Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
[qemu.git] / ui / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev-core.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/main-loop.h"
35 #include "qemu/module.h"
36 #include "qemu/option.h"
37 #include "qemu/sockets.h"
38 #include "qemu/timer.h"
39 #include "authz/list.h"
40 #include "qemu/config-file.h"
41 #include "qapi/qapi-emit-events.h"
42 #include "qapi/qapi-events-ui.h"
43 #include "qapi/error.h"
44 #include "qapi/qapi-commands-ui.h"
45 #include "ui/input.h"
46 #include "crypto/hash.h"
47 #include "crypto/tlscredsanon.h"
48 #include "crypto/tlscredsx509.h"
49 #include "crypto/random.h"
50 #include "qom/object_interfaces.h"
51 #include "qemu/cutils.h"
52 #include "io/dns-resolver.h"
53
54 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
55 #define VNC_REFRESH_INTERVAL_INC 50
56 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
57 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
58 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
59
60 #include "vnc_keysym.h"
61 #include "crypto/cipher.h"
62
63 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
64 QTAILQ_HEAD_INITIALIZER(vnc_displays);
65
66 static int vnc_cursor_define(VncState *vs);
67 static void vnc_update_throttle_offset(VncState *vs);
68
69 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
70 {
71 #ifdef _VNC_DEBUG
72 static const char *mn[] = {
73 [0] = "undefined",
74 [VNC_SHARE_MODE_CONNECTING] = "connecting",
75 [VNC_SHARE_MODE_SHARED] = "shared",
76 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
77 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
78 };
79 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
80 vs->ioc, mn[vs->share_mode], mn[mode]);
81 #endif
82
83 switch (vs->share_mode) {
84 case VNC_SHARE_MODE_CONNECTING:
85 vs->vd->num_connecting--;
86 break;
87 case VNC_SHARE_MODE_SHARED:
88 vs->vd->num_shared--;
89 break;
90 case VNC_SHARE_MODE_EXCLUSIVE:
91 vs->vd->num_exclusive--;
92 break;
93 default:
94 break;
95 }
96
97 vs->share_mode = mode;
98
99 switch (vs->share_mode) {
100 case VNC_SHARE_MODE_CONNECTING:
101 vs->vd->num_connecting++;
102 break;
103 case VNC_SHARE_MODE_SHARED:
104 vs->vd->num_shared++;
105 break;
106 case VNC_SHARE_MODE_EXCLUSIVE:
107 vs->vd->num_exclusive++;
108 break;
109 default:
110 break;
111 }
112 }
113
114
115 static void vnc_init_basic_info(SocketAddress *addr,
116 VncBasicInfo *info,
117 Error **errp)
118 {
119 switch (addr->type) {
120 case SOCKET_ADDRESS_TYPE_INET:
121 info->host = g_strdup(addr->u.inet.host);
122 info->service = g_strdup(addr->u.inet.port);
123 if (addr->u.inet.ipv6) {
124 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
125 } else {
126 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
127 }
128 break;
129
130 case SOCKET_ADDRESS_TYPE_UNIX:
131 info->host = g_strdup("");
132 info->service = g_strdup(addr->u.q_unix.path);
133 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
134 break;
135
136 case SOCKET_ADDRESS_TYPE_VSOCK:
137 case SOCKET_ADDRESS_TYPE_FD:
138 error_setg(errp, "Unsupported socket address type %s",
139 SocketAddressType_str(addr->type));
140 break;
141 default:
142 abort();
143 }
144
145 return;
146 }
147
148 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
149 VncBasicInfo *info,
150 Error **errp)
151 {
152 SocketAddress *addr = NULL;
153
154 if (!ioc) {
155 error_setg(errp, "No listener socket available");
156 return;
157 }
158
159 addr = qio_channel_socket_get_local_address(ioc, errp);
160 if (!addr) {
161 return;
162 }
163
164 vnc_init_basic_info(addr, info, errp);
165 qapi_free_SocketAddress(addr);
166 }
167
168 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
169 VncBasicInfo *info,
170 Error **errp)
171 {
172 SocketAddress *addr = NULL;
173
174 addr = qio_channel_socket_get_remote_address(ioc, errp);
175 if (!addr) {
176 return;
177 }
178
179 vnc_init_basic_info(addr, info, errp);
180 qapi_free_SocketAddress(addr);
181 }
182
183 static const char *vnc_auth_name(VncDisplay *vd) {
184 switch (vd->auth) {
185 case VNC_AUTH_INVALID:
186 return "invalid";
187 case VNC_AUTH_NONE:
188 return "none";
189 case VNC_AUTH_VNC:
190 return "vnc";
191 case VNC_AUTH_RA2:
192 return "ra2";
193 case VNC_AUTH_RA2NE:
194 return "ra2ne";
195 case VNC_AUTH_TIGHT:
196 return "tight";
197 case VNC_AUTH_ULTRA:
198 return "ultra";
199 case VNC_AUTH_TLS:
200 return "tls";
201 case VNC_AUTH_VENCRYPT:
202 switch (vd->subauth) {
203 case VNC_AUTH_VENCRYPT_PLAIN:
204 return "vencrypt+plain";
205 case VNC_AUTH_VENCRYPT_TLSNONE:
206 return "vencrypt+tls+none";
207 case VNC_AUTH_VENCRYPT_TLSVNC:
208 return "vencrypt+tls+vnc";
209 case VNC_AUTH_VENCRYPT_TLSPLAIN:
210 return "vencrypt+tls+plain";
211 case VNC_AUTH_VENCRYPT_X509NONE:
212 return "vencrypt+x509+none";
213 case VNC_AUTH_VENCRYPT_X509VNC:
214 return "vencrypt+x509+vnc";
215 case VNC_AUTH_VENCRYPT_X509PLAIN:
216 return "vencrypt+x509+plain";
217 case VNC_AUTH_VENCRYPT_TLSSASL:
218 return "vencrypt+tls+sasl";
219 case VNC_AUTH_VENCRYPT_X509SASL:
220 return "vencrypt+x509+sasl";
221 default:
222 return "vencrypt";
223 }
224 case VNC_AUTH_SASL:
225 return "sasl";
226 }
227 return "unknown";
228 }
229
230 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
231 {
232 VncServerInfo *info;
233 Error *err = NULL;
234
235 if (!vd->listener || !vd->listener->nsioc) {
236 return NULL;
237 }
238
239 info = g_malloc0(sizeof(*info));
240 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
241 qapi_VncServerInfo_base(info), &err);
242 info->has_auth = true;
243 info->auth = g_strdup(vnc_auth_name(vd));
244 if (err) {
245 qapi_free_VncServerInfo(info);
246 info = NULL;
247 error_free(err);
248 }
249 return info;
250 }
251
252 static void vnc_client_cache_auth(VncState *client)
253 {
254 if (!client->info) {
255 return;
256 }
257
258 if (client->tls) {
259 client->info->x509_dname =
260 qcrypto_tls_session_get_peer_name(client->tls);
261 client->info->has_x509_dname =
262 client->info->x509_dname != NULL;
263 }
264 #ifdef CONFIG_VNC_SASL
265 if (client->sasl.conn &&
266 client->sasl.username) {
267 client->info->has_sasl_username = true;
268 client->info->sasl_username = g_strdup(client->sasl.username);
269 }
270 #endif
271 }
272
273 static void vnc_client_cache_addr(VncState *client)
274 {
275 Error *err = NULL;
276
277 client->info = g_malloc0(sizeof(*client->info));
278 vnc_init_basic_info_from_remote_addr(client->sioc,
279 qapi_VncClientInfo_base(client->info),
280 &err);
281 client->info->websocket = client->websocket;
282 if (err) {
283 qapi_free_VncClientInfo(client->info);
284 client->info = NULL;
285 error_free(err);
286 }
287 }
288
289 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
290 {
291 VncServerInfo *si;
292
293 if (!vs->info) {
294 return;
295 }
296
297 si = vnc_server_info_get(vs->vd);
298 if (!si) {
299 return;
300 }
301
302 switch (event) {
303 case QAPI_EVENT_VNC_CONNECTED:
304 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
305 break;
306 case QAPI_EVENT_VNC_INITIALIZED:
307 qapi_event_send_vnc_initialized(si, vs->info);
308 break;
309 case QAPI_EVENT_VNC_DISCONNECTED:
310 qapi_event_send_vnc_disconnected(si, vs->info);
311 break;
312 default:
313 break;
314 }
315
316 qapi_free_VncServerInfo(si);
317 }
318
319 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
320 {
321 VncClientInfo *info;
322 Error *err = NULL;
323
324 info = g_malloc0(sizeof(*info));
325
326 vnc_init_basic_info_from_remote_addr(client->sioc,
327 qapi_VncClientInfo_base(info),
328 &err);
329 if (err) {
330 error_free(err);
331 qapi_free_VncClientInfo(info);
332 return NULL;
333 }
334
335 info->websocket = client->websocket;
336
337 if (client->tls) {
338 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
339 info->has_x509_dname = info->x509_dname != NULL;
340 }
341 #ifdef CONFIG_VNC_SASL
342 if (client->sasl.conn && client->sasl.username) {
343 info->has_sasl_username = true;
344 info->sasl_username = g_strdup(client->sasl.username);
345 }
346 #endif
347
348 return info;
349 }
350
351 static VncDisplay *vnc_display_find(const char *id)
352 {
353 VncDisplay *vd;
354
355 if (id == NULL) {
356 return QTAILQ_FIRST(&vnc_displays);
357 }
358 QTAILQ_FOREACH(vd, &vnc_displays, next) {
359 if (strcmp(id, vd->id) == 0) {
360 return vd;
361 }
362 }
363 return NULL;
364 }
365
366 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
367 {
368 VncClientInfoList *cinfo, *prev = NULL;
369 VncState *client;
370
371 QTAILQ_FOREACH(client, &vd->clients, next) {
372 cinfo = g_new0(VncClientInfoList, 1);
373 cinfo->value = qmp_query_vnc_client(client);
374 cinfo->next = prev;
375 prev = cinfo;
376 }
377 return prev;
378 }
379
380 VncInfo *qmp_query_vnc(Error **errp)
381 {
382 VncInfo *info = g_malloc0(sizeof(*info));
383 VncDisplay *vd = vnc_display_find(NULL);
384 SocketAddress *addr = NULL;
385
386 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
387 info->enabled = false;
388 } else {
389 info->enabled = true;
390
391 /* for compatibility with the original command */
392 info->has_clients = true;
393 info->clients = qmp_query_client_list(vd);
394
395 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
396 errp);
397 if (!addr) {
398 goto out_error;
399 }
400
401 switch (addr->type) {
402 case SOCKET_ADDRESS_TYPE_INET:
403 info->host = g_strdup(addr->u.inet.host);
404 info->service = g_strdup(addr->u.inet.port);
405 if (addr->u.inet.ipv6) {
406 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
407 } else {
408 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
409 }
410 break;
411
412 case SOCKET_ADDRESS_TYPE_UNIX:
413 info->host = g_strdup("");
414 info->service = g_strdup(addr->u.q_unix.path);
415 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
416 break;
417
418 case SOCKET_ADDRESS_TYPE_VSOCK:
419 case SOCKET_ADDRESS_TYPE_FD:
420 error_setg(errp, "Unsupported socket address type %s",
421 SocketAddressType_str(addr->type));
422 goto out_error;
423 default:
424 abort();
425 }
426
427 info->has_host = true;
428 info->has_service = true;
429 info->has_family = true;
430
431 info->has_auth = true;
432 info->auth = g_strdup(vnc_auth_name(vd));
433 }
434
435 qapi_free_SocketAddress(addr);
436 return info;
437
438 out_error:
439 qapi_free_SocketAddress(addr);
440 qapi_free_VncInfo(info);
441 return NULL;
442 }
443
444
445 static void qmp_query_auth(int auth, int subauth,
446 VncPrimaryAuth *qmp_auth,
447 VncVencryptSubAuth *qmp_vencrypt,
448 bool *qmp_has_vencrypt);
449
450 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
451 bool websocket,
452 int auth,
453 int subauth,
454 VncServerInfo2List *prev)
455 {
456 VncServerInfo2List *list;
457 VncServerInfo2 *info;
458 Error *err = NULL;
459 SocketAddress *addr;
460
461 addr = qio_channel_socket_get_local_address(ioc, NULL);
462 if (!addr) {
463 return prev;
464 }
465
466 info = g_new0(VncServerInfo2, 1);
467 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
468 qapi_free_SocketAddress(addr);
469 if (err) {
470 qapi_free_VncServerInfo2(info);
471 error_free(err);
472 return prev;
473 }
474 info->websocket = websocket;
475
476 qmp_query_auth(auth, subauth, &info->auth,
477 &info->vencrypt, &info->has_vencrypt);
478
479 list = g_new0(VncServerInfo2List, 1);
480 list->value = info;
481 list->next = prev;
482 return list;
483 }
484
485 static void qmp_query_auth(int auth, int subauth,
486 VncPrimaryAuth *qmp_auth,
487 VncVencryptSubAuth *qmp_vencrypt,
488 bool *qmp_has_vencrypt)
489 {
490 switch (auth) {
491 case VNC_AUTH_VNC:
492 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
493 break;
494 case VNC_AUTH_RA2:
495 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
496 break;
497 case VNC_AUTH_RA2NE:
498 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
499 break;
500 case VNC_AUTH_TIGHT:
501 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
502 break;
503 case VNC_AUTH_ULTRA:
504 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
505 break;
506 case VNC_AUTH_TLS:
507 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
508 break;
509 case VNC_AUTH_VENCRYPT:
510 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
511 *qmp_has_vencrypt = true;
512 switch (subauth) {
513 case VNC_AUTH_VENCRYPT_PLAIN:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
515 break;
516 case VNC_AUTH_VENCRYPT_TLSNONE:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
518 break;
519 case VNC_AUTH_VENCRYPT_TLSVNC:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
521 break;
522 case VNC_AUTH_VENCRYPT_TLSPLAIN:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
524 break;
525 case VNC_AUTH_VENCRYPT_X509NONE:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
527 break;
528 case VNC_AUTH_VENCRYPT_X509VNC:
529 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
530 break;
531 case VNC_AUTH_VENCRYPT_X509PLAIN:
532 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
533 break;
534 case VNC_AUTH_VENCRYPT_TLSSASL:
535 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
536 break;
537 case VNC_AUTH_VENCRYPT_X509SASL:
538 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
539 break;
540 default:
541 *qmp_has_vencrypt = false;
542 break;
543 }
544 break;
545 case VNC_AUTH_SASL:
546 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
547 break;
548 case VNC_AUTH_NONE:
549 default:
550 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
551 break;
552 }
553 }
554
555 VncInfo2List *qmp_query_vnc_servers(Error **errp)
556 {
557 VncInfo2List *item, *prev = NULL;
558 VncInfo2 *info;
559 VncDisplay *vd;
560 DeviceState *dev;
561 size_t i;
562
563 QTAILQ_FOREACH(vd, &vnc_displays, next) {
564 info = g_new0(VncInfo2, 1);
565 info->id = g_strdup(vd->id);
566 info->clients = qmp_query_client_list(vd);
567 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
568 &info->vencrypt, &info->has_vencrypt);
569 if (vd->dcl.con) {
570 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
571 "device", &error_abort));
572 info->has_display = true;
573 info->display = g_strdup(dev->id);
574 }
575 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
576 info->server = qmp_query_server_entry(
577 vd->listener->sioc[i], false, vd->auth, vd->subauth,
578 info->server);
579 }
580 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
581 info->server = qmp_query_server_entry(
582 vd->wslistener->sioc[i], true, vd->ws_auth,
583 vd->ws_subauth, info->server);
584 }
585
586 item = g_new0(VncInfo2List, 1);
587 item->value = info;
588 item->next = prev;
589 prev = item;
590 }
591 return prev;
592 }
593
594 /* TODO
595 1) Get the queue working for IO.
596 2) there is some weirdness when using the -S option (the screen is grey
597 and not totally invalidated
598 3) resolutions > 1024
599 */
600
601 static int vnc_update_client(VncState *vs, int has_dirty);
602 static void vnc_disconnect_start(VncState *vs);
603
604 static void vnc_colordepth(VncState *vs);
605 static void framebuffer_update_request(VncState *vs, int incremental,
606 int x_position, int y_position,
607 int w, int h);
608 static void vnc_refresh(DisplayChangeListener *dcl);
609 static int vnc_refresh_server_surface(VncDisplay *vd);
610
611 static int vnc_width(VncDisplay *vd)
612 {
613 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
614 VNC_DIRTY_PIXELS_PER_BIT));
615 }
616
617 static int vnc_height(VncDisplay *vd)
618 {
619 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
620 }
621
622 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
623 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
624 VncDisplay *vd,
625 int x, int y, int w, int h)
626 {
627 int width = vnc_width(vd);
628 int height = vnc_height(vd);
629
630 /* this is needed this to ensure we updated all affected
631 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
632 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
633 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
634
635 x = MIN(x, width);
636 y = MIN(y, height);
637 w = MIN(x + w, width) - x;
638 h = MIN(y + h, height);
639
640 for (; y < h; y++) {
641 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
642 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
643 }
644 }
645
646 static void vnc_dpy_update(DisplayChangeListener *dcl,
647 int x, int y, int w, int h)
648 {
649 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
650 struct VncSurface *s = &vd->guest;
651
652 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
653 }
654
655 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
656 int32_t encoding)
657 {
658 vnc_write_u16(vs, x);
659 vnc_write_u16(vs, y);
660 vnc_write_u16(vs, w);
661 vnc_write_u16(vs, h);
662
663 vnc_write_s32(vs, encoding);
664 }
665
666
667 static void vnc_desktop_resize(VncState *vs)
668 {
669 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
670 return;
671 }
672 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
673 vs->client_height == pixman_image_get_height(vs->vd->server)) {
674 return;
675 }
676
677 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
678 pixman_image_get_width(vs->vd->server) >= 0);
679 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
680 pixman_image_get_height(vs->vd->server) >= 0);
681 vs->client_width = pixman_image_get_width(vs->vd->server);
682 vs->client_height = pixman_image_get_height(vs->vd->server);
683 vnc_lock_output(vs);
684 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
685 vnc_write_u8(vs, 0);
686 vnc_write_u16(vs, 1); /* number of rects */
687 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
688 VNC_ENCODING_DESKTOPRESIZE);
689 vnc_unlock_output(vs);
690 vnc_flush(vs);
691 }
692
693 static void vnc_abort_display_jobs(VncDisplay *vd)
694 {
695 VncState *vs;
696
697 QTAILQ_FOREACH(vs, &vd->clients, next) {
698 vnc_lock_output(vs);
699 vs->abort = true;
700 vnc_unlock_output(vs);
701 }
702 QTAILQ_FOREACH(vs, &vd->clients, next) {
703 vnc_jobs_join(vs);
704 }
705 QTAILQ_FOREACH(vs, &vd->clients, next) {
706 vnc_lock_output(vs);
707 if (vs->update == VNC_STATE_UPDATE_NONE &&
708 vs->job_update != VNC_STATE_UPDATE_NONE) {
709 /* job aborted before completion */
710 vs->update = vs->job_update;
711 vs->job_update = VNC_STATE_UPDATE_NONE;
712 }
713 vs->abort = false;
714 vnc_unlock_output(vs);
715 }
716 }
717
718 int vnc_server_fb_stride(VncDisplay *vd)
719 {
720 return pixman_image_get_stride(vd->server);
721 }
722
723 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
724 {
725 uint8_t *ptr;
726
727 ptr = (uint8_t *)pixman_image_get_data(vd->server);
728 ptr += y * vnc_server_fb_stride(vd);
729 ptr += x * VNC_SERVER_FB_BYTES;
730 return ptr;
731 }
732
733 static void vnc_update_server_surface(VncDisplay *vd)
734 {
735 int width, height;
736
737 qemu_pixman_image_unref(vd->server);
738 vd->server = NULL;
739
740 if (QTAILQ_EMPTY(&vd->clients)) {
741 return;
742 }
743
744 width = vnc_width(vd);
745 height = vnc_height(vd);
746 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
747 width, height,
748 NULL, 0);
749
750 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
751 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
752 width, height);
753 }
754
755 static bool vnc_check_pageflip(DisplaySurface *s1,
756 DisplaySurface *s2)
757 {
758 return (s1 != NULL &&
759 s2 != NULL &&
760 surface_width(s1) == surface_width(s2) &&
761 surface_height(s1) == surface_height(s2) &&
762 surface_format(s1) == surface_format(s2));
763
764 }
765
766 static void vnc_dpy_switch(DisplayChangeListener *dcl,
767 DisplaySurface *surface)
768 {
769 static const char placeholder_msg[] =
770 "Display output is not active.";
771 static DisplaySurface *placeholder;
772 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
773 bool pageflip = vnc_check_pageflip(vd->ds, surface);
774 VncState *vs;
775
776 if (surface == NULL) {
777 if (placeholder == NULL) {
778 placeholder = qemu_create_message_surface(640, 480, placeholder_msg);
779 }
780 surface = placeholder;
781 }
782
783 vnc_abort_display_jobs(vd);
784 vd->ds = surface;
785
786 /* guest surface */
787 qemu_pixman_image_unref(vd->guest.fb);
788 vd->guest.fb = pixman_image_ref(surface->image);
789 vd->guest.format = surface->format;
790
791 if (pageflip) {
792 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
793 surface_width(surface),
794 surface_height(surface));
795 return;
796 }
797
798 /* server surface */
799 vnc_update_server_surface(vd);
800
801 QTAILQ_FOREACH(vs, &vd->clients, next) {
802 vnc_colordepth(vs);
803 vnc_desktop_resize(vs);
804 if (vs->vd->cursor) {
805 vnc_cursor_define(vs);
806 }
807 memset(vs->dirty, 0x00, sizeof(vs->dirty));
808 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
809 vnc_width(vd),
810 vnc_height(vd));
811 vnc_update_throttle_offset(vs);
812 }
813 }
814
815 /* fastest code */
816 static void vnc_write_pixels_copy(VncState *vs,
817 void *pixels, int size)
818 {
819 vnc_write(vs, pixels, size);
820 }
821
822 /* slowest but generic code. */
823 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
824 {
825 uint8_t r, g, b;
826
827 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
828 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
829 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
830 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
831 #else
832 # error need some bits here if you change VNC_SERVER_FB_FORMAT
833 #endif
834 v = (r << vs->client_pf.rshift) |
835 (g << vs->client_pf.gshift) |
836 (b << vs->client_pf.bshift);
837 switch (vs->client_pf.bytes_per_pixel) {
838 case 1:
839 buf[0] = v;
840 break;
841 case 2:
842 if (vs->client_be) {
843 buf[0] = v >> 8;
844 buf[1] = v;
845 } else {
846 buf[1] = v >> 8;
847 buf[0] = v;
848 }
849 break;
850 default:
851 case 4:
852 if (vs->client_be) {
853 buf[0] = v >> 24;
854 buf[1] = v >> 16;
855 buf[2] = v >> 8;
856 buf[3] = v;
857 } else {
858 buf[3] = v >> 24;
859 buf[2] = v >> 16;
860 buf[1] = v >> 8;
861 buf[0] = v;
862 }
863 break;
864 }
865 }
866
867 static void vnc_write_pixels_generic(VncState *vs,
868 void *pixels1, int size)
869 {
870 uint8_t buf[4];
871
872 if (VNC_SERVER_FB_BYTES == 4) {
873 uint32_t *pixels = pixels1;
874 int n, i;
875 n = size >> 2;
876 for (i = 0; i < n; i++) {
877 vnc_convert_pixel(vs, buf, pixels[i]);
878 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
879 }
880 }
881 }
882
883 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
884 {
885 int i;
886 uint8_t *row;
887 VncDisplay *vd = vs->vd;
888
889 row = vnc_server_fb_ptr(vd, x, y);
890 for (i = 0; i < h; i++) {
891 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
892 row += vnc_server_fb_stride(vd);
893 }
894 return 1;
895 }
896
897 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
898 {
899 int n = 0;
900
901 switch(vs->vnc_encoding) {
902 case VNC_ENCODING_ZLIB:
903 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
904 break;
905 case VNC_ENCODING_HEXTILE:
906 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
907 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
908 break;
909 case VNC_ENCODING_TIGHT:
910 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
911 break;
912 case VNC_ENCODING_TIGHT_PNG:
913 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
914 break;
915 case VNC_ENCODING_ZRLE:
916 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
917 break;
918 case VNC_ENCODING_ZYWRLE:
919 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
920 break;
921 default:
922 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
923 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
924 break;
925 }
926 return n;
927 }
928
929 static void vnc_mouse_set(DisplayChangeListener *dcl,
930 int x, int y, int visible)
931 {
932 /* can we ask the client(s) to move the pointer ??? */
933 }
934
935 static int vnc_cursor_define(VncState *vs)
936 {
937 QEMUCursor *c = vs->vd->cursor;
938 int isize;
939
940 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
941 vnc_lock_output(vs);
942 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
943 vnc_write_u8(vs, 0); /* padding */
944 vnc_write_u16(vs, 1); /* # of rects */
945 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
946 VNC_ENCODING_RICH_CURSOR);
947 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
948 vnc_write_pixels_generic(vs, c->data, isize);
949 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
950 vnc_unlock_output(vs);
951 return 0;
952 }
953 return -1;
954 }
955
956 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
957 QEMUCursor *c)
958 {
959 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
960 VncState *vs;
961
962 cursor_put(vd->cursor);
963 g_free(vd->cursor_mask);
964
965 vd->cursor = c;
966 cursor_get(vd->cursor);
967 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
968 vd->cursor_mask = g_malloc0(vd->cursor_msize);
969 cursor_get_mono_mask(c, 0, vd->cursor_mask);
970
971 QTAILQ_FOREACH(vs, &vd->clients, next) {
972 vnc_cursor_define(vs);
973 }
974 }
975
976 static int find_and_clear_dirty_height(VncState *vs,
977 int y, int last_x, int x, int height)
978 {
979 int h;
980
981 for (h = 1; h < (height - y); h++) {
982 if (!test_bit(last_x, vs->dirty[y + h])) {
983 break;
984 }
985 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
986 }
987
988 return h;
989 }
990
991 /*
992 * Figure out how much pending data we should allow in the output
993 * buffer before we throttle incremental display updates, and/or
994 * drop audio samples.
995 *
996 * We allow for equiv of 1 full display's worth of FB updates,
997 * and 1 second of audio samples. If audio backlog was larger
998 * than that the client would already suffering awful audio
999 * glitches, so dropping samples is no worse really).
1000 */
1001 static void vnc_update_throttle_offset(VncState *vs)
1002 {
1003 size_t offset =
1004 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1005
1006 if (vs->audio_cap) {
1007 int bps;
1008 switch (vs->as.fmt) {
1009 default:
1010 case AUDIO_FORMAT_U8:
1011 case AUDIO_FORMAT_S8:
1012 bps = 1;
1013 break;
1014 case AUDIO_FORMAT_U16:
1015 case AUDIO_FORMAT_S16:
1016 bps = 2;
1017 break;
1018 case AUDIO_FORMAT_U32:
1019 case AUDIO_FORMAT_S32:
1020 bps = 4;
1021 break;
1022 }
1023 offset += vs->as.freq * bps * vs->as.nchannels;
1024 }
1025
1026 /* Put a floor of 1MB on offset, so that if we have a large pending
1027 * buffer and the display is resized to a small size & back again
1028 * we don't suddenly apply a tiny send limit
1029 */
1030 offset = MAX(offset, 1024 * 1024);
1031
1032 if (vs->throttle_output_offset != offset) {
1033 trace_vnc_client_throttle_threshold(
1034 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1035 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1036 }
1037
1038 vs->throttle_output_offset = offset;
1039 }
1040
1041 static bool vnc_should_update(VncState *vs)
1042 {
1043 switch (vs->update) {
1044 case VNC_STATE_UPDATE_NONE:
1045 break;
1046 case VNC_STATE_UPDATE_INCREMENTAL:
1047 /* Only allow incremental updates if the pending send queue
1048 * is less than the permitted threshold, and the job worker
1049 * is completely idle.
1050 */
1051 if (vs->output.offset < vs->throttle_output_offset &&
1052 vs->job_update == VNC_STATE_UPDATE_NONE) {
1053 return true;
1054 }
1055 trace_vnc_client_throttle_incremental(
1056 vs, vs->ioc, vs->job_update, vs->output.offset);
1057 break;
1058 case VNC_STATE_UPDATE_FORCE:
1059 /* Only allow forced updates if the pending send queue
1060 * does not contain a previous forced update, and the
1061 * job worker is completely idle.
1062 *
1063 * Note this means we'll queue a forced update, even if
1064 * the output buffer size is otherwise over the throttle
1065 * output limit.
1066 */
1067 if (vs->force_update_offset == 0 &&
1068 vs->job_update == VNC_STATE_UPDATE_NONE) {
1069 return true;
1070 }
1071 trace_vnc_client_throttle_forced(
1072 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1073 break;
1074 }
1075 return false;
1076 }
1077
1078 static int vnc_update_client(VncState *vs, int has_dirty)
1079 {
1080 VncDisplay *vd = vs->vd;
1081 VncJob *job;
1082 int y;
1083 int height, width;
1084 int n = 0;
1085
1086 if (vs->disconnecting) {
1087 vnc_disconnect_finish(vs);
1088 return 0;
1089 }
1090
1091 vs->has_dirty += has_dirty;
1092 if (!vnc_should_update(vs)) {
1093 return 0;
1094 }
1095
1096 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1097 return 0;
1098 }
1099
1100 /*
1101 * Send screen updates to the vnc client using the server
1102 * surface and server dirty map. guest surface updates
1103 * happening in parallel don't disturb us, the next pass will
1104 * send them to the client.
1105 */
1106 job = vnc_job_new(vs);
1107
1108 height = pixman_image_get_height(vd->server);
1109 width = pixman_image_get_width(vd->server);
1110
1111 y = 0;
1112 for (;;) {
1113 int x, h;
1114 unsigned long x2;
1115 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1116 height * VNC_DIRTY_BPL(vs),
1117 y * VNC_DIRTY_BPL(vs));
1118 if (offset == height * VNC_DIRTY_BPL(vs)) {
1119 /* no more dirty bits */
1120 break;
1121 }
1122 y = offset / VNC_DIRTY_BPL(vs);
1123 x = offset % VNC_DIRTY_BPL(vs);
1124 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1125 VNC_DIRTY_BPL(vs), x);
1126 bitmap_clear(vs->dirty[y], x, x2 - x);
1127 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1128 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1129 if (x2 > x) {
1130 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1131 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1132 }
1133 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1134 y += h;
1135 if (y == height) {
1136 break;
1137 }
1138 }
1139 }
1140
1141 vs->job_update = vs->update;
1142 vs->update = VNC_STATE_UPDATE_NONE;
1143 vnc_job_push(job);
1144 vs->has_dirty = 0;
1145 return n;
1146 }
1147
1148 /* audio */
1149 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1150 {
1151 VncState *vs = opaque;
1152
1153 assert(vs->magic == VNC_MAGIC);
1154 switch (cmd) {
1155 case AUD_CNOTIFY_DISABLE:
1156 vnc_lock_output(vs);
1157 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1158 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1159 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1160 vnc_unlock_output(vs);
1161 vnc_flush(vs);
1162 break;
1163
1164 case AUD_CNOTIFY_ENABLE:
1165 vnc_lock_output(vs);
1166 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1167 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1168 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1169 vnc_unlock_output(vs);
1170 vnc_flush(vs);
1171 break;
1172 }
1173 }
1174
1175 static void audio_capture_destroy(void *opaque)
1176 {
1177 }
1178
1179 static void audio_capture(void *opaque, const void *buf, int size)
1180 {
1181 VncState *vs = opaque;
1182
1183 assert(vs->magic == VNC_MAGIC);
1184 vnc_lock_output(vs);
1185 if (vs->output.offset < vs->throttle_output_offset) {
1186 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1187 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1188 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1189 vnc_write_u32(vs, size);
1190 vnc_write(vs, buf, size);
1191 } else {
1192 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1193 }
1194 vnc_unlock_output(vs);
1195 vnc_flush(vs);
1196 }
1197
1198 static void audio_add(VncState *vs)
1199 {
1200 struct audio_capture_ops ops;
1201
1202 if (vs->audio_cap) {
1203 error_report("audio already running");
1204 return;
1205 }
1206
1207 ops.notify = audio_capture_notify;
1208 ops.destroy = audio_capture_destroy;
1209 ops.capture = audio_capture;
1210
1211 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1212 if (!vs->audio_cap) {
1213 error_report("Failed to add audio capture");
1214 }
1215 }
1216
1217 static void audio_del(VncState *vs)
1218 {
1219 if (vs->audio_cap) {
1220 AUD_del_capture(vs->audio_cap, vs);
1221 vs->audio_cap = NULL;
1222 }
1223 }
1224
1225 static void vnc_disconnect_start(VncState *vs)
1226 {
1227 if (vs->disconnecting) {
1228 return;
1229 }
1230 trace_vnc_client_disconnect_start(vs, vs->ioc);
1231 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1232 if (vs->ioc_tag) {
1233 g_source_remove(vs->ioc_tag);
1234 vs->ioc_tag = 0;
1235 }
1236 qio_channel_close(vs->ioc, NULL);
1237 vs->disconnecting = TRUE;
1238 }
1239
1240 void vnc_disconnect_finish(VncState *vs)
1241 {
1242 int i;
1243
1244 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1245
1246 vnc_jobs_join(vs); /* Wait encoding jobs */
1247
1248 vnc_lock_output(vs);
1249 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1250
1251 buffer_free(&vs->input);
1252 buffer_free(&vs->output);
1253
1254 qapi_free_VncClientInfo(vs->info);
1255
1256 vnc_zlib_clear(vs);
1257 vnc_tight_clear(vs);
1258 vnc_zrle_clear(vs);
1259
1260 #ifdef CONFIG_VNC_SASL
1261 vnc_sasl_client_cleanup(vs);
1262 #endif /* CONFIG_VNC_SASL */
1263 audio_del(vs);
1264 qkbd_state_lift_all_keys(vs->vd->kbd);
1265
1266 if (vs->mouse_mode_notifier.notify != NULL) {
1267 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1268 }
1269 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1270 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1271 /* last client gone */
1272 vnc_update_server_surface(vs->vd);
1273 }
1274
1275 vnc_unlock_output(vs);
1276
1277 qemu_mutex_destroy(&vs->output_mutex);
1278 if (vs->bh != NULL) {
1279 qemu_bh_delete(vs->bh);
1280 }
1281 buffer_free(&vs->jobs_buffer);
1282
1283 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1284 g_free(vs->lossy_rect[i]);
1285 }
1286 g_free(vs->lossy_rect);
1287
1288 object_unref(OBJECT(vs->ioc));
1289 vs->ioc = NULL;
1290 object_unref(OBJECT(vs->sioc));
1291 vs->sioc = NULL;
1292 vs->magic = 0;
1293 g_free(vs->zrle);
1294 g_free(vs->tight);
1295 g_free(vs);
1296 }
1297
1298 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1299 {
1300 if (ret <= 0) {
1301 if (ret == 0) {
1302 trace_vnc_client_eof(vs, vs->ioc);
1303 vnc_disconnect_start(vs);
1304 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1305 trace_vnc_client_io_error(vs, vs->ioc,
1306 err ? error_get_pretty(err) : "Unknown");
1307 vnc_disconnect_start(vs);
1308 }
1309
1310 error_free(err);
1311 return 0;
1312 }
1313 return ret;
1314 }
1315
1316
1317 void vnc_client_error(VncState *vs)
1318 {
1319 VNC_DEBUG("Closing down client sock: protocol error\n");
1320 vnc_disconnect_start(vs);
1321 }
1322
1323
1324 /*
1325 * Called to write a chunk of data to the client socket. The data may
1326 * be the raw data, or may have already been encoded by SASL.
1327 * The data will be written either straight onto the socket, or
1328 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1329 *
1330 * NB, it is theoretically possible to have 2 layers of encryption,
1331 * both SASL, and this TLS layer. It is highly unlikely in practice
1332 * though, since SASL encryption will typically be a no-op if TLS
1333 * is active
1334 *
1335 * Returns the number of bytes written, which may be less than
1336 * the requested 'datalen' if the socket would block. Returns
1337 * 0 on I/O error, and disconnects the client socket.
1338 */
1339 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1340 {
1341 Error *err = NULL;
1342 ssize_t ret;
1343 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1344 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1345 return vnc_client_io_error(vs, ret, err);
1346 }
1347
1348
1349 /*
1350 * Called to write buffered data to the client socket, when not
1351 * using any SASL SSF encryption layers. Will write as much data
1352 * as possible without blocking. If all buffered data is written,
1353 * will switch the FD poll() handler back to read monitoring.
1354 *
1355 * Returns the number of bytes written, which may be less than
1356 * the buffered output data if the socket would block. Returns
1357 * 0 on I/O error, and disconnects the client socket.
1358 */
1359 static size_t vnc_client_write_plain(VncState *vs)
1360 {
1361 size_t offset;
1362 size_t ret;
1363
1364 #ifdef CONFIG_VNC_SASL
1365 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1366 vs->output.buffer, vs->output.capacity, vs->output.offset,
1367 vs->sasl.waitWriteSSF);
1368
1369 if (vs->sasl.conn &&
1370 vs->sasl.runSSF &&
1371 vs->sasl.waitWriteSSF) {
1372 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1373 if (ret)
1374 vs->sasl.waitWriteSSF -= ret;
1375 } else
1376 #endif /* CONFIG_VNC_SASL */
1377 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1378 if (!ret)
1379 return 0;
1380
1381 if (ret >= vs->force_update_offset) {
1382 if (vs->force_update_offset != 0) {
1383 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1384 }
1385 vs->force_update_offset = 0;
1386 } else {
1387 vs->force_update_offset -= ret;
1388 }
1389 offset = vs->output.offset;
1390 buffer_advance(&vs->output, ret);
1391 if (offset >= vs->throttle_output_offset &&
1392 vs->output.offset < vs->throttle_output_offset) {
1393 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1394 }
1395
1396 if (vs->output.offset == 0) {
1397 if (vs->ioc_tag) {
1398 g_source_remove(vs->ioc_tag);
1399 }
1400 vs->ioc_tag = qio_channel_add_watch(
1401 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1402 }
1403
1404 return ret;
1405 }
1406
1407
1408 /*
1409 * First function called whenever there is data to be written to
1410 * the client socket. Will delegate actual work according to whether
1411 * SASL SSF layers are enabled (thus requiring encryption calls)
1412 */
1413 static void vnc_client_write_locked(VncState *vs)
1414 {
1415 #ifdef CONFIG_VNC_SASL
1416 if (vs->sasl.conn &&
1417 vs->sasl.runSSF &&
1418 !vs->sasl.waitWriteSSF) {
1419 vnc_client_write_sasl(vs);
1420 } else
1421 #endif /* CONFIG_VNC_SASL */
1422 {
1423 vnc_client_write_plain(vs);
1424 }
1425 }
1426
1427 static void vnc_client_write(VncState *vs)
1428 {
1429 assert(vs->magic == VNC_MAGIC);
1430 vnc_lock_output(vs);
1431 if (vs->output.offset) {
1432 vnc_client_write_locked(vs);
1433 } else if (vs->ioc != NULL) {
1434 if (vs->ioc_tag) {
1435 g_source_remove(vs->ioc_tag);
1436 }
1437 vs->ioc_tag = qio_channel_add_watch(
1438 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1439 }
1440 vnc_unlock_output(vs);
1441 }
1442
1443 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1444 {
1445 vs->read_handler = func;
1446 vs->read_handler_expect = expecting;
1447 }
1448
1449
1450 /*
1451 * Called to read a chunk of data from the client socket. The data may
1452 * be the raw data, or may need to be further decoded by SASL.
1453 * The data will be read either straight from to the socket, or
1454 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1455 *
1456 * NB, it is theoretically possible to have 2 layers of encryption,
1457 * both SASL, and this TLS layer. It is highly unlikely in practice
1458 * though, since SASL encryption will typically be a no-op if TLS
1459 * is active
1460 *
1461 * Returns the number of bytes read, which may be less than
1462 * the requested 'datalen' if the socket would block. Returns
1463 * 0 on I/O error or EOF, and disconnects the client socket.
1464 */
1465 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1466 {
1467 ssize_t ret;
1468 Error *err = NULL;
1469 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1470 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1471 return vnc_client_io_error(vs, ret, err);
1472 }
1473
1474
1475 /*
1476 * Called to read data from the client socket to the input buffer,
1477 * when not using any SASL SSF encryption layers. Will read as much
1478 * data as possible without blocking.
1479 *
1480 * Returns the number of bytes read, which may be less than
1481 * the requested 'datalen' if the socket would block. Returns
1482 * 0 on I/O error or EOF, and disconnects the client socket.
1483 */
1484 static size_t vnc_client_read_plain(VncState *vs)
1485 {
1486 size_t ret;
1487 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1488 vs->input.buffer, vs->input.capacity, vs->input.offset);
1489 buffer_reserve(&vs->input, 4096);
1490 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1491 if (!ret)
1492 return 0;
1493 vs->input.offset += ret;
1494 return ret;
1495 }
1496
1497 static void vnc_jobs_bh(void *opaque)
1498 {
1499 VncState *vs = opaque;
1500
1501 assert(vs->magic == VNC_MAGIC);
1502 vnc_jobs_consume_buffer(vs);
1503 }
1504
1505 /*
1506 * First function called whenever there is more data to be read from
1507 * the client socket. Will delegate actual work according to whether
1508 * SASL SSF layers are enabled (thus requiring decryption calls)
1509 * Returns 0 on success, -1 if client disconnected
1510 */
1511 static int vnc_client_read(VncState *vs)
1512 {
1513 size_t ret;
1514
1515 #ifdef CONFIG_VNC_SASL
1516 if (vs->sasl.conn && vs->sasl.runSSF)
1517 ret = vnc_client_read_sasl(vs);
1518 else
1519 #endif /* CONFIG_VNC_SASL */
1520 ret = vnc_client_read_plain(vs);
1521 if (!ret) {
1522 if (vs->disconnecting) {
1523 vnc_disconnect_finish(vs);
1524 return -1;
1525 }
1526 return 0;
1527 }
1528
1529 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1530 size_t len = vs->read_handler_expect;
1531 int ret;
1532
1533 ret = vs->read_handler(vs, vs->input.buffer, len);
1534 if (vs->disconnecting) {
1535 vnc_disconnect_finish(vs);
1536 return -1;
1537 }
1538
1539 if (!ret) {
1540 buffer_advance(&vs->input, len);
1541 } else {
1542 vs->read_handler_expect = ret;
1543 }
1544 }
1545 return 0;
1546 }
1547
1548 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1549 GIOCondition condition, void *opaque)
1550 {
1551 VncState *vs = opaque;
1552
1553 assert(vs->magic == VNC_MAGIC);
1554 if (condition & G_IO_IN) {
1555 if (vnc_client_read(vs) < 0) {
1556 /* vs is free()ed here */
1557 return TRUE;
1558 }
1559 }
1560 if (condition & G_IO_OUT) {
1561 vnc_client_write(vs);
1562 }
1563
1564 if (vs->disconnecting) {
1565 if (vs->ioc_tag != 0) {
1566 g_source_remove(vs->ioc_tag);
1567 }
1568 vs->ioc_tag = 0;
1569 }
1570 return TRUE;
1571 }
1572
1573
1574 /*
1575 * Scale factor to apply to vs->throttle_output_offset when checking for
1576 * hard limit. Worst case normal usage could be x2, if we have a complete
1577 * incremental update and complete forced update in the output buffer.
1578 * So x3 should be good enough, but we pick x5 to be conservative and thus
1579 * (hopefully) never trigger incorrectly.
1580 */
1581 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1582
1583 void vnc_write(VncState *vs, const void *data, size_t len)
1584 {
1585 assert(vs->magic == VNC_MAGIC);
1586 if (vs->disconnecting) {
1587 return;
1588 }
1589 /* Protection against malicious client/guest to prevent our output
1590 * buffer growing without bound if client stops reading data. This
1591 * should rarely trigger, because we have earlier throttling code
1592 * which stops issuing framebuffer updates and drops audio data
1593 * if the throttle_output_offset value is exceeded. So we only reach
1594 * this higher level if a huge number of pseudo-encodings get
1595 * triggered while data can't be sent on the socket.
1596 *
1597 * NB throttle_output_offset can be zero during early protocol
1598 * handshake, or from the job thread's VncState clone
1599 */
1600 if (vs->throttle_output_offset != 0 &&
1601 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1602 vs->throttle_output_offset) {
1603 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1604 vs->throttle_output_offset);
1605 vnc_disconnect_start(vs);
1606 return;
1607 }
1608 buffer_reserve(&vs->output, len);
1609
1610 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1611 if (vs->ioc_tag) {
1612 g_source_remove(vs->ioc_tag);
1613 }
1614 vs->ioc_tag = qio_channel_add_watch(
1615 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1616 }
1617
1618 buffer_append(&vs->output, data, len);
1619 }
1620
1621 void vnc_write_s32(VncState *vs, int32_t value)
1622 {
1623 vnc_write_u32(vs, *(uint32_t *)&value);
1624 }
1625
1626 void vnc_write_u32(VncState *vs, uint32_t value)
1627 {
1628 uint8_t buf[4];
1629
1630 buf[0] = (value >> 24) & 0xFF;
1631 buf[1] = (value >> 16) & 0xFF;
1632 buf[2] = (value >> 8) & 0xFF;
1633 buf[3] = value & 0xFF;
1634
1635 vnc_write(vs, buf, 4);
1636 }
1637
1638 void vnc_write_u16(VncState *vs, uint16_t value)
1639 {
1640 uint8_t buf[2];
1641
1642 buf[0] = (value >> 8) & 0xFF;
1643 buf[1] = value & 0xFF;
1644
1645 vnc_write(vs, buf, 2);
1646 }
1647
1648 void vnc_write_u8(VncState *vs, uint8_t value)
1649 {
1650 vnc_write(vs, (char *)&value, 1);
1651 }
1652
1653 void vnc_flush(VncState *vs)
1654 {
1655 vnc_lock_output(vs);
1656 if (vs->ioc != NULL && vs->output.offset) {
1657 vnc_client_write_locked(vs);
1658 }
1659 if (vs->disconnecting) {
1660 if (vs->ioc_tag != 0) {
1661 g_source_remove(vs->ioc_tag);
1662 }
1663 vs->ioc_tag = 0;
1664 }
1665 vnc_unlock_output(vs);
1666 }
1667
1668 static uint8_t read_u8(uint8_t *data, size_t offset)
1669 {
1670 return data[offset];
1671 }
1672
1673 static uint16_t read_u16(uint8_t *data, size_t offset)
1674 {
1675 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1676 }
1677
1678 static int32_t read_s32(uint8_t *data, size_t offset)
1679 {
1680 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1681 (data[offset + 2] << 8) | data[offset + 3]);
1682 }
1683
1684 uint32_t read_u32(uint8_t *data, size_t offset)
1685 {
1686 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1687 (data[offset + 2] << 8) | data[offset + 3]);
1688 }
1689
1690 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1691 {
1692 }
1693
1694 static void check_pointer_type_change(Notifier *notifier, void *data)
1695 {
1696 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1697 int absolute = qemu_input_is_absolute();
1698
1699 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1700 vnc_lock_output(vs);
1701 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1702 vnc_write_u8(vs, 0);
1703 vnc_write_u16(vs, 1);
1704 vnc_framebuffer_update(vs, absolute, 0,
1705 pixman_image_get_width(vs->vd->server),
1706 pixman_image_get_height(vs->vd->server),
1707 VNC_ENCODING_POINTER_TYPE_CHANGE);
1708 vnc_unlock_output(vs);
1709 vnc_flush(vs);
1710 }
1711 vs->absolute = absolute;
1712 }
1713
1714 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1715 {
1716 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1717 [INPUT_BUTTON_LEFT] = 0x01,
1718 [INPUT_BUTTON_MIDDLE] = 0x02,
1719 [INPUT_BUTTON_RIGHT] = 0x04,
1720 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1721 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1722 };
1723 QemuConsole *con = vs->vd->dcl.con;
1724 int width = pixman_image_get_width(vs->vd->server);
1725 int height = pixman_image_get_height(vs->vd->server);
1726
1727 if (vs->last_bmask != button_mask) {
1728 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1729 vs->last_bmask = button_mask;
1730 }
1731
1732 if (vs->absolute) {
1733 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1734 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1735 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1736 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1737 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1738 } else {
1739 if (vs->last_x != -1) {
1740 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1741 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1742 }
1743 vs->last_x = x;
1744 vs->last_y = y;
1745 }
1746 qemu_input_event_sync();
1747 }
1748
1749 static void press_key(VncState *vs, QKeyCode qcode)
1750 {
1751 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1752 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1753 }
1754
1755 static void vnc_led_state_change(VncState *vs)
1756 {
1757 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1758 return;
1759 }
1760
1761 vnc_lock_output(vs);
1762 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1763 vnc_write_u8(vs, 0);
1764 vnc_write_u16(vs, 1);
1765 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1766 vnc_write_u8(vs, vs->vd->ledstate);
1767 vnc_unlock_output(vs);
1768 vnc_flush(vs);
1769 }
1770
1771 static void kbd_leds(void *opaque, int ledstate)
1772 {
1773 VncDisplay *vd = opaque;
1774 VncState *client;
1775
1776 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1777 (ledstate & QEMU_NUM_LOCK_LED),
1778 (ledstate & QEMU_SCROLL_LOCK_LED));
1779
1780 if (ledstate == vd->ledstate) {
1781 return;
1782 }
1783
1784 vd->ledstate = ledstate;
1785
1786 QTAILQ_FOREACH(client, &vd->clients, next) {
1787 vnc_led_state_change(client);
1788 }
1789 }
1790
1791 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1792 {
1793 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1794
1795 /* QEMU console switch */
1796 switch (qcode) {
1797 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */
1798 if (vs->vd->dcl.con == NULL && down &&
1799 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1800 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1801 /* Reset the modifiers sent to the current console */
1802 qkbd_state_lift_all_keys(vs->vd->kbd);
1803 console_select(qcode - Q_KEY_CODE_1);
1804 return;
1805 }
1806 default:
1807 break;
1808 }
1809
1810 /* Turn off the lock state sync logic if the client support the led
1811 state extension.
1812 */
1813 if (down && vs->vd->lock_key_sync &&
1814 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1815 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1816 /* If the numlock state needs to change then simulate an additional
1817 keypress before sending this one. This will happen if the user
1818 toggles numlock away from the VNC window.
1819 */
1820 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1821 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1822 trace_vnc_key_sync_numlock(true);
1823 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1824 }
1825 } else {
1826 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1827 trace_vnc_key_sync_numlock(false);
1828 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1829 }
1830 }
1831 }
1832
1833 if (down && vs->vd->lock_key_sync &&
1834 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1835 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1836 /* If the capslock state needs to change then simulate an additional
1837 keypress before sending this one. This will happen if the user
1838 toggles capslock away from the VNC window.
1839 */
1840 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1841 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1842 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1843 if (capslock) {
1844 if (uppercase == shift) {
1845 trace_vnc_key_sync_capslock(false);
1846 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1847 }
1848 } else {
1849 if (uppercase != shift) {
1850 trace_vnc_key_sync_capslock(true);
1851 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1852 }
1853 }
1854 }
1855
1856 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1857 if (!qemu_console_is_graphic(NULL)) {
1858 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1859 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1860 /* QEMU console emulation */
1861 if (down) {
1862 switch (keycode) {
1863 case 0x2a: /* Left Shift */
1864 case 0x36: /* Right Shift */
1865 case 0x1d: /* Left CTRL */
1866 case 0x9d: /* Right CTRL */
1867 case 0x38: /* Left ALT */
1868 case 0xb8: /* Right ALT */
1869 break;
1870 case 0xc8:
1871 kbd_put_keysym(QEMU_KEY_UP);
1872 break;
1873 case 0xd0:
1874 kbd_put_keysym(QEMU_KEY_DOWN);
1875 break;
1876 case 0xcb:
1877 kbd_put_keysym(QEMU_KEY_LEFT);
1878 break;
1879 case 0xcd:
1880 kbd_put_keysym(QEMU_KEY_RIGHT);
1881 break;
1882 case 0xd3:
1883 kbd_put_keysym(QEMU_KEY_DELETE);
1884 break;
1885 case 0xc7:
1886 kbd_put_keysym(QEMU_KEY_HOME);
1887 break;
1888 case 0xcf:
1889 kbd_put_keysym(QEMU_KEY_END);
1890 break;
1891 case 0xc9:
1892 kbd_put_keysym(QEMU_KEY_PAGEUP);
1893 break;
1894 case 0xd1:
1895 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1896 break;
1897
1898 case 0x47:
1899 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1900 break;
1901 case 0x48:
1902 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1903 break;
1904 case 0x49:
1905 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1906 break;
1907 case 0x4b:
1908 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1909 break;
1910 case 0x4c:
1911 kbd_put_keysym('5');
1912 break;
1913 case 0x4d:
1914 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1915 break;
1916 case 0x4f:
1917 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1918 break;
1919 case 0x50:
1920 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1921 break;
1922 case 0x51:
1923 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1924 break;
1925 case 0x52:
1926 kbd_put_keysym('0');
1927 break;
1928 case 0x53:
1929 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1930 break;
1931
1932 case 0xb5:
1933 kbd_put_keysym('/');
1934 break;
1935 case 0x37:
1936 kbd_put_keysym('*');
1937 break;
1938 case 0x4a:
1939 kbd_put_keysym('-');
1940 break;
1941 case 0x4e:
1942 kbd_put_keysym('+');
1943 break;
1944 case 0x9c:
1945 kbd_put_keysym('\n');
1946 break;
1947
1948 default:
1949 if (control) {
1950 kbd_put_keysym(sym & 0x1f);
1951 } else {
1952 kbd_put_keysym(sym);
1953 }
1954 break;
1955 }
1956 }
1957 }
1958 }
1959
1960 static const char *code2name(int keycode)
1961 {
1962 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
1963 }
1964
1965 static void key_event(VncState *vs, int down, uint32_t sym)
1966 {
1967 int keycode;
1968 int lsym = sym;
1969
1970 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1971 lsym = lsym - 'A' + 'a';
1972 }
1973
1974 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
1975 vs->vd->kbd, down) & SCANCODE_KEYMASK;
1976 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1977 do_key_event(vs, down, keycode, sym);
1978 }
1979
1980 static void ext_key_event(VncState *vs, int down,
1981 uint32_t sym, uint16_t keycode)
1982 {
1983 /* if the user specifies a keyboard layout, always use it */
1984 if (keyboard_layout) {
1985 key_event(vs, down, sym);
1986 } else {
1987 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1988 do_key_event(vs, down, keycode, sym);
1989 }
1990 }
1991
1992 static void framebuffer_update_request(VncState *vs, int incremental,
1993 int x, int y, int w, int h)
1994 {
1995 if (incremental) {
1996 if (vs->update != VNC_STATE_UPDATE_FORCE) {
1997 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
1998 }
1999 } else {
2000 vs->update = VNC_STATE_UPDATE_FORCE;
2001 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2002 }
2003 }
2004
2005 static void send_ext_key_event_ack(VncState *vs)
2006 {
2007 vnc_lock_output(vs);
2008 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2009 vnc_write_u8(vs, 0);
2010 vnc_write_u16(vs, 1);
2011 vnc_framebuffer_update(vs, 0, 0,
2012 pixman_image_get_width(vs->vd->server),
2013 pixman_image_get_height(vs->vd->server),
2014 VNC_ENCODING_EXT_KEY_EVENT);
2015 vnc_unlock_output(vs);
2016 vnc_flush(vs);
2017 }
2018
2019 static void send_ext_audio_ack(VncState *vs)
2020 {
2021 vnc_lock_output(vs);
2022 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2023 vnc_write_u8(vs, 0);
2024 vnc_write_u16(vs, 1);
2025 vnc_framebuffer_update(vs, 0, 0,
2026 pixman_image_get_width(vs->vd->server),
2027 pixman_image_get_height(vs->vd->server),
2028 VNC_ENCODING_AUDIO);
2029 vnc_unlock_output(vs);
2030 vnc_flush(vs);
2031 }
2032
2033 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2034 {
2035 int i;
2036 unsigned int enc = 0;
2037
2038 vs->features = 0;
2039 vs->vnc_encoding = 0;
2040 vs->tight->compression = 9;
2041 vs->tight->quality = -1; /* Lossless by default */
2042 vs->absolute = -1;
2043
2044 /*
2045 * Start from the end because the encodings are sent in order of preference.
2046 * This way the preferred encoding (first encoding defined in the array)
2047 * will be set at the end of the loop.
2048 */
2049 for (i = n_encodings - 1; i >= 0; i--) {
2050 enc = encodings[i];
2051 switch (enc) {
2052 case VNC_ENCODING_RAW:
2053 vs->vnc_encoding = enc;
2054 break;
2055 case VNC_ENCODING_COPYRECT:
2056 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2057 break;
2058 case VNC_ENCODING_HEXTILE:
2059 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2060 vs->vnc_encoding = enc;
2061 break;
2062 case VNC_ENCODING_TIGHT:
2063 vs->features |= VNC_FEATURE_TIGHT_MASK;
2064 vs->vnc_encoding = enc;
2065 break;
2066 #ifdef CONFIG_VNC_PNG
2067 case VNC_ENCODING_TIGHT_PNG:
2068 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2069 vs->vnc_encoding = enc;
2070 break;
2071 #endif
2072 case VNC_ENCODING_ZLIB:
2073 /*
2074 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB.
2075 * So prioritize ZRLE, even if the client hints that it prefers
2076 * ZLIB.
2077 */
2078 if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) {
2079 vs->features |= VNC_FEATURE_ZLIB_MASK;
2080 vs->vnc_encoding = enc;
2081 }
2082 break;
2083 case VNC_ENCODING_ZRLE:
2084 vs->features |= VNC_FEATURE_ZRLE_MASK;
2085 vs->vnc_encoding = enc;
2086 break;
2087 case VNC_ENCODING_ZYWRLE:
2088 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2089 vs->vnc_encoding = enc;
2090 break;
2091 case VNC_ENCODING_DESKTOPRESIZE:
2092 vs->features |= VNC_FEATURE_RESIZE_MASK;
2093 break;
2094 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2095 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2096 break;
2097 case VNC_ENCODING_RICH_CURSOR:
2098 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2099 if (vs->vd->cursor) {
2100 vnc_cursor_define(vs);
2101 }
2102 break;
2103 case VNC_ENCODING_EXT_KEY_EVENT:
2104 send_ext_key_event_ack(vs);
2105 break;
2106 case VNC_ENCODING_AUDIO:
2107 send_ext_audio_ack(vs);
2108 break;
2109 case VNC_ENCODING_WMVi:
2110 vs->features |= VNC_FEATURE_WMVI_MASK;
2111 break;
2112 case VNC_ENCODING_LED_STATE:
2113 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2114 break;
2115 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2116 vs->tight->compression = (enc & 0x0F);
2117 break;
2118 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2119 if (vs->vd->lossy) {
2120 vs->tight->quality = (enc & 0x0F);
2121 }
2122 break;
2123 default:
2124 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2125 break;
2126 }
2127 }
2128 vnc_desktop_resize(vs);
2129 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2130 vnc_led_state_change(vs);
2131 }
2132
2133 static void set_pixel_conversion(VncState *vs)
2134 {
2135 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2136
2137 if (fmt == VNC_SERVER_FB_FORMAT) {
2138 vs->write_pixels = vnc_write_pixels_copy;
2139 vnc_hextile_set_pixel_conversion(vs, 0);
2140 } else {
2141 vs->write_pixels = vnc_write_pixels_generic;
2142 vnc_hextile_set_pixel_conversion(vs, 1);
2143 }
2144 }
2145
2146 static void send_color_map(VncState *vs)
2147 {
2148 int i;
2149
2150 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2151 vnc_write_u8(vs, 0); /* padding */
2152 vnc_write_u16(vs, 0); /* first color */
2153 vnc_write_u16(vs, 256); /* # of colors */
2154
2155 for (i = 0; i < 256; i++) {
2156 PixelFormat *pf = &vs->client_pf;
2157
2158 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2159 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2160 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2161 }
2162 }
2163
2164 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2165 int big_endian_flag, int true_color_flag,
2166 int red_max, int green_max, int blue_max,
2167 int red_shift, int green_shift, int blue_shift)
2168 {
2169 if (!true_color_flag) {
2170 /* Expose a reasonable default 256 color map */
2171 bits_per_pixel = 8;
2172 red_max = 7;
2173 green_max = 7;
2174 blue_max = 3;
2175 red_shift = 0;
2176 green_shift = 3;
2177 blue_shift = 6;
2178 }
2179
2180 switch (bits_per_pixel) {
2181 case 8:
2182 case 16:
2183 case 32:
2184 break;
2185 default:
2186 vnc_client_error(vs);
2187 return;
2188 }
2189
2190 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2191 vs->client_pf.rbits = ctpopl(red_max);
2192 vs->client_pf.rshift = red_shift;
2193 vs->client_pf.rmask = red_max << red_shift;
2194 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2195 vs->client_pf.gbits = ctpopl(green_max);
2196 vs->client_pf.gshift = green_shift;
2197 vs->client_pf.gmask = green_max << green_shift;
2198 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2199 vs->client_pf.bbits = ctpopl(blue_max);
2200 vs->client_pf.bshift = blue_shift;
2201 vs->client_pf.bmask = blue_max << blue_shift;
2202 vs->client_pf.bits_per_pixel = bits_per_pixel;
2203 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2204 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2205 vs->client_be = big_endian_flag;
2206
2207 if (!true_color_flag) {
2208 send_color_map(vs);
2209 }
2210
2211 set_pixel_conversion(vs);
2212
2213 graphic_hw_invalidate(vs->vd->dcl.con);
2214 graphic_hw_update(vs->vd->dcl.con);
2215 }
2216
2217 static void pixel_format_message (VncState *vs) {
2218 char pad[3] = { 0, 0, 0 };
2219
2220 vs->client_pf = qemu_default_pixelformat(32);
2221
2222 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2223 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2224
2225 #ifdef HOST_WORDS_BIGENDIAN
2226 vnc_write_u8(vs, 1); /* big-endian-flag */
2227 #else
2228 vnc_write_u8(vs, 0); /* big-endian-flag */
2229 #endif
2230 vnc_write_u8(vs, 1); /* true-color-flag */
2231 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2232 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2233 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2234 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2235 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2236 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2237 vnc_write(vs, pad, 3); /* padding */
2238
2239 vnc_hextile_set_pixel_conversion(vs, 0);
2240 vs->write_pixels = vnc_write_pixels_copy;
2241 }
2242
2243 static void vnc_colordepth(VncState *vs)
2244 {
2245 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2246 /* Sending a WMVi message to notify the client*/
2247 vnc_lock_output(vs);
2248 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2249 vnc_write_u8(vs, 0);
2250 vnc_write_u16(vs, 1); /* number of rects */
2251 vnc_framebuffer_update(vs, 0, 0,
2252 pixman_image_get_width(vs->vd->server),
2253 pixman_image_get_height(vs->vd->server),
2254 VNC_ENCODING_WMVi);
2255 pixel_format_message(vs);
2256 vnc_unlock_output(vs);
2257 vnc_flush(vs);
2258 } else {
2259 set_pixel_conversion(vs);
2260 }
2261 }
2262
2263 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2264 {
2265 int i;
2266 uint16_t limit;
2267 uint32_t freq;
2268 VncDisplay *vd = vs->vd;
2269
2270 if (data[0] > 3) {
2271 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2272 }
2273
2274 switch (data[0]) {
2275 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2276 if (len == 1)
2277 return 20;
2278
2279 set_pixel_format(vs, read_u8(data, 4),
2280 read_u8(data, 6), read_u8(data, 7),
2281 read_u16(data, 8), read_u16(data, 10),
2282 read_u16(data, 12), read_u8(data, 14),
2283 read_u8(data, 15), read_u8(data, 16));
2284 break;
2285 case VNC_MSG_CLIENT_SET_ENCODINGS:
2286 if (len == 1)
2287 return 4;
2288
2289 if (len == 4) {
2290 limit = read_u16(data, 2);
2291 if (limit > 0)
2292 return 4 + (limit * 4);
2293 } else
2294 limit = read_u16(data, 2);
2295
2296 for (i = 0; i < limit; i++) {
2297 int32_t val = read_s32(data, 4 + (i * 4));
2298 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2299 }
2300
2301 set_encodings(vs, (int32_t *)(data + 4), limit);
2302 break;
2303 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2304 if (len == 1)
2305 return 10;
2306
2307 framebuffer_update_request(vs,
2308 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2309 read_u16(data, 6), read_u16(data, 8));
2310 break;
2311 case VNC_MSG_CLIENT_KEY_EVENT:
2312 if (len == 1)
2313 return 8;
2314
2315 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2316 break;
2317 case VNC_MSG_CLIENT_POINTER_EVENT:
2318 if (len == 1)
2319 return 6;
2320
2321 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2322 break;
2323 case VNC_MSG_CLIENT_CUT_TEXT:
2324 if (len == 1) {
2325 return 8;
2326 }
2327 if (len == 8) {
2328 uint32_t dlen = read_u32(data, 4);
2329 if (dlen > (1 << 20)) {
2330 error_report("vnc: client_cut_text msg payload has %u bytes"
2331 " which exceeds our limit of 1MB.", dlen);
2332 vnc_client_error(vs);
2333 break;
2334 }
2335 if (dlen > 0) {
2336 return 8 + dlen;
2337 }
2338 }
2339
2340 client_cut_text(vs, read_u32(data, 4), data + 8);
2341 break;
2342 case VNC_MSG_CLIENT_QEMU:
2343 if (len == 1)
2344 return 2;
2345
2346 switch (read_u8(data, 1)) {
2347 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2348 if (len == 2)
2349 return 12;
2350
2351 ext_key_event(vs, read_u16(data, 2),
2352 read_u32(data, 4), read_u32(data, 8));
2353 break;
2354 case VNC_MSG_CLIENT_QEMU_AUDIO:
2355 if (len == 2)
2356 return 4;
2357
2358 switch (read_u16 (data, 2)) {
2359 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2360 audio_add(vs);
2361 break;
2362 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2363 audio_del(vs);
2364 break;
2365 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2366 if (len == 4)
2367 return 10;
2368 switch (read_u8(data, 4)) {
2369 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2370 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2371 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2372 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2373 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2374 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2375 default:
2376 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2377 vnc_client_error(vs);
2378 break;
2379 }
2380 vs->as.nchannels = read_u8(data, 5);
2381 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2382 VNC_DEBUG("Invalid audio channel count %d\n",
2383 read_u8(data, 5));
2384 vnc_client_error(vs);
2385 break;
2386 }
2387 freq = read_u32(data, 6);
2388 /* No official limit for protocol, but 48khz is a sensible
2389 * upper bound for trustworthy clients, and this limit
2390 * protects calculations involving 'vs->as.freq' later.
2391 */
2392 if (freq > 48000) {
2393 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2394 vnc_client_error(vs);
2395 break;
2396 }
2397 vs->as.freq = freq;
2398 break;
2399 default:
2400 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2401 vnc_client_error(vs);
2402 break;
2403 }
2404 break;
2405
2406 default:
2407 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2408 vnc_client_error(vs);
2409 break;
2410 }
2411 break;
2412 default:
2413 VNC_DEBUG("Msg: %d\n", data[0]);
2414 vnc_client_error(vs);
2415 break;
2416 }
2417
2418 vnc_update_throttle_offset(vs);
2419 vnc_read_when(vs, protocol_client_msg, 1);
2420 return 0;
2421 }
2422
2423 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2424 {
2425 char buf[1024];
2426 VncShareMode mode;
2427 int size;
2428
2429 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2430 switch (vs->vd->share_policy) {
2431 case VNC_SHARE_POLICY_IGNORE:
2432 /*
2433 * Ignore the shared flag. Nothing to do here.
2434 *
2435 * Doesn't conform to the rfb spec but is traditional qemu
2436 * behavior, thus left here as option for compatibility
2437 * reasons.
2438 */
2439 break;
2440 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2441 /*
2442 * Policy: Allow clients ask for exclusive access.
2443 *
2444 * Implementation: When a client asks for exclusive access,
2445 * disconnect all others. Shared connects are allowed as long
2446 * as no exclusive connection exists.
2447 *
2448 * This is how the rfb spec suggests to handle the shared flag.
2449 */
2450 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2451 VncState *client;
2452 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2453 if (vs == client) {
2454 continue;
2455 }
2456 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2457 client->share_mode != VNC_SHARE_MODE_SHARED) {
2458 continue;
2459 }
2460 vnc_disconnect_start(client);
2461 }
2462 }
2463 if (mode == VNC_SHARE_MODE_SHARED) {
2464 if (vs->vd->num_exclusive > 0) {
2465 vnc_disconnect_start(vs);
2466 return 0;
2467 }
2468 }
2469 break;
2470 case VNC_SHARE_POLICY_FORCE_SHARED:
2471 /*
2472 * Policy: Shared connects only.
2473 * Implementation: Disallow clients asking for exclusive access.
2474 *
2475 * Useful for shared desktop sessions where you don't want
2476 * someone forgetting to say -shared when running the vnc
2477 * client disconnect everybody else.
2478 */
2479 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2480 vnc_disconnect_start(vs);
2481 return 0;
2482 }
2483 break;
2484 }
2485 vnc_set_share_mode(vs, mode);
2486
2487 if (vs->vd->num_shared > vs->vd->connections_limit) {
2488 vnc_disconnect_start(vs);
2489 return 0;
2490 }
2491
2492 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2493 pixman_image_get_width(vs->vd->server) >= 0);
2494 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2495 pixman_image_get_height(vs->vd->server) >= 0);
2496 vs->client_width = pixman_image_get_width(vs->vd->server);
2497 vs->client_height = pixman_image_get_height(vs->vd->server);
2498 vnc_write_u16(vs, vs->client_width);
2499 vnc_write_u16(vs, vs->client_height);
2500
2501 pixel_format_message(vs);
2502
2503 if (qemu_name) {
2504 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2505 if (size > sizeof(buf)) {
2506 size = sizeof(buf);
2507 }
2508 } else {
2509 size = snprintf(buf, sizeof(buf), "QEMU");
2510 }
2511
2512 vnc_write_u32(vs, size);
2513 vnc_write(vs, buf, size);
2514 vnc_flush(vs);
2515
2516 vnc_client_cache_auth(vs);
2517 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2518
2519 vnc_read_when(vs, protocol_client_msg, 1);
2520
2521 return 0;
2522 }
2523
2524 void start_client_init(VncState *vs)
2525 {
2526 vnc_read_when(vs, protocol_client_init, 1);
2527 }
2528
2529 static void authentication_failed(VncState *vs)
2530 {
2531 vnc_write_u32(vs, 1); /* Reject auth */
2532 if (vs->minor >= 8) {
2533 static const char err[] = "Authentication failed";
2534 vnc_write_u32(vs, sizeof(err));
2535 vnc_write(vs, err, sizeof(err));
2536 }
2537 vnc_flush(vs);
2538 vnc_client_error(vs);
2539 }
2540
2541 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2542 {
2543 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2544 size_t i, pwlen;
2545 unsigned char key[8];
2546 time_t now = time(NULL);
2547 QCryptoCipher *cipher = NULL;
2548 Error *err = NULL;
2549
2550 if (!vs->vd->password) {
2551 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2552 goto reject;
2553 }
2554 if (vs->vd->expires < now) {
2555 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2556 goto reject;
2557 }
2558
2559 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2560
2561 /* Calculate the expected challenge response */
2562 pwlen = strlen(vs->vd->password);
2563 for (i=0; i<sizeof(key); i++)
2564 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2565
2566 cipher = qcrypto_cipher_new(
2567 QCRYPTO_CIPHER_ALG_DES_RFB,
2568 QCRYPTO_CIPHER_MODE_ECB,
2569 key, G_N_ELEMENTS(key),
2570 &err);
2571 if (!cipher) {
2572 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2573 error_get_pretty(err));
2574 error_free(err);
2575 goto reject;
2576 }
2577
2578 if (qcrypto_cipher_encrypt(cipher,
2579 vs->challenge,
2580 response,
2581 VNC_AUTH_CHALLENGE_SIZE,
2582 &err) < 0) {
2583 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2584 error_get_pretty(err));
2585 error_free(err);
2586 goto reject;
2587 }
2588
2589 /* Compare expected vs actual challenge response */
2590 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2591 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2592 goto reject;
2593 } else {
2594 trace_vnc_auth_pass(vs, vs->auth);
2595 vnc_write_u32(vs, 0); /* Accept auth */
2596 vnc_flush(vs);
2597
2598 start_client_init(vs);
2599 }
2600
2601 qcrypto_cipher_free(cipher);
2602 return 0;
2603
2604 reject:
2605 authentication_failed(vs);
2606 qcrypto_cipher_free(cipher);
2607 return 0;
2608 }
2609
2610 void start_auth_vnc(VncState *vs)
2611 {
2612 Error *err = NULL;
2613
2614 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2615 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2616 error_get_pretty(err));
2617 error_free(err);
2618 authentication_failed(vs);
2619 return;
2620 }
2621
2622 /* Send client a 'random' challenge */
2623 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2624 vnc_flush(vs);
2625
2626 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2627 }
2628
2629
2630 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2631 {
2632 /* We only advertise 1 auth scheme at a time, so client
2633 * must pick the one we sent. Verify this */
2634 if (data[0] != vs->auth) { /* Reject auth */
2635 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2636 authentication_failed(vs);
2637 } else { /* Accept requested auth */
2638 trace_vnc_auth_start(vs, vs->auth);
2639 switch (vs->auth) {
2640 case VNC_AUTH_NONE:
2641 if (vs->minor >= 8) {
2642 vnc_write_u32(vs, 0); /* Accept auth completion */
2643 vnc_flush(vs);
2644 }
2645 trace_vnc_auth_pass(vs, vs->auth);
2646 start_client_init(vs);
2647 break;
2648
2649 case VNC_AUTH_VNC:
2650 start_auth_vnc(vs);
2651 break;
2652
2653 case VNC_AUTH_VENCRYPT:
2654 start_auth_vencrypt(vs);
2655 break;
2656
2657 #ifdef CONFIG_VNC_SASL
2658 case VNC_AUTH_SASL:
2659 start_auth_sasl(vs);
2660 break;
2661 #endif /* CONFIG_VNC_SASL */
2662
2663 default: /* Should not be possible, but just in case */
2664 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2665 authentication_failed(vs);
2666 }
2667 }
2668 return 0;
2669 }
2670
2671 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2672 {
2673 char local[13];
2674
2675 memcpy(local, version, 12);
2676 local[12] = 0;
2677
2678 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2679 VNC_DEBUG("Malformed protocol version %s\n", local);
2680 vnc_client_error(vs);
2681 return 0;
2682 }
2683 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2684 if (vs->major != 3 ||
2685 (vs->minor != 3 &&
2686 vs->minor != 4 &&
2687 vs->minor != 5 &&
2688 vs->minor != 7 &&
2689 vs->minor != 8)) {
2690 VNC_DEBUG("Unsupported client version\n");
2691 vnc_write_u32(vs, VNC_AUTH_INVALID);
2692 vnc_flush(vs);
2693 vnc_client_error(vs);
2694 return 0;
2695 }
2696 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2697 * as equivalent to v3.3 by servers
2698 */
2699 if (vs->minor == 4 || vs->minor == 5)
2700 vs->minor = 3;
2701
2702 if (vs->minor == 3) {
2703 trace_vnc_auth_start(vs, vs->auth);
2704 if (vs->auth == VNC_AUTH_NONE) {
2705 vnc_write_u32(vs, vs->auth);
2706 vnc_flush(vs);
2707 trace_vnc_auth_pass(vs, vs->auth);
2708 start_client_init(vs);
2709 } else if (vs->auth == VNC_AUTH_VNC) {
2710 VNC_DEBUG("Tell client VNC auth\n");
2711 vnc_write_u32(vs, vs->auth);
2712 vnc_flush(vs);
2713 start_auth_vnc(vs);
2714 } else {
2715 trace_vnc_auth_fail(vs, vs->auth,
2716 "Unsupported auth method for v3.3", "");
2717 vnc_write_u32(vs, VNC_AUTH_INVALID);
2718 vnc_flush(vs);
2719 vnc_client_error(vs);
2720 }
2721 } else {
2722 vnc_write_u8(vs, 1); /* num auth */
2723 vnc_write_u8(vs, vs->auth);
2724 vnc_read_when(vs, protocol_client_auth, 1);
2725 vnc_flush(vs);
2726 }
2727
2728 return 0;
2729 }
2730
2731 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2732 {
2733 struct VncSurface *vs = &vd->guest;
2734
2735 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2736 }
2737
2738 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2739 {
2740 int i, j;
2741
2742 w = (x + w) / VNC_STAT_RECT;
2743 h = (y + h) / VNC_STAT_RECT;
2744 x /= VNC_STAT_RECT;
2745 y /= VNC_STAT_RECT;
2746
2747 for (j = y; j <= h; j++) {
2748 for (i = x; i <= w; i++) {
2749 vs->lossy_rect[j][i] = 1;
2750 }
2751 }
2752 }
2753
2754 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2755 {
2756 VncState *vs;
2757 int sty = y / VNC_STAT_RECT;
2758 int stx = x / VNC_STAT_RECT;
2759 int has_dirty = 0;
2760
2761 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2762 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2763
2764 QTAILQ_FOREACH(vs, &vd->clients, next) {
2765 int j;
2766
2767 /* kernel send buffers are full -> refresh later */
2768 if (vs->output.offset) {
2769 continue;
2770 }
2771
2772 if (!vs->lossy_rect[sty][stx]) {
2773 continue;
2774 }
2775
2776 vs->lossy_rect[sty][stx] = 0;
2777 for (j = 0; j < VNC_STAT_RECT; ++j) {
2778 bitmap_set(vs->dirty[y + j],
2779 x / VNC_DIRTY_PIXELS_PER_BIT,
2780 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2781 }
2782 has_dirty++;
2783 }
2784
2785 return has_dirty;
2786 }
2787
2788 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2789 {
2790 int width = MIN(pixman_image_get_width(vd->guest.fb),
2791 pixman_image_get_width(vd->server));
2792 int height = MIN(pixman_image_get_height(vd->guest.fb),
2793 pixman_image_get_height(vd->server));
2794 int x, y;
2795 struct timeval res;
2796 int has_dirty = 0;
2797
2798 for (y = 0; y < height; y += VNC_STAT_RECT) {
2799 for (x = 0; x < width; x += VNC_STAT_RECT) {
2800 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2801
2802 rect->updated = false;
2803 }
2804 }
2805
2806 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2807
2808 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2809 return has_dirty;
2810 }
2811 vd->guest.last_freq_check = *tv;
2812
2813 for (y = 0; y < height; y += VNC_STAT_RECT) {
2814 for (x = 0; x < width; x += VNC_STAT_RECT) {
2815 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2816 int count = ARRAY_SIZE(rect->times);
2817 struct timeval min, max;
2818
2819 if (!timerisset(&rect->times[count - 1])) {
2820 continue ;
2821 }
2822
2823 max = rect->times[(rect->idx + count - 1) % count];
2824 qemu_timersub(tv, &max, &res);
2825
2826 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2827 rect->freq = 0;
2828 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2829 memset(rect->times, 0, sizeof (rect->times));
2830 continue ;
2831 }
2832
2833 min = rect->times[rect->idx];
2834 max = rect->times[(rect->idx + count - 1) % count];
2835 qemu_timersub(&max, &min, &res);
2836
2837 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2838 rect->freq /= count;
2839 rect->freq = 1. / rect->freq;
2840 }
2841 }
2842 return has_dirty;
2843 }
2844
2845 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2846 {
2847 int i, j;
2848 double total = 0;
2849 int num = 0;
2850
2851 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2852 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2853
2854 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2855 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2856 total += vnc_stat_rect(vs->vd, i, j)->freq;
2857 num++;
2858 }
2859 }
2860
2861 if (num) {
2862 return total / num;
2863 } else {
2864 return 0;
2865 }
2866 }
2867
2868 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2869 {
2870 VncRectStat *rect;
2871
2872 rect = vnc_stat_rect(vd, x, y);
2873 if (rect->updated) {
2874 return ;
2875 }
2876 rect->times[rect->idx] = *tv;
2877 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2878 rect->updated = true;
2879 }
2880
2881 static int vnc_refresh_server_surface(VncDisplay *vd)
2882 {
2883 int width = MIN(pixman_image_get_width(vd->guest.fb),
2884 pixman_image_get_width(vd->server));
2885 int height = MIN(pixman_image_get_height(vd->guest.fb),
2886 pixman_image_get_height(vd->server));
2887 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2888 uint8_t *guest_row0 = NULL, *server_row0;
2889 VncState *vs;
2890 int has_dirty = 0;
2891 pixman_image_t *tmpbuf = NULL;
2892
2893 struct timeval tv = { 0, 0 };
2894
2895 if (!vd->non_adaptive) {
2896 gettimeofday(&tv, NULL);
2897 has_dirty = vnc_update_stats(vd, &tv);
2898 }
2899
2900 /*
2901 * Walk through the guest dirty map.
2902 * Check and copy modified bits from guest to server surface.
2903 * Update server dirty map.
2904 */
2905 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2906 server_stride = guest_stride = guest_ll =
2907 pixman_image_get_stride(vd->server);
2908 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2909 server_stride);
2910 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2911 int width = pixman_image_get_width(vd->server);
2912 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2913 } else {
2914 int guest_bpp =
2915 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2916 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2917 guest_stride = pixman_image_get_stride(vd->guest.fb);
2918 guest_ll = pixman_image_get_width(vd->guest.fb)
2919 * DIV_ROUND_UP(guest_bpp, 8);
2920 }
2921 line_bytes = MIN(server_stride, guest_ll);
2922
2923 for (;;) {
2924 int x;
2925 uint8_t *guest_ptr, *server_ptr;
2926 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2927 height * VNC_DIRTY_BPL(&vd->guest),
2928 y * VNC_DIRTY_BPL(&vd->guest));
2929 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2930 /* no more dirty bits */
2931 break;
2932 }
2933 y = offset / VNC_DIRTY_BPL(&vd->guest);
2934 x = offset % VNC_DIRTY_BPL(&vd->guest);
2935
2936 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2937
2938 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2939 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2940 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2941 } else {
2942 guest_ptr = guest_row0 + y * guest_stride;
2943 }
2944 guest_ptr += x * cmp_bytes;
2945
2946 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2947 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2948 int _cmp_bytes = cmp_bytes;
2949 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2950 continue;
2951 }
2952 if ((x + 1) * cmp_bytes > line_bytes) {
2953 _cmp_bytes = line_bytes - x * cmp_bytes;
2954 }
2955 assert(_cmp_bytes >= 0);
2956 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2957 continue;
2958 }
2959 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2960 if (!vd->non_adaptive) {
2961 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2962 y, &tv);
2963 }
2964 QTAILQ_FOREACH(vs, &vd->clients, next) {
2965 set_bit(x, vs->dirty[y]);
2966 }
2967 has_dirty++;
2968 }
2969
2970 y++;
2971 }
2972 qemu_pixman_image_unref(tmpbuf);
2973 return has_dirty;
2974 }
2975
2976 static void vnc_refresh(DisplayChangeListener *dcl)
2977 {
2978 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2979 VncState *vs, *vn;
2980 int has_dirty, rects = 0;
2981
2982 if (QTAILQ_EMPTY(&vd->clients)) {
2983 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2984 return;
2985 }
2986
2987 graphic_hw_update(vd->dcl.con);
2988
2989 if (vnc_trylock_display(vd)) {
2990 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2991 return;
2992 }
2993
2994 has_dirty = vnc_refresh_server_surface(vd);
2995 vnc_unlock_display(vd);
2996
2997 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2998 rects += vnc_update_client(vs, has_dirty);
2999 /* vs might be free()ed here */
3000 }
3001
3002 if (has_dirty && rects) {
3003 vd->dcl.update_interval /= 2;
3004 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3005 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3006 }
3007 } else {
3008 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3009 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3010 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3011 }
3012 }
3013 }
3014
3015 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3016 bool skipauth, bool websocket)
3017 {
3018 VncState *vs = g_new0(VncState, 1);
3019 bool first_client = QTAILQ_EMPTY(&vd->clients);
3020 int i;
3021
3022 trace_vnc_client_connect(vs, sioc);
3023 vs->zrle = g_new0(VncZrle, 1);
3024 vs->tight = g_new0(VncTight, 1);
3025 vs->magic = VNC_MAGIC;
3026 vs->sioc = sioc;
3027 object_ref(OBJECT(vs->sioc));
3028 vs->ioc = QIO_CHANNEL(sioc);
3029 object_ref(OBJECT(vs->ioc));
3030 vs->vd = vd;
3031
3032 buffer_init(&vs->input, "vnc-input/%p", sioc);
3033 buffer_init(&vs->output, "vnc-output/%p", sioc);
3034 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3035
3036 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3037 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3038 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3039 #ifdef CONFIG_VNC_JPEG
3040 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3041 #endif
3042 #ifdef CONFIG_VNC_PNG
3043 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3044 #endif
3045 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3046 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3047 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3048 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3049
3050 if (skipauth) {
3051 vs->auth = VNC_AUTH_NONE;
3052 vs->subauth = VNC_AUTH_INVALID;
3053 } else {
3054 if (websocket) {
3055 vs->auth = vd->ws_auth;
3056 vs->subauth = VNC_AUTH_INVALID;
3057 } else {
3058 vs->auth = vd->auth;
3059 vs->subauth = vd->subauth;
3060 }
3061 }
3062 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3063 sioc, websocket, vs->auth, vs->subauth);
3064
3065 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3066 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3067 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3068 }
3069
3070 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3071 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3072 qio_channel_set_blocking(vs->ioc, false, NULL);
3073 if (vs->ioc_tag) {
3074 g_source_remove(vs->ioc_tag);
3075 }
3076 if (websocket) {
3077 vs->websocket = 1;
3078 if (vd->tlscreds) {
3079 vs->ioc_tag = qio_channel_add_watch(
3080 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3081 } else {
3082 vs->ioc_tag = qio_channel_add_watch(
3083 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3084 }
3085 } else {
3086 vs->ioc_tag = qio_channel_add_watch(
3087 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3088 }
3089
3090 vnc_client_cache_addr(vs);
3091 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3092 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3093
3094 vs->last_x = -1;
3095 vs->last_y = -1;
3096
3097 vs->as.freq = 44100;
3098 vs->as.nchannels = 2;
3099 vs->as.fmt = AUDIO_FORMAT_S16;
3100 vs->as.endianness = 0;
3101
3102 qemu_mutex_init(&vs->output_mutex);
3103 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3104
3105 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3106 if (first_client) {
3107 vnc_update_server_surface(vd);
3108 }
3109
3110 graphic_hw_update(vd->dcl.con);
3111
3112 if (!vs->websocket) {
3113 vnc_start_protocol(vs);
3114 }
3115
3116 if (vd->num_connecting > vd->connections_limit) {
3117 QTAILQ_FOREACH(vs, &vd->clients, next) {
3118 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3119 vnc_disconnect_start(vs);
3120 return;
3121 }
3122 }
3123 }
3124 }
3125
3126 void vnc_start_protocol(VncState *vs)
3127 {
3128 vnc_write(vs, "RFB 003.008\n", 12);
3129 vnc_flush(vs);
3130 vnc_read_when(vs, protocol_version, 12);
3131
3132 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3133 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3134 }
3135
3136 static void vnc_listen_io(QIONetListener *listener,
3137 QIOChannelSocket *cioc,
3138 void *opaque)
3139 {
3140 VncDisplay *vd = opaque;
3141 bool isWebsock = listener == vd->wslistener;
3142
3143 qio_channel_set_name(QIO_CHANNEL(cioc),
3144 isWebsock ? "vnc-ws-server" : "vnc-server");
3145 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3146 vnc_connect(vd, cioc, false, isWebsock);
3147 }
3148
3149 static const DisplayChangeListenerOps dcl_ops = {
3150 .dpy_name = "vnc",
3151 .dpy_refresh = vnc_refresh,
3152 .dpy_gfx_update = vnc_dpy_update,
3153 .dpy_gfx_switch = vnc_dpy_switch,
3154 .dpy_gfx_check_format = qemu_pixman_check_format,
3155 .dpy_mouse_set = vnc_mouse_set,
3156 .dpy_cursor_define = vnc_dpy_cursor_define,
3157 };
3158
3159 void vnc_display_init(const char *id, Error **errp)
3160 {
3161 VncDisplay *vd;
3162
3163 if (vnc_display_find(id) != NULL) {
3164 return;
3165 }
3166 vd = g_malloc0(sizeof(*vd));
3167
3168 vd->id = strdup(id);
3169 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3170
3171 QTAILQ_INIT(&vd->clients);
3172 vd->expires = TIME_MAX;
3173
3174 if (keyboard_layout) {
3175 trace_vnc_key_map_init(keyboard_layout);
3176 vd->kbd_layout = init_keyboard_layout(name2keysym,
3177 keyboard_layout, errp);
3178 } else {
3179 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3180 }
3181
3182 if (!vd->kbd_layout) {
3183 return;
3184 }
3185
3186 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3187 vd->connections_limit = 32;
3188
3189 qemu_mutex_init(&vd->mutex);
3190 vnc_start_worker_thread();
3191
3192 vd->dcl.ops = &dcl_ops;
3193 register_displaychangelistener(&vd->dcl);
3194 vd->kbd = qkbd_state_init(vd->dcl.con);
3195 }
3196
3197
3198 static void vnc_display_close(VncDisplay *vd)
3199 {
3200 if (!vd) {
3201 return;
3202 }
3203 vd->is_unix = false;
3204
3205 if (vd->listener) {
3206 qio_net_listener_disconnect(vd->listener);
3207 object_unref(OBJECT(vd->listener));
3208 }
3209 vd->listener = NULL;
3210
3211 if (vd->wslistener) {
3212 qio_net_listener_disconnect(vd->wslistener);
3213 object_unref(OBJECT(vd->wslistener));
3214 }
3215 vd->wslistener = NULL;
3216
3217 vd->auth = VNC_AUTH_INVALID;
3218 vd->subauth = VNC_AUTH_INVALID;
3219 if (vd->tlscreds) {
3220 object_unparent(OBJECT(vd->tlscreds));
3221 vd->tlscreds = NULL;
3222 }
3223 if (vd->tlsauthz) {
3224 object_unparent(OBJECT(vd->tlsauthz));
3225 vd->tlsauthz = NULL;
3226 }
3227 g_free(vd->tlsauthzid);
3228 vd->tlsauthzid = NULL;
3229 if (vd->lock_key_sync) {
3230 qemu_remove_led_event_handler(vd->led);
3231 vd->led = NULL;
3232 }
3233 #ifdef CONFIG_VNC_SASL
3234 if (vd->sasl.authz) {
3235 object_unparent(OBJECT(vd->sasl.authz));
3236 vd->sasl.authz = NULL;
3237 }
3238 g_free(vd->sasl.authzid);
3239 vd->sasl.authzid = NULL;
3240 #endif
3241 }
3242
3243 int vnc_display_password(const char *id, const char *password)
3244 {
3245 VncDisplay *vd = vnc_display_find(id);
3246
3247 if (!vd) {
3248 return -EINVAL;
3249 }
3250 if (vd->auth == VNC_AUTH_NONE) {
3251 error_printf_unless_qmp("If you want use passwords please enable "
3252 "password auth using '-vnc ${dpy},password'.\n");
3253 return -EINVAL;
3254 }
3255
3256 g_free(vd->password);
3257 vd->password = g_strdup(password);
3258
3259 return 0;
3260 }
3261
3262 int vnc_display_pw_expire(const char *id, time_t expires)
3263 {
3264 VncDisplay *vd = vnc_display_find(id);
3265
3266 if (!vd) {
3267 return -EINVAL;
3268 }
3269
3270 vd->expires = expires;
3271 return 0;
3272 }
3273
3274 static void vnc_display_print_local_addr(VncDisplay *vd)
3275 {
3276 SocketAddress *addr;
3277
3278 if (!vd->listener || !vd->listener->nsioc) {
3279 return;
3280 }
3281
3282 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3283 if (!addr) {
3284 return;
3285 }
3286
3287 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3288 qapi_free_SocketAddress(addr);
3289 return;
3290 }
3291 error_printf_unless_qmp("VNC server running on %s:%s\n",
3292 addr->u.inet.host,
3293 addr->u.inet.port);
3294 qapi_free_SocketAddress(addr);
3295 }
3296
3297 static QemuOptsList qemu_vnc_opts = {
3298 .name = "vnc",
3299 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3300 .implied_opt_name = "vnc",
3301 .desc = {
3302 {
3303 .name = "vnc",
3304 .type = QEMU_OPT_STRING,
3305 },{
3306 .name = "websocket",
3307 .type = QEMU_OPT_STRING,
3308 },{
3309 .name = "tls-creds",
3310 .type = QEMU_OPT_STRING,
3311 },{
3312 .name = "share",
3313 .type = QEMU_OPT_STRING,
3314 },{
3315 .name = "display",
3316 .type = QEMU_OPT_STRING,
3317 },{
3318 .name = "head",
3319 .type = QEMU_OPT_NUMBER,
3320 },{
3321 .name = "connections",
3322 .type = QEMU_OPT_NUMBER,
3323 },{
3324 .name = "to",
3325 .type = QEMU_OPT_NUMBER,
3326 },{
3327 .name = "ipv4",
3328 .type = QEMU_OPT_BOOL,
3329 },{
3330 .name = "ipv6",
3331 .type = QEMU_OPT_BOOL,
3332 },{
3333 .name = "password",
3334 .type = QEMU_OPT_BOOL,
3335 },{
3336 .name = "reverse",
3337 .type = QEMU_OPT_BOOL,
3338 },{
3339 .name = "lock-key-sync",
3340 .type = QEMU_OPT_BOOL,
3341 },{
3342 .name = "key-delay-ms",
3343 .type = QEMU_OPT_NUMBER,
3344 },{
3345 .name = "sasl",
3346 .type = QEMU_OPT_BOOL,
3347 },{
3348 .name = "acl",
3349 .type = QEMU_OPT_BOOL,
3350 },{
3351 .name = "tls-authz",
3352 .type = QEMU_OPT_STRING,
3353 },{
3354 .name = "sasl-authz",
3355 .type = QEMU_OPT_STRING,
3356 },{
3357 .name = "lossy",
3358 .type = QEMU_OPT_BOOL,
3359 },{
3360 .name = "non-adaptive",
3361 .type = QEMU_OPT_BOOL,
3362 },{
3363 .name = "audiodev",
3364 .type = QEMU_OPT_STRING,
3365 },
3366 { /* end of list */ }
3367 },
3368 };
3369
3370
3371 static int
3372 vnc_display_setup_auth(int *auth,
3373 int *subauth,
3374 QCryptoTLSCreds *tlscreds,
3375 bool password,
3376 bool sasl,
3377 bool websocket,
3378 Error **errp)
3379 {
3380 /*
3381 * We have a choice of 3 authentication options
3382 *
3383 * 1. none
3384 * 2. vnc
3385 * 3. sasl
3386 *
3387 * The channel can be run in 2 modes
3388 *
3389 * 1. clear
3390 * 2. tls
3391 *
3392 * And TLS can use 2 types of credentials
3393 *
3394 * 1. anon
3395 * 2. x509
3396 *
3397 * We thus have 9 possible logical combinations
3398 *
3399 * 1. clear + none
3400 * 2. clear + vnc
3401 * 3. clear + sasl
3402 * 4. tls + anon + none
3403 * 5. tls + anon + vnc
3404 * 6. tls + anon + sasl
3405 * 7. tls + x509 + none
3406 * 8. tls + x509 + vnc
3407 * 9. tls + x509 + sasl
3408 *
3409 * These need to be mapped into the VNC auth schemes
3410 * in an appropriate manner. In regular VNC, all the
3411 * TLS options get mapped into VNC_AUTH_VENCRYPT
3412 * sub-auth types.
3413 *
3414 * In websockets, the https:// protocol already provides
3415 * TLS support, so there is no need to make use of the
3416 * VeNCrypt extension. Furthermore, websockets browser
3417 * clients could not use VeNCrypt even if they wanted to,
3418 * as they cannot control when the TLS handshake takes
3419 * place. Thus there is no option but to rely on https://,
3420 * meaning combinations 4->6 and 7->9 will be mapped to
3421 * VNC auth schemes in the same way as combos 1->3.
3422 *
3423 * Regardless of fact that we have a different mapping to
3424 * VNC auth mechs for plain VNC vs websockets VNC, the end
3425 * result has the same security characteristics.
3426 */
3427 if (websocket || !tlscreds) {
3428 if (password) {
3429 VNC_DEBUG("Initializing VNC server with password auth\n");
3430 *auth = VNC_AUTH_VNC;
3431 } else if (sasl) {
3432 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3433 *auth = VNC_AUTH_SASL;
3434 } else {
3435 VNC_DEBUG("Initializing VNC server with no auth\n");
3436 *auth = VNC_AUTH_NONE;
3437 }
3438 *subauth = VNC_AUTH_INVALID;
3439 } else {
3440 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3441 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3442 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3443 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3444
3445 if (!is_x509 && !is_anon) {
3446 error_setg(errp,
3447 "Unsupported TLS cred type %s",
3448 object_get_typename(OBJECT(tlscreds)));
3449 return -1;
3450 }
3451 *auth = VNC_AUTH_VENCRYPT;
3452 if (password) {
3453 if (is_x509) {
3454 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3455 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3456 } else {
3457 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3458 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3459 }
3460
3461 } else if (sasl) {
3462 if (is_x509) {
3463 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3464 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3465 } else {
3466 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3467 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3468 }
3469 } else {
3470 if (is_x509) {
3471 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3472 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3473 } else {
3474 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3475 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3476 }
3477 }
3478 }
3479 return 0;
3480 }
3481
3482
3483 static int vnc_display_get_address(const char *addrstr,
3484 bool websocket,
3485 bool reverse,
3486 int displaynum,
3487 int to,
3488 bool has_ipv4,
3489 bool has_ipv6,
3490 bool ipv4,
3491 bool ipv6,
3492 SocketAddress **retaddr,
3493 Error **errp)
3494 {
3495 int ret = -1;
3496 SocketAddress *addr = NULL;
3497
3498 addr = g_new0(SocketAddress, 1);
3499
3500 if (strncmp(addrstr, "unix:", 5) == 0) {
3501 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3502 addr->u.q_unix.path = g_strdup(addrstr + 5);
3503
3504 if (websocket) {
3505 error_setg(errp, "UNIX sockets not supported with websock");
3506 goto cleanup;
3507 }
3508
3509 if (to) {
3510 error_setg(errp, "Port range not support with UNIX socket");
3511 goto cleanup;
3512 }
3513 ret = 0;
3514 } else {
3515 const char *port;
3516 size_t hostlen;
3517 unsigned long long baseport = 0;
3518 InetSocketAddress *inet;
3519
3520 port = strrchr(addrstr, ':');
3521 if (!port) {
3522 if (websocket) {
3523 hostlen = 0;
3524 port = addrstr;
3525 } else {
3526 error_setg(errp, "no vnc port specified");
3527 goto cleanup;
3528 }
3529 } else {
3530 hostlen = port - addrstr;
3531 port++;
3532 if (*port == '\0') {
3533 error_setg(errp, "vnc port cannot be empty");
3534 goto cleanup;
3535 }
3536 }
3537
3538 addr->type = SOCKET_ADDRESS_TYPE_INET;
3539 inet = &addr->u.inet;
3540 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3541 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3542 } else {
3543 inet->host = g_strndup(addrstr, hostlen);
3544 }
3545 /* plain VNC port is just an offset, for websocket
3546 * port is absolute */
3547 if (websocket) {
3548 if (g_str_equal(addrstr, "") ||
3549 g_str_equal(addrstr, "on")) {
3550 if (displaynum == -1) {
3551 error_setg(errp, "explicit websocket port is required");
3552 goto cleanup;
3553 }
3554 inet->port = g_strdup_printf(
3555 "%d", displaynum + 5700);
3556 if (to) {
3557 inet->has_to = true;
3558 inet->to = to + 5700;
3559 }
3560 } else {
3561 inet->port = g_strdup(port);
3562 }
3563 } else {
3564 int offset = reverse ? 0 : 5900;
3565 if (parse_uint_full(port, &baseport, 10) < 0) {
3566 error_setg(errp, "can't convert to a number: %s", port);
3567 goto cleanup;
3568 }
3569 if (baseport > 65535 ||
3570 baseport + offset > 65535) {
3571 error_setg(errp, "port %s out of range", port);
3572 goto cleanup;
3573 }
3574 inet->port = g_strdup_printf(
3575 "%d", (int)baseport + offset);
3576
3577 if (to) {
3578 inet->has_to = true;
3579 inet->to = to + offset;
3580 }
3581 }
3582
3583 inet->ipv4 = ipv4;
3584 inet->has_ipv4 = has_ipv4;
3585 inet->ipv6 = ipv6;
3586 inet->has_ipv6 = has_ipv6;
3587
3588 ret = baseport;
3589 }
3590
3591 *retaddr = addr;
3592
3593 cleanup:
3594 if (ret < 0) {
3595 qapi_free_SocketAddress(addr);
3596 }
3597 return ret;
3598 }
3599
3600 static void vnc_free_addresses(SocketAddress ***retsaddr,
3601 size_t *retnsaddr)
3602 {
3603 size_t i;
3604
3605 for (i = 0; i < *retnsaddr; i++) {
3606 qapi_free_SocketAddress((*retsaddr)[i]);
3607 }
3608 g_free(*retsaddr);
3609
3610 *retsaddr = NULL;
3611 *retnsaddr = 0;
3612 }
3613
3614 static int vnc_display_get_addresses(QemuOpts *opts,
3615 bool reverse,
3616 SocketAddress ***retsaddr,
3617 size_t *retnsaddr,
3618 SocketAddress ***retwsaddr,
3619 size_t *retnwsaddr,
3620 Error **errp)
3621 {
3622 SocketAddress *saddr = NULL;
3623 SocketAddress *wsaddr = NULL;
3624 QemuOptsIter addriter;
3625 const char *addr;
3626 int to = qemu_opt_get_number(opts, "to", 0);
3627 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3628 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3629 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3630 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3631 int displaynum = -1;
3632 int ret = -1;
3633
3634 *retsaddr = NULL;
3635 *retnsaddr = 0;
3636 *retwsaddr = NULL;
3637 *retnwsaddr = 0;
3638
3639 addr = qemu_opt_get(opts, "vnc");
3640 if (addr == NULL || g_str_equal(addr, "none")) {
3641 ret = 0;
3642 goto cleanup;
3643 }
3644 if (qemu_opt_get(opts, "websocket") &&
3645 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3646 error_setg(errp,
3647 "SHA1 hash support is required for websockets");
3648 goto cleanup;
3649 }
3650
3651 qemu_opt_iter_init(&addriter, opts, "vnc");
3652 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3653 int rv;
3654 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3655 has_ipv4, has_ipv6,
3656 ipv4, ipv6,
3657 &saddr, errp);
3658 if (rv < 0) {
3659 goto cleanup;
3660 }
3661 /* Historical compat - first listen address can be used
3662 * to set the default websocket port
3663 */
3664 if (displaynum == -1) {
3665 displaynum = rv;
3666 }
3667 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3668 (*retsaddr)[(*retnsaddr)++] = saddr;
3669 }
3670
3671 /* If we had multiple primary displays, we don't do defaults
3672 * for websocket, and require explicit config instead. */
3673 if (*retnsaddr > 1) {
3674 displaynum = -1;
3675 }
3676
3677 qemu_opt_iter_init(&addriter, opts, "websocket");
3678 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3679 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3680 has_ipv4, has_ipv6,
3681 ipv4, ipv6,
3682 &wsaddr, errp) < 0) {
3683 goto cleanup;
3684 }
3685
3686 /* Historical compat - if only a single listen address was
3687 * provided, then this is used to set the default listen
3688 * address for websocket too
3689 */
3690 if (*retnsaddr == 1 &&
3691 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3692 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3693 g_str_equal(wsaddr->u.inet.host, "") &&
3694 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3695 g_free(wsaddr->u.inet.host);
3696 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3697 }
3698
3699 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3700 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3701 }
3702
3703 ret = 0;
3704 cleanup:
3705 if (ret < 0) {
3706 vnc_free_addresses(retsaddr, retnsaddr);
3707 vnc_free_addresses(retwsaddr, retnwsaddr);
3708 }
3709 return ret;
3710 }
3711
3712 static int vnc_display_connect(VncDisplay *vd,
3713 SocketAddress **saddr,
3714 size_t nsaddr,
3715 SocketAddress **wsaddr,
3716 size_t nwsaddr,
3717 Error **errp)
3718 {
3719 /* connect to viewer */
3720 QIOChannelSocket *sioc = NULL;
3721 if (nwsaddr != 0) {
3722 error_setg(errp, "Cannot use websockets in reverse mode");
3723 return -1;
3724 }
3725 if (nsaddr != 1) {
3726 error_setg(errp, "Expected a single address in reverse mode");
3727 return -1;
3728 }
3729 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3730 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3731 sioc = qio_channel_socket_new();
3732 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3733 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3734 return -1;
3735 }
3736 vnc_connect(vd, sioc, false, false);
3737 object_unref(OBJECT(sioc));
3738 return 0;
3739 }
3740
3741
3742 static int vnc_display_listen(VncDisplay *vd,
3743 SocketAddress **saddr,
3744 size_t nsaddr,
3745 SocketAddress **wsaddr,
3746 size_t nwsaddr,
3747 Error **errp)
3748 {
3749 size_t i;
3750
3751 if (nsaddr) {
3752 vd->listener = qio_net_listener_new();
3753 qio_net_listener_set_name(vd->listener, "vnc-listen");
3754 for (i = 0; i < nsaddr; i++) {
3755 if (qio_net_listener_open_sync(vd->listener,
3756 saddr[i], 1,
3757 errp) < 0) {
3758 return -1;
3759 }
3760 }
3761
3762 qio_net_listener_set_client_func(vd->listener,
3763 vnc_listen_io, vd, NULL);
3764 }
3765
3766 if (nwsaddr) {
3767 vd->wslistener = qio_net_listener_new();
3768 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3769 for (i = 0; i < nwsaddr; i++) {
3770 if (qio_net_listener_open_sync(vd->wslistener,
3771 wsaddr[i], 1,
3772 errp) < 0) {
3773 return -1;
3774 }
3775 }
3776
3777 qio_net_listener_set_client_func(vd->wslistener,
3778 vnc_listen_io, vd, NULL);
3779 }
3780
3781 return 0;
3782 }
3783
3784
3785 void vnc_display_open(const char *id, Error **errp)
3786 {
3787 VncDisplay *vd = vnc_display_find(id);
3788 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3789 SocketAddress **saddr = NULL, **wsaddr = NULL;
3790 size_t nsaddr, nwsaddr;
3791 const char *share, *device_id;
3792 QemuConsole *con;
3793 bool password = false;
3794 bool reverse = false;
3795 const char *credid;
3796 bool sasl = false;
3797 int acl = 0;
3798 const char *tlsauthz;
3799 const char *saslauthz;
3800 int lock_key_sync = 1;
3801 int key_delay_ms;
3802 const char *audiodev;
3803
3804 if (!vd) {
3805 error_setg(errp, "VNC display not active");
3806 return;
3807 }
3808 vnc_display_close(vd);
3809
3810 if (!opts) {
3811 return;
3812 }
3813
3814 reverse = qemu_opt_get_bool(opts, "reverse", false);
3815 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3816 &wsaddr, &nwsaddr, errp) < 0) {
3817 goto fail;
3818 }
3819
3820 password = qemu_opt_get_bool(opts, "password", false);
3821 if (password) {
3822 if (fips_get_state()) {
3823 error_setg(errp,
3824 "VNC password auth disabled due to FIPS mode, "
3825 "consider using the VeNCrypt or SASL authentication "
3826 "methods as an alternative");
3827 goto fail;
3828 }
3829 if (!qcrypto_cipher_supports(
3830 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3831 error_setg(errp,
3832 "Cipher backend does not support DES RFB algorithm");
3833 goto fail;
3834 }
3835 }
3836
3837 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3838 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3839 sasl = qemu_opt_get_bool(opts, "sasl", false);
3840 #ifndef CONFIG_VNC_SASL
3841 if (sasl) {
3842 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3843 goto fail;
3844 }
3845 #endif /* CONFIG_VNC_SASL */
3846 credid = qemu_opt_get(opts, "tls-creds");
3847 if (credid) {
3848 Object *creds;
3849 creds = object_resolve_path_component(
3850 object_get_objects_root(), credid);
3851 if (!creds) {
3852 error_setg(errp, "No TLS credentials with id '%s'",
3853 credid);
3854 goto fail;
3855 }
3856 vd->tlscreds = (QCryptoTLSCreds *)
3857 object_dynamic_cast(creds,
3858 TYPE_QCRYPTO_TLS_CREDS);
3859 if (!vd->tlscreds) {
3860 error_setg(errp, "Object with id '%s' is not TLS credentials",
3861 credid);
3862 goto fail;
3863 }
3864 object_ref(OBJECT(vd->tlscreds));
3865
3866 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3867 error_setg(errp,
3868 "Expecting TLS credentials with a server endpoint");
3869 goto fail;
3870 }
3871 }
3872 if (qemu_opt_get(opts, "acl")) {
3873 error_report("The 'acl' option to -vnc is deprecated. "
3874 "Please use the 'tls-authz' and 'sasl-authz' "
3875 "options instead");
3876 }
3877 acl = qemu_opt_get_bool(opts, "acl", false);
3878 tlsauthz = qemu_opt_get(opts, "tls-authz");
3879 if (acl && tlsauthz) {
3880 error_setg(errp, "'acl' option is mutually exclusive with the "
3881 "'tls-authz' option");
3882 goto fail;
3883 }
3884 if (tlsauthz && !vd->tlscreds) {
3885 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
3886 goto fail;
3887 }
3888
3889 saslauthz = qemu_opt_get(opts, "sasl-authz");
3890 if (acl && saslauthz) {
3891 error_setg(errp, "'acl' option is mutually exclusive with the "
3892 "'sasl-authz' option");
3893 goto fail;
3894 }
3895 if (saslauthz && !sasl) {
3896 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
3897 goto fail;
3898 }
3899
3900 share = qemu_opt_get(opts, "share");
3901 if (share) {
3902 if (strcmp(share, "ignore") == 0) {
3903 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3904 } else if (strcmp(share, "allow-exclusive") == 0) {
3905 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3906 } else if (strcmp(share, "force-shared") == 0) {
3907 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3908 } else {
3909 error_setg(errp, "unknown vnc share= option");
3910 goto fail;
3911 }
3912 } else {
3913 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3914 }
3915 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3916
3917 #ifdef CONFIG_VNC_JPEG
3918 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3919 #endif
3920 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3921 /* adaptive updates are only used with tight encoding and
3922 * if lossy updates are enabled so we can disable all the
3923 * calculations otherwise */
3924 if (!vd->lossy) {
3925 vd->non_adaptive = true;
3926 }
3927
3928 if (tlsauthz) {
3929 vd->tlsauthzid = g_strdup(tlsauthz);
3930 } else if (acl) {
3931 if (strcmp(vd->id, "default") == 0) {
3932 vd->tlsauthzid = g_strdup("vnc.x509dname");
3933 } else {
3934 vd->tlsauthzid = g_strdup_printf("vnc.%s.x509dname", vd->id);
3935 }
3936 vd->tlsauthz = QAUTHZ(qauthz_list_new(vd->tlsauthzid,
3937 QAUTHZ_LIST_POLICY_DENY,
3938 &error_abort));
3939 }
3940 #ifdef CONFIG_VNC_SASL
3941 if (sasl) {
3942 if (saslauthz) {
3943 vd->sasl.authzid = g_strdup(saslauthz);
3944 } else if (acl) {
3945 if (strcmp(vd->id, "default") == 0) {
3946 vd->sasl.authzid = g_strdup("vnc.username");
3947 } else {
3948 vd->sasl.authzid = g_strdup_printf("vnc.%s.username", vd->id);
3949 }
3950 vd->sasl.authz = QAUTHZ(qauthz_list_new(vd->sasl.authzid,
3951 QAUTHZ_LIST_POLICY_DENY,
3952 &error_abort));
3953 }
3954 }
3955 #endif
3956
3957 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
3958 vd->tlscreds, password,
3959 sasl, false, errp) < 0) {
3960 goto fail;
3961 }
3962 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
3963
3964 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
3965 vd->tlscreds, password,
3966 sasl, true, errp) < 0) {
3967 goto fail;
3968 }
3969 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
3970
3971 #ifdef CONFIG_VNC_SASL
3972 if (sasl) {
3973 int saslErr = sasl_server_init(NULL, "qemu");
3974
3975 if (saslErr != SASL_OK) {
3976 error_setg(errp, "Failed to initialize SASL auth: %s",
3977 sasl_errstring(saslErr, NULL, NULL));
3978 goto fail;
3979 }
3980 }
3981 #endif
3982 vd->lock_key_sync = lock_key_sync;
3983 if (lock_key_sync) {
3984 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
3985 }
3986 vd->ledstate = 0;
3987
3988 audiodev = qemu_opt_get(opts, "audiodev");
3989 if (audiodev) {
3990 vd->audio_state = audio_state_by_name(audiodev);
3991 if (!vd->audio_state) {
3992 error_setg(errp, "Audiodev '%s' not found", audiodev);
3993 goto fail;
3994 }
3995 }
3996
3997 device_id = qemu_opt_get(opts, "display");
3998 if (device_id) {
3999 int head = qemu_opt_get_number(opts, "head", 0);
4000 Error *err = NULL;
4001
4002 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4003 if (err) {
4004 error_propagate(errp, err);
4005 goto fail;
4006 }
4007 } else {
4008 con = NULL;
4009 }
4010
4011 if (con != vd->dcl.con) {
4012 qkbd_state_free(vd->kbd);
4013 unregister_displaychangelistener(&vd->dcl);
4014 vd->dcl.con = con;
4015 register_displaychangelistener(&vd->dcl);
4016 vd->kbd = qkbd_state_init(vd->dcl.con);
4017 }
4018 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4019
4020 if (saddr == NULL) {
4021 goto cleanup;
4022 }
4023
4024 if (reverse) {
4025 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4026 goto fail;
4027 }
4028 } else {
4029 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4030 goto fail;
4031 }
4032 }
4033
4034 if (qemu_opt_get(opts, "to")) {
4035 vnc_display_print_local_addr(vd);
4036 }
4037
4038 cleanup:
4039 vnc_free_addresses(&saddr, &nsaddr);
4040 vnc_free_addresses(&wsaddr, &nwsaddr);
4041 return;
4042
4043 fail:
4044 vnc_display_close(vd);
4045 goto cleanup;
4046 }
4047
4048 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4049 {
4050 VncDisplay *vd = vnc_display_find(id);
4051 QIOChannelSocket *sioc;
4052
4053 if (!vd) {
4054 return;
4055 }
4056
4057 sioc = qio_channel_socket_new_fd(csock, NULL);
4058 if (sioc) {
4059 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4060 vnc_connect(vd, sioc, skipauth, false);
4061 object_unref(OBJECT(sioc));
4062 }
4063 }
4064
4065 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4066 {
4067 int i = 2;
4068 char *id;
4069
4070 id = g_strdup("default");
4071 while (qemu_opts_find(olist, id)) {
4072 g_free(id);
4073 id = g_strdup_printf("vnc%d", i++);
4074 }
4075 qemu_opts_set_id(opts, id);
4076 }
4077
4078 QemuOpts *vnc_parse(const char *str, Error **errp)
4079 {
4080 QemuOptsList *olist = qemu_find_opts("vnc");
4081 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4082 const char *id;
4083
4084 if (!opts) {
4085 return NULL;
4086 }
4087
4088 id = qemu_opts_id(opts);
4089 if (!id) {
4090 /* auto-assign id if not present */
4091 vnc_auto_assign_id(olist, opts);
4092 }
4093 return opts;
4094 }
4095
4096 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4097 {
4098 Error *local_err = NULL;
4099 char *id = (char *)qemu_opts_id(opts);
4100
4101 assert(id);
4102 vnc_display_init(id, &local_err);
4103 if (local_err) {
4104 error_propagate(errp, local_err);
4105 return -1;
4106 }
4107 vnc_display_open(id, &local_err);
4108 if (local_err != NULL) {
4109 error_propagate(errp, local_err);
4110 return -1;
4111 }
4112 return 0;
4113 }
4114
4115 static void vnc_register_config(void)
4116 {
4117 qemu_add_opts(&qemu_vnc_opts);
4118 }
4119 opts_init(vnc_register_config);