scsi: esp: check buffer length before reading scsi command
[qemu.git] / ui / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
36 #include "qemu/acl.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qmp/qerror.h"
39 #include "qapi/qmp/types.h"
40 #include "qmp-commands.h"
41 #include "ui/input.h"
42 #include "qapi-event.h"
43 #include "crypto/hash.h"
44 #include "crypto/tlscredsanon.h"
45 #include "crypto/tlscredsx509.h"
46 #include "qom/object_interfaces.h"
47 #include "qemu/cutils.h"
48
49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50 #define VNC_REFRESH_INTERVAL_INC 50
51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55 #include "vnc_keysym.h"
56 #include "crypto/cipher.h"
57
58 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61 static int vnc_cursor_define(VncState *vs);
62 static void vnc_release_modifiers(VncState *vs);
63
64 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
65 {
66 #ifdef _VNC_DEBUG
67 static const char *mn[] = {
68 [0] = "undefined",
69 [VNC_SHARE_MODE_CONNECTING] = "connecting",
70 [VNC_SHARE_MODE_SHARED] = "shared",
71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
73 };
74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
75 vs->ioc, mn[vs->share_mode], mn[mode]);
76 #endif
77
78 switch (vs->share_mode) {
79 case VNC_SHARE_MODE_CONNECTING:
80 vs->vd->num_connecting--;
81 break;
82 case VNC_SHARE_MODE_SHARED:
83 vs->vd->num_shared--;
84 break;
85 case VNC_SHARE_MODE_EXCLUSIVE:
86 vs->vd->num_exclusive--;
87 break;
88 default:
89 break;
90 }
91
92 vs->share_mode = mode;
93
94 switch (vs->share_mode) {
95 case VNC_SHARE_MODE_CONNECTING:
96 vs->vd->num_connecting++;
97 break;
98 case VNC_SHARE_MODE_SHARED:
99 vs->vd->num_shared++;
100 break;
101 case VNC_SHARE_MODE_EXCLUSIVE:
102 vs->vd->num_exclusive++;
103 break;
104 default:
105 break;
106 }
107 }
108
109
110 static void vnc_init_basic_info(SocketAddress *addr,
111 VncBasicInfo *info,
112 Error **errp)
113 {
114 switch (addr->type) {
115 case SOCKET_ADDRESS_KIND_INET:
116 info->host = g_strdup(addr->u.inet.data->host);
117 info->service = g_strdup(addr->u.inet.data->port);
118 if (addr->u.inet.data->ipv6) {
119 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
120 } else {
121 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
122 }
123 break;
124
125 case SOCKET_ADDRESS_KIND_UNIX:
126 info->host = g_strdup("");
127 info->service = g_strdup(addr->u.q_unix.data->path);
128 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
129 break;
130
131 default:
132 error_setg(errp, "Unsupported socket kind %d",
133 addr->type);
134 break;
135 }
136
137 return;
138 }
139
140 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
141 VncBasicInfo *info,
142 Error **errp)
143 {
144 SocketAddress *addr = NULL;
145
146 addr = qio_channel_socket_get_local_address(ioc, errp);
147 if (!addr) {
148 return;
149 }
150
151 vnc_init_basic_info(addr, info, errp);
152 qapi_free_SocketAddress(addr);
153 }
154
155 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
156 VncBasicInfo *info,
157 Error **errp)
158 {
159 SocketAddress *addr = NULL;
160
161 addr = qio_channel_socket_get_remote_address(ioc, errp);
162 if (!addr) {
163 return;
164 }
165
166 vnc_init_basic_info(addr, info, errp);
167 qapi_free_SocketAddress(addr);
168 }
169
170 static const char *vnc_auth_name(VncDisplay *vd) {
171 switch (vd->auth) {
172 case VNC_AUTH_INVALID:
173 return "invalid";
174 case VNC_AUTH_NONE:
175 return "none";
176 case VNC_AUTH_VNC:
177 return "vnc";
178 case VNC_AUTH_RA2:
179 return "ra2";
180 case VNC_AUTH_RA2NE:
181 return "ra2ne";
182 case VNC_AUTH_TIGHT:
183 return "tight";
184 case VNC_AUTH_ULTRA:
185 return "ultra";
186 case VNC_AUTH_TLS:
187 return "tls";
188 case VNC_AUTH_VENCRYPT:
189 switch (vd->subauth) {
190 case VNC_AUTH_VENCRYPT_PLAIN:
191 return "vencrypt+plain";
192 case VNC_AUTH_VENCRYPT_TLSNONE:
193 return "vencrypt+tls+none";
194 case VNC_AUTH_VENCRYPT_TLSVNC:
195 return "vencrypt+tls+vnc";
196 case VNC_AUTH_VENCRYPT_TLSPLAIN:
197 return "vencrypt+tls+plain";
198 case VNC_AUTH_VENCRYPT_X509NONE:
199 return "vencrypt+x509+none";
200 case VNC_AUTH_VENCRYPT_X509VNC:
201 return "vencrypt+x509+vnc";
202 case VNC_AUTH_VENCRYPT_X509PLAIN:
203 return "vencrypt+x509+plain";
204 case VNC_AUTH_VENCRYPT_TLSSASL:
205 return "vencrypt+tls+sasl";
206 case VNC_AUTH_VENCRYPT_X509SASL:
207 return "vencrypt+x509+sasl";
208 default:
209 return "vencrypt";
210 }
211 case VNC_AUTH_SASL:
212 return "sasl";
213 }
214 return "unknown";
215 }
216
217 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
218 {
219 VncServerInfo *info;
220 Error *err = NULL;
221
222 info = g_malloc(sizeof(*info));
223 vnc_init_basic_info_from_server_addr(vd->lsock,
224 qapi_VncServerInfo_base(info), &err);
225 info->has_auth = true;
226 info->auth = g_strdup(vnc_auth_name(vd));
227 if (err) {
228 qapi_free_VncServerInfo(info);
229 info = NULL;
230 error_free(err);
231 }
232 return info;
233 }
234
235 static void vnc_client_cache_auth(VncState *client)
236 {
237 if (!client->info) {
238 return;
239 }
240
241 if (client->tls) {
242 client->info->x509_dname =
243 qcrypto_tls_session_get_peer_name(client->tls);
244 client->info->has_x509_dname =
245 client->info->x509_dname != NULL;
246 }
247 #ifdef CONFIG_VNC_SASL
248 if (client->sasl.conn &&
249 client->sasl.username) {
250 client->info->has_sasl_username = true;
251 client->info->sasl_username = g_strdup(client->sasl.username);
252 }
253 #endif
254 }
255
256 static void vnc_client_cache_addr(VncState *client)
257 {
258 Error *err = NULL;
259
260 client->info = g_malloc0(sizeof(*client->info));
261 vnc_init_basic_info_from_remote_addr(client->sioc,
262 qapi_VncClientInfo_base(client->info),
263 &err);
264 if (err) {
265 qapi_free_VncClientInfo(client->info);
266 client->info = NULL;
267 error_free(err);
268 }
269 }
270
271 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
272 {
273 VncServerInfo *si;
274
275 if (!vs->info) {
276 return;
277 }
278
279 si = vnc_server_info_get(vs->vd);
280 if (!si) {
281 return;
282 }
283
284 switch (event) {
285 case QAPI_EVENT_VNC_CONNECTED:
286 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
287 &error_abort);
288 break;
289 case QAPI_EVENT_VNC_INITIALIZED:
290 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
291 break;
292 case QAPI_EVENT_VNC_DISCONNECTED:
293 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
294 break;
295 default:
296 break;
297 }
298
299 qapi_free_VncServerInfo(si);
300 }
301
302 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
303 {
304 VncClientInfo *info;
305 Error *err = NULL;
306
307 info = g_malloc0(sizeof(*info));
308
309 vnc_init_basic_info_from_remote_addr(client->sioc,
310 qapi_VncClientInfo_base(info),
311 &err);
312 if (err) {
313 error_free(err);
314 qapi_free_VncClientInfo(info);
315 return NULL;
316 }
317
318 info->websocket = client->websocket;
319
320 if (client->tls) {
321 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
322 info->has_x509_dname = info->x509_dname != NULL;
323 }
324 #ifdef CONFIG_VNC_SASL
325 if (client->sasl.conn && client->sasl.username) {
326 info->has_sasl_username = true;
327 info->sasl_username = g_strdup(client->sasl.username);
328 }
329 #endif
330
331 return info;
332 }
333
334 static VncDisplay *vnc_display_find(const char *id)
335 {
336 VncDisplay *vd;
337
338 if (id == NULL) {
339 return QTAILQ_FIRST(&vnc_displays);
340 }
341 QTAILQ_FOREACH(vd, &vnc_displays, next) {
342 if (strcmp(id, vd->id) == 0) {
343 return vd;
344 }
345 }
346 return NULL;
347 }
348
349 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
350 {
351 VncClientInfoList *cinfo, *prev = NULL;
352 VncState *client;
353
354 QTAILQ_FOREACH(client, &vd->clients, next) {
355 cinfo = g_new0(VncClientInfoList, 1);
356 cinfo->value = qmp_query_vnc_client(client);
357 cinfo->next = prev;
358 prev = cinfo;
359 }
360 return prev;
361 }
362
363 VncInfo *qmp_query_vnc(Error **errp)
364 {
365 VncInfo *info = g_malloc0(sizeof(*info));
366 VncDisplay *vd = vnc_display_find(NULL);
367 SocketAddress *addr = NULL;
368
369 if (vd == NULL || !vd->enabled) {
370 info->enabled = false;
371 } else {
372 info->enabled = true;
373
374 /* for compatibility with the original command */
375 info->has_clients = true;
376 info->clients = qmp_query_client_list(vd);
377
378 if (vd->lsock == NULL) {
379 return info;
380 }
381
382 addr = qio_channel_socket_get_local_address(vd->lsock, errp);
383 if (!addr) {
384 goto out_error;
385 }
386
387 switch (addr->type) {
388 case SOCKET_ADDRESS_KIND_INET:
389 info->host = g_strdup(addr->u.inet.data->host);
390 info->service = g_strdup(addr->u.inet.data->port);
391 if (addr->u.inet.data->ipv6) {
392 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
393 } else {
394 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
395 }
396 break;
397
398 case SOCKET_ADDRESS_KIND_UNIX:
399 info->host = g_strdup("");
400 info->service = g_strdup(addr->u.q_unix.data->path);
401 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
402 break;
403
404 default:
405 error_setg(errp, "Unsupported socket kind %d",
406 addr->type);
407 goto out_error;
408 }
409
410 info->has_host = true;
411 info->has_service = true;
412 info->has_family = true;
413
414 info->has_auth = true;
415 info->auth = g_strdup(vnc_auth_name(vd));
416 }
417
418 qapi_free_SocketAddress(addr);
419 return info;
420
421 out_error:
422 qapi_free_SocketAddress(addr);
423 qapi_free_VncInfo(info);
424 return NULL;
425 }
426
427 static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc,
428 bool websocket,
429 VncBasicInfoList *prev)
430 {
431 VncBasicInfoList *list;
432 VncBasicInfo *info;
433 Error *err = NULL;
434 SocketAddress *addr;
435
436 addr = qio_channel_socket_get_local_address(ioc, &err);
437 if (!addr) {
438 error_free(err);
439 return prev;
440 }
441
442 info = g_new0(VncBasicInfo, 1);
443 vnc_init_basic_info(addr, info, &err);
444 qapi_free_SocketAddress(addr);
445 if (err) {
446 qapi_free_VncBasicInfo(info);
447 error_free(err);
448 return prev;
449 }
450 info->websocket = websocket;
451
452 list = g_new0(VncBasicInfoList, 1);
453 list->value = info;
454 list->next = prev;
455 return list;
456 }
457
458 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info)
459 {
460 switch (vd->auth) {
461 case VNC_AUTH_VNC:
462 info->auth = VNC_PRIMARY_AUTH_VNC;
463 break;
464 case VNC_AUTH_RA2:
465 info->auth = VNC_PRIMARY_AUTH_RA2;
466 break;
467 case VNC_AUTH_RA2NE:
468 info->auth = VNC_PRIMARY_AUTH_RA2NE;
469 break;
470 case VNC_AUTH_TIGHT:
471 info->auth = VNC_PRIMARY_AUTH_TIGHT;
472 break;
473 case VNC_AUTH_ULTRA:
474 info->auth = VNC_PRIMARY_AUTH_ULTRA;
475 break;
476 case VNC_AUTH_TLS:
477 info->auth = VNC_PRIMARY_AUTH_TLS;
478 break;
479 case VNC_AUTH_VENCRYPT:
480 info->auth = VNC_PRIMARY_AUTH_VENCRYPT;
481 info->has_vencrypt = true;
482 switch (vd->subauth) {
483 case VNC_AUTH_VENCRYPT_PLAIN:
484 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
485 break;
486 case VNC_AUTH_VENCRYPT_TLSNONE:
487 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
488 break;
489 case VNC_AUTH_VENCRYPT_TLSVNC:
490 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
491 break;
492 case VNC_AUTH_VENCRYPT_TLSPLAIN:
493 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
494 break;
495 case VNC_AUTH_VENCRYPT_X509NONE:
496 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
497 break;
498 case VNC_AUTH_VENCRYPT_X509VNC:
499 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
500 break;
501 case VNC_AUTH_VENCRYPT_X509PLAIN:
502 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
503 break;
504 case VNC_AUTH_VENCRYPT_TLSSASL:
505 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
506 break;
507 case VNC_AUTH_VENCRYPT_X509SASL:
508 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
509 break;
510 default:
511 info->has_vencrypt = false;
512 break;
513 }
514 break;
515 case VNC_AUTH_SASL:
516 info->auth = VNC_PRIMARY_AUTH_SASL;
517 break;
518 case VNC_AUTH_NONE:
519 default:
520 info->auth = VNC_PRIMARY_AUTH_NONE;
521 break;
522 }
523 }
524
525 VncInfo2List *qmp_query_vnc_servers(Error **errp)
526 {
527 VncInfo2List *item, *prev = NULL;
528 VncInfo2 *info;
529 VncDisplay *vd;
530 DeviceState *dev;
531
532 QTAILQ_FOREACH(vd, &vnc_displays, next) {
533 info = g_new0(VncInfo2, 1);
534 info->id = g_strdup(vd->id);
535 info->clients = qmp_query_client_list(vd);
536 qmp_query_auth(vd, info);
537 if (vd->dcl.con) {
538 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
539 "device", NULL));
540 info->has_display = true;
541 info->display = g_strdup(dev->id);
542 }
543 if (vd->lsock != NULL) {
544 info->server = qmp_query_server_entry(
545 vd->lsock, false, info->server);
546 }
547 if (vd->lwebsock != NULL) {
548 info->server = qmp_query_server_entry(
549 vd->lwebsock, true, info->server);
550 }
551
552 item = g_new0(VncInfo2List, 1);
553 item->value = info;
554 item->next = prev;
555 prev = item;
556 }
557 return prev;
558 }
559
560 /* TODO
561 1) Get the queue working for IO.
562 2) there is some weirdness when using the -S option (the screen is grey
563 and not totally invalidated
564 3) resolutions > 1024
565 */
566
567 static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
568 static void vnc_disconnect_start(VncState *vs);
569
570 static void vnc_colordepth(VncState *vs);
571 static void framebuffer_update_request(VncState *vs, int incremental,
572 int x_position, int y_position,
573 int w, int h);
574 static void vnc_refresh(DisplayChangeListener *dcl);
575 static int vnc_refresh_server_surface(VncDisplay *vd);
576
577 static int vnc_width(VncDisplay *vd)
578 {
579 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
580 VNC_DIRTY_PIXELS_PER_BIT));
581 }
582
583 static int vnc_height(VncDisplay *vd)
584 {
585 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
586 }
587
588 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
589 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
590 VncDisplay *vd,
591 int x, int y, int w, int h)
592 {
593 int width = vnc_width(vd);
594 int height = vnc_height(vd);
595
596 /* this is needed this to ensure we updated all affected
597 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
598 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
599 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
600
601 x = MIN(x, width);
602 y = MIN(y, height);
603 w = MIN(x + w, width) - x;
604 h = MIN(y + h, height);
605
606 for (; y < h; y++) {
607 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
608 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
609 }
610 }
611
612 static void vnc_dpy_update(DisplayChangeListener *dcl,
613 int x, int y, int w, int h)
614 {
615 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
616 struct VncSurface *s = &vd->guest;
617
618 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
619 }
620
621 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
622 int32_t encoding)
623 {
624 vnc_write_u16(vs, x);
625 vnc_write_u16(vs, y);
626 vnc_write_u16(vs, w);
627 vnc_write_u16(vs, h);
628
629 vnc_write_s32(vs, encoding);
630 }
631
632
633 static void vnc_desktop_resize(VncState *vs)
634 {
635 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
636 return;
637 }
638 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
639 vs->client_height == pixman_image_get_height(vs->vd->server)) {
640 return;
641 }
642 vs->client_width = pixman_image_get_width(vs->vd->server);
643 vs->client_height = pixman_image_get_height(vs->vd->server);
644 vnc_lock_output(vs);
645 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
646 vnc_write_u8(vs, 0);
647 vnc_write_u16(vs, 1); /* number of rects */
648 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
649 VNC_ENCODING_DESKTOPRESIZE);
650 vnc_unlock_output(vs);
651 vnc_flush(vs);
652 }
653
654 static void vnc_abort_display_jobs(VncDisplay *vd)
655 {
656 VncState *vs;
657
658 QTAILQ_FOREACH(vs, &vd->clients, next) {
659 vnc_lock_output(vs);
660 vs->abort = true;
661 vnc_unlock_output(vs);
662 }
663 QTAILQ_FOREACH(vs, &vd->clients, next) {
664 vnc_jobs_join(vs);
665 }
666 QTAILQ_FOREACH(vs, &vd->clients, next) {
667 vnc_lock_output(vs);
668 vs->abort = false;
669 vnc_unlock_output(vs);
670 }
671 }
672
673 int vnc_server_fb_stride(VncDisplay *vd)
674 {
675 return pixman_image_get_stride(vd->server);
676 }
677
678 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
679 {
680 uint8_t *ptr;
681
682 ptr = (uint8_t *)pixman_image_get_data(vd->server);
683 ptr += y * vnc_server_fb_stride(vd);
684 ptr += x * VNC_SERVER_FB_BYTES;
685 return ptr;
686 }
687
688 static void vnc_update_server_surface(VncDisplay *vd)
689 {
690 qemu_pixman_image_unref(vd->server);
691 vd->server = NULL;
692
693 if (QTAILQ_EMPTY(&vd->clients)) {
694 return;
695 }
696
697 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
698 vnc_width(vd),
699 vnc_height(vd),
700 NULL, 0);
701 }
702
703 static void vnc_dpy_switch(DisplayChangeListener *dcl,
704 DisplaySurface *surface)
705 {
706 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
707 VncState *vs;
708 int width, height;
709
710 vnc_abort_display_jobs(vd);
711 vd->ds = surface;
712
713 /* server surface */
714 vnc_update_server_surface(vd);
715
716 /* guest surface */
717 qemu_pixman_image_unref(vd->guest.fb);
718 vd->guest.fb = pixman_image_ref(surface->image);
719 vd->guest.format = surface->format;
720 width = vnc_width(vd);
721 height = vnc_height(vd);
722 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
723 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
724 width, height);
725
726 QTAILQ_FOREACH(vs, &vd->clients, next) {
727 vnc_colordepth(vs);
728 vnc_desktop_resize(vs);
729 if (vs->vd->cursor) {
730 vnc_cursor_define(vs);
731 }
732 memset(vs->dirty, 0x00, sizeof(vs->dirty));
733 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
734 width, height);
735 }
736 }
737
738 /* fastest code */
739 static void vnc_write_pixels_copy(VncState *vs,
740 void *pixels, int size)
741 {
742 vnc_write(vs, pixels, size);
743 }
744
745 /* slowest but generic code. */
746 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
747 {
748 uint8_t r, g, b;
749
750 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
751 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
752 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
753 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
754 #else
755 # error need some bits here if you change VNC_SERVER_FB_FORMAT
756 #endif
757 v = (r << vs->client_pf.rshift) |
758 (g << vs->client_pf.gshift) |
759 (b << vs->client_pf.bshift);
760 switch (vs->client_pf.bytes_per_pixel) {
761 case 1:
762 buf[0] = v;
763 break;
764 case 2:
765 if (vs->client_be) {
766 buf[0] = v >> 8;
767 buf[1] = v;
768 } else {
769 buf[1] = v >> 8;
770 buf[0] = v;
771 }
772 break;
773 default:
774 case 4:
775 if (vs->client_be) {
776 buf[0] = v >> 24;
777 buf[1] = v >> 16;
778 buf[2] = v >> 8;
779 buf[3] = v;
780 } else {
781 buf[3] = v >> 24;
782 buf[2] = v >> 16;
783 buf[1] = v >> 8;
784 buf[0] = v;
785 }
786 break;
787 }
788 }
789
790 static void vnc_write_pixels_generic(VncState *vs,
791 void *pixels1, int size)
792 {
793 uint8_t buf[4];
794
795 if (VNC_SERVER_FB_BYTES == 4) {
796 uint32_t *pixels = pixels1;
797 int n, i;
798 n = size >> 2;
799 for (i = 0; i < n; i++) {
800 vnc_convert_pixel(vs, buf, pixels[i]);
801 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
802 }
803 }
804 }
805
806 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
807 {
808 int i;
809 uint8_t *row;
810 VncDisplay *vd = vs->vd;
811
812 row = vnc_server_fb_ptr(vd, x, y);
813 for (i = 0; i < h; i++) {
814 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
815 row += vnc_server_fb_stride(vd);
816 }
817 return 1;
818 }
819
820 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
821 {
822 int n = 0;
823 bool encode_raw = false;
824 size_t saved_offs = vs->output.offset;
825
826 switch(vs->vnc_encoding) {
827 case VNC_ENCODING_ZLIB:
828 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
829 break;
830 case VNC_ENCODING_HEXTILE:
831 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
832 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
833 break;
834 case VNC_ENCODING_TIGHT:
835 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
836 break;
837 case VNC_ENCODING_TIGHT_PNG:
838 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
839 break;
840 case VNC_ENCODING_ZRLE:
841 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
842 break;
843 case VNC_ENCODING_ZYWRLE:
844 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
845 break;
846 default:
847 encode_raw = true;
848 break;
849 }
850
851 /* If the client has the same pixel format as our internal buffer and
852 * a RAW encoding would need less space fall back to RAW encoding to
853 * save bandwidth and processing power in the client. */
854 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
855 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
856 vs->output.offset = saved_offs;
857 encode_raw = true;
858 }
859
860 if (encode_raw) {
861 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
862 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
863 }
864
865 return n;
866 }
867
868 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
869 {
870 /* send bitblit op to the vnc client */
871 vnc_lock_output(vs);
872 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
873 vnc_write_u8(vs, 0);
874 vnc_write_u16(vs, 1); /* number of rects */
875 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
876 vnc_write_u16(vs, src_x);
877 vnc_write_u16(vs, src_y);
878 vnc_unlock_output(vs);
879 vnc_flush(vs);
880 }
881
882 static void vnc_dpy_copy(DisplayChangeListener *dcl,
883 int src_x, int src_y,
884 int dst_x, int dst_y, int w, int h)
885 {
886 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
887 VncState *vs, *vn;
888 uint8_t *src_row;
889 uint8_t *dst_row;
890 int i, x, y, pitch, inc, w_lim, s;
891 int cmp_bytes;
892
893 if (!vd->server) {
894 /* no client connected */
895 return;
896 }
897
898 vnc_refresh_server_surface(vd);
899 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
900 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
901 vs->force_update = 1;
902 vnc_update_client(vs, 1, true);
903 /* vs might be free()ed here */
904 }
905 }
906
907 /* do bitblit op on the local surface too */
908 pitch = vnc_server_fb_stride(vd);
909 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
910 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
911 y = dst_y;
912 inc = 1;
913 if (dst_y > src_y) {
914 /* copy backwards */
915 src_row += pitch * (h-1);
916 dst_row += pitch * (h-1);
917 pitch = -pitch;
918 y = dst_y + h - 1;
919 inc = -1;
920 }
921 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
922 if (w_lim < 0) {
923 w_lim = w;
924 } else {
925 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT);
926 }
927 for (i = 0; i < h; i++) {
928 for (x = 0; x <= w_lim;
929 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
930 if (x == w_lim) {
931 if ((s = w - w_lim) == 0)
932 break;
933 } else if (!x) {
934 s = (VNC_DIRTY_PIXELS_PER_BIT -
935 (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
936 s = MIN(s, w_lim);
937 } else {
938 s = VNC_DIRTY_PIXELS_PER_BIT;
939 }
940 cmp_bytes = s * VNC_SERVER_FB_BYTES;
941 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
942 continue;
943 memmove(dst_row, src_row, cmp_bytes);
944 QTAILQ_FOREACH(vs, &vd->clients, next) {
945 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
946 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT),
947 vs->dirty[y]);
948 }
949 }
950 }
951 src_row += pitch - w * VNC_SERVER_FB_BYTES;
952 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
953 y += inc;
954 }
955
956 QTAILQ_FOREACH(vs, &vd->clients, next) {
957 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
958 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
959 }
960 }
961 }
962
963 static void vnc_mouse_set(DisplayChangeListener *dcl,
964 int x, int y, int visible)
965 {
966 /* can we ask the client(s) to move the pointer ??? */
967 }
968
969 static int vnc_cursor_define(VncState *vs)
970 {
971 QEMUCursor *c = vs->vd->cursor;
972 int isize;
973
974 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
975 vnc_lock_output(vs);
976 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
977 vnc_write_u8(vs, 0); /* padding */
978 vnc_write_u16(vs, 1); /* # of rects */
979 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
980 VNC_ENCODING_RICH_CURSOR);
981 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
982 vnc_write_pixels_generic(vs, c->data, isize);
983 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
984 vnc_unlock_output(vs);
985 return 0;
986 }
987 return -1;
988 }
989
990 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
991 QEMUCursor *c)
992 {
993 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
994 VncState *vs;
995
996 cursor_put(vd->cursor);
997 g_free(vd->cursor_mask);
998
999 vd->cursor = c;
1000 cursor_get(vd->cursor);
1001 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1002 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1003 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1004
1005 QTAILQ_FOREACH(vs, &vd->clients, next) {
1006 vnc_cursor_define(vs);
1007 }
1008 }
1009
1010 static int find_and_clear_dirty_height(VncState *vs,
1011 int y, int last_x, int x, int height)
1012 {
1013 int h;
1014
1015 for (h = 1; h < (height - y); h++) {
1016 if (!test_bit(last_x, vs->dirty[y + h])) {
1017 break;
1018 }
1019 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1020 }
1021
1022 return h;
1023 }
1024
1025 static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
1026 {
1027 vs->has_dirty += has_dirty;
1028 if (vs->need_update && vs->ioc != NULL) {
1029 VncDisplay *vd = vs->vd;
1030 VncJob *job;
1031 int y;
1032 int height, width;
1033 int n = 0;
1034
1035 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
1036 /* kernel send buffers are full -> drop frames to throttle */
1037 return 0;
1038
1039 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
1040 return 0;
1041
1042 /*
1043 * Send screen updates to the vnc client using the server
1044 * surface and server dirty map. guest surface updates
1045 * happening in parallel don't disturb us, the next pass will
1046 * send them to the client.
1047 */
1048 job = vnc_job_new(vs);
1049
1050 height = pixman_image_get_height(vd->server);
1051 width = pixman_image_get_width(vd->server);
1052
1053 y = 0;
1054 for (;;) {
1055 int x, h;
1056 unsigned long x2;
1057 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1058 height * VNC_DIRTY_BPL(vs),
1059 y * VNC_DIRTY_BPL(vs));
1060 if (offset == height * VNC_DIRTY_BPL(vs)) {
1061 /* no more dirty bits */
1062 break;
1063 }
1064 y = offset / VNC_DIRTY_BPL(vs);
1065 x = offset % VNC_DIRTY_BPL(vs);
1066 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1067 VNC_DIRTY_BPL(vs), x);
1068 bitmap_clear(vs->dirty[y], x, x2 - x);
1069 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1070 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1071 if (x2 > x) {
1072 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1073 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1074 }
1075 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1076 y += h;
1077 if (y == height) {
1078 break;
1079 }
1080 }
1081 }
1082
1083 vnc_job_push(job);
1084 if (sync) {
1085 vnc_jobs_join(vs);
1086 }
1087 vs->force_update = 0;
1088 vs->has_dirty = 0;
1089 return n;
1090 }
1091
1092 if (vs->disconnecting) {
1093 vnc_disconnect_finish(vs);
1094 } else if (sync) {
1095 vnc_jobs_join(vs);
1096 }
1097
1098 return 0;
1099 }
1100
1101 /* audio */
1102 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1103 {
1104 VncState *vs = opaque;
1105
1106 switch (cmd) {
1107 case AUD_CNOTIFY_DISABLE:
1108 vnc_lock_output(vs);
1109 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1110 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1111 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1112 vnc_unlock_output(vs);
1113 vnc_flush(vs);
1114 break;
1115
1116 case AUD_CNOTIFY_ENABLE:
1117 vnc_lock_output(vs);
1118 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1119 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1120 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1121 vnc_unlock_output(vs);
1122 vnc_flush(vs);
1123 break;
1124 }
1125 }
1126
1127 static void audio_capture_destroy(void *opaque)
1128 {
1129 }
1130
1131 static void audio_capture(void *opaque, void *buf, int size)
1132 {
1133 VncState *vs = opaque;
1134
1135 vnc_lock_output(vs);
1136 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1137 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1138 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1139 vnc_write_u32(vs, size);
1140 vnc_write(vs, buf, size);
1141 vnc_unlock_output(vs);
1142 vnc_flush(vs);
1143 }
1144
1145 static void audio_add(VncState *vs)
1146 {
1147 struct audio_capture_ops ops;
1148
1149 if (vs->audio_cap) {
1150 error_report("audio already running");
1151 return;
1152 }
1153
1154 ops.notify = audio_capture_notify;
1155 ops.destroy = audio_capture_destroy;
1156 ops.capture = audio_capture;
1157
1158 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1159 if (!vs->audio_cap) {
1160 error_report("Failed to add audio capture");
1161 }
1162 }
1163
1164 static void audio_del(VncState *vs)
1165 {
1166 if (vs->audio_cap) {
1167 AUD_del_capture(vs->audio_cap, vs);
1168 vs->audio_cap = NULL;
1169 }
1170 }
1171
1172 static void vnc_disconnect_start(VncState *vs)
1173 {
1174 if (vs->disconnecting) {
1175 return;
1176 }
1177 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1178 if (vs->ioc_tag) {
1179 g_source_remove(vs->ioc_tag);
1180 }
1181 qio_channel_close(vs->ioc, NULL);
1182 vs->disconnecting = TRUE;
1183 }
1184
1185 void vnc_disconnect_finish(VncState *vs)
1186 {
1187 int i;
1188
1189 vnc_jobs_join(vs); /* Wait encoding jobs */
1190
1191 vnc_lock_output(vs);
1192 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1193
1194 buffer_free(&vs->input);
1195 buffer_free(&vs->output);
1196
1197 qapi_free_VncClientInfo(vs->info);
1198
1199 vnc_zlib_clear(vs);
1200 vnc_tight_clear(vs);
1201 vnc_zrle_clear(vs);
1202
1203 #ifdef CONFIG_VNC_SASL
1204 vnc_sasl_client_cleanup(vs);
1205 #endif /* CONFIG_VNC_SASL */
1206 audio_del(vs);
1207 vnc_release_modifiers(vs);
1208
1209 if (vs->initialized) {
1210 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1211 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1212 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1213 /* last client gone */
1214 vnc_update_server_surface(vs->vd);
1215 }
1216 }
1217
1218 if (vs->vd->lock_key_sync)
1219 qemu_remove_led_event_handler(vs->led);
1220 vnc_unlock_output(vs);
1221
1222 qemu_mutex_destroy(&vs->output_mutex);
1223 if (vs->bh != NULL) {
1224 qemu_bh_delete(vs->bh);
1225 }
1226 buffer_free(&vs->jobs_buffer);
1227
1228 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1229 g_free(vs->lossy_rect[i]);
1230 }
1231 g_free(vs->lossy_rect);
1232
1233 object_unref(OBJECT(vs->ioc));
1234 vs->ioc = NULL;
1235 object_unref(OBJECT(vs->sioc));
1236 vs->sioc = NULL;
1237 g_free(vs);
1238 }
1239
1240 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1241 {
1242 if (ret <= 0) {
1243 if (ret == 0) {
1244 VNC_DEBUG("Closing down client sock: EOF\n");
1245 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1246 VNC_DEBUG("Closing down client sock: ret %d (%s)\n",
1247 ret, errp ? error_get_pretty(*errp) : "Unknown");
1248 }
1249
1250 vnc_disconnect_start(vs);
1251 if (errp) {
1252 error_free(*errp);
1253 *errp = NULL;
1254 }
1255 return 0;
1256 }
1257 return ret;
1258 }
1259
1260
1261 void vnc_client_error(VncState *vs)
1262 {
1263 VNC_DEBUG("Closing down client sock: protocol error\n");
1264 vnc_disconnect_start(vs);
1265 }
1266
1267
1268 /*
1269 * Called to write a chunk of data to the client socket. The data may
1270 * be the raw data, or may have already been encoded by SASL.
1271 * The data will be written either straight onto the socket, or
1272 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1273 *
1274 * NB, it is theoretically possible to have 2 layers of encryption,
1275 * both SASL, and this TLS layer. It is highly unlikely in practice
1276 * though, since SASL encryption will typically be a no-op if TLS
1277 * is active
1278 *
1279 * Returns the number of bytes written, which may be less than
1280 * the requested 'datalen' if the socket would block. Returns
1281 * -1 on error, and disconnects the client socket.
1282 */
1283 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1284 {
1285 Error *err = NULL;
1286 ssize_t ret;
1287 ret = qio_channel_write(
1288 vs->ioc, (const char *)data, datalen, &err);
1289 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1290 return vnc_client_io_error(vs, ret, &err);
1291 }
1292
1293
1294 /*
1295 * Called to write buffered data to the client socket, when not
1296 * using any SASL SSF encryption layers. Will write as much data
1297 * as possible without blocking. If all buffered data is written,
1298 * will switch the FD poll() handler back to read monitoring.
1299 *
1300 * Returns the number of bytes written, which may be less than
1301 * the buffered output data if the socket would block. Returns
1302 * -1 on error, and disconnects the client socket.
1303 */
1304 static ssize_t vnc_client_write_plain(VncState *vs)
1305 {
1306 ssize_t ret;
1307
1308 #ifdef CONFIG_VNC_SASL
1309 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1310 vs->output.buffer, vs->output.capacity, vs->output.offset,
1311 vs->sasl.waitWriteSSF);
1312
1313 if (vs->sasl.conn &&
1314 vs->sasl.runSSF &&
1315 vs->sasl.waitWriteSSF) {
1316 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1317 if (ret)
1318 vs->sasl.waitWriteSSF -= ret;
1319 } else
1320 #endif /* CONFIG_VNC_SASL */
1321 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1322 if (!ret)
1323 return 0;
1324
1325 buffer_advance(&vs->output, ret);
1326
1327 if (vs->output.offset == 0) {
1328 if (vs->ioc_tag) {
1329 g_source_remove(vs->ioc_tag);
1330 }
1331 vs->ioc_tag = qio_channel_add_watch(
1332 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1333 }
1334
1335 return ret;
1336 }
1337
1338
1339 /*
1340 * First function called whenever there is data to be written to
1341 * the client socket. Will delegate actual work according to whether
1342 * SASL SSF layers are enabled (thus requiring encryption calls)
1343 */
1344 static void vnc_client_write_locked(VncState *vs)
1345 {
1346 #ifdef CONFIG_VNC_SASL
1347 if (vs->sasl.conn &&
1348 vs->sasl.runSSF &&
1349 !vs->sasl.waitWriteSSF) {
1350 vnc_client_write_sasl(vs);
1351 } else
1352 #endif /* CONFIG_VNC_SASL */
1353 {
1354 vnc_client_write_plain(vs);
1355 }
1356 }
1357
1358 static void vnc_client_write(VncState *vs)
1359 {
1360
1361 vnc_lock_output(vs);
1362 if (vs->output.offset) {
1363 vnc_client_write_locked(vs);
1364 } else if (vs->ioc != NULL) {
1365 if (vs->ioc_tag) {
1366 g_source_remove(vs->ioc_tag);
1367 }
1368 vs->ioc_tag = qio_channel_add_watch(
1369 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1370 }
1371 vnc_unlock_output(vs);
1372 }
1373
1374 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1375 {
1376 vs->read_handler = func;
1377 vs->read_handler_expect = expecting;
1378 }
1379
1380
1381 /*
1382 * Called to read a chunk of data from the client socket. The data may
1383 * be the raw data, or may need to be further decoded by SASL.
1384 * The data will be read either straight from to the socket, or
1385 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1386 *
1387 * NB, it is theoretically possible to have 2 layers of encryption,
1388 * both SASL, and this TLS layer. It is highly unlikely in practice
1389 * though, since SASL encryption will typically be a no-op if TLS
1390 * is active
1391 *
1392 * Returns the number of bytes read, which may be less than
1393 * the requested 'datalen' if the socket would block. Returns
1394 * -1 on error, and disconnects the client socket.
1395 */
1396 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1397 {
1398 ssize_t ret;
1399 Error *err = NULL;
1400 ret = qio_channel_read(
1401 vs->ioc, (char *)data, datalen, &err);
1402 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1403 return vnc_client_io_error(vs, ret, &err);
1404 }
1405
1406
1407 /*
1408 * Called to read data from the client socket to the input buffer,
1409 * when not using any SASL SSF encryption layers. Will read as much
1410 * data as possible without blocking.
1411 *
1412 * Returns the number of bytes read. Returns -1 on error, and
1413 * disconnects the client socket.
1414 */
1415 static ssize_t vnc_client_read_plain(VncState *vs)
1416 {
1417 ssize_t ret;
1418 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1419 vs->input.buffer, vs->input.capacity, vs->input.offset);
1420 buffer_reserve(&vs->input, 4096);
1421 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1422 if (!ret)
1423 return 0;
1424 vs->input.offset += ret;
1425 return ret;
1426 }
1427
1428 static void vnc_jobs_bh(void *opaque)
1429 {
1430 VncState *vs = opaque;
1431
1432 vnc_jobs_consume_buffer(vs);
1433 }
1434
1435 /*
1436 * First function called whenever there is more data to be read from
1437 * the client socket. Will delegate actual work according to whether
1438 * SASL SSF layers are enabled (thus requiring decryption calls)
1439 */
1440 static void vnc_client_read(VncState *vs)
1441 {
1442 ssize_t ret;
1443
1444 #ifdef CONFIG_VNC_SASL
1445 if (vs->sasl.conn && vs->sasl.runSSF)
1446 ret = vnc_client_read_sasl(vs);
1447 else
1448 #endif /* CONFIG_VNC_SASL */
1449 ret = vnc_client_read_plain(vs);
1450 if (!ret) {
1451 if (vs->disconnecting) {
1452 vnc_disconnect_finish(vs);
1453 }
1454 return;
1455 }
1456
1457 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1458 size_t len = vs->read_handler_expect;
1459 int ret;
1460
1461 ret = vs->read_handler(vs, vs->input.buffer, len);
1462 if (vs->disconnecting) {
1463 vnc_disconnect_finish(vs);
1464 return;
1465 }
1466
1467 if (!ret) {
1468 buffer_advance(&vs->input, len);
1469 } else {
1470 vs->read_handler_expect = ret;
1471 }
1472 }
1473 }
1474
1475 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1476 GIOCondition condition, void *opaque)
1477 {
1478 VncState *vs = opaque;
1479 if (condition & G_IO_IN) {
1480 vnc_client_read(vs);
1481 }
1482 if (condition & G_IO_OUT) {
1483 vnc_client_write(vs);
1484 }
1485 return TRUE;
1486 }
1487
1488
1489 void vnc_write(VncState *vs, const void *data, size_t len)
1490 {
1491 buffer_reserve(&vs->output, len);
1492
1493 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1494 if (vs->ioc_tag) {
1495 g_source_remove(vs->ioc_tag);
1496 }
1497 vs->ioc_tag = qio_channel_add_watch(
1498 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1499 }
1500
1501 buffer_append(&vs->output, data, len);
1502 }
1503
1504 void vnc_write_s32(VncState *vs, int32_t value)
1505 {
1506 vnc_write_u32(vs, *(uint32_t *)&value);
1507 }
1508
1509 void vnc_write_u32(VncState *vs, uint32_t value)
1510 {
1511 uint8_t buf[4];
1512
1513 buf[0] = (value >> 24) & 0xFF;
1514 buf[1] = (value >> 16) & 0xFF;
1515 buf[2] = (value >> 8) & 0xFF;
1516 buf[3] = value & 0xFF;
1517
1518 vnc_write(vs, buf, 4);
1519 }
1520
1521 void vnc_write_u16(VncState *vs, uint16_t value)
1522 {
1523 uint8_t buf[2];
1524
1525 buf[0] = (value >> 8) & 0xFF;
1526 buf[1] = value & 0xFF;
1527
1528 vnc_write(vs, buf, 2);
1529 }
1530
1531 void vnc_write_u8(VncState *vs, uint8_t value)
1532 {
1533 vnc_write(vs, (char *)&value, 1);
1534 }
1535
1536 void vnc_flush(VncState *vs)
1537 {
1538 vnc_lock_output(vs);
1539 if (vs->ioc != NULL && vs->output.offset) {
1540 vnc_client_write_locked(vs);
1541 }
1542 vnc_unlock_output(vs);
1543 }
1544
1545 static uint8_t read_u8(uint8_t *data, size_t offset)
1546 {
1547 return data[offset];
1548 }
1549
1550 static uint16_t read_u16(uint8_t *data, size_t offset)
1551 {
1552 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1553 }
1554
1555 static int32_t read_s32(uint8_t *data, size_t offset)
1556 {
1557 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1558 (data[offset + 2] << 8) | data[offset + 3]);
1559 }
1560
1561 uint32_t read_u32(uint8_t *data, size_t offset)
1562 {
1563 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1564 (data[offset + 2] << 8) | data[offset + 3]);
1565 }
1566
1567 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1568 {
1569 }
1570
1571 static void check_pointer_type_change(Notifier *notifier, void *data)
1572 {
1573 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1574 int absolute = qemu_input_is_absolute();
1575
1576 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1577 vnc_lock_output(vs);
1578 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1579 vnc_write_u8(vs, 0);
1580 vnc_write_u16(vs, 1);
1581 vnc_framebuffer_update(vs, absolute, 0,
1582 pixman_image_get_width(vs->vd->server),
1583 pixman_image_get_height(vs->vd->server),
1584 VNC_ENCODING_POINTER_TYPE_CHANGE);
1585 vnc_unlock_output(vs);
1586 vnc_flush(vs);
1587 }
1588 vs->absolute = absolute;
1589 }
1590
1591 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1592 {
1593 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1594 [INPUT_BUTTON_LEFT] = 0x01,
1595 [INPUT_BUTTON_MIDDLE] = 0x02,
1596 [INPUT_BUTTON_RIGHT] = 0x04,
1597 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1598 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1599 };
1600 QemuConsole *con = vs->vd->dcl.con;
1601 int width = pixman_image_get_width(vs->vd->server);
1602 int height = pixman_image_get_height(vs->vd->server);
1603
1604 if (vs->last_bmask != button_mask) {
1605 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1606 vs->last_bmask = button_mask;
1607 }
1608
1609 if (vs->absolute) {
1610 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width);
1611 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height);
1612 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1613 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1614 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1615 } else {
1616 if (vs->last_x != -1) {
1617 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1618 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1619 }
1620 vs->last_x = x;
1621 vs->last_y = y;
1622 }
1623 qemu_input_event_sync();
1624 }
1625
1626 static void reset_keys(VncState *vs)
1627 {
1628 int i;
1629 for(i = 0; i < 256; i++) {
1630 if (vs->modifiers_state[i]) {
1631 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1632 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1633 vs->modifiers_state[i] = 0;
1634 }
1635 }
1636 }
1637
1638 static void press_key(VncState *vs, int keysym)
1639 {
1640 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1641 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1642 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1643 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1644 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1645 }
1646
1647 static int current_led_state(VncState *vs)
1648 {
1649 int ledstate = 0;
1650
1651 if (vs->modifiers_state[0x46]) {
1652 ledstate |= QEMU_SCROLL_LOCK_LED;
1653 }
1654 if (vs->modifiers_state[0x45]) {
1655 ledstate |= QEMU_NUM_LOCK_LED;
1656 }
1657 if (vs->modifiers_state[0x3a]) {
1658 ledstate |= QEMU_CAPS_LOCK_LED;
1659 }
1660
1661 return ledstate;
1662 }
1663
1664 static void vnc_led_state_change(VncState *vs)
1665 {
1666 int ledstate = 0;
1667
1668 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1669 return;
1670 }
1671
1672 ledstate = current_led_state(vs);
1673 vnc_lock_output(vs);
1674 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1675 vnc_write_u8(vs, 0);
1676 vnc_write_u16(vs, 1);
1677 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1678 vnc_write_u8(vs, ledstate);
1679 vnc_unlock_output(vs);
1680 vnc_flush(vs);
1681 }
1682
1683 static void kbd_leds(void *opaque, int ledstate)
1684 {
1685 VncState *vs = opaque;
1686 int caps, num, scr;
1687 bool has_changed = (ledstate != current_led_state(vs));
1688
1689 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1690 (ledstate & QEMU_NUM_LOCK_LED),
1691 (ledstate & QEMU_SCROLL_LOCK_LED));
1692
1693 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1694 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1695 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0;
1696
1697 if (vs->modifiers_state[0x3a] != caps) {
1698 vs->modifiers_state[0x3a] = caps;
1699 }
1700 if (vs->modifiers_state[0x45] != num) {
1701 vs->modifiers_state[0x45] = num;
1702 }
1703 if (vs->modifiers_state[0x46] != scr) {
1704 vs->modifiers_state[0x46] = scr;
1705 }
1706
1707 /* Sending the current led state message to the client */
1708 if (has_changed) {
1709 vnc_led_state_change(vs);
1710 }
1711 }
1712
1713 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1714 {
1715 /* QEMU console switch */
1716 switch(keycode) {
1717 case 0x2a: /* Left Shift */
1718 case 0x36: /* Right Shift */
1719 case 0x1d: /* Left CTRL */
1720 case 0x9d: /* Right CTRL */
1721 case 0x38: /* Left ALT */
1722 case 0xb8: /* Right ALT */
1723 if (down)
1724 vs->modifiers_state[keycode] = 1;
1725 else
1726 vs->modifiers_state[keycode] = 0;
1727 break;
1728 case 0x02 ... 0x0a: /* '1' to '9' keys */
1729 if (vs->vd->dcl.con == NULL &&
1730 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1731 /* Reset the modifiers sent to the current console */
1732 reset_keys(vs);
1733 console_select(keycode - 0x02);
1734 return;
1735 }
1736 break;
1737 case 0x3a: /* CapsLock */
1738 case 0x45: /* NumLock */
1739 if (down)
1740 vs->modifiers_state[keycode] ^= 1;
1741 break;
1742 }
1743
1744 /* Turn off the lock state sync logic if the client support the led
1745 state extension.
1746 */
1747 if (down && vs->vd->lock_key_sync &&
1748 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1749 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1750 /* If the numlock state needs to change then simulate an additional
1751 keypress before sending this one. This will happen if the user
1752 toggles numlock away from the VNC window.
1753 */
1754 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1755 if (!vs->modifiers_state[0x45]) {
1756 trace_vnc_key_sync_numlock(true);
1757 vs->modifiers_state[0x45] = 1;
1758 press_key(vs, 0xff7f);
1759 }
1760 } else {
1761 if (vs->modifiers_state[0x45]) {
1762 trace_vnc_key_sync_numlock(false);
1763 vs->modifiers_state[0x45] = 0;
1764 press_key(vs, 0xff7f);
1765 }
1766 }
1767 }
1768
1769 if (down && vs->vd->lock_key_sync &&
1770 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1771 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1772 /* If the capslock state needs to change then simulate an additional
1773 keypress before sending this one. This will happen if the user
1774 toggles capslock away from the VNC window.
1775 */
1776 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1777 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1778 int capslock = !!(vs->modifiers_state[0x3a]);
1779 if (capslock) {
1780 if (uppercase == shift) {
1781 trace_vnc_key_sync_capslock(false);
1782 vs->modifiers_state[0x3a] = 0;
1783 press_key(vs, 0xffe5);
1784 }
1785 } else {
1786 if (uppercase != shift) {
1787 trace_vnc_key_sync_capslock(true);
1788 vs->modifiers_state[0x3a] = 1;
1789 press_key(vs, 0xffe5);
1790 }
1791 }
1792 }
1793
1794 if (qemu_console_is_graphic(NULL)) {
1795 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1796 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1797 } else {
1798 bool numlock = vs->modifiers_state[0x45];
1799 bool control = (vs->modifiers_state[0x1d] ||
1800 vs->modifiers_state[0x9d]);
1801 /* QEMU console emulation */
1802 if (down) {
1803 switch (keycode) {
1804 case 0x2a: /* Left Shift */
1805 case 0x36: /* Right Shift */
1806 case 0x1d: /* Left CTRL */
1807 case 0x9d: /* Right CTRL */
1808 case 0x38: /* Left ALT */
1809 case 0xb8: /* Right ALT */
1810 break;
1811 case 0xc8:
1812 kbd_put_keysym(QEMU_KEY_UP);
1813 break;
1814 case 0xd0:
1815 kbd_put_keysym(QEMU_KEY_DOWN);
1816 break;
1817 case 0xcb:
1818 kbd_put_keysym(QEMU_KEY_LEFT);
1819 break;
1820 case 0xcd:
1821 kbd_put_keysym(QEMU_KEY_RIGHT);
1822 break;
1823 case 0xd3:
1824 kbd_put_keysym(QEMU_KEY_DELETE);
1825 break;
1826 case 0xc7:
1827 kbd_put_keysym(QEMU_KEY_HOME);
1828 break;
1829 case 0xcf:
1830 kbd_put_keysym(QEMU_KEY_END);
1831 break;
1832 case 0xc9:
1833 kbd_put_keysym(QEMU_KEY_PAGEUP);
1834 break;
1835 case 0xd1:
1836 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1837 break;
1838
1839 case 0x47:
1840 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1841 break;
1842 case 0x48:
1843 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1844 break;
1845 case 0x49:
1846 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1847 break;
1848 case 0x4b:
1849 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1850 break;
1851 case 0x4c:
1852 kbd_put_keysym('5');
1853 break;
1854 case 0x4d:
1855 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1856 break;
1857 case 0x4f:
1858 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1859 break;
1860 case 0x50:
1861 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1862 break;
1863 case 0x51:
1864 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1865 break;
1866 case 0x52:
1867 kbd_put_keysym('0');
1868 break;
1869 case 0x53:
1870 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1871 break;
1872
1873 case 0xb5:
1874 kbd_put_keysym('/');
1875 break;
1876 case 0x37:
1877 kbd_put_keysym('*');
1878 break;
1879 case 0x4a:
1880 kbd_put_keysym('-');
1881 break;
1882 case 0x4e:
1883 kbd_put_keysym('+');
1884 break;
1885 case 0x9c:
1886 kbd_put_keysym('\n');
1887 break;
1888
1889 default:
1890 if (control) {
1891 kbd_put_keysym(sym & 0x1f);
1892 } else {
1893 kbd_put_keysym(sym);
1894 }
1895 break;
1896 }
1897 }
1898 }
1899 }
1900
1901 static void vnc_release_modifiers(VncState *vs)
1902 {
1903 static const int keycodes[] = {
1904 /* shift, control, alt keys, both left & right */
1905 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1906 };
1907 int i, keycode;
1908
1909 if (!qemu_console_is_graphic(NULL)) {
1910 return;
1911 }
1912 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1913 keycode = keycodes[i];
1914 if (!vs->modifiers_state[keycode]) {
1915 continue;
1916 }
1917 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1918 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1919 }
1920 }
1921
1922 static const char *code2name(int keycode)
1923 {
1924 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
1925 }
1926
1927 static void key_event(VncState *vs, int down, uint32_t sym)
1928 {
1929 int keycode;
1930 int lsym = sym;
1931
1932 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1933 lsym = lsym - 'A' + 'a';
1934 }
1935
1936 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1937 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1938 do_key_event(vs, down, keycode, sym);
1939 }
1940
1941 static void ext_key_event(VncState *vs, int down,
1942 uint32_t sym, uint16_t keycode)
1943 {
1944 /* if the user specifies a keyboard layout, always use it */
1945 if (keyboard_layout) {
1946 key_event(vs, down, sym);
1947 } else {
1948 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1949 do_key_event(vs, down, keycode, sym);
1950 }
1951 }
1952
1953 static void framebuffer_update_request(VncState *vs, int incremental,
1954 int x, int y, int w, int h)
1955 {
1956 vs->need_update = 1;
1957
1958 if (incremental) {
1959 return;
1960 }
1961
1962 vs->force_update = 1;
1963 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1964 }
1965
1966 static void send_ext_key_event_ack(VncState *vs)
1967 {
1968 vnc_lock_output(vs);
1969 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1970 vnc_write_u8(vs, 0);
1971 vnc_write_u16(vs, 1);
1972 vnc_framebuffer_update(vs, 0, 0,
1973 pixman_image_get_width(vs->vd->server),
1974 pixman_image_get_height(vs->vd->server),
1975 VNC_ENCODING_EXT_KEY_EVENT);
1976 vnc_unlock_output(vs);
1977 vnc_flush(vs);
1978 }
1979
1980 static void send_ext_audio_ack(VncState *vs)
1981 {
1982 vnc_lock_output(vs);
1983 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1984 vnc_write_u8(vs, 0);
1985 vnc_write_u16(vs, 1);
1986 vnc_framebuffer_update(vs, 0, 0,
1987 pixman_image_get_width(vs->vd->server),
1988 pixman_image_get_height(vs->vd->server),
1989 VNC_ENCODING_AUDIO);
1990 vnc_unlock_output(vs);
1991 vnc_flush(vs);
1992 }
1993
1994 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1995 {
1996 int i;
1997 unsigned int enc = 0;
1998
1999 vs->features = 0;
2000 vs->vnc_encoding = 0;
2001 vs->tight.compression = 9;
2002 vs->tight.quality = -1; /* Lossless by default */
2003 vs->absolute = -1;
2004
2005 /*
2006 * Start from the end because the encodings are sent in order of preference.
2007 * This way the preferred encoding (first encoding defined in the array)
2008 * will be set at the end of the loop.
2009 */
2010 for (i = n_encodings - 1; i >= 0; i--) {
2011 enc = encodings[i];
2012 switch (enc) {
2013 case VNC_ENCODING_RAW:
2014 vs->vnc_encoding = enc;
2015 break;
2016 case VNC_ENCODING_COPYRECT:
2017 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2018 break;
2019 case VNC_ENCODING_HEXTILE:
2020 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2021 vs->vnc_encoding = enc;
2022 break;
2023 case VNC_ENCODING_TIGHT:
2024 vs->features |= VNC_FEATURE_TIGHT_MASK;
2025 vs->vnc_encoding = enc;
2026 break;
2027 #ifdef CONFIG_VNC_PNG
2028 case VNC_ENCODING_TIGHT_PNG:
2029 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2030 vs->vnc_encoding = enc;
2031 break;
2032 #endif
2033 case VNC_ENCODING_ZLIB:
2034 vs->features |= VNC_FEATURE_ZLIB_MASK;
2035 vs->vnc_encoding = enc;
2036 break;
2037 case VNC_ENCODING_ZRLE:
2038 vs->features |= VNC_FEATURE_ZRLE_MASK;
2039 vs->vnc_encoding = enc;
2040 break;
2041 case VNC_ENCODING_ZYWRLE:
2042 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2043 vs->vnc_encoding = enc;
2044 break;
2045 case VNC_ENCODING_DESKTOPRESIZE:
2046 vs->features |= VNC_FEATURE_RESIZE_MASK;
2047 break;
2048 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2049 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2050 break;
2051 case VNC_ENCODING_RICH_CURSOR:
2052 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2053 if (vs->vd->cursor) {
2054 vnc_cursor_define(vs);
2055 }
2056 break;
2057 case VNC_ENCODING_EXT_KEY_EVENT:
2058 send_ext_key_event_ack(vs);
2059 break;
2060 case VNC_ENCODING_AUDIO:
2061 send_ext_audio_ack(vs);
2062 break;
2063 case VNC_ENCODING_WMVi:
2064 vs->features |= VNC_FEATURE_WMVI_MASK;
2065 break;
2066 case VNC_ENCODING_LED_STATE:
2067 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2068 break;
2069 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2070 vs->tight.compression = (enc & 0x0F);
2071 break;
2072 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2073 if (vs->vd->lossy) {
2074 vs->tight.quality = (enc & 0x0F);
2075 }
2076 break;
2077 default:
2078 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2079 break;
2080 }
2081 }
2082 vnc_desktop_resize(vs);
2083 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2084 vnc_led_state_change(vs);
2085 }
2086
2087 static void set_pixel_conversion(VncState *vs)
2088 {
2089 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2090
2091 if (fmt == VNC_SERVER_FB_FORMAT) {
2092 vs->write_pixels = vnc_write_pixels_copy;
2093 vnc_hextile_set_pixel_conversion(vs, 0);
2094 } else {
2095 vs->write_pixels = vnc_write_pixels_generic;
2096 vnc_hextile_set_pixel_conversion(vs, 1);
2097 }
2098 }
2099
2100 static void send_color_map(VncState *vs)
2101 {
2102 int i;
2103
2104 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2105 vnc_write_u8(vs, 0); /* padding */
2106 vnc_write_u16(vs, 0); /* first color */
2107 vnc_write_u16(vs, 256); /* # of colors */
2108
2109 for (i = 0; i < 256; i++) {
2110 PixelFormat *pf = &vs->client_pf;
2111
2112 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2113 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2114 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2115 }
2116 }
2117
2118 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2119 int big_endian_flag, int true_color_flag,
2120 int red_max, int green_max, int blue_max,
2121 int red_shift, int green_shift, int blue_shift)
2122 {
2123 if (!true_color_flag) {
2124 /* Expose a reasonable default 256 color map */
2125 bits_per_pixel = 8;
2126 red_max = 7;
2127 green_max = 7;
2128 blue_max = 3;
2129 red_shift = 0;
2130 green_shift = 3;
2131 blue_shift = 6;
2132 }
2133
2134 switch (bits_per_pixel) {
2135 case 8:
2136 case 16:
2137 case 32:
2138 break;
2139 default:
2140 vnc_client_error(vs);
2141 return;
2142 }
2143
2144 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2145 vs->client_pf.rbits = hweight_long(red_max);
2146 vs->client_pf.rshift = red_shift;
2147 vs->client_pf.rmask = red_max << red_shift;
2148 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2149 vs->client_pf.gbits = hweight_long(green_max);
2150 vs->client_pf.gshift = green_shift;
2151 vs->client_pf.gmask = green_max << green_shift;
2152 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2153 vs->client_pf.bbits = hweight_long(blue_max);
2154 vs->client_pf.bshift = blue_shift;
2155 vs->client_pf.bmask = blue_max << blue_shift;
2156 vs->client_pf.bits_per_pixel = bits_per_pixel;
2157 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2158 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2159 vs->client_be = big_endian_flag;
2160
2161 if (!true_color_flag) {
2162 send_color_map(vs);
2163 }
2164
2165 set_pixel_conversion(vs);
2166
2167 graphic_hw_invalidate(vs->vd->dcl.con);
2168 graphic_hw_update(vs->vd->dcl.con);
2169 }
2170
2171 static void pixel_format_message (VncState *vs) {
2172 char pad[3] = { 0, 0, 0 };
2173
2174 vs->client_pf = qemu_default_pixelformat(32);
2175
2176 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2177 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2178
2179 #ifdef HOST_WORDS_BIGENDIAN
2180 vnc_write_u8(vs, 1); /* big-endian-flag */
2181 #else
2182 vnc_write_u8(vs, 0); /* big-endian-flag */
2183 #endif
2184 vnc_write_u8(vs, 1); /* true-color-flag */
2185 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2186 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2187 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2188 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2189 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2190 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2191 vnc_write(vs, pad, 3); /* padding */
2192
2193 vnc_hextile_set_pixel_conversion(vs, 0);
2194 vs->write_pixels = vnc_write_pixels_copy;
2195 }
2196
2197 static void vnc_colordepth(VncState *vs)
2198 {
2199 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2200 /* Sending a WMVi message to notify the client*/
2201 vnc_lock_output(vs);
2202 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2203 vnc_write_u8(vs, 0);
2204 vnc_write_u16(vs, 1); /* number of rects */
2205 vnc_framebuffer_update(vs, 0, 0,
2206 pixman_image_get_width(vs->vd->server),
2207 pixman_image_get_height(vs->vd->server),
2208 VNC_ENCODING_WMVi);
2209 pixel_format_message(vs);
2210 vnc_unlock_output(vs);
2211 vnc_flush(vs);
2212 } else {
2213 set_pixel_conversion(vs);
2214 }
2215 }
2216
2217 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2218 {
2219 int i;
2220 uint16_t limit;
2221 VncDisplay *vd = vs->vd;
2222
2223 if (data[0] > 3) {
2224 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2225 }
2226
2227 switch (data[0]) {
2228 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2229 if (len == 1)
2230 return 20;
2231
2232 set_pixel_format(vs, read_u8(data, 4),
2233 read_u8(data, 6), read_u8(data, 7),
2234 read_u16(data, 8), read_u16(data, 10),
2235 read_u16(data, 12), read_u8(data, 14),
2236 read_u8(data, 15), read_u8(data, 16));
2237 break;
2238 case VNC_MSG_CLIENT_SET_ENCODINGS:
2239 if (len == 1)
2240 return 4;
2241
2242 if (len == 4) {
2243 limit = read_u16(data, 2);
2244 if (limit > 0)
2245 return 4 + (limit * 4);
2246 } else
2247 limit = read_u16(data, 2);
2248
2249 for (i = 0; i < limit; i++) {
2250 int32_t val = read_s32(data, 4 + (i * 4));
2251 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2252 }
2253
2254 set_encodings(vs, (int32_t *)(data + 4), limit);
2255 break;
2256 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2257 if (len == 1)
2258 return 10;
2259
2260 framebuffer_update_request(vs,
2261 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2262 read_u16(data, 6), read_u16(data, 8));
2263 break;
2264 case VNC_MSG_CLIENT_KEY_EVENT:
2265 if (len == 1)
2266 return 8;
2267
2268 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2269 break;
2270 case VNC_MSG_CLIENT_POINTER_EVENT:
2271 if (len == 1)
2272 return 6;
2273
2274 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2275 break;
2276 case VNC_MSG_CLIENT_CUT_TEXT:
2277 if (len == 1) {
2278 return 8;
2279 }
2280 if (len == 8) {
2281 uint32_t dlen = read_u32(data, 4);
2282 if (dlen > (1 << 20)) {
2283 error_report("vnc: client_cut_text msg payload has %u bytes"
2284 " which exceeds our limit of 1MB.", dlen);
2285 vnc_client_error(vs);
2286 break;
2287 }
2288 if (dlen > 0) {
2289 return 8 + dlen;
2290 }
2291 }
2292
2293 client_cut_text(vs, read_u32(data, 4), data + 8);
2294 break;
2295 case VNC_MSG_CLIENT_QEMU:
2296 if (len == 1)
2297 return 2;
2298
2299 switch (read_u8(data, 1)) {
2300 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2301 if (len == 2)
2302 return 12;
2303
2304 ext_key_event(vs, read_u16(data, 2),
2305 read_u32(data, 4), read_u32(data, 8));
2306 break;
2307 case VNC_MSG_CLIENT_QEMU_AUDIO:
2308 if (len == 2)
2309 return 4;
2310
2311 switch (read_u16 (data, 2)) {
2312 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2313 audio_add(vs);
2314 break;
2315 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2316 audio_del(vs);
2317 break;
2318 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2319 if (len == 4)
2320 return 10;
2321 switch (read_u8(data, 4)) {
2322 case 0: vs->as.fmt = AUD_FMT_U8; break;
2323 case 1: vs->as.fmt = AUD_FMT_S8; break;
2324 case 2: vs->as.fmt = AUD_FMT_U16; break;
2325 case 3: vs->as.fmt = AUD_FMT_S16; break;
2326 case 4: vs->as.fmt = AUD_FMT_U32; break;
2327 case 5: vs->as.fmt = AUD_FMT_S32; break;
2328 default:
2329 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2330 vnc_client_error(vs);
2331 break;
2332 }
2333 vs->as.nchannels = read_u8(data, 5);
2334 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2335 VNC_DEBUG("Invalid audio channel coount %d\n",
2336 read_u8(data, 5));
2337 vnc_client_error(vs);
2338 break;
2339 }
2340 vs->as.freq = read_u32(data, 6);
2341 break;
2342 default:
2343 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2344 vnc_client_error(vs);
2345 break;
2346 }
2347 break;
2348
2349 default:
2350 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2351 vnc_client_error(vs);
2352 break;
2353 }
2354 break;
2355 default:
2356 VNC_DEBUG("Msg: %d\n", data[0]);
2357 vnc_client_error(vs);
2358 break;
2359 }
2360
2361 vnc_read_when(vs, protocol_client_msg, 1);
2362 return 0;
2363 }
2364
2365 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2366 {
2367 char buf[1024];
2368 VncShareMode mode;
2369 int size;
2370
2371 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2372 switch (vs->vd->share_policy) {
2373 case VNC_SHARE_POLICY_IGNORE:
2374 /*
2375 * Ignore the shared flag. Nothing to do here.
2376 *
2377 * Doesn't conform to the rfb spec but is traditional qemu
2378 * behavior, thus left here as option for compatibility
2379 * reasons.
2380 */
2381 break;
2382 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2383 /*
2384 * Policy: Allow clients ask for exclusive access.
2385 *
2386 * Implementation: When a client asks for exclusive access,
2387 * disconnect all others. Shared connects are allowed as long
2388 * as no exclusive connection exists.
2389 *
2390 * This is how the rfb spec suggests to handle the shared flag.
2391 */
2392 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2393 VncState *client;
2394 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2395 if (vs == client) {
2396 continue;
2397 }
2398 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2399 client->share_mode != VNC_SHARE_MODE_SHARED) {
2400 continue;
2401 }
2402 vnc_disconnect_start(client);
2403 }
2404 }
2405 if (mode == VNC_SHARE_MODE_SHARED) {
2406 if (vs->vd->num_exclusive > 0) {
2407 vnc_disconnect_start(vs);
2408 return 0;
2409 }
2410 }
2411 break;
2412 case VNC_SHARE_POLICY_FORCE_SHARED:
2413 /*
2414 * Policy: Shared connects only.
2415 * Implementation: Disallow clients asking for exclusive access.
2416 *
2417 * Useful for shared desktop sessions where you don't want
2418 * someone forgetting to say -shared when running the vnc
2419 * client disconnect everybody else.
2420 */
2421 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2422 vnc_disconnect_start(vs);
2423 return 0;
2424 }
2425 break;
2426 }
2427 vnc_set_share_mode(vs, mode);
2428
2429 if (vs->vd->num_shared > vs->vd->connections_limit) {
2430 vnc_disconnect_start(vs);
2431 return 0;
2432 }
2433
2434 vs->client_width = pixman_image_get_width(vs->vd->server);
2435 vs->client_height = pixman_image_get_height(vs->vd->server);
2436 vnc_write_u16(vs, vs->client_width);
2437 vnc_write_u16(vs, vs->client_height);
2438
2439 pixel_format_message(vs);
2440
2441 if (qemu_name)
2442 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2443 else
2444 size = snprintf(buf, sizeof(buf), "QEMU");
2445
2446 vnc_write_u32(vs, size);
2447 vnc_write(vs, buf, size);
2448 vnc_flush(vs);
2449
2450 vnc_client_cache_auth(vs);
2451 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2452
2453 vnc_read_when(vs, protocol_client_msg, 1);
2454
2455 return 0;
2456 }
2457
2458 void start_client_init(VncState *vs)
2459 {
2460 vnc_read_when(vs, protocol_client_init, 1);
2461 }
2462
2463 static void make_challenge(VncState *vs)
2464 {
2465 int i;
2466
2467 srand(time(NULL)+getpid()+getpid()*987654+rand());
2468
2469 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2470 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2471 }
2472
2473 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2474 {
2475 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2476 size_t i, pwlen;
2477 unsigned char key[8];
2478 time_t now = time(NULL);
2479 QCryptoCipher *cipher = NULL;
2480 Error *err = NULL;
2481
2482 if (!vs->vd->password) {
2483 VNC_DEBUG("No password configured on server");
2484 goto reject;
2485 }
2486 if (vs->vd->expires < now) {
2487 VNC_DEBUG("Password is expired");
2488 goto reject;
2489 }
2490
2491 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2492
2493 /* Calculate the expected challenge response */
2494 pwlen = strlen(vs->vd->password);
2495 for (i=0; i<sizeof(key); i++)
2496 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2497
2498 cipher = qcrypto_cipher_new(
2499 QCRYPTO_CIPHER_ALG_DES_RFB,
2500 QCRYPTO_CIPHER_MODE_ECB,
2501 key, G_N_ELEMENTS(key),
2502 &err);
2503 if (!cipher) {
2504 VNC_DEBUG("Cannot initialize cipher %s",
2505 error_get_pretty(err));
2506 error_free(err);
2507 goto reject;
2508 }
2509
2510 if (qcrypto_cipher_encrypt(cipher,
2511 vs->challenge,
2512 response,
2513 VNC_AUTH_CHALLENGE_SIZE,
2514 &err) < 0) {
2515 VNC_DEBUG("Cannot encrypt challenge %s",
2516 error_get_pretty(err));
2517 error_free(err);
2518 goto reject;
2519 }
2520
2521 /* Compare expected vs actual challenge response */
2522 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2523 VNC_DEBUG("Client challenge response did not match\n");
2524 goto reject;
2525 } else {
2526 VNC_DEBUG("Accepting VNC challenge response\n");
2527 vnc_write_u32(vs, 0); /* Accept auth */
2528 vnc_flush(vs);
2529
2530 start_client_init(vs);
2531 }
2532
2533 qcrypto_cipher_free(cipher);
2534 return 0;
2535
2536 reject:
2537 vnc_write_u32(vs, 1); /* Reject auth */
2538 if (vs->minor >= 8) {
2539 static const char err[] = "Authentication failed";
2540 vnc_write_u32(vs, sizeof(err));
2541 vnc_write(vs, err, sizeof(err));
2542 }
2543 vnc_flush(vs);
2544 vnc_client_error(vs);
2545 qcrypto_cipher_free(cipher);
2546 return 0;
2547 }
2548
2549 void start_auth_vnc(VncState *vs)
2550 {
2551 make_challenge(vs);
2552 /* Send client a 'random' challenge */
2553 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2554 vnc_flush(vs);
2555
2556 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2557 }
2558
2559
2560 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2561 {
2562 /* We only advertise 1 auth scheme at a time, so client
2563 * must pick the one we sent. Verify this */
2564 if (data[0] != vs->auth) { /* Reject auth */
2565 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2566 vnc_write_u32(vs, 1);
2567 if (vs->minor >= 8) {
2568 static const char err[] = "Authentication failed";
2569 vnc_write_u32(vs, sizeof(err));
2570 vnc_write(vs, err, sizeof(err));
2571 }
2572 vnc_client_error(vs);
2573 } else { /* Accept requested auth */
2574 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2575 switch (vs->auth) {
2576 case VNC_AUTH_NONE:
2577 VNC_DEBUG("Accept auth none\n");
2578 if (vs->minor >= 8) {
2579 vnc_write_u32(vs, 0); /* Accept auth completion */
2580 vnc_flush(vs);
2581 }
2582 start_client_init(vs);
2583 break;
2584
2585 case VNC_AUTH_VNC:
2586 VNC_DEBUG("Start VNC auth\n");
2587 start_auth_vnc(vs);
2588 break;
2589
2590 case VNC_AUTH_VENCRYPT:
2591 VNC_DEBUG("Accept VeNCrypt auth\n");
2592 start_auth_vencrypt(vs);
2593 break;
2594
2595 #ifdef CONFIG_VNC_SASL
2596 case VNC_AUTH_SASL:
2597 VNC_DEBUG("Accept SASL auth\n");
2598 start_auth_sasl(vs);
2599 break;
2600 #endif /* CONFIG_VNC_SASL */
2601
2602 default: /* Should not be possible, but just in case */
2603 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2604 vnc_write_u8(vs, 1);
2605 if (vs->minor >= 8) {
2606 static const char err[] = "Authentication failed";
2607 vnc_write_u32(vs, sizeof(err));
2608 vnc_write(vs, err, sizeof(err));
2609 }
2610 vnc_client_error(vs);
2611 }
2612 }
2613 return 0;
2614 }
2615
2616 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2617 {
2618 char local[13];
2619
2620 memcpy(local, version, 12);
2621 local[12] = 0;
2622
2623 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2624 VNC_DEBUG("Malformed protocol version %s\n", local);
2625 vnc_client_error(vs);
2626 return 0;
2627 }
2628 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2629 if (vs->major != 3 ||
2630 (vs->minor != 3 &&
2631 vs->minor != 4 &&
2632 vs->minor != 5 &&
2633 vs->minor != 7 &&
2634 vs->minor != 8)) {
2635 VNC_DEBUG("Unsupported client version\n");
2636 vnc_write_u32(vs, VNC_AUTH_INVALID);
2637 vnc_flush(vs);
2638 vnc_client_error(vs);
2639 return 0;
2640 }
2641 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2642 * as equivalent to v3.3 by servers
2643 */
2644 if (vs->minor == 4 || vs->minor == 5)
2645 vs->minor = 3;
2646
2647 if (vs->minor == 3) {
2648 if (vs->auth == VNC_AUTH_NONE) {
2649 VNC_DEBUG("Tell client auth none\n");
2650 vnc_write_u32(vs, vs->auth);
2651 vnc_flush(vs);
2652 start_client_init(vs);
2653 } else if (vs->auth == VNC_AUTH_VNC) {
2654 VNC_DEBUG("Tell client VNC auth\n");
2655 vnc_write_u32(vs, vs->auth);
2656 vnc_flush(vs);
2657 start_auth_vnc(vs);
2658 } else {
2659 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2660 vnc_write_u32(vs, VNC_AUTH_INVALID);
2661 vnc_flush(vs);
2662 vnc_client_error(vs);
2663 }
2664 } else {
2665 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2666 vnc_write_u8(vs, 1); /* num auth */
2667 vnc_write_u8(vs, vs->auth);
2668 vnc_read_when(vs, protocol_client_auth, 1);
2669 vnc_flush(vs);
2670 }
2671
2672 return 0;
2673 }
2674
2675 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2676 {
2677 struct VncSurface *vs = &vd->guest;
2678
2679 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2680 }
2681
2682 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2683 {
2684 int i, j;
2685
2686 w = (x + w) / VNC_STAT_RECT;
2687 h = (y + h) / VNC_STAT_RECT;
2688 x /= VNC_STAT_RECT;
2689 y /= VNC_STAT_RECT;
2690
2691 for (j = y; j <= h; j++) {
2692 for (i = x; i <= w; i++) {
2693 vs->lossy_rect[j][i] = 1;
2694 }
2695 }
2696 }
2697
2698 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2699 {
2700 VncState *vs;
2701 int sty = y / VNC_STAT_RECT;
2702 int stx = x / VNC_STAT_RECT;
2703 int has_dirty = 0;
2704
2705 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2706 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2707
2708 QTAILQ_FOREACH(vs, &vd->clients, next) {
2709 int j;
2710
2711 /* kernel send buffers are full -> refresh later */
2712 if (vs->output.offset) {
2713 continue;
2714 }
2715
2716 if (!vs->lossy_rect[sty][stx]) {
2717 continue;
2718 }
2719
2720 vs->lossy_rect[sty][stx] = 0;
2721 for (j = 0; j < VNC_STAT_RECT; ++j) {
2722 bitmap_set(vs->dirty[y + j],
2723 x / VNC_DIRTY_PIXELS_PER_BIT,
2724 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2725 }
2726 has_dirty++;
2727 }
2728
2729 return has_dirty;
2730 }
2731
2732 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2733 {
2734 int width = pixman_image_get_width(vd->guest.fb);
2735 int height = pixman_image_get_height(vd->guest.fb);
2736 int x, y;
2737 struct timeval res;
2738 int has_dirty = 0;
2739
2740 for (y = 0; y < height; y += VNC_STAT_RECT) {
2741 for (x = 0; x < width; x += VNC_STAT_RECT) {
2742 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2743
2744 rect->updated = false;
2745 }
2746 }
2747
2748 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2749
2750 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2751 return has_dirty;
2752 }
2753 vd->guest.last_freq_check = *tv;
2754
2755 for (y = 0; y < height; y += VNC_STAT_RECT) {
2756 for (x = 0; x < width; x += VNC_STAT_RECT) {
2757 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2758 int count = ARRAY_SIZE(rect->times);
2759 struct timeval min, max;
2760
2761 if (!timerisset(&rect->times[count - 1])) {
2762 continue ;
2763 }
2764
2765 max = rect->times[(rect->idx + count - 1) % count];
2766 qemu_timersub(tv, &max, &res);
2767
2768 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2769 rect->freq = 0;
2770 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2771 memset(rect->times, 0, sizeof (rect->times));
2772 continue ;
2773 }
2774
2775 min = rect->times[rect->idx];
2776 max = rect->times[(rect->idx + count - 1) % count];
2777 qemu_timersub(&max, &min, &res);
2778
2779 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2780 rect->freq /= count;
2781 rect->freq = 1. / rect->freq;
2782 }
2783 }
2784 return has_dirty;
2785 }
2786
2787 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2788 {
2789 int i, j;
2790 double total = 0;
2791 int num = 0;
2792
2793 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2794 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2795
2796 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2797 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2798 total += vnc_stat_rect(vs->vd, i, j)->freq;
2799 num++;
2800 }
2801 }
2802
2803 if (num) {
2804 return total / num;
2805 } else {
2806 return 0;
2807 }
2808 }
2809
2810 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2811 {
2812 VncRectStat *rect;
2813
2814 rect = vnc_stat_rect(vd, x, y);
2815 if (rect->updated) {
2816 return ;
2817 }
2818 rect->times[rect->idx] = *tv;
2819 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2820 rect->updated = true;
2821 }
2822
2823 static int vnc_refresh_server_surface(VncDisplay *vd)
2824 {
2825 int width = MIN(pixman_image_get_width(vd->guest.fb),
2826 pixman_image_get_width(vd->server));
2827 int height = MIN(pixman_image_get_height(vd->guest.fb),
2828 pixman_image_get_height(vd->server));
2829 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2830 uint8_t *guest_row0 = NULL, *server_row0;
2831 VncState *vs;
2832 int has_dirty = 0;
2833 pixman_image_t *tmpbuf = NULL;
2834
2835 struct timeval tv = { 0, 0 };
2836
2837 if (!vd->non_adaptive) {
2838 gettimeofday(&tv, NULL);
2839 has_dirty = vnc_update_stats(vd, &tv);
2840 }
2841
2842 /*
2843 * Walk through the guest dirty map.
2844 * Check and copy modified bits from guest to server surface.
2845 * Update server dirty map.
2846 */
2847 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2848 server_stride = guest_stride = guest_ll =
2849 pixman_image_get_stride(vd->server);
2850 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2851 server_stride);
2852 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2853 int width = pixman_image_get_width(vd->server);
2854 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2855 } else {
2856 int guest_bpp =
2857 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2858 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2859 guest_stride = pixman_image_get_stride(vd->guest.fb);
2860 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
2861 }
2862 line_bytes = MIN(server_stride, guest_ll);
2863
2864 for (;;) {
2865 int x;
2866 uint8_t *guest_ptr, *server_ptr;
2867 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2868 height * VNC_DIRTY_BPL(&vd->guest),
2869 y * VNC_DIRTY_BPL(&vd->guest));
2870 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2871 /* no more dirty bits */
2872 break;
2873 }
2874 y = offset / VNC_DIRTY_BPL(&vd->guest);
2875 x = offset % VNC_DIRTY_BPL(&vd->guest);
2876
2877 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2878
2879 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2880 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2881 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2882 } else {
2883 guest_ptr = guest_row0 + y * guest_stride;
2884 }
2885 guest_ptr += x * cmp_bytes;
2886
2887 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2888 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2889 int _cmp_bytes = cmp_bytes;
2890 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2891 continue;
2892 }
2893 if ((x + 1) * cmp_bytes > line_bytes) {
2894 _cmp_bytes = line_bytes - x * cmp_bytes;
2895 }
2896 assert(_cmp_bytes >= 0);
2897 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2898 continue;
2899 }
2900 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2901 if (!vd->non_adaptive) {
2902 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2903 y, &tv);
2904 }
2905 QTAILQ_FOREACH(vs, &vd->clients, next) {
2906 set_bit(x, vs->dirty[y]);
2907 }
2908 has_dirty++;
2909 }
2910
2911 y++;
2912 }
2913 qemu_pixman_image_unref(tmpbuf);
2914 return has_dirty;
2915 }
2916
2917 static void vnc_refresh(DisplayChangeListener *dcl)
2918 {
2919 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2920 VncState *vs, *vn;
2921 int has_dirty, rects = 0;
2922
2923 if (QTAILQ_EMPTY(&vd->clients)) {
2924 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2925 return;
2926 }
2927
2928 graphic_hw_update(vd->dcl.con);
2929
2930 if (vnc_trylock_display(vd)) {
2931 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2932 return;
2933 }
2934
2935 has_dirty = vnc_refresh_server_surface(vd);
2936 vnc_unlock_display(vd);
2937
2938 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2939 rects += vnc_update_client(vs, has_dirty, false);
2940 /* vs might be free()ed here */
2941 }
2942
2943 if (has_dirty && rects) {
2944 vd->dcl.update_interval /= 2;
2945 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2946 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2947 }
2948 } else {
2949 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2950 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2951 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2952 }
2953 }
2954 }
2955
2956 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2957 bool skipauth, bool websocket)
2958 {
2959 VncState *vs = g_new0(VncState, 1);
2960 int i;
2961
2962 vs->sioc = sioc;
2963 object_ref(OBJECT(vs->sioc));
2964 vs->ioc = QIO_CHANNEL(sioc);
2965 object_ref(OBJECT(vs->ioc));
2966 vs->vd = vd;
2967
2968 buffer_init(&vs->input, "vnc-input/%p", sioc);
2969 buffer_init(&vs->output, "vnc-output/%p", sioc);
2970 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2971
2972 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2973 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2974 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2975 #ifdef CONFIG_VNC_JPEG
2976 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2977 #endif
2978 #ifdef CONFIG_VNC_PNG
2979 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2980 #endif
2981 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2982 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
2983 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
2984 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
2985
2986 if (skipauth) {
2987 vs->auth = VNC_AUTH_NONE;
2988 vs->subauth = VNC_AUTH_INVALID;
2989 } else {
2990 if (websocket) {
2991 vs->auth = vd->ws_auth;
2992 vs->subauth = VNC_AUTH_INVALID;
2993 } else {
2994 vs->auth = vd->auth;
2995 vs->subauth = vd->subauth;
2996 }
2997 }
2998 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
2999 sioc, websocket, vs->auth, vs->subauth);
3000
3001 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3002 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3003 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3004 }
3005
3006 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3007 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3008 qio_channel_set_blocking(vs->ioc, false, NULL);
3009 if (websocket) {
3010 vs->websocket = 1;
3011 if (vd->ws_tls) {
3012 vs->ioc_tag = qio_channel_add_watch(
3013 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3014 } else {
3015 vs->ioc_tag = qio_channel_add_watch(
3016 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3017 }
3018 } else {
3019 vs->ioc_tag = qio_channel_add_watch(
3020 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3021 }
3022
3023 vnc_client_cache_addr(vs);
3024 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3025 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3026
3027 if (!vs->websocket) {
3028 vnc_init_state(vs);
3029 }
3030
3031 if (vd->num_connecting > vd->connections_limit) {
3032 QTAILQ_FOREACH(vs, &vd->clients, next) {
3033 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3034 vnc_disconnect_start(vs);
3035 return;
3036 }
3037 }
3038 }
3039 }
3040
3041 void vnc_init_state(VncState *vs)
3042 {
3043 vs->initialized = true;
3044 VncDisplay *vd = vs->vd;
3045 bool first_client = QTAILQ_EMPTY(&vd->clients);
3046
3047 vs->last_x = -1;
3048 vs->last_y = -1;
3049
3050 vs->as.freq = 44100;
3051 vs->as.nchannels = 2;
3052 vs->as.fmt = AUD_FMT_S16;
3053 vs->as.endianness = 0;
3054
3055 qemu_mutex_init(&vs->output_mutex);
3056 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3057
3058 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3059 if (first_client) {
3060 vnc_update_server_surface(vd);
3061 }
3062
3063 graphic_hw_update(vd->dcl.con);
3064
3065 vnc_write(vs, "RFB 003.008\n", 12);
3066 vnc_flush(vs);
3067 vnc_read_when(vs, protocol_version, 12);
3068 reset_keys(vs);
3069 if (vs->vd->lock_key_sync)
3070 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
3071
3072 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3073 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3074
3075 /* vs might be free()ed here */
3076 }
3077
3078 static gboolean vnc_listen_io(QIOChannel *ioc,
3079 GIOCondition condition,
3080 void *opaque)
3081 {
3082 VncDisplay *vs = opaque;
3083 QIOChannelSocket *sioc = NULL;
3084 Error *err = NULL;
3085
3086 /* Catch-up */
3087 graphic_hw_update(vs->dcl.con);
3088 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3089 if (sioc != NULL) {
3090 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3091 vnc_connect(vs, sioc, false,
3092 ioc != QIO_CHANNEL(vs->lsock));
3093 object_unref(OBJECT(sioc));
3094 } else {
3095 /* client probably closed connection before we got there */
3096 error_free(err);
3097 }
3098
3099 return TRUE;
3100 }
3101
3102 static const DisplayChangeListenerOps dcl_ops = {
3103 .dpy_name = "vnc",
3104 .dpy_refresh = vnc_refresh,
3105 .dpy_gfx_copy = vnc_dpy_copy,
3106 .dpy_gfx_update = vnc_dpy_update,
3107 .dpy_gfx_switch = vnc_dpy_switch,
3108 .dpy_gfx_check_format = qemu_pixman_check_format,
3109 .dpy_mouse_set = vnc_mouse_set,
3110 .dpy_cursor_define = vnc_dpy_cursor_define,
3111 };
3112
3113 void vnc_display_init(const char *id)
3114 {
3115 VncDisplay *vs;
3116
3117 if (vnc_display_find(id) != NULL) {
3118 return;
3119 }
3120 vs = g_malloc0(sizeof(*vs));
3121
3122 vs->id = strdup(id);
3123 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next);
3124
3125 QTAILQ_INIT(&vs->clients);
3126 vs->expires = TIME_MAX;
3127
3128 if (keyboard_layout) {
3129 trace_vnc_key_map_init(keyboard_layout);
3130 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3131 } else {
3132 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3133 }
3134
3135 if (!vs->kbd_layout)
3136 exit(1);
3137
3138 qemu_mutex_init(&vs->mutex);
3139 vnc_start_worker_thread();
3140
3141 vs->dcl.ops = &dcl_ops;
3142 register_displaychangelistener(&vs->dcl);
3143 }
3144
3145
3146 static void vnc_display_close(VncDisplay *vs)
3147 {
3148 if (!vs)
3149 return;
3150 vs->enabled = false;
3151 vs->is_unix = false;
3152 if (vs->lsock != NULL) {
3153 if (vs->lsock_tag) {
3154 g_source_remove(vs->lsock_tag);
3155 }
3156 object_unref(OBJECT(vs->lsock));
3157 vs->lsock = NULL;
3158 }
3159 vs->ws_enabled = false;
3160 if (vs->lwebsock != NULL) {
3161 if (vs->lwebsock_tag) {
3162 g_source_remove(vs->lwebsock_tag);
3163 }
3164 object_unref(OBJECT(vs->lwebsock));
3165 vs->lwebsock = NULL;
3166 }
3167 vs->auth = VNC_AUTH_INVALID;
3168 vs->subauth = VNC_AUTH_INVALID;
3169 if (vs->tlscreds) {
3170 object_unparent(OBJECT(vs->tlscreds));
3171 vs->tlscreds = NULL;
3172 }
3173 g_free(vs->tlsaclname);
3174 vs->tlsaclname = NULL;
3175 }
3176
3177 int vnc_display_password(const char *id, const char *password)
3178 {
3179 VncDisplay *vs = vnc_display_find(id);
3180
3181 if (!vs) {
3182 return -EINVAL;
3183 }
3184 if (vs->auth == VNC_AUTH_NONE) {
3185 error_printf_unless_qmp("If you want use passwords please enable "
3186 "password auth using '-vnc ${dpy},password'.");
3187 return -EINVAL;
3188 }
3189
3190 g_free(vs->password);
3191 vs->password = g_strdup(password);
3192
3193 return 0;
3194 }
3195
3196 int vnc_display_pw_expire(const char *id, time_t expires)
3197 {
3198 VncDisplay *vs = vnc_display_find(id);
3199
3200 if (!vs) {
3201 return -EINVAL;
3202 }
3203
3204 vs->expires = expires;
3205 return 0;
3206 }
3207
3208 char *vnc_display_local_addr(const char *id)
3209 {
3210 VncDisplay *vs = vnc_display_find(id);
3211 SocketAddress *addr;
3212 char *ret;
3213 Error *err = NULL;
3214
3215 assert(vs);
3216
3217 addr = qio_channel_socket_get_local_address(vs->lsock, &err);
3218 if (!addr) {
3219 return NULL;
3220 }
3221
3222 if (addr->type != SOCKET_ADDRESS_KIND_INET) {
3223 qapi_free_SocketAddress(addr);
3224 return NULL;
3225 }
3226 ret = g_strdup_printf("%s:%s", addr->u.inet.data->host,
3227 addr->u.inet.data->port);
3228 qapi_free_SocketAddress(addr);
3229
3230 return ret;
3231 }
3232
3233 static QemuOptsList qemu_vnc_opts = {
3234 .name = "vnc",
3235 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3236 .implied_opt_name = "vnc",
3237 .desc = {
3238 {
3239 .name = "vnc",
3240 .type = QEMU_OPT_STRING,
3241 },{
3242 .name = "websocket",
3243 .type = QEMU_OPT_STRING,
3244 },{
3245 .name = "tls-creds",
3246 .type = QEMU_OPT_STRING,
3247 },{
3248 /* Deprecated in favour of tls-creds */
3249 .name = "x509",
3250 .type = QEMU_OPT_STRING,
3251 },{
3252 .name = "share",
3253 .type = QEMU_OPT_STRING,
3254 },{
3255 .name = "display",
3256 .type = QEMU_OPT_STRING,
3257 },{
3258 .name = "head",
3259 .type = QEMU_OPT_NUMBER,
3260 },{
3261 .name = "connections",
3262 .type = QEMU_OPT_NUMBER,
3263 },{
3264 .name = "to",
3265 .type = QEMU_OPT_NUMBER,
3266 },{
3267 .name = "ipv4",
3268 .type = QEMU_OPT_BOOL,
3269 },{
3270 .name = "ipv6",
3271 .type = QEMU_OPT_BOOL,
3272 },{
3273 .name = "password",
3274 .type = QEMU_OPT_BOOL,
3275 },{
3276 .name = "reverse",
3277 .type = QEMU_OPT_BOOL,
3278 },{
3279 .name = "lock-key-sync",
3280 .type = QEMU_OPT_BOOL,
3281 },{
3282 .name = "key-delay-ms",
3283 .type = QEMU_OPT_NUMBER,
3284 },{
3285 .name = "sasl",
3286 .type = QEMU_OPT_BOOL,
3287 },{
3288 /* Deprecated in favour of tls-creds */
3289 .name = "tls",
3290 .type = QEMU_OPT_BOOL,
3291 },{
3292 /* Deprecated in favour of tls-creds */
3293 .name = "x509verify",
3294 .type = QEMU_OPT_STRING,
3295 },{
3296 .name = "acl",
3297 .type = QEMU_OPT_BOOL,
3298 },{
3299 .name = "lossy",
3300 .type = QEMU_OPT_BOOL,
3301 },{
3302 .name = "non-adaptive",
3303 .type = QEMU_OPT_BOOL,
3304 },
3305 { /* end of list */ }
3306 },
3307 };
3308
3309
3310 static int
3311 vnc_display_setup_auth(VncDisplay *vs,
3312 bool password,
3313 bool sasl,
3314 bool websocket,
3315 Error **errp)
3316 {
3317 /*
3318 * We have a choice of 3 authentication options
3319 *
3320 * 1. none
3321 * 2. vnc
3322 * 3. sasl
3323 *
3324 * The channel can be run in 2 modes
3325 *
3326 * 1. clear
3327 * 2. tls
3328 *
3329 * And TLS can use 2 types of credentials
3330 *
3331 * 1. anon
3332 * 2. x509
3333 *
3334 * We thus have 9 possible logical combinations
3335 *
3336 * 1. clear + none
3337 * 2. clear + vnc
3338 * 3. clear + sasl
3339 * 4. tls + anon + none
3340 * 5. tls + anon + vnc
3341 * 6. tls + anon + sasl
3342 * 7. tls + x509 + none
3343 * 8. tls + x509 + vnc
3344 * 9. tls + x509 + sasl
3345 *
3346 * These need to be mapped into the VNC auth schemes
3347 * in an appropriate manner. In regular VNC, all the
3348 * TLS options get mapped into VNC_AUTH_VENCRYPT
3349 * sub-auth types.
3350 *
3351 * In websockets, the https:// protocol already provides
3352 * TLS support, so there is no need to make use of the
3353 * VeNCrypt extension. Furthermore, websockets browser
3354 * clients could not use VeNCrypt even if they wanted to,
3355 * as they cannot control when the TLS handshake takes
3356 * place. Thus there is no option but to rely on https://,
3357 * meaning combinations 4->6 and 7->9 will be mapped to
3358 * VNC auth schemes in the same way as combos 1->3.
3359 *
3360 * Regardless of fact that we have a different mapping to
3361 * VNC auth mechs for plain VNC vs websockets VNC, the end
3362 * result has the same security characteristics.
3363 */
3364 if (password) {
3365 if (vs->tlscreds) {
3366 vs->auth = VNC_AUTH_VENCRYPT;
3367 if (websocket) {
3368 vs->ws_tls = true;
3369 }
3370 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3371 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3372 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3373 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3374 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),