_WS
3049 if (!vs->websocket)
3050 #endif
3051 {
3052 vnc_init_state(vs);
3053 }
3054
3055 if (vd->num_connecting > vd->connections_limit) {
3056 QTAILQ_FOREACH(vs, &vd->clients, next) {
3057 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3058 vnc_disconnect_start(vs);
3059 return;
3060 }
3061 }
3062 }
3063 }
3064
3065 void vnc_init_state(VncState *vs)
3066 {
3067 vs->initialized = true;
3068 VncDisplay *vd = vs->vd;
3069
3070 vs->last_x = -1;
3071 vs->last_y = -1;
3072
3073 vs->as.freq = 44100;
3074 vs->as.nchannels = 2;
3075 vs->as.fmt = AUD_FMT_S16;
3076 vs->as.endianness = 0;
3077
3078 qemu_mutex_init(&vs->output_mutex);
3079 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3080
3081 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3082
3083 graphic_hw_update(vd->dcl.con);
3084
3085 vnc_write(vs, "RFB 003.008\n", 12);
3086 vnc_flush(vs);
3087 vnc_read_when(vs, protocol_version, 12);
3088 reset_keys(vs);
3089 if (vs->vd->lock_key_sync)
3090 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
3091
3092 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3093 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3094
3095 /* vs might be free()ed here */
3096 }
3097
3098 static void vnc_listen_read(void *opaque, bool websocket)
3099 {
3100 VncDisplay *vs = opaque;
3101 struct sockaddr_in addr;
3102 socklen_t addrlen = sizeof(addr);
3103 int csock;
3104
3105 /* Catch-up */
3106 graphic_hw_update(vs->dcl.con);
3107 #ifdef CONFIG_VNC_WS
3108 if (websocket) {
3109 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen);
3110 } else
3111 #endif /* CONFIG_VNC_WS */
3112 {
3113 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
3114 }
3115
3116 if (csock != -1) {
3117 socket_set_nodelay(csock);
3118 vnc_connect(vs, csock, false, websocket);
3119 }
3120 }
3121
3122 static void vnc_listen_regular_read(void *opaque)
3123 {
3124 vnc_listen_read(opaque, false);
3125 }
3126
3127 #ifdef CONFIG_VNC_WS
3128 static void vnc_listen_websocket_read(void *opaque)
3129 {
3130 vnc_listen_read(opaque, true);
3131 }
3132 #endif /* CONFIG_VNC_WS */
3133
3134 static const DisplayChangeListenerOps dcl_ops = {
3135 .dpy_name = "vnc",
3136 .dpy_refresh = vnc_refresh,
3137 .dpy_gfx_copy = vnc_dpy_copy,
3138 .dpy_gfx_update = vnc_dpy_update,
3139 .dpy_gfx_switch = vnc_dpy_switch,
3140 .dpy_gfx_check_format = qemu_pixman_check_format,
3141 .dpy_mouse_set = vnc_mouse_set,
3142 .dpy_cursor_define = vnc_dpy_cursor_define,
3143 };
3144
3145 void vnc_display_init(const char *id)
3146 {
3147 VncDisplay *vs;
3148
3149 if (vnc_display_find(id) != NULL) {
3150 return;
3151 }
3152 vs = g_malloc0(sizeof(*vs));
3153
3154 vs->id = strdup(id);
3155 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next);
3156
3157 vs->lsock = -1;
3158 #ifdef CONFIG_VNC_WS
3159 vs->lwebsock = -1;
3160 #endif
3161
3162 QTAILQ_INIT(&vs->clients);
3163 vs->expires = TIME_MAX;
3164
3165 if (keyboard_layout) {
3166 trace_vnc_key_map_init(keyboard_layout);
3167 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3168 } else {
3169 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3170 }
3171
3172 if (!vs->kbd_layout)
3173 exit(1);
3174
3175 qemu_mutex_init(&vs->mutex);
3176 vnc_start_worker_thread();
3177
3178 vs->dcl.ops = &dcl_ops;
3179 register_displaychangelistener(&vs->dcl);
3180 }
3181
3182
3183 static void vnc_display_close(VncDisplay *vs)
3184 {
3185 if (!vs)
3186 return;
3187 g_free(vs->display);
3188 vs->display = NULL;
3189 if (vs->lsock != -1) {
3190 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
3191 close(vs->lsock);
3192 vs->lsock = -1;
3193 }
3194 #ifdef CONFIG_VNC_WS
3195 g_free(vs->ws_display);
3196 vs->ws_display = NULL;
3197 if (vs->lwebsock != -1) {
3198 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL);
3199 close(vs->lwebsock);
3200 vs->lwebsock = -1;
3201 }
3202 #endif /* CONFIG_VNC_WS */
3203 vs->auth = VNC_AUTH_INVALID;
3204 #ifdef CONFIG_VNC_TLS
3205 vs->subauth = VNC_AUTH_INVALID;
3206 vs->tls.x509verify = 0;
3207 #endif
3208 }
3209
3210 int vnc_display_password(const char *id, const char *password)
3211 {
3212 VncDisplay *vs = vnc_display_find(id);
3213
3214 if (!vs) {
3215 return -EINVAL;
3216 }
3217 if (vs->auth == VNC_AUTH_NONE) {
3218 error_printf_unless_qmp("If you want use passwords please enable "
3219 "password auth using '-vnc ${dpy},password'.");
3220 return -EINVAL;
3221 }
3222
3223 g_free(vs->password);
3224 vs->password = g_strdup(password);
3225
3226 return 0;
3227 }
3228
3229 int vnc_display_pw_expire(const char *id, time_t expires)
3230 {
3231 VncDisplay *vs = vnc_display_find(id);
3232
3233 if (!vs) {
3234 return -EINVAL;
3235 }
3236
3237 vs->expires = expires;
3238 return 0;
3239 }
3240
3241 char *vnc_display_local_addr(const char *id)
3242 {
3243 VncDisplay *vs = vnc_display_find(id);
3244
3245 return vnc_socket_local_addr("%s:%s", vs->lsock);
3246 }
3247
3248 static QemuOptsList qemu_vnc_opts = {
3249 .name = "vnc",
3250 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3251 .implied_opt_name = "vnc",
3252 .desc = {
3253 {
3254 .name = "vnc",
3255 .type = QEMU_OPT_STRING,
3256 },{
3257 .name = "websocket",
3258 .type = QEMU_OPT_STRING,
3259 },{
3260 .name = "x509",
3261 .type = QEMU_OPT_STRING,
3262 },{
3263 .name = "share",
3264 .type = QEMU_OPT_STRING,
3265 },{
3266 .name = "display",
3267 .type = QEMU_OPT_STRING,
3268 },{
3269 .name = "head",
3270 .type = QEMU_OPT_NUMBER,
3271 },{
3272 .name = "connections",
3273 .type = QEMU_OPT_NUMBER,
3274 },{
3275 .name = "to",
3276 .type = QEMU_OPT_NUMBER,
3277 },{
3278 .name = "ipv4",
3279 .type = QEMU_OPT_BOOL,
3280 },{
3281 .name = "ipv6",
3282 .type = QEMU_OPT_BOOL,
3283 },{
3284 .name = "password",
3285 .type = QEMU_OPT_BOOL,
3286 },{
3287 .name = "reverse",
3288 .type = QEMU_OPT_BOOL,
3289 },{
3290 .name = "lock-key-sync",
3291 .type = QEMU_OPT_BOOL,
3292 },{
3293 .name = "sasl",
3294 .type = QEMU_OPT_BOOL,
3295 },{
3296 .name = "tls",
3297 .type = QEMU_OPT_BOOL,
3298 },{
3299 .name = "x509verify",
3300 .type = QEMU_OPT_BOOL,
3301 },{
3302 .name = "acl",
3303 .type = QEMU_OPT_BOOL,
3304 },{
3305 .name = "lossy",
3306 .type = QEMU_OPT_BOOL,
3307 },{
3308 .name = "non-adaptive",
3309 .type = QEMU_OPT_BOOL,
3310 },
3311 { /* end of list */ }
3312 },
3313 };
3314
3315 void vnc_display_open(const char *id, Error **errp)
3316 {
3317 VncDisplay *vs = vnc_display_find(id);
3318 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3319 const char *share, *device_id;
3320 QemuConsole *con;
3321 int password = 0;
3322 int reverse = 0;
3323 const char *vnc;
3324 const char *has_to;
3325 char *display, *to = NULL;
3326 bool has_ipv4 = false;
3327 bool has_ipv6 = false;
3328 #ifdef CONFIG_VNC_WS
3329 const char *websocket;
3330 #endif
3331 #ifdef CONFIG_VNC_TLS
3332 int tls = 0, x509 = 0;
3333 const char *path;
3334 #endif
3335 #ifdef CONFIG_VNC_SASL
3336 int sasl = 0;
3337 int saslErr;
3338 #endif
3339 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3340 int acl = 0;
3341 #endif
3342 int lock_key_sync = 1;
3343
3344 if (!vs) {
3345 error_setg(errp, "VNC display not active");
3346 return;
3347 }
3348 vnc_display_close(vs);
3349
3350 if (!opts) {
3351 return;
3352 }
3353 vnc = qemu_opt_get(opts, "vnc");
3354 if (!vnc || strcmp(vnc, "none") == 0) {
3355 return;
3356 }
3357
3358 has_to = qemu_opt_get(opts, "to");
3359 if (has_to) {
3360 to = g_strdup_printf(",to=%s", has_to);
3361 }
3362 has_ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3363 has_ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3364 display = g_strdup_printf("%s%s%s%s", vnc,
3365 has_to ? to : "",
3366 has_ipv4 ? ",ipv4" : "",
3367 has_ipv6 ? ",ipv6" : "");
3368 vs->display = g_strdup(display);
3369
3370 password = qemu_opt_get_bool(opts, "password", false);
3371 if (password && fips_get_state()) {
3372 error_setg(errp,
3373 "VNC password auth disabled due to FIPS mode, "
3374 "consider using the VeNCrypt or SASL authentication "
3375 "methods as an alternative");
3376 goto fail;
3377 }
3378
3379 reverse = qemu_opt_get_bool(opts, "reverse", false);
3380 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3381 #ifdef CONFIG_VNC_SASL
3382 sasl = qemu_opt_get_bool(opts, "sasl", false);
3383 #endif
3384 #ifdef CONFIG_VNC_TLS
3385 tls = qemu_opt_get_bool(opts, "tls", false);
3386 path = qemu_opt_get(opts, "x509");
3387 if (path) {
3388 x509 = 1;
3389 vs->tls.x509verify = qemu_opt_get_bool(opts, "x509verify", false);
3390 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
3391 error_setg(errp, "Failed to find x509 certificates/keys in %s",
3392 path);
3393 goto fail;
3394 }
3395 }
3396 #endif
3397 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3398 acl = qemu_opt_get_bool(opts, "acl", false);
3399 #endif
3400
3401 share = qemu_opt_get(opts, "share");
3402 if (share) {
3403 if (strcmp(share, "ignore") == 0) {
3404 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3405 } else if (strcmp(share, "allow-exclusive") == 0) {
3406 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3407 } else if (strcmp(share, "force-shared") == 0) {
3408 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3409 } else {
3410 error_setg(errp, "unknown vnc share= option");
3411 goto fail;
3412 }
3413 } else {
3414 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3415 }
3416 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3417
3418 #ifdef CONFIG_VNC_WS
3419 websocket = qemu_opt_get(opts, "websocket");
3420 if (websocket) {
3421 /* extract the host specification from display */
3422 char *host = NULL, *host_end = NULL;
3423 vs->websocket = 1;
3424
3425 /* ipv6 hosts have colons */
3426 host_end = strrchr(display, ':');
3427 if (host_end) {
3428 host = g_strndup(display, host_end - display + 1);
3429 } else {
3430 host = g_strdup(":");
3431 }
3432 vs->ws_display = g_strconcat(host, websocket, NULL);
3433 g_free(host);
3434 }
3435 #endif /* CONFIG_VNC_WS */
3436
3437 #ifdef CONFIG_VNC_JPEG
3438 vs->lossy = qemu_opt_get_bool(opts, "lossy", false);
3439 #endif
3440 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3441 /* adaptive updates are only used with tight encoding and
3442 * if lossy updates are enabled so we can disable all the
3443 * calculations otherwise */
3444 if (!vs->lossy) {
3445 vs->non_adaptive = true;
3446 }
3447
3448 #ifdef CONFIG_VNC_TLS
3449 if (acl && x509 && vs->tls.x509verify) {
3450 char *aclname;
3451
3452 if (strcmp(vs->id, "default") == 0) {
3453 aclname = g_strdup("vnc.x509dname");
3454 } else {
3455 aclname = g_strdup_printf("vnc.%s.x509dname", vs->id);
3456 }
3457 vs->tls.acl = qemu_acl_init(aclname);
3458 if (!vs->tls.acl) {
3459 fprintf(stderr, "Failed to create x509 dname ACL\n");
3460 exit(1);
3461 }
3462 g_free(aclname);
3463 }
3464 #endif
3465 #ifdef CONFIG_VNC_SASL
3466 if (acl && sasl) {
3467 char *aclname;
3468
3469 if (strcmp(vs->id, "default") == 0) {
3470 aclname = g_strdup("vnc.username");
3471 } else {
3472 aclname = g_strdup_printf("vnc.%s.username", vs->id);
3473 }
3474 vs->sasl.acl = qemu_acl_init(aclname);
3475 if (!vs->sasl.acl) {
3476 fprintf(stderr, "Failed to create username ACL\n");
3477 exit(1);
3478 }
3479 g_free(aclname);
3480 }
3481 #endif
3482
3483 /*
3484 * Combinations we support here:
3485 *
3486 * - no-auth (clear text, no auth)
3487 * - password (clear text, weak auth)
3488 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3489 * - tls (encrypt, weak anonymous creds, no auth)
3490 * - tls + password (encrypt, weak anonymous creds, weak auth)
3491 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3492 * - tls + x509 (encrypt, good x509 creds, no auth)
3493 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3494 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3495 *
3496 * NB1. TLS is a stackable auth scheme.
3497 * NB2. the x509 schemes have option to validate a client cert dname
3498 */
3499 if (password) {
3500 #ifdef CONFIG_VNC_TLS
3501 if (tls) {
3502 vs->auth = VNC_AUTH_VENCRYPT;
3503 if (x509) {
3504 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3505 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3506 } else {
3507 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3508 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3509 }
3510 } else {
3511 #endif /* CONFIG_VNC_TLS */
3512 VNC_DEBUG("Initializing VNC server with password auth\n");
3513 vs->auth = VNC_AUTH_VNC;
3514 #ifdef CONFIG_VNC_TLS
3515 vs->subauth = VNC_AUTH_INVALID;
3516 }
3517 #endif /* CONFIG_VNC_TLS */
3518 #ifdef CONFIG_VNC_SASL
3519 } else if (sasl) {
3520 #ifdef CONFIG_VNC_TLS
3521 if (tls) {
3522 vs->auth = VNC_AUTH_VENCRYPT;
3523 if (x509) {
3524 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3525 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3526 } else {
3527 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3528 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3529 }
3530 } else {
3531 #endif /* CONFIG_VNC_TLS */
3532 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3533 vs->auth = VNC_AUTH_SASL;
3534 #ifdef CONFIG_VNC_TLS
3535 vs->subauth = VNC_AUTH_INVALID;
3536 }
3537 #endif /* CONFIG_VNC_TLS */
3538 #endif /* CONFIG_VNC_SASL */
3539 } else {
3540 #ifdef CONFIG_VNC_TLS
3541 if (tls) {
3542 vs->auth = VNC_AUTH_VENCRYPT;
3543 if (x509) {
3544 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3545 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3546 } else {
3547 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3548 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3549 }
3550 } else {
3551 #endif
3552 VNC_DEBUG("Initializing VNC server with no auth\n");
3553 vs->auth = VNC_AUTH_NONE;
3554 #ifdef CONFIG_VNC_TLS
3555 vs->subauth = VNC_AUTH_INVALID;
3556 }
3557 #endif
3558 }
3559
3560 #ifdef CONFIG_VNC_SASL
3561 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3562 error_setg(errp, "Failed to initialize SASL auth: %s",
3563 sasl_errstring(saslErr, NULL, NULL));
3564 goto fail;
3565 }
3566 #endif
3567 vs->lock_key_sync = lock_key_sync;
3568
3569 device_id = qemu_opt_get(opts, "display");
3570 if (device_id) {
3571 DeviceState *dev;
3572 int head = qemu_opt_get_number(opts, "head", 0);
3573
3574 dev = qdev_find_recursive(sysbus_get_default(), device_id);
3575 if (dev == NULL) {
3576 error_set(errp, QERR_DEVICE_NOT_FOUND, device_id);
3577 goto fail;
3578 }
3579
3580 con = qemu_console_lookup_by_device(dev, head);
3581 if (con == NULL) {
3582 error_setg(errp, "Device %s is not bound to a QemuConsole",
3583 device_id);
3584 goto fail;
3585 }
3586 } else {
3587 con = NULL;
3588 }
3589
3590 if (con != vs->dcl.con) {
3591 unregister_displaychangelistener(&vs->dcl);
3592 vs->dcl.con = con;
3593 register_displaychangelistener(&vs->dcl);
3594 }
3595
3596 if (reverse) {
3597 /* connect to viewer */
3598 int csock;
3599 vs->lsock = -1;
3600 #ifdef CONFIG_VNC_WS
3601 vs->lwebsock = -1;
3602 #endif
3603 if (strncmp(display, "unix:", 5) == 0) {
3604 csock = unix_connect(display+5, errp);
3605 } else {
3606 csock = inet_connect(display, errp);
3607 }
3608 if (csock < 0) {
3609 goto fail;
3610 }
3611 vnc_connect(vs, csock, false, false);
3612 } else {
3613 /* listen for connects */
3614 char *dpy;
3615 dpy = g_malloc(256);
3616 if (strncmp(display, "unix:", 5) == 0) {
3617 pstrcpy(dpy, 256, "unix:");
3618 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp);
3619 } else {
3620 vs->lsock = inet_listen(display, dpy, 256,
3621 SOCK_STREAM, 5900, errp);
3622 if (vs->lsock < 0) {
3623 g_free(dpy);
3624 goto fail;
3625 }
3626 #ifdef CONFIG_VNC_WS
3627 if (vs->websocket) {
3628 if (vs->ws_display) {
3629 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256,
3630 SOCK_STREAM, 0, errp);
3631 } else {
3632 vs->lwebsock = inet_listen(vs->display, NULL, 256,
3633 SOCK_STREAM, 5700, errp);
3634 }
3635
3636 if (vs->lwebsock < 0) {
3637 if (vs->lsock) {
3638 close(vs->lsock);
3639 vs->lsock = -1;
3640 }
3641 g_free(dpy);
3642 goto fail;
3643 }
3644 }
3645 #endif /* CONFIG_VNC_WS */
3646 }
3647 g_free(to);
3648 g_free(display);
3649 g_free(vs->display);
3650 vs->display = dpy;
3651 qemu_set_fd_handler2(vs->lsock, NULL,
3652 vnc_listen_regular_read, NULL, vs);
3653 #ifdef CONFIG_VNC_WS
3654 if (vs->websocket) {
3655 qemu_set_fd_handler2(vs->lwebsock, NULL,
3656 vnc_listen_websocket_read, NULL, vs);
3657 }
3658 #endif /* CONFIG_VNC_WS */
3659 }
3660 return;
3661
3662 fail:
3663 g_free(to);
3664 g_free(display);
3665 g_free(vs->display);
3666 vs->display = NULL;
3667 #ifdef CONFIG_VNC_WS
3668 g_free(vs->ws_display);
3669 vs->ws_display = NULL;
3670 #endif /* CONFIG_VNC_WS */
3671 }
3672
3673 void vnc_display_add_client(const char *id, int csock, bool skipauth)
3674 {
3675 VncDisplay *vs = vnc_display_find(id);
3676
3677 if (!vs) {
3678 return;
3679 }
3680 vnc_connect(vs, csock, skipauth, false);
3681 }
3682
3683 QemuOpts *vnc_parse_func(const char *str)
3684 {
3685 return qemu_opts_parse(qemu_find_opts("vnc"), str, 1);
3686 }
3687
3688 int vnc_init_func(QemuOpts *opts, void *opaque)
3689 {
3690 Error *local_err = NULL;
3691 QemuOptsList *olist = qemu_find_opts("vnc");
3692 char *id = (char *)qemu_opts_id(opts);
3693
3694 if (!id) {
3695 /* auto-assign id if not present */
3696 int i = 2;
3697 id = g_strdup("default");
3698 while (qemu_opts_find(olist, id)) {
3699 g_free(id);
3700 id = g_strdup_printf("vnc%d", i++);
3701 }
3702 qemu_opts_set_id(opts, id);
3703 }
3704
3705 vnc_display_init(id);
3706 vnc_display_open(id, &local_err);
3707 if (local_err != NULL) {
3708 error_report("Failed to start VNC server on `%s': %s",
3709 qemu_opt_get(opts, "display"),
3710 error_get_pretty(local_err));
3711 error_free(local_err);
3712 exit(1);
3713 }
3714 return 0;
3715 }
3716
3717 static void vnc_register_config(void)
3718 {
3719 qemu_add_opts(&qemu_vnc_opts);
3720 }
3721 machine_init(vnc_register_config);
QEMU mirror