1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev-core.h"
32 #include "system/system.h"
33 #include "system/runstate.h"
34 #include "qemu/error-report.h"
35 #include "qemu/main-loop.h"
36 #include "qemu/module.h"
37 #include "qemu/option.h"
38 #include "qemu/sockets.h"
39 #include "qemu/timer.h"
40 #include "authz/list.h"
41 #include "qemu/config-file.h"
42 #include "qapi/qapi-emit-events.h"
43 #include "qapi/qapi-events-ui.h"
44 #include "qapi/error.h"
45 #include "qapi/qapi-commands-ui.h"
46 #include "ui/input.h"
47 #include "crypto/hash.h"
48 #include "crypto/tlscreds.h"
49 #include "crypto/tlscredsanon.h"
50 #include "crypto/tlscredsx509.h"
51 #include "crypto/random.h"
52 #include "crypto/secret_common.h"
53 #include "qom/object_interfaces.h"
54 #include "qemu/cutils.h"
55 #include "qemu/help_option.h"
56 #include "io/dns-resolver.h"
57 #include "monitor/monitor.h"
58
59 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
60 #define VNC_REFRESH_INTERVAL_INC 50
61 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
62 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
63 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
64
65 #include "vnc_keysym.h"
66 #include "crypto/cipher.h"
67
68 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
69 QTAILQ_HEAD_INITIALIZER(vnc_displays);
70
71 static int vnc_cursor_define(VncState *vs);
72 static void vnc_update_throttle_offset(VncState *vs);
73
vnc_set_share_mode(VncState * vs,VncShareMode mode)74 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
75 {
76 #ifdef _VNC_DEBUG
77 static const char *mn[] = {
78 [0] = "undefined",
79 [VNC_SHARE_MODE_CONNECTING] = "connecting",
80 [VNC_SHARE_MODE_SHARED] = "shared",
81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
83 };
84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
85 vs->ioc, mn[vs->share_mode], mn[mode]);
86 #endif
87
88 switch (vs->share_mode) {
89 case VNC_SHARE_MODE_CONNECTING:
90 vs->vd->num_connecting--;
91 break;
92 case VNC_SHARE_MODE_SHARED:
93 vs->vd->num_shared--;
94 break;
95 case VNC_SHARE_MODE_EXCLUSIVE:
96 vs->vd->num_exclusive--;
97 break;
98 default:
99 break;
100 }
101
102 vs->share_mode = mode;
103
104 switch (vs->share_mode) {
105 case VNC_SHARE_MODE_CONNECTING:
106 vs->vd->num_connecting++;
107 break;
108 case VNC_SHARE_MODE_SHARED:
109 vs->vd->num_shared++;
110 break;
111 case VNC_SHARE_MODE_EXCLUSIVE:
112 vs->vd->num_exclusive++;
113 break;
114 default:
115 break;
116 }
117 }
118
119
vnc_init_basic_info(SocketAddress * addr,VncBasicInfo * info,Error ** errp)120 static void vnc_init_basic_info(SocketAddress *addr,
121 VncBasicInfo *info,
122 Error **errp)
123 {
124 switch (addr->type) {
125 case SOCKET_ADDRESS_TYPE_INET:
126 info->host = g_strdup(addr->u.inet.host);
127 info->service = g_strdup(addr->u.inet.port);
128 if (addr->u.inet.ipv6) {
129 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
130 } else {
131 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
132 }
133 break;
134
135 case SOCKET_ADDRESS_TYPE_UNIX:
136 info->host = g_strdup("");
137 info->service = g_strdup(addr->u.q_unix.path);
138 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
139 break;
140
141 case SOCKET_ADDRESS_TYPE_VSOCK:
142 case SOCKET_ADDRESS_TYPE_FD:
143 error_setg(errp, "Unsupported socket address type %s",
144 SocketAddressType_str(addr->type));
145 break;
146 default:
147 abort();
148 }
149 }
150
vnc_init_basic_info_from_server_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)151 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
152 VncBasicInfo *info,
153 Error **errp)
154 {
155 SocketAddress *addr = NULL;
156
157 if (!ioc) {
158 error_setg(errp, "No listener socket available");
159 return;
160 }
161
162 addr = qio_channel_socket_get_local_address(ioc, errp);
163 if (!addr) {
164 return;
165 }
166
167 vnc_init_basic_info(addr, info, errp);
168 qapi_free_SocketAddress(addr);
169 }
170
vnc_init_basic_info_from_remote_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)171 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
172 VncBasicInfo *info,
173 Error **errp)
174 {
175 SocketAddress *addr = NULL;
176
177 addr = qio_channel_socket_get_remote_address(ioc, errp);
178 if (!addr) {
179 return;
180 }
181
182 vnc_init_basic_info(addr, info, errp);
183 qapi_free_SocketAddress(addr);
184 }
185
vnc_auth_name(VncDisplay * vd)186 static const char *vnc_auth_name(VncDisplay *vd) {
187 switch (vd->auth) {
188 case VNC_AUTH_INVALID:
189 return "invalid";
190 case VNC_AUTH_NONE:
191 return "none";
192 case VNC_AUTH_VNC:
193 return "vnc";
194 case VNC_AUTH_RA2:
195 return "ra2";
196 case VNC_AUTH_RA2NE:
197 return "ra2ne";
198 case VNC_AUTH_TIGHT:
199 return "tight";
200 case VNC_AUTH_ULTRA:
201 return "ultra";
202 case VNC_AUTH_TLS:
203 return "tls";
204 case VNC_AUTH_VENCRYPT:
205 switch (vd->subauth) {
206 case VNC_AUTH_VENCRYPT_PLAIN:
207 return "vencrypt+plain";
208 case VNC_AUTH_VENCRYPT_TLSNONE:
209 return "vencrypt+tls+none";
210 case VNC_AUTH_VENCRYPT_TLSVNC:
211 return "vencrypt+tls+vnc";
212 case VNC_AUTH_VENCRYPT_TLSPLAIN:
213 return "vencrypt+tls+plain";
214 case VNC_AUTH_VENCRYPT_X509NONE:
215 return "vencrypt+x509+none";
216 case VNC_AUTH_VENCRYPT_X509VNC:
217 return "vencrypt+x509+vnc";
218 case VNC_AUTH_VENCRYPT_X509PLAIN:
219 return "vencrypt+x509+plain";
220 case VNC_AUTH_VENCRYPT_TLSSASL:
221 return "vencrypt+tls+sasl";
222 case VNC_AUTH_VENCRYPT_X509SASL:
223 return "vencrypt+x509+sasl";
224 default:
225 return "vencrypt";
226 }
227 case VNC_AUTH_SASL:
228 return "sasl";
229 }
230 return "unknown";
231 }
232
vnc_server_info_get(VncDisplay * vd)233 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
234 {
235 VncServerInfo *info;
236 Error *err = NULL;
237
238 if (!vd->listener || !vd->listener->nsioc) {
239 return NULL;
240 }
241
242 info = g_malloc0(sizeof(*info));
243 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
244 qapi_VncServerInfo_base(info), &err);
245 info->auth = g_strdup(vnc_auth_name(vd));
246 if (err) {
247 qapi_free_VncServerInfo(info);
248 info = NULL;
249 error_free(err);
250 }
251 return info;
252 }
253
vnc_client_cache_auth(VncState * client)254 static void vnc_client_cache_auth(VncState *client)
255 {
256 if (!client->info) {
257 return;
258 }
259
260 if (client->tls) {
261 client->info->x509_dname =
262 qcrypto_tls_session_get_peer_name(client->tls);
263 }
264 #ifdef CONFIG_VNC_SASL
265 if (client->sasl.conn &&
266 client->sasl.username) {
267 client->info->sasl_username = g_strdup(client->sasl.username);
268 }
269 #endif
270 }
271
vnc_client_cache_addr(VncState * client)272 static void vnc_client_cache_addr(VncState *client)
273 {
274 Error *err = NULL;
275
276 client->info = g_malloc0(sizeof(*client->info));
277 vnc_init_basic_info_from_remote_addr(client->sioc,
278 qapi_VncClientInfo_base(client->info),
279 &err);
280 client->info->websocket = client->websocket;
281 if (err) {
282 qapi_free_VncClientInfo(client->info);
283 client->info = NULL;
284 error_free(err);
285 }
286 }
287
vnc_qmp_event(VncState * vs,QAPIEvent event)288 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
289 {
290 VncServerInfo *si;
291
292 if (!vs->info) {
293 return;
294 }
295
296 si = vnc_server_info_get(vs->vd);
297 if (!si) {
298 return;
299 }
300
301 switch (event) {
302 case QAPI_EVENT_VNC_CONNECTED:
303 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
304 break;
305 case QAPI_EVENT_VNC_INITIALIZED:
306 qapi_event_send_vnc_initialized(si, vs->info);
307 break;
308 case QAPI_EVENT_VNC_DISCONNECTED:
309 qapi_event_send_vnc_disconnected(si, vs->info);
310 break;
311 default:
312 break;
313 }
314
315 qapi_free_VncServerInfo(si);
316 }
317
qmp_query_vnc_client(const VncState * client)318 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
319 {
320 VncClientInfo *info;
321 Error *err = NULL;
322
323 info = g_malloc0(sizeof(*info));
324
325 vnc_init_basic_info_from_remote_addr(client->sioc,
326 qapi_VncClientInfo_base(info),
327 &err);
328 if (err) {
329 error_free(err);
330 qapi_free_VncClientInfo(info);
331 return NULL;
332 }
333
334 info->websocket = client->websocket;
335
336 if (client->tls) {
337 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
338 }
339 #ifdef CONFIG_VNC_SASL
340 if (client->sasl.conn && client->sasl.username) {
341 info->sasl_username = g_strdup(client->sasl.username);
342 }
343 #endif
344
345 return info;
346 }
347
vnc_display_find(const char * id)348 static VncDisplay *vnc_display_find(const char *id)
349 {
350 VncDisplay *vd;
351
352 if (id == NULL) {
353 return QTAILQ_FIRST(&vnc_displays);
354 }
355 QTAILQ_FOREACH(vd, &vnc_displays, next) {
356 if (strcmp(id, vd->id) == 0) {
357 return vd;
358 }
359 }
360 return NULL;
361 }
362
qmp_query_client_list(VncDisplay * vd)363 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
364 {
365 VncClientInfoList *prev = NULL;
366 VncState *client;
367
368 QTAILQ_FOREACH(client, &vd->clients, next) {
369 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client));
370 }
371 return prev;
372 }
373
qmp_query_vnc(Error ** errp)374 VncInfo *qmp_query_vnc(Error **errp)
375 {
376 VncInfo *info = g_malloc0(sizeof(*info));
377 VncDisplay *vd = vnc_display_find(NULL);
378 SocketAddress *addr = NULL;
379
380 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
381 info->enabled = false;
382 } else {
383 info->enabled = true;
384
385 /* for compatibility with the original command */
386 info->has_clients = true;
387 info->clients = qmp_query_client_list(vd);
388
389 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
390 errp);
391 if (!addr) {
392 goto out_error;
393 }
394
395 switch (addr->type) {
396 case SOCKET_ADDRESS_TYPE_INET:
397 info->host = g_strdup(addr->u.inet.host);
398 info->service = g_strdup(addr->u.inet.port);
399 if (addr->u.inet.ipv6) {
400 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
401 } else {
402 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
403 }
404 break;
405
406 case SOCKET_ADDRESS_TYPE_UNIX:
407 info->host = g_strdup("");
408 info->service = g_strdup(addr->u.q_unix.path);
409 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
410 break;
411
412 case SOCKET_ADDRESS_TYPE_VSOCK:
413 case SOCKET_ADDRESS_TYPE_FD:
414 error_setg(errp, "Unsupported socket address type %s",
415 SocketAddressType_str(addr->type));
416 goto out_error;
417 default:
418 abort();
419 }
420
421 info->has_family = true;
422
423 info->auth = g_strdup(vnc_auth_name(vd));
424 }
425
426 qapi_free_SocketAddress(addr);
427 return info;
428
429 out_error:
430 qapi_free_SocketAddress(addr);
431 qapi_free_VncInfo(info);
432 return NULL;
433 }
434
435
436 static void qmp_query_auth(int auth, int subauth,
437 VncPrimaryAuth *qmp_auth,
438 VncVencryptSubAuth *qmp_vencrypt,
439 bool *qmp_has_vencrypt);
440
qmp_query_server_entry(QIOChannelSocket * ioc,bool websocket,int auth,int subauth,VncServerInfo2List * prev)441 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
442 bool websocket,
443 int auth,
444 int subauth,
445 VncServerInfo2List *prev)
446 {
447 VncServerInfo2 *info;
448 Error *err = NULL;
449 SocketAddress *addr;
450
451 addr = qio_channel_socket_get_local_address(ioc, NULL);
452 if (!addr) {
453 return prev;
454 }
455
456 info = g_new0(VncServerInfo2, 1);
457 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
458 qapi_free_SocketAddress(addr);
459 if (err) {
460 qapi_free_VncServerInfo2(info);
461 error_free(err);
462 return prev;
463 }
464 info->websocket = websocket;
465
466 qmp_query_auth(auth, subauth, &info->auth,
467 &info->vencrypt, &info->has_vencrypt);
468
469 QAPI_LIST_PREPEND(prev, info);
470 return prev;
471 }
472
qmp_query_auth(int auth,int subauth,VncPrimaryAuth * qmp_auth,VncVencryptSubAuth * qmp_vencrypt,bool * qmp_has_vencrypt)473 static void qmp_query_auth(int auth, int subauth,
474 VncPrimaryAuth *qmp_auth,
475 VncVencryptSubAuth *qmp_vencrypt,
476 bool *qmp_has_vencrypt)
477 {
478 switch (auth) {
479 case VNC_AUTH_VNC:
480 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
481 break;
482 case VNC_AUTH_RA2:
483 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
484 break;
485 case VNC_AUTH_RA2NE:
486 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
487 break;
488 case VNC_AUTH_TIGHT:
489 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
490 break;
491 case VNC_AUTH_ULTRA:
492 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
493 break;
494 case VNC_AUTH_TLS:
495 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
496 break;
497 case VNC_AUTH_VENCRYPT:
498 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
499 *qmp_has_vencrypt = true;
500 switch (subauth) {
501 case VNC_AUTH_VENCRYPT_PLAIN:
502 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
503 break;
504 case VNC_AUTH_VENCRYPT_TLSNONE:
505 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
506 break;
507 case VNC_AUTH_VENCRYPT_TLSVNC:
508 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
509 break;
510 case VNC_AUTH_VENCRYPT_TLSPLAIN:
511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
512 break;
513 case VNC_AUTH_VENCRYPT_X509NONE:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
515 break;
516 case VNC_AUTH_VENCRYPT_X509VNC:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
518 break;
519 case VNC_AUTH_VENCRYPT_X509PLAIN:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
521 break;
522 case VNC_AUTH_VENCRYPT_TLSSASL:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
524 break;
525 case VNC_AUTH_VENCRYPT_X509SASL:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
527 break;
528 default:
529 *qmp_has_vencrypt = false;
530 break;
531 }
532 break;
533 case VNC_AUTH_SASL:
534 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
535 break;
536 case VNC_AUTH_NONE:
537 default:
538 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
539 break;
540 }
541 }
542
qmp_query_vnc_servers(Error ** errp)543 VncInfo2List *qmp_query_vnc_servers(Error **errp)
544 {
545 VncInfo2List *prev = NULL;
546 VncInfo2 *info;
547 VncDisplay *vd;
548 DeviceState *dev;
549 size_t i;
550
551 QTAILQ_FOREACH(vd, &vnc_displays, next) {
552 info = g_new0(VncInfo2, 1);
553 info->id = g_strdup(vd->id);
554 info->clients = qmp_query_client_list(vd);
555 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
556 &info->vencrypt, &info->has_vencrypt);
557 if (vd->dcl.con) {
558 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
559 "device", &error_abort));
560 info->display = g_strdup(dev->id);
561 }
562 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
563 info->server = qmp_query_server_entry(
564 vd->listener->sioc[i], false, vd->auth, vd->subauth,
565 info->server);
566 }
567 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
568 info->server = qmp_query_server_entry(
569 vd->wslistener->sioc[i], true, vd->ws_auth,
570 vd->ws_subauth, info->server);
571 }
572
573 QAPI_LIST_PREPEND(prev, info);
574 }
575 return prev;
576 }
577
vnc_display_reload_certs(const char * id,Error ** errp)578 bool vnc_display_reload_certs(const char *id, Error **errp)
579 {
580 VncDisplay *vd = vnc_display_find(id);
581 QCryptoTLSCredsClass *creds = NULL;
582
583 if (!vd) {
584 error_setg(errp, "Can not find vnc display");
585 return false;
586 }
587
588 if (!vd->tlscreds) {
589 error_setg(errp, "vnc tls is not enabled");
590 return false;
591 }
592
593 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
594 if (creds->reload == NULL) {
595 error_setg(errp, "%s doesn't support to reload TLS credential",
596 object_get_typename(OBJECT(vd->tlscreds)));
597 return false;
598 }
599 if (!creds->reload(vd->tlscreds, errp)) {
600 return false;
601 }
602
603 return true;
604 }
605
606 /* TODO
607 1) Get the queue working for IO.
608 2) there is some weirdness when using the -S option (the screen is grey
609 and not totally invalidated
610 3) resolutions > 1024
611 */
612
613 static int vnc_update_client(VncState *vs, int has_dirty);
614 static void vnc_disconnect_start(VncState *vs);
615
616 static void vnc_colordepth(VncState *vs);
617 static void framebuffer_update_request(VncState *vs, int incremental,
618 int x_position, int y_position,
619 int w, int h);
620 static void vnc_refresh(DisplayChangeListener *dcl);
621 static int vnc_refresh_server_surface(VncDisplay *vd);
622
vnc_width(VncDisplay * vd)623 static int vnc_width(VncDisplay *vd)
624 {
625 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
626 VNC_DIRTY_PIXELS_PER_BIT));
627 }
628
vnc_true_width(VncDisplay * vd)629 static int vnc_true_width(VncDisplay *vd)
630 {
631 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds));
632 }
633
vnc_height(VncDisplay * vd)634 static int vnc_height(VncDisplay *vd)
635 {
636 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
637 }
638
639 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
640 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
641 VncDisplay *vd,
642 int x, int y, int w, int h)
643 {
644 int width = vnc_width(vd);
645 int height = vnc_height(vd);
646
647 /* this is needed this to ensure we updated all affected
648 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
649 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
650 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
651
652 x = MIN(x, width);
653 y = MIN(y, height);
654 w = MIN(x + w, width) - x;
655 h = MIN(y + h, height);
656
657 for (; y < h; y++) {
658 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
659 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
660 }
661 }
662
vnc_dpy_update(DisplayChangeListener * dcl,int x,int y,int w,int h)663 static void vnc_dpy_update(DisplayChangeListener *dcl,
664 int x, int y, int w, int h)
665 {
666 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
667 struct VncSurface *s = &vd->guest;
668
669 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
670 }
671
vnc_framebuffer_update(VncState * vs,int x,int y,int w,int h,int32_t encoding)672 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
673 int32_t encoding)
674 {
675 vnc_write_u16(vs, x);
676 vnc_write_u16(vs, y);
677 vnc_write_u16(vs, w);
678 vnc_write_u16(vs, h);
679
680 vnc_write_s32(vs, encoding);
681 }
682
vnc_desktop_resize_ext(VncState * vs,int reject_reason)683 static void vnc_desktop_resize_ext(VncState *vs, int reject_reason)
684 {
685 trace_vnc_msg_server_ext_desktop_resize(
686 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason);
687
688 vnc_lock_output(vs);
689 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
690 vnc_write_u8(vs, 0);
691 vnc_write_u16(vs, 1); /* number of rects */
692 vnc_framebuffer_update(vs,
693 reject_reason ? 1 : 0,
694 reject_reason,
695 vs->client_width, vs->client_height,
696 VNC_ENCODING_DESKTOP_RESIZE_EXT);
697 vnc_write_u8(vs, 1); /* number of screens */
698 vnc_write_u8(vs, 0); /* padding */
699 vnc_write_u8(vs, 0); /* padding */
700 vnc_write_u8(vs, 0); /* padding */
701 vnc_write_u32(vs, 0); /* screen id */
702 vnc_write_u16(vs, 0); /* screen x-pos */
703 vnc_write_u16(vs, 0); /* screen y-pos */
704 vnc_write_u16(vs, vs->client_width);
705 vnc_write_u16(vs, vs->client_height);
706 vnc_write_u32(vs, 0); /* screen flags */
707 vnc_unlock_output(vs);
708 vnc_flush(vs);
709 }
710
vnc_desktop_resize(VncState * vs)711 static void vnc_desktop_resize(VncState *vs)
712 {
713 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) &&
714 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) {
715 return;
716 }
717 if (vs->client_width == vs->vd->true_width &&
718 vs->client_height == pixman_image_get_height(vs->vd->server)) {
719 return;
720 }
721
722 assert(vs->vd->true_width < 65536 &&
723 vs->vd->true_width >= 0);
724 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
725 pixman_image_get_height(vs->vd->server) >= 0);
726 vs->client_width = vs->vd->true_width;
727 vs->client_height = pixman_image_get_height(vs->vd->server);
728
729 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
730 vnc_desktop_resize_ext(vs, 0);
731 return;
732 }
733
734 trace_vnc_msg_server_desktop_resize(
735 vs, vs->ioc, vs->client_width, vs->client_height);
736
737 vnc_lock_output(vs);
738 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
739 vnc_write_u8(vs, 0);
740 vnc_write_u16(vs, 1); /* number of rects */
741 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
742 VNC_ENCODING_DESKTOPRESIZE);
743 vnc_unlock_output(vs);
744 vnc_flush(vs);
745 }
746
vnc_abort_display_jobs(VncDisplay * vd)747 static void vnc_abort_display_jobs(VncDisplay *vd)
748 {
749 VncState *vs;
750
751 QTAILQ_FOREACH(vs, &vd->clients, next) {
752 vnc_lock_output(vs);
753 vs->abort = true;
754 vnc_unlock_output(vs);
755 }
756 QTAILQ_FOREACH(vs, &vd->clients, next) {
757 vnc_jobs_join(vs);
758 }
759 QTAILQ_FOREACH(vs, &vd->clients, next) {
760 vnc_lock_output(vs);
761 if (vs->update == VNC_STATE_UPDATE_NONE &&
762 vs->job_update != VNC_STATE_UPDATE_NONE) {
763 /* job aborted before completion */
764 vs->update = vs->job_update;
765 vs->job_update = VNC_STATE_UPDATE_NONE;
766 }
767 vs->abort = false;
768 vnc_unlock_output(vs);
769 }
770 }
771
vnc_server_fb_stride(VncDisplay * vd)772 int vnc_server_fb_stride(VncDisplay *vd)
773 {
774 return pixman_image_get_stride(vd->server);
775 }
776
vnc_server_fb_ptr(VncDisplay * vd,int x,int y)777 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
778 {
779 uint8_t *ptr;
780
781 ptr = (uint8_t *)pixman_image_get_data(vd->server);
782 ptr += y * vnc_server_fb_stride(vd);
783 ptr += x * VNC_SERVER_FB_BYTES;
784 return ptr;
785 }
786
vnc_update_server_surface(VncDisplay * vd)787 static void vnc_update_server_surface(VncDisplay *vd)
788 {
789 int width, height;
790
791 qemu_pixman_image_unref(vd->server);
792 vd->server = NULL;
793
794 if (QTAILQ_EMPTY(&vd->clients)) {
795 return;
796 }
797
798 width = vnc_width(vd);
799 height = vnc_height(vd);
800 vd->true_width = vnc_true_width(vd);
801 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
802 width, height,
803 NULL, 0);
804
805 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
806 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
807 width, height);
808 }
809
vnc_check_pageflip(DisplaySurface * s1,DisplaySurface * s2)810 static bool vnc_check_pageflip(DisplaySurface *s1,
811 DisplaySurface *s2)
812 {
813 return (s1 != NULL &&
814 s2 != NULL &&
815 surface_width(s1) == surface_width(s2) &&
816 surface_height(s1) == surface_height(s2) &&
817 surface_format(s1) == surface_format(s2));
818
819 }
820
vnc_dpy_switch(DisplayChangeListener * dcl,DisplaySurface * surface)821 static void vnc_dpy_switch(DisplayChangeListener *dcl,
822 DisplaySurface *surface)
823 {
824 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
825 bool pageflip = vnc_check_pageflip(vd->ds, surface);
826 VncState *vs;
827
828 vnc_abort_display_jobs(vd);
829 vd->ds = surface;
830
831 /* guest surface */
832 qemu_pixman_image_unref(vd->guest.fb);
833 vd->guest.fb = pixman_image_ref(surface->image);
834 vd->guest.format = surface_format(surface);
835
836
837 if (pageflip) {
838 trace_vnc_server_dpy_pageflip(vd,
839 surface_width(surface),
840 surface_height(surface),
841 surface_format(surface));
842 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
843 surface_width(surface),
844 surface_height(surface));
845 return;
846 }
847
848 trace_vnc_server_dpy_recreate(vd,
849 surface_width(surface),
850 surface_height(surface),
851 surface_format(surface));
852 /* server surface */
853 vnc_update_server_surface(vd);
854
855 QTAILQ_FOREACH(vs, &vd->clients, next) {
856 vnc_colordepth(vs);
857 vnc_desktop_resize(vs);
858 vnc_cursor_define(vs);
859 memset(vs->dirty, 0x00, sizeof(vs->dirty));
860 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
861 vnc_width(vd),
862 vnc_height(vd));
863 vnc_update_throttle_offset(vs);
864 }
865 }
866
867 /* fastest code */
vnc_write_pixels_copy(VncState * vs,void * pixels,int size)868 static void vnc_write_pixels_copy(VncState *vs,
869 void *pixels, int size)
870 {
871 vnc_write(vs, pixels, size);
872 }
873
874 /* slowest but generic code. */
vnc_convert_pixel(VncState * vs,uint8_t * buf,uint32_t v)875 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
876 {
877 uint8_t r, g, b;
878
879 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
880 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
881 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
882 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
883 #else
884 # error need some bits here if you change VNC_SERVER_FB_FORMAT
885 #endif
886 v = (r << vs->client_pf.rshift) |
887 (g << vs->client_pf.gshift) |
888 (b << vs->client_pf.bshift);
889 switch (vs->client_pf.bytes_per_pixel) {
890 case 1:
891 buf[0] = v;
892 break;
893 case 2:
894 if (vs->client_endian == G_BIG_ENDIAN) {
895 buf[0] = v >> 8;
896 buf[1] = v;
897 } else {
898 buf[1] = v >> 8;
899 buf[0] = v;
900 }
901 break;
902 default:
903 case 4:
904 if (vs->client_endian == G_BIG_ENDIAN) {
905 buf[0] = v >> 24;
906 buf[1] = v >> 16;
907 buf[2] = v >> 8;
908 buf[3] = v;
909 } else {
910 buf[3] = v >> 24;
911 buf[2] = v >> 16;
912 buf[1] = v >> 8;
913 buf[0] = v;
914 }
915 break;
916 }
917 }
918
vnc_write_pixels_generic(VncState * vs,void * pixels1,int size)919 static void vnc_write_pixels_generic(VncState *vs,
920 void *pixels1, int size)
921 {
922 uint8_t buf[4];
923
924 if (VNC_SERVER_FB_BYTES == 4) {
925 uint32_t *pixels = pixels1;
926 int n, i;
927 n = size >> 2;
928 for (i = 0; i < n; i++) {
929 vnc_convert_pixel(vs, buf, pixels[i]);
930 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
931 }
932 }
933 }
934
vnc_raw_send_framebuffer_update(VncState * vs,int x,int y,int w,int h)935 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
936 {
937 int i;
938 uint8_t *row;
939 VncDisplay *vd = vs->vd;
940
941 row = vnc_server_fb_ptr(vd, x, y);
942 for (i = 0; i < h; i++) {
943 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
944 row += vnc_server_fb_stride(vd);
945 }
946 return 1;
947 }
948
vnc_send_framebuffer_update(VncState * vs,VncWorker * worker,int x,int y,int w,int h)949 int vnc_send_framebuffer_update(VncState *vs, VncWorker *worker,
950 int x, int y, int w, int h)
951 {
952 int n = 0;
953
954 switch(vs->vnc_encoding) {
955 case VNC_ENCODING_ZLIB:
956 n = vnc_zlib_send_framebuffer_update(vs, worker, x, y, w, h);
957 break;
958 case VNC_ENCODING_HEXTILE:
959 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
960 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
961 break;
962 case VNC_ENCODING_TIGHT:
963 n = vnc_tight_send_framebuffer_update(vs, worker, x, y, w, h);
964 break;
965 case VNC_ENCODING_TIGHT_PNG:
966 n = vnc_tight_png_send_framebuffer_update(vs, worker, x, y, w, h);
967 break;
968 case VNC_ENCODING_ZRLE:
969 n = vnc_zrle_send_framebuffer_update(vs, worker, x, y, w, h);
970 break;
971 case VNC_ENCODING_ZYWRLE:
972 n = vnc_zywrle_send_framebuffer_update(vs, worker, x, y, w, h);
973 break;
974 default:
975 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
976 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
977 break;
978 }
979 return n;
980 }
981
vnc_mouse_set(DisplayChangeListener * dcl,int x,int y,bool visible)982 static void vnc_mouse_set(DisplayChangeListener *dcl,
983 int x, int y, bool visible)
984 {
985 /* can we ask the client(s) to move the pointer ??? */
986 }
987
vnc_cursor_define(VncState * vs)988 static int vnc_cursor_define(VncState *vs)
989 {
990 QEMUCursor *c = qemu_console_get_cursor(vs->vd->dcl.con);
991 int isize;
992
993 if (!c) {
994 return -1;
995 }
996
997 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) {
998 vnc_lock_output(vs);
999 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1000 vnc_write_u8(vs, 0); /* padding */
1001 vnc_write_u16(vs, 1); /* # of rects */
1002 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1003 VNC_ENCODING_ALPHA_CURSOR);
1004 vnc_write_s32(vs, VNC_ENCODING_RAW);
1005 vnc_write(vs, c->data, c->width * c->height * 4);
1006 vnc_unlock_output(vs);
1007 return 0;
1008 }
1009 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1010 vnc_lock_output(vs);
1011 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1012 vnc_write_u8(vs, 0); /* padding */
1013 vnc_write_u16(vs, 1); /* # of rects */
1014 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1015 VNC_ENCODING_RICH_CURSOR);
1016 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1017 vnc_write_pixels_generic(vs, c->data, isize);
1018 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1019 vnc_unlock_output(vs);
1020 return 0;
1021 }
1022 return -1;
1023 }
1024
vnc_dpy_cursor_define(DisplayChangeListener * dcl,QEMUCursor * c)1025 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1026 QEMUCursor *c)
1027 {
1028 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1029 VncState *vs;
1030
1031 g_free(vd->cursor_mask);
1032 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1033 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1034 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1035
1036 QTAILQ_FOREACH(vs, &vd->clients, next) {
1037 vnc_cursor_define(vs);
1038 }
1039 }
1040
find_and_clear_dirty_height(VncState * vs,int y,int last_x,int x,int height)1041 static int find_and_clear_dirty_height(VncState *vs,
1042 int y, int last_x, int x, int height)
1043 {
1044 int h;
1045
1046 for (h = 1; h < (height - y); h++) {
1047 if (!test_bit(last_x, vs->dirty[y + h])) {
1048 break;
1049 }
1050 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1051 }
1052
1053 return h;
1054 }
1055
1056 /*
1057 * Figure out how much pending data we should allow in the output
1058 * buffer before we throttle incremental display updates, and/or
1059 * drop audio samples.
1060 *
1061 * We allow for equiv of 1 full display's worth of FB updates,
1062 * and 1 second of audio samples. If audio backlog was larger
1063 * than that the client would already suffering awful audio
1064 * glitches, so dropping samples is no worse really).
1065 */
vnc_update_throttle_offset(VncState * vs)1066 static void vnc_update_throttle_offset(VncState *vs)
1067 {
1068 size_t offset =
1069 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1070
1071 if (vs->audio_cap) {
1072 int bps;
1073 switch (vs->as.fmt) {
1074 default:
1075 case AUDIO_FORMAT_U8:
1076 case AUDIO_FORMAT_S8:
1077 bps = 1;
1078 break;
1079 case AUDIO_FORMAT_U16:
1080 case AUDIO_FORMAT_S16:
1081 bps = 2;
1082 break;
1083 case AUDIO_FORMAT_U32:
1084 case AUDIO_FORMAT_S32:
1085 bps = 4;
1086 break;
1087 }
1088 offset += vs->as.freq * bps * vs->as.nchannels;
1089 }
1090
1091 /* Put a floor of 1MB on offset, so that if we have a large pending
1092 * buffer and the display is resized to a small size & back again
1093 * we don't suddenly apply a tiny send limit
1094 */
1095 offset = MAX(offset, 1024 * 1024);
1096
1097 if (vs->throttle_output_offset != offset) {
1098 trace_vnc_client_throttle_threshold(
1099 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1100 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1101 }
1102
1103 vs->throttle_output_offset = offset;
1104 }
1105
vnc_should_update(VncState * vs)1106 static bool vnc_should_update(VncState *vs)
1107 {
1108 switch (vs->update) {
1109 case VNC_STATE_UPDATE_NONE:
1110 break;
1111 case VNC_STATE_UPDATE_INCREMENTAL:
1112 /* Only allow incremental updates if the pending send queue
1113 * is less than the permitted threshold, and the job worker
1114 * is completely idle.
1115 */
1116 if (vs->output.offset < vs->throttle_output_offset &&
1117 vs->job_update == VNC_STATE_UPDATE_NONE) {
1118 return true;
1119 }
1120 trace_vnc_client_throttle_incremental(
1121 vs, vs->ioc, vs->job_update, vs->output.offset);
1122 break;
1123 case VNC_STATE_UPDATE_FORCE:
1124 /* Only allow forced updates if the pending send queue
1125 * does not contain a previous forced update, and the
1126 * job worker is completely idle.
1127 *
1128 * Note this means we'll queue a forced update, even if
1129 * the output buffer size is otherwise over the throttle
1130 * output limit.
1131 */
1132 if (vs->force_update_offset == 0 &&
1133 vs->job_update == VNC_STATE_UPDATE_NONE) {
1134 return true;
1135 }
1136 trace_vnc_client_throttle_forced(
1137 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1138 break;
1139 }
1140 return false;
1141 }
1142
vnc_update_client(VncState * vs,int has_dirty)1143 static int vnc_update_client(VncState *vs, int has_dirty)
1144 {
1145 VncDisplay *vd = vs->vd;
1146 VncJob *job;
1147 int y;
1148 int height, width;
1149 int n = 0;
1150
1151 if (vs->disconnecting) {
1152 vnc_disconnect_finish(vs);
1153 return 0;
1154 }
1155
1156 vs->has_dirty += has_dirty;
1157 if (!vnc_should_update(vs)) {
1158 return 0;
1159 }
1160
1161 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1162 return 0;
1163 }
1164
1165 /*
1166 * Send screen updates to the vnc client using the server
1167 * surface and server dirty map. guest surface updates
1168 * happening in parallel don't disturb us, the next pass will
1169 * send them to the client.
1170 */
1171 job = vnc_job_new(vs);
1172
1173 height = pixman_image_get_height(vd->server);
1174 width = pixman_image_get_width(vd->server);
1175
1176 y = 0;
1177 for (;;) {
1178 int x, h;
1179 unsigned long x2;
1180 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1181 height * VNC_DIRTY_BPL(vs),
1182 y * VNC_DIRTY_BPL(vs));
1183 if (offset == height * VNC_DIRTY_BPL(vs)) {
1184 /* no more dirty bits */
1185 break;
1186 }
1187 y = offset / VNC_DIRTY_BPL(vs);
1188 x = offset % VNC_DIRTY_BPL(vs);
1189 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1190 VNC_DIRTY_BPL(vs), x);
1191 bitmap_clear(vs->dirty[y], x, x2 - x);
1192 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1193 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1194 if (x2 > x) {
1195 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1196 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1197 }
1198 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1199 y += h;
1200 if (y == height) {
1201 break;
1202 }
1203 }
1204 }
1205
1206 vs->job_update = vs->update;
1207 vs->update = VNC_STATE_UPDATE_NONE;
1208 vnc_job_push(job);
1209 vs->has_dirty = 0;
1210 return n;
1211 }
1212
1213 /* audio */
audio_capture_notify(void * opaque,audcnotification_e cmd)1214 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1215 {
1216 VncState *vs = opaque;
1217
1218 assert(vs->magic == VNC_MAGIC);
1219 switch (cmd) {
1220 case AUD_CNOTIFY_DISABLE:
1221 trace_vnc_msg_server_audio_end(vs, vs->ioc);
1222 vnc_lock_output(vs);
1223 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1224 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1225 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1226 vnc_unlock_output(vs);
1227 vnc_flush(vs);
1228 break;
1229
1230 case AUD_CNOTIFY_ENABLE:
1231 trace_vnc_msg_server_audio_begin(vs, vs->ioc);
1232 vnc_lock_output(vs);
1233 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1234 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1235 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1236 vnc_unlock_output(vs);
1237 vnc_flush(vs);
1238 break;
1239 }
1240 }
1241
audio_capture_destroy(void * opaque)1242 static void audio_capture_destroy(void *opaque)
1243 {
1244 }
1245
audio_capture(void * opaque,const void * buf,int size)1246 static void audio_capture(void *opaque, const void *buf, int size)
1247 {
1248 VncState *vs = opaque;
1249
1250 assert(vs->magic == VNC_MAGIC);
1251 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size);
1252 vnc_lock_output(vs);
1253 if (vs->output.offset < vs->throttle_output_offset) {
1254 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1255 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1256 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1257 vnc_write_u32(vs, size);
1258 vnc_write(vs, buf, size);
1259 } else {
1260 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1261 }
1262 vnc_unlock_output(vs);
1263 vnc_flush(vs);
1264 }
1265
audio_add(VncState * vs)1266 static void audio_add(VncState *vs)
1267 {
1268 struct audio_capture_ops ops;
1269
1270 if (vs->audio_cap) {
1271 error_report("audio already running");
1272 return;
1273 }
1274
1275 ops.notify = audio_capture_notify;
1276 ops.destroy = audio_capture_destroy;
1277 ops.capture = audio_capture;
1278
1279 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1280 if (!vs->audio_cap) {
1281 error_report("Failed to add audio capture");
1282 }
1283 }
1284
audio_del(VncState * vs)1285 static void audio_del(VncState *vs)
1286 {
1287 if (vs->audio_cap) {
1288 AUD_del_capture(vs->audio_cap, vs);
1289 vs->audio_cap = NULL;
1290 }
1291 }
1292
vnc_disconnect_start(VncState * vs)1293 static void vnc_disconnect_start(VncState *vs)
1294 {
1295 if (vs->disconnecting) {
1296 return;
1297 }
1298 trace_vnc_client_disconnect_start(vs, vs->ioc);
1299 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1300 if (vs->ioc_tag) {
1301 g_source_remove(vs->ioc_tag);
1302 vs->ioc_tag = 0;
1303 }
1304 qio_channel_close(vs->ioc, NULL);
1305 vs->disconnecting = TRUE;
1306 }
1307
vnc_disconnect_finish(VncState * vs)1308 void vnc_disconnect_finish(VncState *vs)
1309 {
1310 VncConnection *vc = container_of(vs, VncConnection, vs);
1311
1312 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1313
1314 vnc_jobs_join(vs); /* Wait encoding jobs */
1315
1316 vnc_lock_output(vs);
1317 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1318
1319 buffer_free(&vs->input);
1320 buffer_free(&vs->output);
1321
1322 qapi_free_VncClientInfo(vs->info);
1323
1324 vnc_zlib_clear(&vc->worker);
1325 vnc_tight_clear(&vc->worker);
1326 vnc_zrle_clear(&vc->worker);
1327
1328 #ifdef CONFIG_VNC_SASL
1329 vnc_sasl_client_cleanup(vs);
1330 #endif /* CONFIG_VNC_SASL */
1331 audio_del(vs);
1332 qkbd_state_lift_all_keys(vs->vd->kbd);
1333
1334 if (vs->mouse_mode_notifier.notify != NULL) {
1335 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1336 }
1337 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1338 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1339 /* last client gone */
1340 vnc_update_server_surface(vs->vd);
1341 }
1342 vnc_unlock_output(vs);
1343
1344 if (vs->cbpeer.notifier.notify) {
1345 qemu_clipboard_peer_unregister(&vs->cbpeer);
1346 }
1347
1348 qemu_mutex_destroy(&vs->output_mutex);
1349 if (vs->bh != NULL) {
1350 qemu_bh_delete(vs->bh);
1351 }
1352 buffer_free(&vs->jobs_buffer);
1353
1354 object_unref(OBJECT(vs->ioc));
1355 vs->ioc = NULL;
1356 object_unref(OBJECT(vs->sioc));
1357 vs->sioc = NULL;
1358 vs->magic = 0;
1359 g_free(vc);
1360 }
1361
vnc_client_io_error(VncState * vs,ssize_t ret,Error * err)1362 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1363 {
1364 if (ret <= 0) {
1365 if (ret == 0) {
1366 trace_vnc_client_eof(vs, vs->ioc);
1367 vnc_disconnect_start(vs);
1368 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1369 trace_vnc_client_io_error(vs, vs->ioc,
1370 err ? error_get_pretty(err) : "Unknown");
1371 vnc_disconnect_start(vs);
1372 }
1373
1374 error_free(err);
1375 return 0;
1376 }
1377 return ret;
1378 }
1379
1380
vnc_client_error(VncState * vs)1381 void vnc_client_error(VncState *vs)
1382 {
1383 VNC_DEBUG("Closing down client sock: protocol error\n");
1384 vnc_disconnect_start(vs);
1385 }
1386
1387
1388 /*
1389 * Called to write a chunk of data to the client socket. The data may
1390 * be the raw data, or may have already been encoded by SASL.
1391 * The data will be written either straight onto the socket, or
1392 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1393 *
1394 * NB, it is theoretically possible to have 2 layers of encryption,
1395 * both SASL, and this TLS layer. It is highly unlikely in practice
1396 * though, since SASL encryption will typically be a no-op if TLS
1397 * is active
1398 *
1399 * Returns the number of bytes written, which may be less than
1400 * the requested 'datalen' if the socket would block. Returns
1401 * 0 on I/O error, and disconnects the client socket.
1402 */
vnc_client_write_buf(VncState * vs,const uint8_t * data,size_t datalen)1403 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1404 {
1405 Error *err = NULL;
1406 ssize_t ret;
1407 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1408 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1409 return vnc_client_io_error(vs, ret, err);
1410 }
1411
1412
1413 /*
1414 * Called to write buffered data to the client socket, when not
1415 * using any SASL SSF encryption layers. Will write as much data
1416 * as possible without blocking. If all buffered data is written,
1417 * will switch the FD poll() handler back to read monitoring.
1418 *
1419 * Returns the number of bytes written, which may be less than
1420 * the buffered output data if the socket would block. Returns
1421 * 0 on I/O error, and disconnects the client socket.
1422 */
vnc_client_write_plain(VncState * vs)1423 static size_t vnc_client_write_plain(VncState *vs)
1424 {
1425 size_t offset;
1426 size_t ret;
1427
1428 #ifdef CONFIG_VNC_SASL
1429 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1430 vs->output.buffer, vs->output.capacity, vs->output.offset,
1431 vs->sasl.waitWriteSSF);
1432
1433 if (vs->sasl.conn &&
1434 vs->sasl.runSSF &&
1435 vs->sasl.waitWriteSSF) {
1436 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1437 if (ret)
1438 vs->sasl.waitWriteSSF -= ret;
1439 } else
1440 #endif /* CONFIG_VNC_SASL */
1441 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1442 if (!ret)
1443 return 0;
1444
1445 if (ret >= vs->force_update_offset) {
1446 if (vs->force_update_offset != 0) {
1447 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1448 }
1449 vs->force_update_offset = 0;
1450 } else {
1451 vs->force_update_offset -= ret;
1452 }
1453 offset = vs->output.offset;
1454 buffer_advance(&vs->output, ret);
1455 if (offset >= vs->throttle_output_offset &&
1456 vs->output.offset < vs->throttle_output_offset) {
1457 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1458 }
1459
1460 if (vs->output.offset == 0) {
1461 if (vs->ioc_tag) {
1462 g_source_remove(vs->ioc_tag);
1463 }
1464 vs->ioc_tag = qio_channel_add_watch(
1465 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1466 vnc_client_io, vs, NULL);
1467 }
1468
1469 return ret;
1470 }
1471
1472
1473 /*
1474 * First function called whenever there is data to be written to
1475 * the client socket. Will delegate actual work according to whether
1476 * SASL SSF layers are enabled (thus requiring encryption calls)
1477 */
vnc_client_write_locked(VncState * vs)1478 static void vnc_client_write_locked(VncState *vs)
1479 {
1480 #ifdef CONFIG_VNC_SASL
1481 if (vs->sasl.conn &&
1482 vs->sasl.runSSF &&
1483 !vs->sasl.waitWriteSSF) {
1484 vnc_client_write_sasl(vs);
1485 } else
1486 #endif /* CONFIG_VNC_SASL */
1487 {
1488 vnc_client_write_plain(vs);
1489 }
1490 }
1491
vnc_client_write(VncState * vs)1492 static void vnc_client_write(VncState *vs)
1493 {
1494 assert(vs->magic == VNC_MAGIC);
1495 vnc_lock_output(vs);
1496 if (vs->output.offset) {
1497 vnc_client_write_locked(vs);
1498 } else if (vs->ioc != NULL) {
1499 if (vs->ioc_tag) {
1500 g_source_remove(vs->ioc_tag);
1501 }
1502 vs->ioc_tag = qio_channel_add_watch(
1503 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1504 vnc_client_io, vs, NULL);
1505 }
1506 vnc_unlock_output(vs);
1507 }
1508
vnc_read_when(VncState * vs,VncReadEvent * func,size_t expecting)1509 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1510 {
1511 vs->read_handler = func;
1512 vs->read_handler_expect = expecting;
1513 }
1514
1515
1516 /*
1517 * Called to read a chunk of data from the client socket. The data may
1518 * be the raw data, or may need to be further decoded by SASL.
1519 * The data will be read either straight from to the socket, or
1520 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1521 *
1522 * NB, it is theoretically possible to have 2 layers of encryption,
1523 * both SASL, and this TLS layer. It is highly unlikely in practice
1524 * though, since SASL encryption will typically be a no-op if TLS
1525 * is active
1526 *
1527 * Returns the number of bytes read, which may be less than
1528 * the requested 'datalen' if the socket would block. Returns
1529 * 0 on I/O error or EOF, and disconnects the client socket.
1530 */
vnc_client_read_buf(VncState * vs,uint8_t * data,size_t datalen)1531 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1532 {
1533 ssize_t ret;
1534 Error *err = NULL;
1535 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1536 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1537 return vnc_client_io_error(vs, ret, err);
1538 }
1539
1540
1541 /*
1542 * Called to read data from the client socket to the input buffer,
1543 * when not using any SASL SSF encryption layers. Will read as much
1544 * data as possible without blocking.
1545 *
1546 * Returns the number of bytes read, which may be less than
1547 * the requested 'datalen' if the socket would block. Returns
1548 * 0 on I/O error or EOF, and disconnects the client socket.
1549 */
vnc_client_read_plain(VncState * vs)1550 static size_t vnc_client_read_plain(VncState *vs)
1551 {
1552 size_t ret;
1553 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1554 vs->input.buffer, vs->input.capacity, vs->input.offset);
1555 buffer_reserve(&vs->input, 4096);
1556 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1557 if (!ret)
1558 return 0;
1559 vs->input.offset += ret;
1560 return ret;
1561 }
1562
vnc_jobs_bh(void * opaque)1563 static void vnc_jobs_bh(void *opaque)
1564 {
1565 VncState *vs = opaque;
1566
1567 assert(vs->magic == VNC_MAGIC);
1568 vnc_jobs_consume_buffer(vs);
1569 }
1570
1571 /*
1572 * First function called whenever there is more data to be read from
1573 * the client socket. Will delegate actual work according to whether
1574 * SASL SSF layers are enabled (thus requiring decryption calls)
1575 * Returns 0 on success, -1 if client disconnected
1576 */
vnc_client_read(VncState * vs)1577 static int vnc_client_read(VncState *vs)
1578 {
1579 size_t sz;
1580
1581 #ifdef CONFIG_VNC_SASL
1582 if (vs->sasl.conn && vs->sasl.runSSF)
1583 sz = vnc_client_read_sasl(vs);
1584 else
1585 #endif /* CONFIG_VNC_SASL */
1586 sz = vnc_client_read_plain(vs);
1587 if (!sz) {
1588 if (vs->disconnecting) {
1589 vnc_disconnect_finish(vs);
1590 return -1;
1591 }
1592 return 0;
1593 }
1594
1595 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1596 size_t len = vs->read_handler_expect;
1597 int ret;
1598
1599 ret = vs->read_handler(vs, vs->input.buffer, len);
1600 if (vs->disconnecting) {
1601 vnc_disconnect_finish(vs);
1602 return -1;
1603 }
1604
1605 if (!ret) {
1606 buffer_advance(&vs->input, len);
1607 } else {
1608 vs->read_handler_expect = ret;
1609 }
1610 }
1611 return 0;
1612 }
1613
vnc_client_io(QIOChannel * ioc G_GNUC_UNUSED,GIOCondition condition,void * opaque)1614 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1615 GIOCondition condition, void *opaque)
1616 {
1617 VncState *vs = opaque;
1618
1619 assert(vs->magic == VNC_MAGIC);
1620
1621 if (condition & (G_IO_HUP | G_IO_ERR)) {
1622 vnc_disconnect_start(vs);
1623 return TRUE;
1624 }
1625
1626 if (condition & G_IO_IN) {
1627 if (vnc_client_read(vs) < 0) {
1628 /* vs is free()ed here */
1629 return TRUE;
1630 }
1631 }
1632 if (condition & G_IO_OUT) {
1633 vnc_client_write(vs);
1634 }
1635
1636 if (vs->disconnecting) {
1637 if (vs->ioc_tag != 0) {
1638 g_source_remove(vs->ioc_tag);
1639 }
1640 vs->ioc_tag = 0;
1641 }
1642 return TRUE;
1643 }
1644
1645
1646 /*
1647 * Scale factor to apply to vs->throttle_output_offset when checking for
1648 * hard limit. Worst case normal usage could be x2, if we have a complete
1649 * incremental update and complete forced update in the output buffer.
1650 * So x3 should be good enough, but we pick x5 to be conservative and thus
1651 * (hopefully) never trigger incorrectly.
1652 */
1653 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1654
vnc_write(VncState * vs,const void * data,size_t len)1655 void vnc_write(VncState *vs, const void *data, size_t len)
1656 {
1657 assert(vs->magic == VNC_MAGIC);
1658 if (vs->disconnecting) {
1659 return;
1660 }
1661 /* Protection against malicious client/guest to prevent our output
1662 * buffer growing without bound if client stops reading data. This
1663 * should rarely trigger, because we have earlier throttling code
1664 * which stops issuing framebuffer updates and drops audio data
1665 * if the throttle_output_offset value is exceeded. So we only reach
1666 * this higher level if a huge number of pseudo-encodings get
1667 * triggered while data can't be sent on the socket.
1668 *
1669 * NB throttle_output_offset can be zero during early protocol
1670 * handshake, or from the job thread's VncState clone
1671 */
1672 if (vs->throttle_output_offset != 0 &&
1673 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1674 vs->throttle_output_offset) {
1675 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1676 vs->throttle_output_offset);
1677 vnc_disconnect_start(vs);
1678 return;
1679 }
1680 buffer_reserve(&vs->output, len);
1681
1682 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1683 if (vs->ioc_tag) {
1684 g_source_remove(vs->ioc_tag);
1685 }
1686 vs->ioc_tag = qio_channel_add_watch(
1687 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
1688 vnc_client_io, vs, NULL);
1689 }
1690
1691 buffer_append(&vs->output, data, len);
1692 }
1693
vnc_write_s32(VncState * vs,int32_t value)1694 void vnc_write_s32(VncState *vs, int32_t value)
1695 {
1696 vnc_write_u32(vs, *(uint32_t *)&value);
1697 }
1698
vnc_write_u32(VncState * vs,uint32_t value)1699 void vnc_write_u32(VncState *vs, uint32_t value)
1700 {
1701 uint8_t buf[4];
1702
1703 buf[0] = (value >> 24) & 0xFF;
1704 buf[1] = (value >> 16) & 0xFF;
1705 buf[2] = (value >> 8) & 0xFF;
1706 buf[3] = value & 0xFF;
1707
1708 vnc_write(vs, buf, 4);
1709 }
1710
vnc_write_u16(VncState * vs,uint16_t value)1711 void vnc_write_u16(VncState *vs, uint16_t value)
1712 {
1713 uint8_t buf[2];
1714
1715 buf[0] = (value >> 8) & 0xFF;
1716 buf[1] = value & 0xFF;
1717
1718 vnc_write(vs, buf, 2);
1719 }
1720
vnc_write_u8(VncState * vs,uint8_t value)1721 void vnc_write_u8(VncState *vs, uint8_t value)
1722 {
1723 vnc_write(vs, (char *)&value, 1);
1724 }
1725
vnc_flush(VncState * vs)1726 void vnc_flush(VncState *vs)
1727 {
1728 vnc_lock_output(vs);
1729 if (vs->ioc != NULL && vs->output.offset) {
1730 vnc_client_write_locked(vs);
1731 }
1732 if (vs->disconnecting) {
1733 if (vs->ioc_tag != 0) {
1734 g_source_remove(vs->ioc_tag);
1735 }
1736 vs->ioc_tag = 0;
1737 }
1738 vnc_unlock_output(vs);
1739 }
1740
read_u8(uint8_t * data,size_t offset)1741 static uint8_t read_u8(uint8_t *data, size_t offset)
1742 {
1743 return data[offset];
1744 }
1745
read_u16(uint8_t * data,size_t offset)1746 static uint16_t read_u16(uint8_t *data, size_t offset)
1747 {
1748 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1749 }
1750
read_s32(uint8_t * data,size_t offset)1751 static int32_t read_s32(uint8_t *data, size_t offset)
1752 {
1753 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1754 (data[offset + 2] << 8) | data[offset + 3]);
1755 }
1756
read_u32(uint8_t * data,size_t offset)1757 uint32_t read_u32(uint8_t *data, size_t offset)
1758 {
1759 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1760 (data[offset + 2] << 8) | data[offset + 3]);
1761 }
1762
check_pointer_type_change(Notifier * notifier,void * data)1763 static void check_pointer_type_change(Notifier *notifier, void *data)
1764 {
1765 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1766 int absolute = qemu_input_is_absolute(vs->vd->dcl.con);
1767
1768 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1769 vnc_lock_output(vs);
1770 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1771 vnc_write_u8(vs, 0);
1772 vnc_write_u16(vs, 1);
1773 vnc_framebuffer_update(vs, absolute, 0,
1774 pixman_image_get_width(vs->vd->server),
1775 pixman_image_get_height(vs->vd->server),
1776 VNC_ENCODING_POINTER_TYPE_CHANGE);
1777 vnc_unlock_output(vs);
1778 vnc_flush(vs);
1779 }
1780 vs->absolute = absolute;
1781 }
1782
pointer_event(VncState * vs,int button_mask,int x,int y)1783 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1784 {
1785 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1786 [INPUT_BUTTON_LEFT] = 0x01,
1787 [INPUT_BUTTON_MIDDLE] = 0x02,
1788 [INPUT_BUTTON_RIGHT] = 0x04,
1789 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1790 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1791 };
1792 QemuConsole *con = vs->vd->dcl.con;
1793 int width = pixman_image_get_width(vs->vd->server);
1794 int height = pixman_image_get_height(vs->vd->server);
1795
1796 if (vs->last_bmask != button_mask) {
1797 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1798 vs->last_bmask = button_mask;
1799 }
1800
1801 if (vs->absolute) {
1802 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1803 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1804 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1805 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1806 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1807 } else {
1808 if (vs->last_x != -1) {
1809 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1810 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1811 }
1812 vs->last_x = x;
1813 vs->last_y = y;
1814 }
1815 qemu_input_event_sync();
1816 }
1817
press_key(VncState * vs,QKeyCode qcode)1818 static void press_key(VncState *vs, QKeyCode qcode)
1819 {
1820 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1821 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1822 }
1823
vnc_led_state_change(VncState * vs)1824 static void vnc_led_state_change(VncState *vs)
1825 {
1826 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1827 return;
1828 }
1829
1830 vnc_lock_output(vs);
1831 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1832 vnc_write_u8(vs, 0);
1833 vnc_write_u16(vs, 1);
1834 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1835 vnc_write_u8(vs, vs->vd->ledstate);
1836 vnc_unlock_output(vs);
1837 vnc_flush(vs);
1838 }
1839
kbd_leds(void * opaque,int ledstate)1840 static void kbd_leds(void *opaque, int ledstate)
1841 {
1842 VncDisplay *vd = opaque;
1843 VncState *client;
1844
1845 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1846 (ledstate & QEMU_NUM_LOCK_LED),
1847 (ledstate & QEMU_SCROLL_LOCK_LED));
1848
1849 if (ledstate == vd->ledstate) {
1850 return;
1851 }
1852
1853 vd->ledstate = ledstate;
1854
1855 QTAILQ_FOREACH(client, &vd->clients, next) {
1856 vnc_led_state_change(client);
1857 }
1858 }
1859
do_key_event(VncState * vs,int down,int keycode,int sym)1860 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1861 {
1862 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1863
1864 /* QEMU console switch */
1865 switch (qcode) {
1866 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */
1867 if (down &&
1868 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1869 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1870 QemuConsole *con = qemu_console_lookup_by_index(qcode - Q_KEY_CODE_1);
1871 if (con) {
1872 unregister_displaychangelistener(&vs->vd->dcl);
1873 qkbd_state_switch_console(vs->vd->kbd, con);
1874 vs->vd->dcl.con = con;
1875 register_displaychangelistener(&vs->vd->dcl);
1876 }
1877 return;
1878 }
1879 default:
1880 break;
1881 }
1882
1883 /* Turn off the lock state sync logic if the client support the led
1884 state extension.
1885 */
1886 if (down && vs->vd->lock_key_sync &&
1887 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1888 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1889 /* If the numlock state needs to change then simulate an additional
1890 keypress before sending this one. This will happen if the user
1891 toggles numlock away from the VNC window.
1892 */
1893 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1894 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1895 trace_vnc_key_sync_numlock(true);
1896 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1897 }
1898 } else {
1899 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1900 trace_vnc_key_sync_numlock(false);
1901 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1902 }
1903 }
1904 }
1905
1906 if (down && vs->vd->lock_key_sync &&
1907 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1908 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1909 /* If the capslock state needs to change then simulate an additional
1910 keypress before sending this one. This will happen if the user
1911 toggles capslock away from the VNC window.
1912 */
1913 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1914 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1915 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1916 if (capslock) {
1917 if (uppercase == shift) {
1918 trace_vnc_key_sync_capslock(false);
1919 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1920 }
1921 } else {
1922 if (uppercase != shift) {
1923 trace_vnc_key_sync_capslock(true);
1924 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1925 }
1926 }
1927 }
1928
1929 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1930 if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) {
1931 QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con);
1932 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1933 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1934 /* QEMU console emulation */
1935 if (down) {
1936 switch (keycode) {
1937 case 0x2a: /* Left Shift */
1938 case 0x36: /* Right Shift */
1939 case 0x1d: /* Left CTRL */
1940 case 0x9d: /* Right CTRL */
1941 case 0x38: /* Left ALT */
1942 case 0xb8: /* Right ALT */
1943 break;
1944 case 0xc8:
1945 qemu_text_console_put_keysym(con, QEMU_KEY_UP);
1946 break;
1947 case 0xd0:
1948 qemu_text_console_put_keysym(con, QEMU_KEY_DOWN);
1949 break;
1950 case 0xcb:
1951 qemu_text_console_put_keysym(con, QEMU_KEY_LEFT);
1952 break;
1953 case 0xcd:
1954 qemu_text_console_put_keysym(con, QEMU_KEY_RIGHT);
1955 break;
1956 case 0xd3:
1957 qemu_text_console_put_keysym(con, QEMU_KEY_DELETE);
1958 break;
1959 case 0xc7:
1960 qemu_text_console_put_keysym(con, QEMU_KEY_HOME);
1961 break;
1962 case 0xcf:
1963 qemu_text_console_put_keysym(con, QEMU_KEY_END);
1964 break;
1965 case 0xc9:
1966 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEUP);
1967 break;
1968 case 0xd1:
1969 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEDOWN);
1970 break;
1971
1972 case 0x47:
1973 qemu_text_console_put_keysym(con, numlock ? '7' : QEMU_KEY_HOME);
1974 break;
1975 case 0x48:
1976 qemu_text_console_put_keysym(con, numlock ? '8' : QEMU_KEY_UP);
1977 break;
1978 case 0x49:
1979 qemu_text_console_put_keysym(con, numlock ? '9' : QEMU_KEY_PAGEUP);
1980 break;
1981 case 0x4b:
1982 qemu_text_console_put_keysym(con, numlock ? '4' : QEMU_KEY_LEFT);
1983 break;
1984 case 0x4c:
1985 qemu_text_console_put_keysym(con, '5');
1986 break;
1987 case 0x4d:
1988 qemu_text_console_put_keysym(con, numlock ? '6' : QEMU_KEY_RIGHT);
1989 break;
1990 case 0x4f:
1991 qemu_text_console_put_keysym(con, numlock ? '1' : QEMU_KEY_END);
1992 break;
1993 case 0x50:
1994 qemu_text_console_put_keysym(con, numlock ? '2' : QEMU_KEY_DOWN);
1995 break;
1996 case 0x51:
1997 qemu_text_console_put_keysym(con, numlock ? '3' : QEMU_KEY_PAGEDOWN);
1998 break;
1999 case 0x52:
2000 qemu_text_console_put_keysym(con, '0');
2001 break;
2002 case 0x53:
2003 qemu_text_console_put_keysym(con, numlock ? '.' : QEMU_KEY_DELETE);
2004 break;
2005
2006 case 0xb5:
2007 qemu_text_console_put_keysym(con, '/');
2008 break;
2009 case 0x37:
2010 qemu_text_console_put_keysym(con, '*');
2011 break;
2012 case 0x4a:
2013 qemu_text_console_put_keysym(con, '-');
2014 break;
2015 case 0x4e:
2016 qemu_text_console_put_keysym(con, '+');
2017 break;
2018 case 0x9c:
2019 qemu_text_console_put_keysym(con, '\n');
2020 break;
2021
2022 default:
2023 if (control) {
2024 qemu_text_console_put_keysym(con, sym & 0x1f);
2025 } else {
2026 qemu_text_console_put_keysym(con, sym);
2027 }
2028 break;
2029 }
2030 }
2031 }
2032 }
2033
code2name(int keycode)2034 static const char *code2name(int keycode)
2035 {
2036 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2037 }
2038
key_event(VncState * vs,int down,uint32_t sym)2039 static void key_event(VncState *vs, int down, uint32_t sym)
2040 {
2041 int keycode;
2042 int lsym = sym;
2043
2044 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(vs->vd->dcl.con)) {
2045 lsym = lsym - 'A' + 'a';
2046 }
2047
2048 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2049 vs->vd->kbd, down) & SCANCODE_KEYMASK;
2050 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2051 do_key_event(vs, down, keycode, sym);
2052 }
2053
ext_key_event(VncState * vs,int down,uint32_t sym,uint16_t keycode)2054 static void ext_key_event(VncState *vs, int down,
2055 uint32_t sym, uint16_t keycode)
2056 {
2057 /* if the user specifies a keyboard layout, always use it */
2058 if (keyboard_layout) {
2059 key_event(vs, down, sym);
2060 } else {
2061 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2062 do_key_event(vs, down, keycode, sym);
2063 }
2064 }
2065
framebuffer_update_request(VncState * vs,int incremental,int x,int y,int w,int h)2066 static void framebuffer_update_request(VncState *vs, int incremental,
2067 int x, int y, int w, int h)
2068 {
2069 if (incremental) {
2070 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2071 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2072 }
2073 } else {
2074 vs->update = VNC_STATE_UPDATE_FORCE;
2075 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2076 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
2077 vnc_desktop_resize_ext(vs, 0);
2078 }
2079 }
2080 }
2081
send_ext_key_event_ack(VncState * vs)2082 static void send_ext_key_event_ack(VncState *vs)
2083 {
2084 vnc_lock_output(vs);
2085 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2086 vnc_write_u8(vs, 0);
2087 vnc_write_u16(vs, 1);
2088 vnc_framebuffer_update(vs, 0, 0,
2089 pixman_image_get_width(vs->vd->server),
2090 pixman_image_get_height(vs->vd->server),
2091 VNC_ENCODING_EXT_KEY_EVENT);
2092 vnc_unlock_output(vs);
2093 vnc_flush(vs);
2094 }
2095
send_ext_audio_ack(VncState * vs)2096 static void send_ext_audio_ack(VncState *vs)
2097 {
2098 vnc_lock_output(vs);
2099 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2100 vnc_write_u8(vs, 0);
2101 vnc_write_u16(vs, 1);
2102 vnc_framebuffer_update(vs, 0, 0,
2103 pixman_image_get_width(vs->vd->server),
2104 pixman_image_get_height(vs->vd->server),
2105 VNC_ENCODING_AUDIO);
2106 vnc_unlock_output(vs);
2107 vnc_flush(vs);
2108 }
2109
send_xvp_message(VncState * vs,int code)2110 static void send_xvp_message(VncState *vs, int code)
2111 {
2112 vnc_lock_output(vs);
2113 vnc_write_u8(vs, VNC_MSG_SERVER_XVP);
2114 vnc_write_u8(vs, 0); /* pad */
2115 vnc_write_u8(vs, 1); /* version */
2116 vnc_write_u8(vs, code);
2117 vnc_unlock_output(vs);
2118 vnc_flush(vs);
2119 }
2120
set_encodings(VncState * vs,int32_t * encodings,size_t n_encodings)2121 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2122 {
2123 VncConnection *vc = container_of(vs, VncConnection, vs);
2124 int i;
2125 unsigned int enc = 0;
2126
2127 vs->features = 0;
2128 vs->vnc_encoding = 0;
2129 vc->worker.tight.compression = 9;
2130 vc->worker.tight.quality = -1; /* Lossless by default */
2131 vs->absolute = -1;
2132
2133 /*
2134 * Start from the end because the encodings are sent in order of preference.
2135 * This way the preferred encoding (first encoding defined in the array)
2136 * will be set at the end of the loop.
2137 */
2138 for (i = n_encodings - 1; i >= 0; i--) {
2139 enc = encodings[i];
2140 switch (enc) {
2141 case VNC_ENCODING_RAW:
2142 vs->vnc_encoding = enc;
2143 break;
2144 case VNC_ENCODING_HEXTILE:
2145 vnc_set_feature(vs, VNC_FEATURE_HEXTILE);
2146 vs->vnc_encoding = enc;
2147 break;
2148 case VNC_ENCODING_TIGHT:
2149 vnc_set_feature(vs, VNC_FEATURE_TIGHT);
2150 vs->vnc_encoding = enc;
2151 break;
2152 #ifdef CONFIG_PNG
2153 case VNC_ENCODING_TIGHT_PNG:
2154 vnc_set_feature(vs, VNC_FEATURE_TIGHT_PNG);
2155 vs->vnc_encoding = enc;
2156 break;
2157 #endif
2158 case VNC_ENCODING_ZLIB:
2159 /*
2160 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB.
2161 * So prioritize ZRLE, even if the client hints that it prefers
2162 * ZLIB.
2163 */
2164 if (!vnc_has_feature(vs, VNC_FEATURE_ZRLE)) {
2165 vnc_set_feature(vs, VNC_FEATURE_ZLIB);
2166 vs->vnc_encoding = enc;
2167 }
2168 break;
2169 case VNC_ENCODING_ZRLE:
2170 vnc_set_feature(vs, VNC_FEATURE_ZRLE);
2171 vs->vnc_encoding = enc;
2172 break;
2173 case VNC_ENCODING_ZYWRLE:
2174 vnc_set_feature(vs, VNC_FEATURE_ZYWRLE);
2175 vs->vnc_encoding = enc;
2176 break;
2177 case VNC_ENCODING_DESKTOPRESIZE:
2178 vnc_set_feature(vs, VNC_FEATURE_RESIZE);
2179 break;
2180 case VNC_ENCODING_DESKTOP_RESIZE_EXT:
2181 vnc_set_feature(vs, VNC_FEATURE_RESIZE_EXT);
2182 break;
2183 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2184 vnc_set_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE);
2185 break;
2186 case VNC_ENCODING_RICH_CURSOR:
2187 vnc_set_feature(vs, VNC_FEATURE_RICH_CURSOR);
2188 break;
2189 case VNC_ENCODING_ALPHA_CURSOR:
2190 vnc_set_feature(vs, VNC_FEATURE_ALPHA_CURSOR);
2191 break;
2192 case VNC_ENCODING_EXT_KEY_EVENT:
2193 send_ext_key_event_ack(vs);
2194 break;
2195 case VNC_ENCODING_AUDIO:
2196 if (vs->vd->audio_state) {
2197 vnc_set_feature(vs, VNC_FEATURE_AUDIO);
2198 send_ext_audio_ack(vs);
2199 }
2200 break;
2201 case VNC_ENCODING_WMVi:
2202 vnc_set_feature(vs, VNC_FEATURE_WMVI);
2203 break;
2204 case VNC_ENCODING_LED_STATE:
2205 vnc_set_feature(vs, VNC_FEATURE_LED_STATE);
2206 break;
2207 case VNC_ENCODING_XVP:
2208 if (vs->vd->power_control) {
2209 vnc_set_feature(vs, VNC_FEATURE_XVP);
2210 send_xvp_message(vs, VNC_XVP_CODE_INIT);
2211 }
2212 break;
2213 case VNC_ENCODING_CLIPBOARD_EXT:
2214 vnc_set_feature(vs, VNC_FEATURE_CLIPBOARD_EXT);
2215 vnc_server_cut_text_caps(vs);
2216 break;
2217 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2218 vc->worker.tight.compression = (enc & 0x0F);
2219 break;
2220 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2221 if (vs->vd->lossy) {
2222 vc->worker.tight.quality = (enc & 0x0F);
2223 }
2224 break;
2225 default:
2226 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2227 break;
2228 }
2229 }
2230 vnc_desktop_resize(vs);
2231 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2232 vnc_led_state_change(vs);
2233 vnc_cursor_define(vs);
2234 }
2235
set_pixel_conversion(VncState * vs)2236 static void set_pixel_conversion(VncState *vs)
2237 {
2238 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf,
2239 vs->client_endian);
2240
2241 if (fmt == VNC_SERVER_FB_FORMAT) {
2242 vs->write_pixels = vnc_write_pixels_copy;
2243 vnc_hextile_set_pixel_conversion(vs, 0);
2244 } else {
2245 vs->write_pixels = vnc_write_pixels_generic;
2246 vnc_hextile_set_pixel_conversion(vs, 1);
2247 }
2248 }
2249
send_color_map(VncState * vs)2250 static void send_color_map(VncState *vs)
2251 {
2252 int i;
2253
2254 vnc_lock_output(vs);
2255 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2256 vnc_write_u8(vs, 0); /* padding */
2257 vnc_write_u16(vs, 0); /* first color */
2258 vnc_write_u16(vs, 256); /* # of colors */
2259
2260 for (i = 0; i < 256; i++) {
2261 PixelFormat *pf = &vs->client_pf;
2262
2263 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2264 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2265 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2266 }
2267 vnc_unlock_output(vs);
2268 }
2269
set_pixel_format(VncState * vs,int bits_per_pixel,int big_endian_flag,int true_color_flag,int red_max,int green_max,int blue_max,int red_shift,int green_shift,int blue_shift)2270 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2271 int big_endian_flag, int true_color_flag,
2272 int red_max, int green_max, int blue_max,
2273 int red_shift, int green_shift, int blue_shift)
2274 {
2275 if (!true_color_flag) {
2276 /* Expose a reasonable default 256 color map */
2277 bits_per_pixel = 8;
2278 red_max = 7;
2279 green_max = 7;
2280 blue_max = 3;
2281 red_shift = 0;
2282 green_shift = 3;
2283 blue_shift = 6;
2284 }
2285
2286 switch (bits_per_pixel) {
2287 case 8:
2288 case 16:
2289 case 32:
2290 break;
2291 default:
2292 vnc_client_error(vs);
2293 return;
2294 }
2295
2296 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2297 vs->client_pf.rbits = ctpopl(red_max);
2298 vs->client_pf.rshift = red_shift;
2299 vs->client_pf.rmask = red_max << red_shift;
2300 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2301 vs->client_pf.gbits = ctpopl(green_max);
2302 vs->client_pf.gshift = green_shift;
2303 vs->client_pf.gmask = green_max << green_shift;
2304 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2305 vs->client_pf.bbits = ctpopl(blue_max);
2306 vs->client_pf.bshift = blue_shift;
2307 vs->client_pf.bmask = blue_max << blue_shift;
2308 vs->client_pf.bits_per_pixel = bits_per_pixel;
2309 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2310 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2311 vs->client_endian = big_endian_flag ? G_BIG_ENDIAN : G_LITTLE_ENDIAN;
2312 trace_vnc_client_pixel_format(vs, vs->ioc,
2313 vs->client_pf.bits_per_pixel,
2314 vs->client_pf.depth,
2315 vs->client_endian);
2316 trace_vnc_client_pixel_format_red(vs, vs->ioc,
2317 vs->client_pf.rmax,
2318 vs->client_pf.rbits,
2319 vs->client_pf.rshift,
2320 vs->client_pf.rmask);
2321 trace_vnc_client_pixel_format_green(vs, vs->ioc,
2322 vs->client_pf.gmax,
2323 vs->client_pf.gbits,
2324 vs->client_pf.gshift,
2325 vs->client_pf.gmask);
2326 trace_vnc_client_pixel_format_blue(vs, vs->ioc,
2327 vs->client_pf.bmax,
2328 vs->client_pf.bbits,
2329 vs->client_pf.bshift,
2330 vs->client_pf.bmask);
2331
2332 if (!true_color_flag) {
2333 send_color_map(vs);
2334 }
2335
2336 set_pixel_conversion(vs);
2337
2338 graphic_hw_invalidate(vs->vd->dcl.con);
2339 graphic_hw_update(vs->vd->dcl.con);
2340 }
2341
pixel_format_message(VncState * vs)2342 static void pixel_format_message (VncState *vs) {
2343 char pad[3] = { 0, 0, 0 };
2344
2345 vs->client_pf = qemu_default_pixelformat(32);
2346 vs->client_endian = G_BYTE_ORDER;
2347
2348 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2349 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2350
2351 #if HOST_BIG_ENDIAN
2352 vnc_write_u8(vs, 1); /* big-endian-flag */
2353 #else
2354 vnc_write_u8(vs, 0); /* big-endian-flag */
2355 #endif
2356 vnc_write_u8(vs, 1); /* true-color-flag */
2357 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2358 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2359 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2360 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2361 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2362 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2363 vnc_write(vs, pad, 3); /* padding */
2364
2365 vnc_hextile_set_pixel_conversion(vs, 0);
2366 vs->write_pixels = vnc_write_pixels_copy;
2367 }
2368
vnc_colordepth(VncState * vs)2369 static void vnc_colordepth(VncState *vs)
2370 {
2371 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2372 /* Sending a WMVi message to notify the client*/
2373 vnc_lock_output(vs);
2374 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2375 vnc_write_u8(vs, 0);
2376 vnc_write_u16(vs, 1); /* number of rects */
2377 vnc_framebuffer_update(vs, 0, 0,
2378 vs->client_width,
2379 vs->client_height,
2380 VNC_ENCODING_WMVi);
2381 pixel_format_message(vs);
2382 vnc_unlock_output(vs);
2383 vnc_flush(vs);
2384 } else {
2385 set_pixel_conversion(vs);
2386 }
2387 }
2388
protocol_client_msg(VncState * vs,uint8_t * data,size_t len)2389 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2390 {
2391 int i;
2392 uint16_t limit;
2393 uint32_t freq;
2394 VncDisplay *vd = vs->vd;
2395
2396 if (data[0] > 3) {
2397 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2398 }
2399
2400 switch (data[0]) {
2401 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2402 if (len == 1)
2403 return 20;
2404
2405 trace_vnc_msg_client_set_pixel_format(vs, vs->ioc,
2406 read_u8(data, 4),
2407 read_u8(data, 6),
2408 read_u8(data, 7));
2409 trace_vnc_msg_client_set_pixel_format_rgb(vs, vs->ioc,
2410 read_u16(data, 8),
2411 read_u16(data, 10),
2412 read_u16(data, 12),
2413 read_u8(data, 14),
2414 read_u8(data, 15),
2415 read_u8(data, 16));
2416 set_pixel_format(vs, read_u8(data, 4),
2417 read_u8(data, 6), read_u8(data, 7),
2418 read_u16(data, 8), read_u16(data, 10),
2419 read_u16(data, 12), read_u8(data, 14),
2420 read_u8(data, 15), read_u8(data, 16));
2421 break;
2422 case VNC_MSG_CLIENT_SET_ENCODINGS:
2423 if (len == 1)
2424 return 4;
2425
2426 if (len == 4) {
2427 limit = read_u16(data, 2);
2428 if (limit > 0)
2429 return 4 + (limit * 4);
2430 } else
2431 limit = read_u16(data, 2);
2432
2433 for (i = 0; i < limit; i++) {
2434 int32_t val = read_s32(data, 4 + (i * 4));
2435 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2436 }
2437
2438 trace_vnc_msg_client_set_encodings(vs, vs->ioc, limit);
2439 set_encodings(vs, (int32_t *)(data + 4), limit);
2440 break;
2441 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2442 if (len == 1)
2443 return 10;
2444
2445 trace_vnc_msg_client_framebuffer_update_request(vs, vs->ioc,
2446 read_u8(data, 1),
2447 read_u16(data, 2),
2448 read_u16(data, 4),
2449 read_u16(data, 6),
2450 read_u16(data, 8));
2451 framebuffer_update_request(vs,
2452 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2453 read_u16(data, 6), read_u16(data, 8));
2454 break;
2455 case VNC_MSG_CLIENT_KEY_EVENT:
2456 if (len == 1)
2457 return 8;
2458
2459 trace_vnc_msg_client_key_event(vs, vs->ioc,
2460 read_u8(data, 1),
2461 read_u32(data, 4));
2462 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2463 break;
2464 case VNC_MSG_CLIENT_POINTER_EVENT:
2465 if (len == 1)
2466 return 6;
2467
2468 trace_vnc_msg_client_pointer_event(vs, vs->ioc,
2469 read_u8(data, 1),
2470 read_u16(data, 2),
2471 read_u16(data, 4));
2472 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2473 break;
2474 case VNC_MSG_CLIENT_CUT_TEXT:
2475 if (len == 1) {
2476 return 8;
2477 }
2478 uint32_t dlen = abs(read_s32(data, 4));
2479 if (len == 8) {
2480 if (dlen > (1 << 20)) {
2481 error_report("vnc: client_cut_text msg payload has %u bytes"
2482 " which exceeds our limit of 1MB.", dlen);
2483 vnc_client_error(vs);
2484 break;
2485 }
2486 if (dlen > 0) {
2487 return 8 + dlen;
2488 }
2489 }
2490
2491 if (read_s32(data, 4) < 0) {
2492 if (!vnc_has_feature(vs, VNC_FEATURE_CLIPBOARD_EXT)) {
2493 error_report("vnc: extended clipboard message while disabled");
2494 vnc_client_error(vs);
2495 break;
2496 }
2497 if (dlen < 4) {
2498 error_report("vnc: malformed payload (header less than 4 bytes)"
2499 " in extended clipboard pseudo-encoding.");
2500 vnc_client_error(vs);
2501 break;
2502 }
2503 trace_vnc_msg_client_cut_text_ext(vs, vs->ioc,
2504 dlen, read_u32(data, 8));
2505 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
2506 break;
2507 }
2508 trace_vnc_msg_client_cut_text(vs, vs->ioc, read_u32(data, 4));
2509 vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
2510 break;
2511 case VNC_MSG_CLIENT_XVP:
2512 if (!vnc_has_feature(vs, VNC_FEATURE_XVP)) {
2513 error_report("vnc: xvp client message while disabled");
2514 vnc_client_error(vs);
2515 break;
2516 }
2517 if (len == 1) {
2518 return 4;
2519 }
2520 if (len == 4) {
2521 uint8_t version = read_u8(data, 2);
2522 uint8_t action = read_u8(data, 3);
2523 trace_vnc_msg_client_xvp(vs, vs->ioc, version, action);
2524
2525 if (version != 1) {
2526 error_report("vnc: xvp client message version %d != 1",
2527 version);
2528 vnc_client_error(vs);
2529 break;
2530 }
2531
2532 switch (action) {
2533 case VNC_XVP_ACTION_SHUTDOWN:
2534 qemu_system_powerdown_request();
2535 break;
2536 case VNC_XVP_ACTION_REBOOT:
2537 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2538 break;
2539 case VNC_XVP_ACTION_RESET:
2540 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET);
2541 break;
2542 default:
2543 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2544 break;
2545 }
2546 }
2547 break;
2548 case VNC_MSG_CLIENT_QEMU:
2549 if (len == 1)
2550 return 2;
2551
2552 switch (read_u8(data, 1)) {
2553 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2554 if (len == 2)
2555 return 12;
2556
2557 trace_vnc_msg_client_ext_key_event(vs, vs->ioc,
2558 read_u16(data, 2),
2559 read_u32(data, 4),
2560 read_u32(data, 8));
2561 ext_key_event(vs, read_u16(data, 2),
2562 read_u32(data, 4), read_u32(data, 8));
2563 break;
2564 case VNC_MSG_CLIENT_QEMU_AUDIO:
2565 if (!vnc_has_feature(vs, VNC_FEATURE_AUDIO)) {
2566 error_report("Audio message %d with audio disabled", read_u8(data, 2));
2567 vnc_client_error(vs);
2568 break;
2569 }
2570
2571 if (len == 2)
2572 return 4;
2573
2574 switch (read_u16 (data, 2)) {
2575 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2576 trace_vnc_msg_client_audio_enable(vs, vs->ioc);
2577 audio_add(vs);
2578 break;
2579 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2580 trace_vnc_msg_client_audio_disable(vs, vs->ioc);
2581 audio_del(vs);
2582 break;
2583 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2584 if (len == 4)
2585 return 10;
2586 switch (read_u8(data, 4)) {
2587 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2588 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2589 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2590 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2591 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2592 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2593 default:
2594 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2595 vnc_client_error(vs);
2596 break;
2597 }
2598 vs->as.nchannels = read_u8(data, 5);
2599 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2600 VNC_DEBUG("Invalid audio channel count %d\n",
2601 read_u8(data, 5));
2602 vnc_client_error(vs);
2603 break;
2604 }
2605 freq = read_u32(data, 6);
2606 /* No official limit for protocol, but 48khz is a sensible
2607 * upper bound for trustworthy clients, and this limit
2608 * protects calculations involving 'vs->as.freq' later.
2609 */
2610 if (freq > 48000) {
2611 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2612 vnc_client_error(vs);
2613 break;
2614 }
2615 vs->as.freq = freq;
2616 trace_vnc_msg_client_audio_format(
2617 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq);
2618 break;
2619 default:
2620 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 2));
2621 vnc_client_error(vs);
2622 break;
2623 }
2624 break;
2625
2626 default:
2627 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2628 vnc_client_error(vs);
2629 break;
2630 }
2631 break;
2632 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE:
2633 {
2634 size_t size;
2635 uint8_t screens;
2636 int w, h;
2637
2638 if (len < 8) {
2639 return 8;
2640 }
2641
2642 screens = read_u8(data, 6);
2643 size = 8 + screens * 16;
2644 if (len < size) {
2645 return size;
2646 }
2647 w = read_u16(data, 2);
2648 h = read_u16(data, 4);
2649
2650 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens);
2651 if (dpy_ui_info_supported(vs->vd->dcl.con)) {
2652 QemuUIInfo info;
2653 memset(&info, 0, sizeof(info));
2654 info.width = w;
2655 info.height = h;
2656 dpy_set_ui_info(vs->vd->dcl.con, &info, false);
2657 vnc_desktop_resize_ext(vs, 4 /* Request forwarded */);
2658 } else {
2659 vnc_desktop_resize_ext(vs, 3 /* Invalid screen layout */);
2660 }
2661
2662 break;
2663 }
2664 default:
2665 VNC_DEBUG("Msg: %d\n", data[0]);
2666 vnc_client_error(vs);
2667 break;
2668 }
2669
2670 vnc_update_throttle_offset(vs);
2671 vnc_read_when(vs, protocol_client_msg, 1);
2672 return 0;
2673 }
2674
protocol_client_init(VncState * vs,uint8_t * data,size_t len)2675 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2676 {
2677 char buf[1024];
2678 VncShareMode mode;
2679 int size;
2680
2681 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2682 switch (vs->vd->share_policy) {
2683 case VNC_SHARE_POLICY_IGNORE:
2684 /*
2685 * Ignore the shared flag. Nothing to do here.
2686 *
2687 * Doesn't conform to the rfb spec but is traditional qemu
2688 * behavior, thus left here as option for compatibility
2689 * reasons.
2690 */
2691 break;
2692 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2693 /*
2694 * Policy: Allow clients ask for exclusive access.
2695 *
2696 * Implementation: When a client asks for exclusive access,
2697 * disconnect all others. Shared connects are allowed as long
2698 * as no exclusive connection exists.
2699 *
2700 * This is how the rfb spec suggests to handle the shared flag.
2701 */
2702 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2703 VncState *client;
2704 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2705 if (vs == client) {
2706 continue;
2707 }
2708 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2709 client->share_mode != VNC_SHARE_MODE_SHARED) {
2710 continue;
2711 }
2712 vnc_disconnect_start(client);
2713 }
2714 }
2715 if (mode == VNC_SHARE_MODE_SHARED) {
2716 if (vs->vd->num_exclusive > 0) {
2717 vnc_disconnect_start(vs);
2718 return 0;
2719 }
2720 }
2721 break;
2722 case VNC_SHARE_POLICY_FORCE_SHARED:
2723 /*
2724 * Policy: Shared connects only.
2725 * Implementation: Disallow clients asking for exclusive access.
2726 *
2727 * Useful for shared desktop sessions where you don't want
2728 * someone forgetting to say -shared when running the vnc
2729 * client disconnect everybody else.
2730 */
2731 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2732 vnc_disconnect_start(vs);
2733 return 0;
2734 }
2735 break;
2736 }
2737 vnc_set_share_mode(vs, mode);
2738
2739 if (vs->vd->num_shared > vs->vd->connections_limit) {
2740 vnc_disconnect_start(vs);
2741 return 0;
2742 }
2743
2744 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2745 pixman_image_get_width(vs->vd->server) >= 0);
2746 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2747 pixman_image_get_height(vs->vd->server) >= 0);
2748 vs->client_width = pixman_image_get_width(vs->vd->server);
2749 vs->client_height = pixman_image_get_height(vs->vd->server);
2750 vnc_write_u16(vs, vs->client_width);
2751 vnc_write_u16(vs, vs->client_height);
2752
2753 pixel_format_message(vs);
2754
2755 if (qemu_name) {
2756 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2757 if (size > sizeof(buf)) {
2758 size = sizeof(buf);
2759 }
2760 } else {
2761 size = snprintf(buf, sizeof(buf), "QEMU");
2762 }
2763
2764 vnc_write_u32(vs, size);
2765 vnc_write(vs, buf, size);
2766 vnc_flush(vs);
2767
2768 vnc_client_cache_auth(vs);
2769 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2770
2771 vnc_read_when(vs, protocol_client_msg, 1);
2772
2773 return 0;
2774 }
2775
start_client_init(VncState * vs)2776 void start_client_init(VncState *vs)
2777 {
2778 vnc_read_when(vs, protocol_client_init, 1);
2779 }
2780
authentication_failed(VncState * vs)2781 static void authentication_failed(VncState *vs)
2782 {
2783 vnc_write_u32(vs, 1); /* Reject auth */
2784 if (vs->minor >= 8) {
2785 static const char err[] = "Authentication failed";
2786 vnc_write_u32(vs, sizeof(err));
2787 vnc_write(vs, err, sizeof(err));
2788 }
2789 vnc_flush(vs);
2790 vnc_client_error(vs);
2791 }
2792
2793 static void
vnc_munge_des_rfb_key(unsigned char * key,size_t nkey)2794 vnc_munge_des_rfb_key(unsigned char *key, size_t nkey)
2795 {
2796 size_t i;
2797 for (i = 0; i < nkey; i++) {
2798 uint8_t r = key[i];
2799 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4;
2800 r = (r & 0xcc) >> 2 | (r & 0x33) << 2;
2801 r = (r & 0xaa) >> 1 | (r & 0x55) << 1;
2802 key[i] = r;
2803 }
2804 }
2805
protocol_client_auth_vnc(VncState * vs,uint8_t * data,size_t len)2806 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2807 {
2808 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2809 size_t i, pwlen;
2810 unsigned char key[8];
2811 time_t now = time(NULL);
2812 QCryptoCipher *cipher = NULL;
2813 Error *err = NULL;
2814
2815 if (!vs->vd->password) {
2816 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2817 goto reject;
2818 }
2819 if (vs->vd->expires < now) {
2820 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2821 goto reject;
2822 }
2823
2824 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2825
2826 /* Calculate the expected challenge response */
2827 pwlen = strlen(vs->vd->password);
2828 for (i=0; i<sizeof(key); i++)
2829 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2830 vnc_munge_des_rfb_key(key, sizeof(key));
2831
2832 cipher = qcrypto_cipher_new(
2833 QCRYPTO_CIPHER_ALGO_DES,
2834 QCRYPTO_CIPHER_MODE_ECB,
2835 key, G_N_ELEMENTS(key),
2836 &err);
2837 if (!cipher) {
2838 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2839 error_get_pretty(err));
2840 error_free(err);
2841 goto reject;
2842 }
2843
2844 if (qcrypto_cipher_encrypt(cipher,
2845 vs->challenge,
2846 response,
2847 VNC_AUTH_CHALLENGE_SIZE,
2848 &err) < 0) {
2849 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2850 error_get_pretty(err));
2851 error_free(err);
2852 goto reject;
2853 }
2854
2855 /* Compare expected vs actual challenge response */
2856 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2857 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2858 goto reject;
2859 } else {
2860 trace_vnc_auth_pass(vs, vs->auth);
2861 vnc_write_u32(vs, 0); /* Accept auth */
2862 vnc_flush(vs);
2863
2864 start_client_init(vs);
2865 }
2866
2867 qcrypto_cipher_free(cipher);
2868 return 0;
2869
2870 reject:
2871 authentication_failed(vs);
2872 qcrypto_cipher_free(cipher);
2873 return 0;
2874 }
2875
start_auth_vnc(VncState * vs)2876 void start_auth_vnc(VncState *vs)
2877 {
2878 Error *err = NULL;
2879
2880 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2881 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2882 error_get_pretty(err));
2883 error_free(err);
2884 authentication_failed(vs);
2885 return;
2886 }
2887
2888 /* Send client a 'random' challenge */
2889 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2890 vnc_flush(vs);
2891
2892 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2893 }
2894
2895
protocol_client_auth(VncState * vs,uint8_t * data,size_t len)2896 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2897 {
2898 /* We only advertise 1 auth scheme at a time, so client
2899 * must pick the one we sent. Verify this */
2900 if (data[0] != vs->auth) { /* Reject auth */
2901 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2902 authentication_failed(vs);
2903 } else { /* Accept requested auth */
2904 trace_vnc_auth_start(vs, vs->auth);
2905 switch (vs->auth) {
2906 case VNC_AUTH_NONE:
2907 if (vs->minor >= 8) {
2908 vnc_write_u32(vs, 0); /* Accept auth completion */
2909 vnc_flush(vs);
2910 }
2911 trace_vnc_auth_pass(vs, vs->auth);
2912 start_client_init(vs);
2913 break;
2914
2915 case VNC_AUTH_VNC:
2916 start_auth_vnc(vs);
2917 break;
2918
2919 case VNC_AUTH_VENCRYPT:
2920 start_auth_vencrypt(vs);
2921 break;
2922
2923 #ifdef CONFIG_VNC_SASL
2924 case VNC_AUTH_SASL:
2925 start_auth_sasl(vs);
2926 break;
2927 #endif /* CONFIG_VNC_SASL */
2928
2929 default: /* Should not be possible, but just in case */
2930 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2931 authentication_failed(vs);
2932 }
2933 }
2934 return 0;
2935 }
2936
protocol_version(VncState * vs,uint8_t * version,size_t len)2937 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2938 {
2939 char local[13];
2940
2941 memcpy(local, version, 12);
2942 local[12] = 0;
2943
2944 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2945 VNC_DEBUG("Malformed protocol version %s\n", local);
2946 vnc_client_error(vs);
2947 return 0;
2948 }
2949 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2950 if (vs->major != 3 ||
2951 (vs->minor != 3 &&
2952 vs->minor != 4 &&
2953 vs->minor != 5 &&
2954 vs->minor != 7 &&
2955 vs->minor != 8)) {
2956 VNC_DEBUG("Unsupported client version\n");
2957 vnc_write_u32(vs, VNC_AUTH_INVALID);
2958 vnc_flush(vs);
2959 vnc_client_error(vs);
2960 return 0;
2961 }
2962 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2963 * as equivalent to v3.3 by servers
2964 */
2965 if (vs->minor == 4 || vs->minor == 5)
2966 vs->minor = 3;
2967
2968 if (vs->minor == 3) {
2969 trace_vnc_auth_start(vs, vs->auth);
2970 if (vs->auth == VNC_AUTH_NONE) {
2971 vnc_write_u32(vs, vs->auth);
2972 vnc_flush(vs);
2973 trace_vnc_auth_pass(vs, vs->auth);
2974 start_client_init(vs);
2975 } else if (vs->auth == VNC_AUTH_VNC) {
2976 VNC_DEBUG("Tell client VNC auth\n");
2977 vnc_write_u32(vs, vs->auth);
2978 vnc_flush(vs);
2979 start_auth_vnc(vs);
2980 } else {
2981 trace_vnc_auth_fail(vs, vs->auth,
2982 "Unsupported auth method for v3.3", "");
2983 vnc_write_u32(vs, VNC_AUTH_INVALID);
2984 vnc_flush(vs);
2985 vnc_client_error(vs);
2986 }
2987 } else {
2988 vnc_write_u8(vs, 1); /* num auth */
2989 vnc_write_u8(vs, vs->auth);
2990 vnc_read_when(vs, protocol_client_auth, 1);
2991 vnc_flush(vs);
2992 }
2993
2994 return 0;
2995 }
2996
vnc_stat_rect(VncDisplay * vd,int x,int y)2997 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2998 {
2999 struct VncSurface *vs = &vd->guest;
3000
3001 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
3002 }
3003
vnc_sent_lossy_rect(VncWorker * worker,int x,int y,int w,int h)3004 void vnc_sent_lossy_rect(VncWorker *worker, int x, int y, int w, int h)
3005 {
3006 int i, j;
3007
3008 w = (x + w) / VNC_STAT_RECT;
3009 h = (y + h) / VNC_STAT_RECT;
3010 x /= VNC_STAT_RECT;
3011 y /= VNC_STAT_RECT;
3012
3013 for (j = y; j <= h; j++) {
3014 for (i = x; i <= w; i++) {
3015 worker->lossy_rect[j][i] = 1;
3016 }
3017 }
3018 }
3019
vnc_refresh_lossy_rect(VncDisplay * vd,int x,int y)3020 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
3021 {
3022 VncState *vs;
3023 int sty = y / VNC_STAT_RECT;
3024 int stx = x / VNC_STAT_RECT;
3025 int has_dirty = 0;
3026
3027 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3028 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3029
3030 QTAILQ_FOREACH(vs, &vd->clients, next) {
3031 VncConnection *vc = container_of(vs, VncConnection, vs);
3032 int j;
3033
3034 /* kernel send buffers are full -> refresh later */
3035 if (vs->output.offset) {
3036 continue;
3037 }
3038
3039 if (!vc->worker.lossy_rect[sty][stx]) {
3040 continue;
3041 }
3042
3043 vc->worker.lossy_rect[sty][stx] = 0;
3044 for (j = 0; j < VNC_STAT_RECT; ++j) {
3045 bitmap_set(vs->dirty[y + j],
3046 x / VNC_DIRTY_PIXELS_PER_BIT,
3047 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
3048 }
3049 has_dirty++;
3050 }
3051
3052 return has_dirty;
3053 }
3054
vnc_update_stats(VncDisplay * vd,struct timeval * tv)3055 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
3056 {
3057 int width = MIN(pixman_image_get_width(vd->guest.fb),
3058 pixman_image_get_width(vd->server));
3059 int height = MIN(pixman_image_get_height(vd->guest.fb),
3060 pixman_image_get_height(vd->server));
3061 int x, y;
3062 struct timeval res;
3063 int has_dirty = 0;
3064
3065 for (y = 0; y < height; y += VNC_STAT_RECT) {
3066 for (x = 0; x < width; x += VNC_STAT_RECT) {
3067 VncRectStat *rect = vnc_stat_rect(vd, x, y);
3068
3069 rect->updated = false;
3070 }
3071 }
3072
3073 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
3074
3075 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
3076 return has_dirty;
3077 }
3078 vd->guest.last_freq_check = *tv;
3079
3080 for (y = 0; y < height; y += VNC_STAT_RECT) {
3081 for (x = 0; x < width; x += VNC_STAT_RECT) {
3082 VncRectStat *rect= vnc_stat_rect(vd, x, y);
3083 int count = ARRAY_SIZE(rect->times);
3084 struct timeval min, max;
3085
3086 if (!timerisset(&rect->times[count - 1])) {
3087 continue ;
3088 }
3089
3090 max = rect->times[(rect->idx + count - 1) % count];
3091 qemu_timersub(tv, &max, &res);
3092
3093 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
3094 rect->freq = 0;
3095 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
3096 memset(rect->times, 0, sizeof (rect->times));
3097 continue ;
3098 }
3099
3100 min = rect->times[rect->idx];
3101 max = rect->times[(rect->idx + count - 1) % count];
3102 qemu_timersub(&max, &min, &res);
3103
3104 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
3105 rect->freq /= count;
3106 rect->freq = 1. / rect->freq;
3107 }
3108 }
3109 return has_dirty;
3110 }
3111
vnc_update_freq(VncState * vs,int x,int y,int w,int h)3112 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
3113 {
3114 int i, j;
3115 double total = 0;
3116 int num = 0;
3117
3118 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3119 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3120
3121 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
3122 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
3123 total += vnc_stat_rect(vs->vd, i, j)->freq;
3124 num++;
3125 }
3126 }
3127
3128 if (num) {
3129 return total / num;
3130 } else {
3131 return 0;
3132 }
3133 }
3134
vnc_rect_updated(VncDisplay * vd,int x,int y,struct timeval * tv)3135 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
3136 {
3137 VncRectStat *rect;
3138
3139 rect = vnc_stat_rect(vd, x, y);
3140 if (rect->updated) {
3141 return;
3142 }
3143 rect->times[rect->idx] = *tv;
3144 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
3145 rect->updated = true;
3146 }
3147
vnc_refresh_server_surface(VncDisplay * vd)3148 static int vnc_refresh_server_surface(VncDisplay *vd)
3149 {
3150 int width = MIN(pixman_image_get_width(vd->guest.fb),
3151 pixman_image_get_width(vd->server));
3152 int height = MIN(pixman_image_get_height(vd->guest.fb),
3153 pixman_image_get_height(vd->server));
3154 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
3155 uint8_t *guest_row0 = NULL, *server_row0;
3156 VncState *vs;
3157 int has_dirty = 0;
3158 pixman_image_t *tmpbuf = NULL;
3159 unsigned long offset;
3160 int x;
3161 uint8_t *guest_ptr, *server_ptr;
3162
3163 struct timeval tv = { 0, 0 };
3164
3165 if (!vd->non_adaptive) {
3166 gettimeofday(&tv, NULL);
3167 has_dirty = vnc_update_stats(vd, &tv);
3168 }
3169
3170 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3171 height * VNC_DIRTY_BPL(&vd->guest), 0);
3172 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3173 /* no dirty bits in guest surface */
3174 return has_dirty;
3175 }
3176
3177 /*
3178 * Walk through the guest dirty map.
3179 * Check and copy modified bits from guest to server surface.
3180 * Update server dirty map.
3181 */
3182 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
3183 server_stride = guest_stride = guest_ll =
3184 pixman_image_get_stride(vd->server);
3185 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
3186 server_stride);
3187 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3188 int w = pixman_image_get_width(vd->server);
3189 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, w);
3190 } else {
3191 int guest_bpp =
3192 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
3193 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
3194 guest_stride = pixman_image_get_stride(vd->guest.fb);
3195 guest_ll = pixman_image_get_width(vd->guest.fb)
3196 * DIV_ROUND_UP(guest_bpp, 8);
3197 }
3198 line_bytes = MIN(server_stride, guest_ll);
3199
3200 for (;;) {
3201 y = offset / VNC_DIRTY_BPL(&vd->guest);
3202 x = offset % VNC_DIRTY_BPL(&vd->guest);
3203
3204 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
3205
3206 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3207 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
3208 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
3209 } else {
3210 guest_ptr = guest_row0 + y * guest_stride;
3211 }
3212 guest_ptr += x * cmp_bytes;
3213
3214 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
3215 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
3216 int _cmp_bytes = cmp_bytes;
3217 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3218 continue;
3219 }
3220 if ((x + 1) * cmp_bytes > line_bytes) {
3221 _cmp_bytes = line_bytes - x * cmp_bytes;
3222 }
3223 assert(_cmp_bytes >= 0);
3224 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3225 continue;
3226 }
3227 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3228 if (!vd->non_adaptive) {
3229 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3230 y, &tv);
3231 }
3232 QTAILQ_FOREACH(vs, &vd->clients, next) {
3233 set_bit(x, vs->dirty[y]);
3234 }
3235 has_dirty++;
3236 }
3237
3238 y++;
3239 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3240 height * VNC_DIRTY_BPL(&vd->guest),
3241 y * VNC_DIRTY_BPL(&vd->guest));
3242 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3243 /* no more dirty bits */
3244 break;
3245 }
3246 }
3247 qemu_pixman_image_unref(tmpbuf);
3248 return has_dirty;
3249 }
3250
vnc_refresh(DisplayChangeListener * dcl)3251 static void vnc_refresh(DisplayChangeListener *dcl)
3252 {
3253 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3254 VncState *vs, *vn;
3255 int has_dirty, rects = 0;
3256
3257 if (QTAILQ_EMPTY(&vd->clients)) {
3258 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3259 return;
3260 }
3261
3262 graphic_hw_update(vd->dcl.con);
3263
3264 if (vnc_trylock_display(vd)) {
3265 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3266 return;
3267 }
3268
3269 has_dirty = vnc_refresh_server_surface(vd);
3270 vnc_unlock_display(vd);
3271
3272 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3273 rects += vnc_update_client(vs, has_dirty);
3274 /* vs might be free()ed here */
3275 }
3276
3277 if (has_dirty && rects) {
3278 vd->dcl.update_interval /= 2;
3279 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3280 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3281 }
3282 } else {
3283 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3284 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3285 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3286 }
3287 }
3288 }
3289
vnc_connect(VncDisplay * vd,QIOChannelSocket * sioc,bool skipauth,bool websocket)3290 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3291 bool skipauth, bool websocket)
3292 {
3293 VncConnection *vc = g_new0(VncConnection, 1);
3294 VncState *vs = &vc->vs;
3295 bool first_client = QTAILQ_EMPTY(&vd->clients);
3296
3297 trace_vnc_client_connect(vs, sioc);
3298 vs->magic = VNC_MAGIC;
3299 vs->sioc = sioc;
3300 object_ref(OBJECT(vs->sioc));
3301 vs->ioc = QIO_CHANNEL(sioc);
3302 object_ref(OBJECT(vs->ioc));
3303 vs->vd = vd;
3304
3305 buffer_init(&vs->input, "vnc-input/%p", sioc);
3306 buffer_init(&vs->output, "vnc-output/%p", sioc);
3307 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3308
3309 buffer_init(&vc->worker.tight.tight, "vnc-tight/%p", sioc);
3310 buffer_init(&vc->worker.tight.zlib, "vnc-tight-zlib/%p", sioc);
3311 buffer_init(&vc->worker.tight.gradient, "vnc-tight-gradient/%p", sioc);
3312 #ifdef CONFIG_VNC_JPEG
3313 buffer_init(&vc->worker.tight.jpeg, "vnc-tight-jpeg/%p", sioc);
3314 #endif
3315 #ifdef CONFIG_PNG
3316 buffer_init(&vc->worker.tight.png, "vnc-tight-png/%p", sioc);
3317 #endif
3318 buffer_init(&vc->worker.zlib.zlib, "vnc-zlib/%p", sioc);
3319 buffer_init(&vc->worker.zrle.zrle, "vnc-zrle/%p", sioc);
3320 buffer_init(&vc->worker.zrle.fb, "vnc-zrle-fb/%p", sioc);
3321 buffer_init(&vc->worker.zrle.zlib, "vnc-zrle-zlib/%p", sioc);
3322
3323 if (skipauth) {
3324 vs->auth = VNC_AUTH_NONE;
3325 vs->subauth = VNC_AUTH_INVALID;
3326 } else {
3327 if (websocket) {
3328 vs->auth = vd->ws_auth;
3329 vs->subauth = VNC_AUTH_INVALID;
3330 } else {
3331 vs->auth = vd->auth;
3332 vs->subauth = vd->subauth;
3333 }
3334 }
3335 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3336 sioc, websocket, vs->auth, vs->subauth);
3337
3338 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3339 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3340 qio_channel_set_blocking(vs->ioc, false, NULL);
3341 if (vs->ioc_tag) {
3342 g_source_remove(vs->ioc_tag);
3343 }
3344 if (websocket) {
3345 vs->websocket = 1;
3346 if (vd->tlscreds) {
3347 vs->ioc_tag = qio_channel_add_watch(
3348 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3349 vncws_tls_handshake_io, vs, NULL);
3350 } else {
3351 vs->ioc_tag = qio_channel_add_watch(
3352 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3353 vncws_handshake_io, vs, NULL);
3354 }
3355 } else {
3356 vs->ioc_tag = qio_channel_add_watch(
3357 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3358 vnc_client_io, vs, NULL);
3359 }
3360
3361 vnc_client_cache_addr(vs);
3362 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3363 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3364
3365 vs->last_x = -1;
3366 vs->last_y = -1;
3367
3368 vs->as.freq = 44100;
3369 vs->as.nchannels = 2;
3370 vs->as.fmt = AUDIO_FORMAT_S16;
3371 vs->as.endianness = 0;
3372
3373 qemu_mutex_init(&vs->output_mutex);
3374 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3375
3376 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3377 if (first_client) {
3378 vnc_update_server_surface(vd);
3379 }
3380
3381 graphic_hw_update(vd->dcl.con);
3382
3383 if (!vs->websocket) {
3384 vnc_start_protocol(vs);
3385 }
3386
3387 if (vd->num_connecting > vd->connections_limit) {
3388 QTAILQ_FOREACH(vs, &vd->clients, next) {
3389 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3390 vnc_disconnect_start(vs);
3391 return;
3392 }
3393 }
3394 }
3395 }
3396
vnc_start_protocol(VncState * vs)3397 void vnc_start_protocol(VncState *vs)
3398 {
3399 vnc_write(vs, "RFB 003.008\n", 12);
3400 vnc_flush(vs);
3401 vnc_read_when(vs, protocol_version, 12);
3402
3403 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3404 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3405 }
3406
vnc_listen_io(QIONetListener * listener,QIOChannelSocket * cioc,void * opaque)3407 static void vnc_listen_io(QIONetListener *listener,
3408 QIOChannelSocket *cioc,
3409 void *opaque)
3410 {
3411 VncDisplay *vd = opaque;
3412 bool isWebsock = listener == vd->wslistener;
3413
3414 qio_channel_set_name(QIO_CHANNEL(cioc),
3415 isWebsock ? "vnc-ws-server" : "vnc-server");
3416 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3417 vnc_connect(vd, cioc, false, isWebsock);
3418 }
3419
3420 static const DisplayChangeListenerOps dcl_ops = {
3421 .dpy_name = "vnc",
3422 .dpy_refresh = vnc_refresh,
3423 .dpy_gfx_update = vnc_dpy_update,
3424 .dpy_gfx_switch = vnc_dpy_switch,
3425 .dpy_gfx_check_format = qemu_pixman_check_format,
3426 .dpy_mouse_set = vnc_mouse_set,
3427 .dpy_cursor_define = vnc_dpy_cursor_define,
3428 };
3429
vmstate_change_handler(void * opaque,bool running,RunState state)3430 static void vmstate_change_handler(void *opaque, bool running, RunState state)
3431 {
3432 VncDisplay *vd = opaque;
3433
3434 if (state != RUN_STATE_RUNNING) {
3435 return;
3436 }
3437 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3438 }
3439
vnc_display_init(const char * id,Error ** errp)3440 void vnc_display_init(const char *id, Error **errp)
3441 {
3442 VncDisplay *vd;
3443
3444 if (vnc_display_find(id) != NULL) {
3445 return;
3446 }
3447 vd = g_malloc0(sizeof(*vd));
3448
3449 vd->id = strdup(id);
3450 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3451
3452 QTAILQ_INIT(&vd->clients);
3453 vd->expires = TIME_MAX;
3454
3455 if (keyboard_layout) {
3456 trace_vnc_key_map_init(keyboard_layout);
3457 vd->kbd_layout = init_keyboard_layout(name2keysym,
3458 keyboard_layout, errp);
3459 } else {
3460 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3461 }
3462
3463 if (!vd->kbd_layout) {
3464 return;
3465 }
3466
3467 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3468 vd->connections_limit = 32;
3469
3470 qemu_mutex_init(&vd->mutex);
3471 vnc_start_worker_thread();
3472
3473 vd->dcl.ops = &dcl_ops;
3474 register_displaychangelistener(&vd->dcl);
3475 vd->kbd = qkbd_state_init(vd->dcl.con);
3476 vd->vmstate_handler_entry = qemu_add_vm_change_state_handler(
3477 &vmstate_change_handler, vd);
3478 }
3479
3480
vnc_display_close(VncDisplay * vd)3481 static void vnc_display_close(VncDisplay *vd)
3482 {
3483 if (!vd) {
3484 return;
3485 }
3486
3487 if (vd->listener) {
3488 qio_net_listener_disconnect(vd->listener);
3489 object_unref(OBJECT(vd->listener));
3490 }
3491 vd->listener = NULL;
3492
3493 if (vd->wslistener) {
3494 qio_net_listener_disconnect(vd->wslistener);
3495 object_unref(OBJECT(vd->wslistener));
3496 }
3497 vd->wslistener = NULL;
3498
3499 vd->auth = VNC_AUTH_INVALID;
3500 vd->subauth = VNC_AUTH_INVALID;
3501 if (vd->tlscreds) {
3502 object_unref(OBJECT(vd->tlscreds));
3503 vd->tlscreds = NULL;
3504 }
3505 if (vd->tlsauthz) {
3506 object_unparent(OBJECT(vd->tlsauthz));
3507 vd->tlsauthz = NULL;
3508 }
3509 g_free(vd->tlsauthzid);
3510 vd->tlsauthzid = NULL;
3511 if (vd->lock_key_sync) {
3512 qemu_remove_led_event_handler(vd->led);
3513 vd->led = NULL;
3514 }
3515 #ifdef CONFIG_VNC_SASL
3516 if (vd->sasl.authz) {
3517 object_unparent(OBJECT(vd->sasl.authz));
3518 vd->sasl.authz = NULL;
3519 }
3520 g_free(vd->sasl.authzid);
3521 vd->sasl.authzid = NULL;
3522 #endif
3523 }
3524
vnc_display_password(const char * id,const char * password)3525 int vnc_display_password(const char *id, const char *password)
3526 {
3527 VncDisplay *vd = vnc_display_find(id);
3528
3529 if (!vd) {
3530 return -EINVAL;
3531 }
3532 if (vd->auth == VNC_AUTH_NONE) {
3533 error_printf_unless_qmp("If you want use passwords please enable "
3534 "password auth using '-vnc ${dpy},password'.\n");
3535 return -EINVAL;
3536 }
3537
3538 g_free(vd->password);
3539 vd->password = g_strdup(password);
3540
3541 return 0;
3542 }
3543
vnc_display_pw_expire(const char * id,time_t expires)3544 int vnc_display_pw_expire(const char *id, time_t expires)
3545 {
3546 VncDisplay *vd = vnc_display_find(id);
3547
3548 if (!vd) {
3549 return -EINVAL;
3550 }
3551
3552 vd->expires = expires;
3553 return 0;
3554 }
3555
vnc_display_print_local_addr(VncDisplay * vd)3556 static void vnc_display_print_local_addr(VncDisplay *vd)
3557 {
3558 SocketAddress *addr;
3559
3560 if (!vd->listener || !vd->listener->nsioc) {
3561 return;
3562 }
3563
3564 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3565 if (!addr) {
3566 return;
3567 }
3568
3569 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3570 qapi_free_SocketAddress(addr);
3571 return;
3572 }
3573 error_printf_unless_qmp("VNC server running on %s:%s\n",
3574 addr->u.inet.host,
3575 addr->u.inet.port);
3576 qapi_free_SocketAddress(addr);
3577 }
3578
3579 static QemuOptsList qemu_vnc_opts = {
3580 .name = "vnc",
3581 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3582 .implied_opt_name = "vnc",
3583 .desc = {
3584 {
3585 .name = "vnc",
3586 .type = QEMU_OPT_STRING,
3587 },{
3588 .name = "websocket",
3589 .type = QEMU_OPT_STRING,
3590 },{
3591 .name = "tls-creds",
3592 .type = QEMU_OPT_STRING,
3593 },{
3594 .name = "share",
3595 .type = QEMU_OPT_STRING,
3596 },{
3597 .name = "display",
3598 .type = QEMU_OPT_STRING,
3599 },{
3600 .name = "head",
3601 .type = QEMU_OPT_NUMBER,
3602 },{
3603 .name = "connections",
3604 .type = QEMU_OPT_NUMBER,
3605 },{
3606 .name = "to",
3607 .type = QEMU_OPT_NUMBER,
3608 },{
3609 .name = "ipv4",
3610 .type = QEMU_OPT_BOOL,
3611 },{
3612 .name = "ipv6",
3613 .type = QEMU_OPT_BOOL,
3614 },{
3615 .name = "password",
3616 .type = QEMU_OPT_BOOL,
3617 },{
3618 .name = "password-secret",
3619 .type = QEMU_OPT_STRING,
3620 },{
3621 .name = "reverse",
3622 .type = QEMU_OPT_BOOL,
3623 },{
3624 .name = "lock-key-sync",
3625 .type = QEMU_OPT_BOOL,
3626 },{
3627 .name = "key-delay-ms",
3628 .type = QEMU_OPT_NUMBER,
3629 },{
3630 .name = "sasl",
3631 .type = QEMU_OPT_BOOL,
3632 },{
3633 .name = "tls-authz",
3634 .type = QEMU_OPT_STRING,
3635 },{
3636 .name = "sasl-authz",
3637 .type = QEMU_OPT_STRING,
3638 },{
3639 .name = "lossy",
3640 .type = QEMU_OPT_BOOL,
3641 },{
3642 .name = "non-adaptive",
3643 .type = QEMU_OPT_BOOL,
3644 },{
3645 .name = "audiodev",
3646 .type = QEMU_OPT_STRING,
3647 },{
3648 .name = "power-control",
3649 .type = QEMU_OPT_BOOL,
3650 },
3651 { /* end of list */ }
3652 },
3653 };
3654
3655
3656 static int
vnc_display_setup_auth(int * auth,int * subauth,QCryptoTLSCreds * tlscreds,bool password,bool sasl,bool websocket,Error ** errp)3657 vnc_display_setup_auth(int *auth,
3658 int *subauth,
3659 QCryptoTLSCreds *tlscreds,
3660 bool password,
3661 bool sasl,
3662 bool websocket,
3663 Error **errp)
3664 {
3665 /*
3666 * We have a choice of 3 authentication options
3667 *
3668 * 1. none
3669 * 2. vnc
3670 * 3. sasl
3671 *
3672 * The channel can be run in 2 modes
3673 *
3674 * 1. clear
3675 * 2. tls
3676 *
3677 * And TLS can use 2 types of credentials
3678 *
3679 * 1. anon
3680 * 2. x509
3681 *
3682 * We thus have 9 possible logical combinations
3683 *
3684 * 1. clear + none
3685 * 2. clear + vnc
3686 * 3. clear + sasl
3687 * 4. tls + anon + none
3688 * 5. tls + anon + vnc
3689 * 6. tls + anon + sasl
3690 * 7. tls + x509 + none
3691 * 8. tls + x509 + vnc
3692 * 9. tls + x509 + sasl
3693 *
3694 * These need to be mapped into the VNC auth schemes
3695 * in an appropriate manner. In regular VNC, all the
3696 * TLS options get mapped into VNC_AUTH_VENCRYPT
3697 * sub-auth types.
3698 *
3699 * In websockets, the https:// protocol already provides
3700 * TLS support, so there is no need to make use of the
3701 * VeNCrypt extension. Furthermore, websockets browser
3702 * clients could not use VeNCrypt even if they wanted to,
3703 * as they cannot control when the TLS handshake takes
3704 * place. Thus there is no option but to rely on https://,
3705 * meaning combinations 4->6 and 7->9 will be mapped to
3706 * VNC auth schemes in the same way as combos 1->3.
3707 *
3708 * Regardless of fact that we have a different mapping to
3709 * VNC auth mechs for plain VNC vs websockets VNC, the end
3710 * result has the same security characteristics.
3711 */
3712 if (websocket || !tlscreds) {
3713 if (password) {
3714 VNC_DEBUG("Initializing VNC server with password auth\n");
3715 *auth = VNC_AUTH_VNC;
3716 } else if (sasl) {
3717 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3718 *auth = VNC_AUTH_SASL;
3719 } else {
3720 VNC_DEBUG("Initializing VNC server with no auth\n");
3721 *auth = VNC_AUTH_NONE;
3722 }
3723 *subauth = VNC_AUTH_INVALID;
3724 } else {
3725 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3726 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3727 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3728 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3729
3730 if (!is_x509 && !is_anon) {
3731 error_setg(errp,
3732 "Unsupported TLS cred type %s",
3733 object_get_typename(OBJECT(tlscreds)));
3734 return -1;
3735 }
3736 *auth = VNC_AUTH_VENCRYPT;
3737 if (password) {
3738 if (is_x509) {
3739 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3740 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3741 } else {
3742 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3743 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3744 }
3745
3746 } else if (sasl) {
3747 if (is_x509) {
3748 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3749 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3750 } else {
3751 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3752 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3753 }
3754 } else {
3755 if (is_x509) {
3756 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3757 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3758 } else {
3759 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3760 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3761 }
3762 }
3763 }
3764 return 0;
3765 }
3766
3767
vnc_display_get_address(const char * addrstr,bool websocket,bool reverse,int displaynum,int to,bool has_ipv4,bool has_ipv6,bool ipv4,bool ipv6,SocketAddress ** retaddr,Error ** errp)3768 static int vnc_display_get_address(const char *addrstr,
3769 bool websocket,
3770 bool reverse,
3771 int displaynum,
3772 int to,
3773 bool has_ipv4,
3774 bool has_ipv6,
3775 bool ipv4,
3776 bool ipv6,
3777 SocketAddress **retaddr,
3778 Error **errp)
3779 {
3780 int ret = -1;
3781 SocketAddress *addr = NULL;
3782
3783 addr = g_new0(SocketAddress, 1);
3784
3785 if (strncmp(addrstr, "unix:", 5) == 0) {
3786 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3787 addr->u.q_unix.path = g_strdup(addrstr + 5);
3788
3789 if (to) {
3790 error_setg(errp, "Port range not support with UNIX socket");
3791 goto cleanup;
3792 }
3793 ret = 0;
3794 } else {
3795 const char *port;
3796 size_t hostlen;
3797 uint64_t baseport = 0;
3798 InetSocketAddress *inet;
3799
3800 port = strrchr(addrstr, ':');
3801 if (!port) {
3802 if (websocket) {
3803 hostlen = 0;
3804 port = addrstr;
3805 } else {
3806 error_setg(errp, "no vnc port specified");
3807 goto cleanup;
3808 }
3809 } else {
3810 hostlen = port - addrstr;
3811 port++;
3812 if (*port == '\0') {
3813 error_setg(errp, "vnc port cannot be empty");
3814 goto cleanup;
3815 }
3816 }
3817
3818 addr->type = SOCKET_ADDRESS_TYPE_INET;
3819 inet = &addr->u.inet;
3820 if (hostlen && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3821 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3822 } else {
3823 inet->host = g_strndup(addrstr, hostlen);
3824 }
3825 /* plain VNC port is just an offset, for websocket
3826 * port is absolute */
3827 if (websocket) {
3828 if (g_str_equal(addrstr, "") ||
3829 g_str_equal(addrstr, "on")) {
3830 if (displaynum == -1) {
3831 error_setg(errp, "explicit websocket port is required");
3832 goto cleanup;
3833 }
3834 inet->port = g_strdup_printf(
3835 "%d", displaynum + 5700);
3836 if (to) {
3837 inet->has_to = true;
3838 inet->to = to + 5700;
3839 }
3840 } else {
3841 inet->port = g_strdup(port);
3842 }
3843 } else {
3844 int offset = reverse ? 0 : 5900;
3845 if (parse_uint_full(port, 10, &baseport) < 0) {
3846 error_setg(errp, "can't convert to a number: %s", port);
3847 goto cleanup;
3848 }
3849 if (baseport > 65535 ||
3850 baseport + offset > 65535) {
3851 error_setg(errp, "port %s out of range", port);
3852 goto cleanup;
3853 }
3854 inet->port = g_strdup_printf(
3855 "%d", (int)baseport + offset);
3856
3857 if (to) {
3858 inet->has_to = true;
3859 inet->to = to + offset;
3860 }
3861 }
3862
3863 inet->ipv4 = ipv4;
3864 inet->has_ipv4 = has_ipv4;
3865 inet->ipv6 = ipv6;
3866 inet->has_ipv6 = has_ipv6;
3867
3868 ret = baseport;
3869 }
3870
3871 *retaddr = addr;
3872
3873 cleanup:
3874 if (ret < 0) {
3875 qapi_free_SocketAddress(addr);
3876 }
3877 return ret;
3878 }
3879
vnc_display_get_addresses(QemuOpts * opts,bool reverse,SocketAddressList ** saddr_list_ret,SocketAddressList ** wsaddr_list_ret,Error ** errp)3880 static int vnc_display_get_addresses(QemuOpts *opts,
3881 bool reverse,
3882 SocketAddressList **saddr_list_ret,
3883 SocketAddressList **wsaddr_list_ret,
3884 Error **errp)
3885 {
3886 SocketAddress *saddr = NULL;
3887 SocketAddress *wsaddr = NULL;
3888 g_autoptr(SocketAddressList) saddr_list = NULL;
3889 SocketAddressList **saddr_tail = &saddr_list;
3890 SocketAddress *single_saddr = NULL;
3891 g_autoptr(SocketAddressList) wsaddr_list = NULL;
3892 SocketAddressList **wsaddr_tail = &wsaddr_list;
3893 QemuOptsIter addriter;
3894 const char *addr;
3895 int to = qemu_opt_get_number(opts, "to", 0);
3896 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3897 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3898 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3899 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3900 int displaynum = -1;
3901
3902 addr = qemu_opt_get(opts, "vnc");
3903 if (addr == NULL || g_str_equal(addr, "none")) {
3904 return 0;
3905 }
3906 if (qemu_opt_get(opts, "websocket") &&
3907 !qcrypto_hash_supports(QCRYPTO_HASH_ALGO_SHA1)) {
3908 error_setg(errp,
3909 "SHA1 hash support is required for websockets");
3910 return -1;
3911 }
3912
3913 qemu_opt_iter_init(&addriter, opts, "vnc");
3914 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3915 int rv;
3916 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3917 has_ipv4, has_ipv6,
3918 ipv4, ipv6,
3919 &saddr, errp);
3920 if (rv < 0) {
3921 return -1;
3922 }
3923 /* Historical compat - first listen address can be used
3924 * to set the default websocket port
3925 */
3926 if (displaynum == -1) {
3927 displaynum = rv;
3928 }
3929 QAPI_LIST_APPEND(saddr_tail, saddr);
3930 }
3931
3932 if (saddr_list && !saddr_list->next) {
3933 single_saddr = saddr_list->value;
3934 } else {
3935 /*
3936 * If we had multiple primary displays, we don't do defaults
3937 * for websocket, and require explicit config instead.
3938 */
3939 displaynum = -1;
3940 }
3941
3942 qemu_opt_iter_init(&addriter, opts, "websocket");
3943 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3944 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3945 has_ipv4, has_ipv6,
3946 ipv4, ipv6,
3947 &wsaddr, errp) < 0) {
3948 return -1;
3949 }
3950
3951 /* Historical compat - if only a single listen address was
3952 * provided, then this is used to set the default listen
3953 * address for websocket too
3954 */
3955 if (single_saddr &&
3956 single_saddr->type == SOCKET_ADDRESS_TYPE_INET &&
3957 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3958 g_str_equal(wsaddr->u.inet.host, "") &&
3959 !g_str_equal(single_saddr->u.inet.host, "")) {
3960 g_free(wsaddr->u.inet.host);
3961 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host);
3962 }
3963
3964 QAPI_LIST_APPEND(wsaddr_tail, wsaddr);
3965 }
3966
3967 *saddr_list_ret = g_steal_pointer(&saddr_list);
3968 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list);
3969 return 0;
3970 }
3971
vnc_display_connect(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)3972 static int vnc_display_connect(VncDisplay *vd,
3973 SocketAddressList *saddr_list,
3974 SocketAddressList *wsaddr_list,
3975 Error **errp)
3976 {
3977 /* connect to viewer */
3978 QIOChannelSocket *sioc = NULL;
3979 if (wsaddr_list) {
3980 error_setg(errp, "Cannot use websockets in reverse mode");
3981 return -1;
3982 }
3983 if (!saddr_list || saddr_list->next) {
3984 error_setg(errp, "Expected a single address in reverse mode");
3985 return -1;
3986 }
3987 sioc = qio_channel_socket_new();
3988 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3989 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) {
3990 object_unref(OBJECT(sioc));
3991 return -1;
3992 }
3993 vnc_connect(vd, sioc, false, false);
3994 object_unref(OBJECT(sioc));
3995 return 0;
3996 }
3997
3998
vnc_display_listen(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)3999 static int vnc_display_listen(VncDisplay *vd,
4000 SocketAddressList *saddr_list,
4001 SocketAddressList *wsaddr_list,
4002 Error **errp)
4003 {
4004 SocketAddressList *el;
4005
4006 if (saddr_list) {
4007 vd->listener = qio_net_listener_new();
4008 qio_net_listener_set_name(vd->listener, "vnc-listen");
4009 for (el = saddr_list; el; el = el->next) {
4010 if (qio_net_listener_open_sync(vd->listener,
4011 el->value, 1,
4012 errp) < 0) {
4013 return -1;
4014 }
4015 }
4016
4017 qio_net_listener_set_client_func(vd->listener,
4018 vnc_listen_io, vd, NULL);
4019 }
4020
4021 if (wsaddr_list) {
4022 vd->wslistener = qio_net_listener_new();
4023 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
4024 for (el = wsaddr_list; el; el = el->next) {
4025 if (qio_net_listener_open_sync(vd->wslistener,
4026 el->value, 1,
4027 errp) < 0) {
4028 return -1;
4029 }
4030 }
4031
4032 qio_net_listener_set_client_func(vd->wslistener,
4033 vnc_listen_io, vd, NULL);
4034 }
4035
4036 return 0;
4037 }
4038
vnc_display_update(DisplayUpdateOptionsVNC * arg,Error ** errp)4039 bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp)
4040 {
4041 VncDisplay *vd = vnc_display_find(NULL);
4042
4043 if (!vd) {
4044 error_setg(errp, "Can not find vnc display");
4045 return false;
4046 }
4047
4048 if (arg->has_addresses) {
4049 if (vd->listener) {
4050 qio_net_listener_disconnect(vd->listener);
4051 object_unref(OBJECT(vd->listener));
4052 vd->listener = NULL;
4053 }
4054
4055 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) {
4056 return false;
4057 }
4058 }
4059
4060 return true;
4061 }
4062
vnc_display_open(const char * id,Error ** errp)4063 void vnc_display_open(const char *id, Error **errp)
4064 {
4065 VncDisplay *vd = vnc_display_find(id);
4066 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
4067 g_autoptr(SocketAddressList) saddr_list = NULL;
4068 g_autoptr(SocketAddressList) wsaddr_list = NULL;
4069 const char *share, *device_id;
4070 QemuConsole *con;
4071 bool password = false;
4072 bool reverse = false;
4073 const char *credid;
4074 bool sasl = false;
4075 const char *tlsauthz;
4076 const char *saslauthz;
4077 int lock_key_sync = 1;
4078 int key_delay_ms;
4079 const char *audiodev;
4080 const char *passwordSecret;
4081
4082 if (!vd) {
4083 error_setg(errp, "VNC display not active");
4084 return;
4085 }
4086 vnc_display_close(vd);
4087
4088 if (!opts) {
4089 return;
4090 }
4091
4092 reverse = qemu_opt_get_bool(opts, "reverse", false);
4093 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list,
4094 errp) < 0) {
4095 goto fail;
4096 }
4097
4098
4099 passwordSecret = qemu_opt_get(opts, "password-secret");
4100 if (passwordSecret) {
4101 if (qemu_opt_get(opts, "password")) {
4102 error_setg(errp,
4103 "'password' flag is redundant with 'password-secret'");
4104 goto fail;
4105 }
4106 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret,
4107 errp);
4108 if (!vd->password) {
4109 goto fail;
4110 }
4111 password = true;
4112 } else {
4113 password = qemu_opt_get_bool(opts, "password", false);
4114 }
4115 if (password) {
4116 if (!qcrypto_cipher_supports(
4117 QCRYPTO_CIPHER_ALGO_DES, QCRYPTO_CIPHER_MODE_ECB)) {
4118 error_setg(errp,
4119 "Cipher backend does not support DES algorithm");
4120 goto fail;
4121 }
4122 }
4123
4124 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
4125 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
4126 sasl = qemu_opt_get_bool(opts, "sasl", false);
4127 #ifndef CONFIG_VNC_SASL
4128 if (sasl) {
4129 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4130 goto fail;
4131 }
4132 #endif /* CONFIG_VNC_SASL */
4133 credid = qemu_opt_get(opts, "tls-creds");
4134 if (credid) {
4135 Object *creds;
4136 creds = object_resolve_path_component(
4137 object_get_objects_root(), credid);
4138 if (!creds) {
4139 error_setg(errp, "No TLS credentials with id '%s'",
4140 credid);
4141 goto fail;
4142 }
4143 vd->tlscreds = (QCryptoTLSCreds *)
4144 object_dynamic_cast(creds,
4145 TYPE_QCRYPTO_TLS_CREDS);
4146 if (!vd->tlscreds) {
4147 error_setg(errp, "Object with id '%s' is not TLS credentials",
4148 credid);
4149 goto fail;
4150 }
4151 object_ref(OBJECT(vd->tlscreds));
4152
4153 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds,
4154 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
4155 errp)) {
4156 goto fail;
4157 }
4158 }
4159 tlsauthz = qemu_opt_get(opts, "tls-authz");
4160 if (tlsauthz && !vd->tlscreds) {
4161 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
4162 goto fail;
4163 }
4164
4165 saslauthz = qemu_opt_get(opts, "sasl-authz");
4166 if (saslauthz && !sasl) {
4167 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4168 goto fail;
4169 }
4170
4171 share = qemu_opt_get(opts, "share");
4172 if (share) {
4173 if (strcmp(share, "ignore") == 0) {
4174 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
4175 } else if (strcmp(share, "allow-exclusive") == 0) {
4176 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4177 } else if (strcmp(share, "force-shared") == 0) {
4178 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4179 } else {
4180 error_setg(errp, "unknown vnc share= option");
4181 goto fail;
4182 }
4183 } else {
4184 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4185 }
4186 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4187
4188 #ifdef CONFIG_VNC_JPEG
4189 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4190 #endif
4191 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4192 /* adaptive updates are only used with tight encoding and
4193 * if lossy updates are enabled so we can disable all the
4194 * calculations otherwise */
4195 if (!vd->lossy) {
4196 vd->non_adaptive = true;
4197 }
4198
4199 vd->power_control = qemu_opt_get_bool(opts, "power-control", false);
4200
4201 if (tlsauthz) {
4202 vd->tlsauthzid = g_strdup(tlsauthz);
4203 }
4204 #ifdef CONFIG_VNC_SASL
4205 if (sasl) {
4206 if (saslauthz) {
4207 vd->sasl.authzid = g_strdup(saslauthz);
4208 }
4209 }
4210 #endif
4211
4212 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4213 vd->tlscreds, password,
4214 sasl, false, errp) < 0) {
4215 goto fail;
4216 }
4217 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4218
4219 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4220 vd->tlscreds, password,
4221 sasl, true, errp) < 0) {
4222 goto fail;
4223 }
4224 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4225
4226 #ifdef CONFIG_VNC_SASL
4227 if (sasl && !vnc_sasl_server_init(errp)) {
4228 goto fail;
4229 }
4230 #endif
4231 vd->lock_key_sync = lock_key_sync;
4232 if (lock_key_sync) {
4233 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4234 }
4235 vd->ledstate = 0;
4236
4237 audiodev = qemu_opt_get(opts, "audiodev");
4238 if (audiodev) {
4239 vd->audio_state = audio_state_by_name(audiodev, errp);
4240 if (!vd->audio_state) {
4241 goto fail;
4242 }
4243 } else {
4244 vd->audio_state = audio_get_default_audio_state(NULL);
4245 }
4246
4247 device_id = qemu_opt_get(opts, "display");
4248 if (device_id) {
4249 int head = qemu_opt_get_number(opts, "head", 0);
4250 Error *err = NULL;
4251
4252 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4253 if (err) {
4254 error_propagate(errp, err);
4255 goto fail;
4256 }
4257 } else {
4258 con = qemu_console_lookup_default();
4259 }
4260
4261 if (con != vd->dcl.con) {
4262 qkbd_state_free(vd->kbd);
4263 unregister_displaychangelistener(&vd->dcl);
4264 vd->dcl.con = con;
4265 register_displaychangelistener(&vd->dcl);
4266 vd->kbd = qkbd_state_init(vd->dcl.con);
4267 }
4268 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4269
4270 if (saddr_list == NULL) {
4271 return;
4272 }
4273
4274 if (reverse) {
4275 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) {
4276 goto fail;
4277 }
4278 } else {
4279 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) {
4280 goto fail;
4281 }
4282 }
4283
4284 if (qemu_opt_get(opts, "to")) {
4285 vnc_display_print_local_addr(vd);
4286 }
4287
4288 /* Success */
4289 return;
4290
4291 fail:
4292 vnc_display_close(vd);
4293 }
4294
vnc_display_add_client(const char * id,int csock,bool skipauth)4295 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4296 {
4297 VncDisplay *vd = vnc_display_find(id);
4298 QIOChannelSocket *sioc;
4299
4300 if (!vd) {
4301 return;
4302 }
4303
4304 sioc = qio_channel_socket_new_fd(csock, NULL);
4305 if (sioc) {
4306 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4307 vnc_connect(vd, sioc, skipauth, false);
4308 object_unref(OBJECT(sioc));
4309 }
4310 }
4311
vnc_auto_assign_id(QemuOptsList * olist,QemuOpts * opts)4312 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4313 {
4314 int i = 2;
4315 char *id;
4316
4317 id = g_strdup("default");
4318 while (qemu_opts_find(olist, id)) {
4319 g_free(id);
4320 id = g_strdup_printf("vnc%d", i++);
4321 }
4322 qemu_opts_set_id(opts, id);
4323 }
4324
vnc_parse(const char * str)4325 void vnc_parse(const char *str)
4326 {
4327 QemuOptsList *olist = qemu_find_opts("vnc");
4328 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str));
4329 const char *id;
4330
4331 if (!opts) {
4332 exit(1);
4333 }
4334
4335 id = qemu_opts_id(opts);
4336 if (!id) {
4337 /* auto-assign id if not present */
4338 vnc_auto_assign_id(olist, opts);
4339 }
4340 }
4341
vnc_init_func(void * opaque,QemuOpts * opts,Error ** errp)4342 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4343 {
4344 Error *local_err = NULL;
4345 char *id = (char *)qemu_opts_id(opts);
4346
4347 assert(id);
4348 vnc_display_init(id, &local_err);
4349 if (local_err) {
4350 error_propagate(errp, local_err);
4351 return -1;
4352 }
4353 vnc_display_open(id, &local_err);
4354 if (local_err != NULL) {
4355 error_propagate(errp, local_err);
4356 return -1;
4357 }
4358 return 0;
4359 }
4360
vnc_register_config(void)4361 static void vnc_register_config(void)
4362 {
4363 qemu_add_opts(&qemu_vnc_opts);
4364 }
4365 opts_init(vnc_register_config);
4366