1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev-core.h"
32 #include "system/system.h"
33 #include "system/runstate.h"
34 #include "qemu/error-report.h"
35 #include "qemu/main-loop.h"
36 #include "qemu/module.h"
37 #include "qemu/option.h"
38 #include "qemu/sockets.h"
39 #include "qemu/timer.h"
40 #include "authz/list.h"
41 #include "qemu/config-file.h"
42 #include "qapi/qapi-emit-events.h"
43 #include "qapi/qapi-events-ui.h"
44 #include "qapi/error.h"
45 #include "qapi/qapi-commands-ui.h"
46 #include "ui/input.h"
47 #include "crypto/hash.h"
48 #include "crypto/tlscreds.h"
49 #include "crypto/tlscredsanon.h"
50 #include "crypto/tlscredsx509.h"
51 #include "crypto/random.h"
52 #include "crypto/secret_common.h"
53 #include "qom/object_interfaces.h"
54 #include "qemu/cutils.h"
55 #include "qemu/help_option.h"
56 #include "io/dns-resolver.h"
57 #include "monitor/monitor.h"
58
59 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
60 #define VNC_REFRESH_INTERVAL_INC 50
61 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
62 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
63 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
64
65 #include "vnc_keysym.h"
66 #include "crypto/cipher.h"
67
68 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
69 QTAILQ_HEAD_INITIALIZER(vnc_displays);
70
71 static int vnc_cursor_define(VncState *vs);
72 static void vnc_update_throttle_offset(VncState *vs);
73
vnc_set_share_mode(VncState * vs,VncShareMode mode)74 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
75 {
76 #ifdef _VNC_DEBUG
77 static const char *mn[] = {
78 [0] = "undefined",
79 [VNC_SHARE_MODE_CONNECTING] = "connecting",
80 [VNC_SHARE_MODE_SHARED] = "shared",
81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
83 };
84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
85 vs->ioc, mn[vs->share_mode], mn[mode]);
86 #endif
87
88 switch (vs->share_mode) {
89 case VNC_SHARE_MODE_CONNECTING:
90 vs->vd->num_connecting--;
91 break;
92 case VNC_SHARE_MODE_SHARED:
93 vs->vd->num_shared--;
94 break;
95 case VNC_SHARE_MODE_EXCLUSIVE:
96 vs->vd->num_exclusive--;
97 break;
98 default:
99 break;
100 }
101
102 vs->share_mode = mode;
103
104 switch (vs->share_mode) {
105 case VNC_SHARE_MODE_CONNECTING:
106 vs->vd->num_connecting++;
107 break;
108 case VNC_SHARE_MODE_SHARED:
109 vs->vd->num_shared++;
110 break;
111 case VNC_SHARE_MODE_EXCLUSIVE:
112 vs->vd->num_exclusive++;
113 break;
114 default:
115 break;
116 }
117 }
118
119
vnc_init_basic_info(SocketAddress * addr,VncBasicInfo * info,Error ** errp)120 static void vnc_init_basic_info(SocketAddress *addr,
121 VncBasicInfo *info,
122 Error **errp)
123 {
124 switch (addr->type) {
125 case SOCKET_ADDRESS_TYPE_INET:
126 info->host = g_strdup(addr->u.inet.host);
127 info->service = g_strdup(addr->u.inet.port);
128 if (addr->u.inet.ipv6) {
129 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
130 } else {
131 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
132 }
133 break;
134
135 case SOCKET_ADDRESS_TYPE_UNIX:
136 info->host = g_strdup("");
137 info->service = g_strdup(addr->u.q_unix.path);
138 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
139 break;
140
141 case SOCKET_ADDRESS_TYPE_VSOCK:
142 case SOCKET_ADDRESS_TYPE_FD:
143 error_setg(errp, "Unsupported socket address type %s",
144 SocketAddressType_str(addr->type));
145 break;
146 default:
147 abort();
148 }
149 }
150
vnc_init_basic_info_from_server_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)151 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
152 VncBasicInfo *info,
153 Error **errp)
154 {
155 SocketAddress *addr = NULL;
156
157 if (!ioc) {
158 error_setg(errp, "No listener socket available");
159 return;
160 }
161
162 addr = qio_channel_socket_get_local_address(ioc, errp);
163 if (!addr) {
164 return;
165 }
166
167 vnc_init_basic_info(addr, info, errp);
168 qapi_free_SocketAddress(addr);
169 }
170
vnc_init_basic_info_from_remote_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)171 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
172 VncBasicInfo *info,
173 Error **errp)
174 {
175 SocketAddress *addr = NULL;
176
177 addr = qio_channel_socket_get_remote_address(ioc, errp);
178 if (!addr) {
179 return;
180 }
181
182 vnc_init_basic_info(addr, info, errp);
183 qapi_free_SocketAddress(addr);
184 }
185
vnc_auth_name(VncDisplay * vd)186 static const char *vnc_auth_name(VncDisplay *vd) {
187 switch (vd->auth) {
188 case VNC_AUTH_INVALID:
189 return "invalid";
190 case VNC_AUTH_NONE:
191 return "none";
192 case VNC_AUTH_VNC:
193 return "vnc";
194 case VNC_AUTH_RA2:
195 return "ra2";
196 case VNC_AUTH_RA2NE:
197 return "ra2ne";
198 case VNC_AUTH_TIGHT:
199 return "tight";
200 case VNC_AUTH_ULTRA:
201 return "ultra";
202 case VNC_AUTH_TLS:
203 return "tls";
204 case VNC_AUTH_VENCRYPT:
205 switch (vd->subauth) {
206 case VNC_AUTH_VENCRYPT_PLAIN:
207 return "vencrypt+plain";
208 case VNC_AUTH_VENCRYPT_TLSNONE:
209 return "vencrypt+tls+none";
210 case VNC_AUTH_VENCRYPT_TLSVNC:
211 return "vencrypt+tls+vnc";
212 case VNC_AUTH_VENCRYPT_TLSPLAIN:
213 return "vencrypt+tls+plain";
214 case VNC_AUTH_VENCRYPT_X509NONE:
215 return "vencrypt+x509+none";
216 case VNC_AUTH_VENCRYPT_X509VNC:
217 return "vencrypt+x509+vnc";
218 case VNC_AUTH_VENCRYPT_X509PLAIN:
219 return "vencrypt+x509+plain";
220 case VNC_AUTH_VENCRYPT_TLSSASL:
221 return "vencrypt+tls+sasl";
222 case VNC_AUTH_VENCRYPT_X509SASL:
223 return "vencrypt+x509+sasl";
224 default:
225 return "vencrypt";
226 }
227 case VNC_AUTH_SASL:
228 return "sasl";
229 }
230 return "unknown";
231 }
232
vnc_server_info_get(VncDisplay * vd)233 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
234 {
235 VncServerInfo *info;
236 Error *err = NULL;
237
238 if (!vd->listener || !vd->listener->nsioc) {
239 return NULL;
240 }
241
242 info = g_malloc0(sizeof(*info));
243 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
244 qapi_VncServerInfo_base(info), &err);
245 info->auth = g_strdup(vnc_auth_name(vd));
246 if (err) {
247 qapi_free_VncServerInfo(info);
248 info = NULL;
249 error_free(err);
250 }
251 return info;
252 }
253
vnc_client_cache_auth(VncState * client)254 static void vnc_client_cache_auth(VncState *client)
255 {
256 if (!client->info) {
257 return;
258 }
259
260 if (client->tls) {
261 client->info->x509_dname =
262 qcrypto_tls_session_get_peer_name(client->tls);
263 }
264 #ifdef CONFIG_VNC_SASL
265 if (client->sasl.conn &&
266 client->sasl.username) {
267 client->info->sasl_username = g_strdup(client->sasl.username);
268 }
269 #endif
270 }
271
vnc_client_cache_addr(VncState * client)272 static void vnc_client_cache_addr(VncState *client)
273 {
274 Error *err = NULL;
275
276 client->info = g_malloc0(sizeof(*client->info));
277 vnc_init_basic_info_from_remote_addr(client->sioc,
278 qapi_VncClientInfo_base(client->info),
279 &err);
280 client->info->websocket = client->websocket;
281 if (err) {
282 qapi_free_VncClientInfo(client->info);
283 client->info = NULL;
284 error_free(err);
285 }
286 }
287
vnc_qmp_event(VncState * vs,QAPIEvent event)288 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
289 {
290 VncServerInfo *si;
291
292 if (!vs->info) {
293 return;
294 }
295
296 si = vnc_server_info_get(vs->vd);
297 if (!si) {
298 return;
299 }
300
301 switch (event) {
302 case QAPI_EVENT_VNC_CONNECTED:
303 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
304 break;
305 case QAPI_EVENT_VNC_INITIALIZED:
306 qapi_event_send_vnc_initialized(si, vs->info);
307 break;
308 case QAPI_EVENT_VNC_DISCONNECTED:
309 qapi_event_send_vnc_disconnected(si, vs->info);
310 break;
311 default:
312 break;
313 }
314
315 qapi_free_VncServerInfo(si);
316 }
317
qmp_query_vnc_client(const VncState * client)318 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
319 {
320 VncClientInfo *info;
321 Error *err = NULL;
322
323 info = g_malloc0(sizeof(*info));
324
325 vnc_init_basic_info_from_remote_addr(client->sioc,
326 qapi_VncClientInfo_base(info),
327 &err);
328 if (err) {
329 error_free(err);
330 qapi_free_VncClientInfo(info);
331 return NULL;
332 }
333
334 info->websocket = client->websocket;
335
336 if (client->tls) {
337 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
338 }
339 #ifdef CONFIG_VNC_SASL
340 if (client->sasl.conn && client->sasl.username) {
341 info->sasl_username = g_strdup(client->sasl.username);
342 }
343 #endif
344
345 return info;
346 }
347
vnc_display_find(const char * id)348 static VncDisplay *vnc_display_find(const char *id)
349 {
350 VncDisplay *vd;
351
352 if (id == NULL) {
353 return QTAILQ_FIRST(&vnc_displays);
354 }
355 QTAILQ_FOREACH(vd, &vnc_displays, next) {
356 if (strcmp(id, vd->id) == 0) {
357 return vd;
358 }
359 }
360 return NULL;
361 }
362
qmp_query_client_list(VncDisplay * vd)363 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
364 {
365 VncClientInfoList *prev = NULL;
366 VncState *client;
367
368 QTAILQ_FOREACH(client, &vd->clients, next) {
369 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client));
370 }
371 return prev;
372 }
373
qmp_query_vnc(Error ** errp)374 VncInfo *qmp_query_vnc(Error **errp)
375 {
376 VncInfo *info = g_malloc0(sizeof(*info));
377 VncDisplay *vd = vnc_display_find(NULL);
378 SocketAddress *addr = NULL;
379
380 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
381 info->enabled = false;
382 } else {
383 info->enabled = true;
384
385 /* for compatibility with the original command */
386 info->has_clients = true;
387 info->clients = qmp_query_client_list(vd);
388
389 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
390 errp);
391 if (!addr) {
392 goto out_error;
393 }
394
395 switch (addr->type) {
396 case SOCKET_ADDRESS_TYPE_INET:
397 info->host = g_strdup(addr->u.inet.host);
398 info->service = g_strdup(addr->u.inet.port);
399 if (addr->u.inet.ipv6) {
400 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
401 } else {
402 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
403 }
404 break;
405
406 case SOCKET_ADDRESS_TYPE_UNIX:
407 info->host = g_strdup("");
408 info->service = g_strdup(addr->u.q_unix.path);
409 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
410 break;
411
412 case SOCKET_ADDRESS_TYPE_VSOCK:
413 case SOCKET_ADDRESS_TYPE_FD:
414 error_setg(errp, "Unsupported socket address type %s",
415 SocketAddressType_str(addr->type));
416 goto out_error;
417 default:
418 abort();
419 }
420
421 info->has_family = true;
422
423 info->auth = g_strdup(vnc_auth_name(vd));
424 }
425
426 qapi_free_SocketAddress(addr);
427 return info;
428
429 out_error:
430 qapi_free_SocketAddress(addr);
431 qapi_free_VncInfo(info);
432 return NULL;
433 }
434
435
436 static void qmp_query_auth(int auth, int subauth,
437 VncPrimaryAuth *qmp_auth,
438 VncVencryptSubAuth *qmp_vencrypt,
439 bool *qmp_has_vencrypt);
440
qmp_query_server_entry(QIOChannelSocket * ioc,bool websocket,int auth,int subauth,VncServerInfo2List * prev)441 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
442 bool websocket,
443 int auth,
444 int subauth,
445 VncServerInfo2List *prev)
446 {
447 VncServerInfo2 *info;
448 Error *err = NULL;
449 SocketAddress *addr;
450
451 addr = qio_channel_socket_get_local_address(ioc, NULL);
452 if (!addr) {
453 return prev;
454 }
455
456 info = g_new0(VncServerInfo2, 1);
457 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
458 qapi_free_SocketAddress(addr);
459 if (err) {
460 qapi_free_VncServerInfo2(info);
461 error_free(err);
462 return prev;
463 }
464 info->websocket = websocket;
465
466 qmp_query_auth(auth, subauth, &info->auth,
467 &info->vencrypt, &info->has_vencrypt);
468
469 QAPI_LIST_PREPEND(prev, info);
470 return prev;
471 }
472
qmp_query_auth(int auth,int subauth,VncPrimaryAuth * qmp_auth,VncVencryptSubAuth * qmp_vencrypt,bool * qmp_has_vencrypt)473 static void qmp_query_auth(int auth, int subauth,
474 VncPrimaryAuth *qmp_auth,
475 VncVencryptSubAuth *qmp_vencrypt,
476 bool *qmp_has_vencrypt)
477 {
478 switch (auth) {
479 case VNC_AUTH_VNC:
480 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
481 break;
482 case VNC_AUTH_RA2:
483 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
484 break;
485 case VNC_AUTH_RA2NE:
486 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
487 break;
488 case VNC_AUTH_TIGHT:
489 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
490 break;
491 case VNC_AUTH_ULTRA:
492 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
493 break;
494 case VNC_AUTH_TLS:
495 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
496 break;
497 case VNC_AUTH_VENCRYPT:
498 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
499 *qmp_has_vencrypt = true;
500 switch (subauth) {
501 case VNC_AUTH_VENCRYPT_PLAIN:
502 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
503 break;
504 case VNC_AUTH_VENCRYPT_TLSNONE:
505 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
506 break;
507 case VNC_AUTH_VENCRYPT_TLSVNC:
508 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
509 break;
510 case VNC_AUTH_VENCRYPT_TLSPLAIN:
511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
512 break;
513 case VNC_AUTH_VENCRYPT_X509NONE:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
515 break;
516 case VNC_AUTH_VENCRYPT_X509VNC:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
518 break;
519 case VNC_AUTH_VENCRYPT_X509PLAIN:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
521 break;
522 case VNC_AUTH_VENCRYPT_TLSSASL:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
524 break;
525 case VNC_AUTH_VENCRYPT_X509SASL:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
527 break;
528 default:
529 *qmp_has_vencrypt = false;
530 break;
531 }
532 break;
533 case VNC_AUTH_SASL:
534 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
535 break;
536 case VNC_AUTH_NONE:
537 default:
538 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
539 break;
540 }
541 }
542
qmp_query_vnc_servers(Error ** errp)543 VncInfo2List *qmp_query_vnc_servers(Error **errp)
544 {
545 VncInfo2List *prev = NULL;
546 VncInfo2 *info;
547 VncDisplay *vd;
548 DeviceState *dev;
549 size_t i;
550
551 QTAILQ_FOREACH(vd, &vnc_displays, next) {
552 info = g_new0(VncInfo2, 1);
553 info->id = g_strdup(vd->id);
554 info->clients = qmp_query_client_list(vd);
555 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
556 &info->vencrypt, &info->has_vencrypt);
557 if (vd->dcl.con) {
558 Object *obj = object_property_get_link(OBJECT(vd->dcl.con),
559 "device", NULL);
560 if (obj) {
561 dev = DEVICE(obj);
562 info->display = g_strdup(dev->id);
563 }
564 }
565 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
566 info->server = qmp_query_server_entry(
567 vd->listener->sioc[i], false, vd->auth, vd->subauth,
568 info->server);
569 }
570 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
571 info->server = qmp_query_server_entry(
572 vd->wslistener->sioc[i], true, vd->ws_auth,
573 vd->ws_subauth, info->server);
574 }
575
576 QAPI_LIST_PREPEND(prev, info);
577 }
578 return prev;
579 }
580
vnc_display_reload_certs(const char * id,Error ** errp)581 bool vnc_display_reload_certs(const char *id, Error **errp)
582 {
583 VncDisplay *vd = vnc_display_find(id);
584 QCryptoTLSCredsClass *creds = NULL;
585
586 if (!vd) {
587 error_setg(errp, "Can not find vnc display");
588 return false;
589 }
590
591 if (!vd->tlscreds) {
592 error_setg(errp, "vnc tls is not enabled");
593 return false;
594 }
595
596 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
597 if (creds->reload == NULL) {
598 error_setg(errp, "%s doesn't support to reload TLS credential",
599 object_get_typename(OBJECT(vd->tlscreds)));
600 return false;
601 }
602 if (!creds->reload(vd->tlscreds, errp)) {
603 return false;
604 }
605
606 return true;
607 }
608
609 /* TODO
610 1) Get the queue working for IO.
611 2) there is some weirdness when using the -S option (the screen is grey
612 and not totally invalidated
613 3) resolutions > 1024
614 */
615
616 static int vnc_update_client(VncState *vs, int has_dirty);
617 static void vnc_disconnect_start(VncState *vs);
618
619 static void vnc_colordepth(VncState *vs);
620 static void framebuffer_update_request(VncState *vs, int incremental,
621 int x_position, int y_position,
622 int w, int h);
623 static void vnc_refresh(DisplayChangeListener *dcl);
624 static int vnc_refresh_server_surface(VncDisplay *vd);
625
vnc_width(VncDisplay * vd)626 static int vnc_width(VncDisplay *vd)
627 {
628 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
629 VNC_DIRTY_PIXELS_PER_BIT));
630 }
631
vnc_true_width(VncDisplay * vd)632 static int vnc_true_width(VncDisplay *vd)
633 {
634 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds));
635 }
636
vnc_height(VncDisplay * vd)637 static int vnc_height(VncDisplay *vd)
638 {
639 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
640 }
641
642 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
643 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
644 VncDisplay *vd,
645 int x, int y, int w, int h)
646 {
647 int width = vnc_width(vd);
648 int height = vnc_height(vd);
649
650 /* this is needed this to ensure we updated all affected
651 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
652 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
653 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
654
655 x = MIN(x, width);
656 y = MIN(y, height);
657 w = MIN(x + w, width) - x;
658 h = MIN(y + h, height);
659
660 for (; y < h; y++) {
661 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
662 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
663 }
664 }
665
vnc_dpy_update(DisplayChangeListener * dcl,int x,int y,int w,int h)666 static void vnc_dpy_update(DisplayChangeListener *dcl,
667 int x, int y, int w, int h)
668 {
669 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
670 struct VncSurface *s = &vd->guest;
671
672 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
673 }
674
vnc_framebuffer_update(VncState * vs,int x,int y,int w,int h,int32_t encoding)675 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
676 int32_t encoding)
677 {
678 vnc_write_u16(vs, x);
679 vnc_write_u16(vs, y);
680 vnc_write_u16(vs, w);
681 vnc_write_u16(vs, h);
682
683 vnc_write_s32(vs, encoding);
684 }
685
vnc_desktop_resize_ext(VncState * vs,int reject_reason)686 static void vnc_desktop_resize_ext(VncState *vs, int reject_reason)
687 {
688 trace_vnc_msg_server_ext_desktop_resize(
689 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason);
690
691 vnc_lock_output(vs);
692 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
693 vnc_write_u8(vs, 0);
694 vnc_write_u16(vs, 1); /* number of rects */
695 vnc_framebuffer_update(vs,
696 reject_reason ? 1 : 0,
697 reject_reason,
698 vs->client_width, vs->client_height,
699 VNC_ENCODING_DESKTOP_RESIZE_EXT);
700 vnc_write_u8(vs, 1); /* number of screens */
701 vnc_write_u8(vs, 0); /* padding */
702 vnc_write_u8(vs, 0); /* padding */
703 vnc_write_u8(vs, 0); /* padding */
704 vnc_write_u32(vs, 0); /* screen id */
705 vnc_write_u16(vs, 0); /* screen x-pos */
706 vnc_write_u16(vs, 0); /* screen y-pos */
707 vnc_write_u16(vs, vs->client_width);
708 vnc_write_u16(vs, vs->client_height);
709 vnc_write_u32(vs, 0); /* screen flags */
710 vnc_unlock_output(vs);
711 vnc_flush(vs);
712 }
713
vnc_desktop_resize(VncState * vs)714 static void vnc_desktop_resize(VncState *vs)
715 {
716 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) &&
717 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) {
718 return;
719 }
720 if (vs->client_width == vs->vd->true_width &&
721 vs->client_height == pixman_image_get_height(vs->vd->server)) {
722 return;
723 }
724
725 assert(vs->vd->true_width < 65536 &&
726 vs->vd->true_width >= 0);
727 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
728 pixman_image_get_height(vs->vd->server) >= 0);
729 vs->client_width = vs->vd->true_width;
730 vs->client_height = pixman_image_get_height(vs->vd->server);
731
732 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
733 vnc_desktop_resize_ext(vs, 0);
734 return;
735 }
736
737 trace_vnc_msg_server_desktop_resize(
738 vs, vs->ioc, vs->client_width, vs->client_height);
739
740 vnc_lock_output(vs);
741 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
742 vnc_write_u8(vs, 0);
743 vnc_write_u16(vs, 1); /* number of rects */
744 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
745 VNC_ENCODING_DESKTOPRESIZE);
746 vnc_unlock_output(vs);
747 vnc_flush(vs);
748 }
749
vnc_abort_display_jobs(VncDisplay * vd)750 static void vnc_abort_display_jobs(VncDisplay *vd)
751 {
752 VncState *vs;
753
754 QTAILQ_FOREACH(vs, &vd->clients, next) {
755 vnc_lock_output(vs);
756 vs->abort = true;
757 vnc_unlock_output(vs);
758 }
759 QTAILQ_FOREACH(vs, &vd->clients, next) {
760 vnc_jobs_join(vs);
761 }
762 QTAILQ_FOREACH(vs, &vd->clients, next) {
763 vnc_lock_output(vs);
764 if (vs->update == VNC_STATE_UPDATE_NONE &&
765 vs->job_update != VNC_STATE_UPDATE_NONE) {
766 /* job aborted before completion */
767 vs->update = vs->job_update;
768 vs->job_update = VNC_STATE_UPDATE_NONE;
769 }
770 vs->abort = false;
771 vnc_unlock_output(vs);
772 }
773 }
774
vnc_server_fb_stride(VncDisplay * vd)775 int vnc_server_fb_stride(VncDisplay *vd)
776 {
777 return pixman_image_get_stride(vd->server);
778 }
779
vnc_server_fb_ptr(VncDisplay * vd,int x,int y)780 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
781 {
782 uint8_t *ptr;
783
784 ptr = (uint8_t *)pixman_image_get_data(vd->server);
785 ptr += y * vnc_server_fb_stride(vd);
786 ptr += x * VNC_SERVER_FB_BYTES;
787 return ptr;
788 }
789
vnc_update_server_surface(VncDisplay * vd)790 static void vnc_update_server_surface(VncDisplay *vd)
791 {
792 int width, height;
793
794 qemu_pixman_image_unref(vd->server);
795 vd->server = NULL;
796
797 if (QTAILQ_EMPTY(&vd->clients)) {
798 return;
799 }
800
801 width = vnc_width(vd);
802 height = vnc_height(vd);
803 vd->true_width = vnc_true_width(vd);
804 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
805 width, height,
806 NULL, 0);
807
808 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
809 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
810 width, height);
811 }
812
vnc_check_pageflip(DisplaySurface * s1,DisplaySurface * s2)813 static bool vnc_check_pageflip(DisplaySurface *s1,
814 DisplaySurface *s2)
815 {
816 return (s1 != NULL &&
817 s2 != NULL &&
818 surface_width(s1) == surface_width(s2) &&
819 surface_height(s1) == surface_height(s2) &&
820 surface_format(s1) == surface_format(s2));
821
822 }
823
vnc_dpy_switch(DisplayChangeListener * dcl,DisplaySurface * surface)824 static void vnc_dpy_switch(DisplayChangeListener *dcl,
825 DisplaySurface *surface)
826 {
827 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
828 bool pageflip = vnc_check_pageflip(vd->ds, surface);
829 VncState *vs;
830
831 vnc_abort_display_jobs(vd);
832 vd->ds = surface;
833
834 /* guest surface */
835 qemu_pixman_image_unref(vd->guest.fb);
836 vd->guest.fb = pixman_image_ref(surface->image);
837 vd->guest.format = surface_format(surface);
838
839
840 if (pageflip) {
841 trace_vnc_server_dpy_pageflip(vd,
842 surface_width(surface),
843 surface_height(surface),
844 surface_format(surface));
845 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
846 surface_width(surface),
847 surface_height(surface));
848 return;
849 }
850
851 trace_vnc_server_dpy_recreate(vd,
852 surface_width(surface),
853 surface_height(surface),
854 surface_format(surface));
855 /* server surface */
856 vnc_update_server_surface(vd);
857
858 QTAILQ_FOREACH(vs, &vd->clients, next) {
859 vnc_colordepth(vs);
860 vnc_desktop_resize(vs);
861 vnc_cursor_define(vs);
862 memset(vs->dirty, 0x00, sizeof(vs->dirty));
863 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
864 vnc_width(vd),
865 vnc_height(vd));
866 vnc_update_throttle_offset(vs);
867 }
868 }
869
870 /* fastest code */
vnc_write_pixels_copy(VncState * vs,void * pixels,int size)871 static void vnc_write_pixels_copy(VncState *vs,
872 void *pixels, int size)
873 {
874 vnc_write(vs, pixels, size);
875 }
876
877 /* slowest but generic code. */
vnc_convert_pixel(VncState * vs,uint8_t * buf,uint32_t v)878 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
879 {
880 uint8_t r, g, b;
881
882 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
883 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
884 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
885 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
886 #else
887 # error need some bits here if you change VNC_SERVER_FB_FORMAT
888 #endif
889 v = (r << vs->client_pf.rshift) |
890 (g << vs->client_pf.gshift) |
891 (b << vs->client_pf.bshift);
892 switch (vs->client_pf.bytes_per_pixel) {
893 case 1:
894 buf[0] = v;
895 break;
896 case 2:
897 if (vs->client_endian == G_BIG_ENDIAN) {
898 buf[0] = v >> 8;
899 buf[1] = v;
900 } else {
901 buf[1] = v >> 8;
902 buf[0] = v;
903 }
904 break;
905 default:
906 case 4:
907 if (vs->client_endian == G_BIG_ENDIAN) {
908 buf[0] = v >> 24;
909 buf[1] = v >> 16;
910 buf[2] = v >> 8;
911 buf[3] = v;
912 } else {
913 buf[3] = v >> 24;
914 buf[2] = v >> 16;
915 buf[1] = v >> 8;
916 buf[0] = v;
917 }
918 break;
919 }
920 }
921
vnc_write_pixels_generic(VncState * vs,void * pixels1,int size)922 static void vnc_write_pixels_generic(VncState *vs,
923 void *pixels1, int size)
924 {
925 uint8_t buf[4];
926
927 if (VNC_SERVER_FB_BYTES == 4) {
928 uint32_t *pixels = pixels1;
929 int n, i;
930 n = size >> 2;
931 for (i = 0; i < n; i++) {
932 vnc_convert_pixel(vs, buf, pixels[i]);
933 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
934 }
935 }
936 }
937
vnc_raw_send_framebuffer_update(VncState * vs,int x,int y,int w,int h)938 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
939 {
940 int i;
941 uint8_t *row;
942 VncDisplay *vd = vs->vd;
943
944 row = vnc_server_fb_ptr(vd, x, y);
945 for (i = 0; i < h; i++) {
946 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
947 row += vnc_server_fb_stride(vd);
948 }
949 return 1;
950 }
951
vnc_send_framebuffer_update(VncState * vs,VncWorker * worker,int x,int y,int w,int h)952 int vnc_send_framebuffer_update(VncState *vs, VncWorker *worker,
953 int x, int y, int w, int h)
954 {
955 int n = 0;
956
957 switch(vs->vnc_encoding) {
958 case VNC_ENCODING_ZLIB:
959 n = vnc_zlib_send_framebuffer_update(vs, worker, x, y, w, h);
960 break;
961 case VNC_ENCODING_HEXTILE:
962 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
963 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
964 break;
965 case VNC_ENCODING_TIGHT:
966 n = vnc_tight_send_framebuffer_update(vs, worker, x, y, w, h);
967 break;
968 case VNC_ENCODING_TIGHT_PNG:
969 n = vnc_tight_png_send_framebuffer_update(vs, worker, x, y, w, h);
970 break;
971 case VNC_ENCODING_ZRLE:
972 n = vnc_zrle_send_framebuffer_update(vs, worker, x, y, w, h);
973 break;
974 case VNC_ENCODING_ZYWRLE:
975 n = vnc_zywrle_send_framebuffer_update(vs, worker, x, y, w, h);
976 break;
977 default:
978 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
979 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
980 break;
981 }
982 return n;
983 }
984
vnc_mouse_set(DisplayChangeListener * dcl,int x,int y,bool visible)985 static void vnc_mouse_set(DisplayChangeListener *dcl,
986 int x, int y, bool visible)
987 {
988 /* can we ask the client(s) to move the pointer ??? */
989 }
990
vnc_cursor_define(VncState * vs)991 static int vnc_cursor_define(VncState *vs)
992 {
993 QEMUCursor *c = qemu_console_get_cursor(vs->vd->dcl.con);
994 int isize;
995
996 if (!c) {
997 return -1;
998 }
999
1000 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) {
1001 vnc_lock_output(vs);
1002 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1003 vnc_write_u8(vs, 0); /* padding */
1004 vnc_write_u16(vs, 1); /* # of rects */
1005 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1006 VNC_ENCODING_ALPHA_CURSOR);
1007 vnc_write_s32(vs, VNC_ENCODING_RAW);
1008 vnc_write(vs, c->data, c->width * c->height * 4);
1009 vnc_unlock_output(vs);
1010 return 0;
1011 }
1012 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1013 vnc_lock_output(vs);
1014 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1015 vnc_write_u8(vs, 0); /* padding */
1016 vnc_write_u16(vs, 1); /* # of rects */
1017 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1018 VNC_ENCODING_RICH_CURSOR);
1019 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1020 vnc_write_pixels_generic(vs, c->data, isize);
1021 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1022 vnc_unlock_output(vs);
1023 return 0;
1024 }
1025 return -1;
1026 }
1027
vnc_dpy_cursor_define(DisplayChangeListener * dcl,QEMUCursor * c)1028 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1029 QEMUCursor *c)
1030 {
1031 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1032 VncState *vs;
1033
1034 g_free(vd->cursor_mask);
1035 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1036 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1037 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1038
1039 QTAILQ_FOREACH(vs, &vd->clients, next) {
1040 vnc_cursor_define(vs);
1041 }
1042 }
1043
find_and_clear_dirty_height(VncState * vs,int y,int last_x,int x,int height)1044 static int find_and_clear_dirty_height(VncState *vs,
1045 int y, int last_x, int x, int height)
1046 {
1047 int h;
1048
1049 for (h = 1; h < (height - y); h++) {
1050 if (!test_bit(last_x, vs->dirty[y + h])) {
1051 break;
1052 }
1053 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1054 }
1055
1056 return h;
1057 }
1058
1059 /*
1060 * Figure out how much pending data we should allow in the output
1061 * buffer before we throttle incremental display updates, and/or
1062 * drop audio samples.
1063 *
1064 * We allow for equiv of 1 full display's worth of FB updates,
1065 * and 1 second of audio samples. If audio backlog was larger
1066 * than that the client would already suffering awful audio
1067 * glitches, so dropping samples is no worse really).
1068 */
vnc_update_throttle_offset(VncState * vs)1069 static void vnc_update_throttle_offset(VncState *vs)
1070 {
1071 size_t offset =
1072 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1073
1074 if (vs->audio_cap) {
1075 int bps;
1076 switch (vs->as.fmt) {
1077 default:
1078 case AUDIO_FORMAT_U8:
1079 case AUDIO_FORMAT_S8:
1080 bps = 1;
1081 break;
1082 case AUDIO_FORMAT_U16:
1083 case AUDIO_FORMAT_S16:
1084 bps = 2;
1085 break;
1086 case AUDIO_FORMAT_U32:
1087 case AUDIO_FORMAT_S32:
1088 bps = 4;
1089 break;
1090 }
1091 offset += vs->as.freq * bps * vs->as.nchannels;
1092 }
1093
1094 /* Put a floor of 1MB on offset, so that if we have a large pending
1095 * buffer and the display is resized to a small size & back again
1096 * we don't suddenly apply a tiny send limit
1097 */
1098 offset = MAX(offset, 1024 * 1024);
1099
1100 if (vs->throttle_output_offset != offset) {
1101 trace_vnc_client_throttle_threshold(
1102 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1103 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1104 }
1105
1106 vs->throttle_output_offset = offset;
1107 }
1108
vnc_should_update(VncState * vs)1109 static bool vnc_should_update(VncState *vs)
1110 {
1111 switch (vs->update) {
1112 case VNC_STATE_UPDATE_NONE:
1113 break;
1114 case VNC_STATE_UPDATE_INCREMENTAL:
1115 /* Only allow incremental updates if the pending send queue
1116 * is less than the permitted threshold, and the job worker
1117 * is completely idle.
1118 */
1119 if (vs->output.offset < vs->throttle_output_offset &&
1120 vs->job_update == VNC_STATE_UPDATE_NONE) {
1121 return true;
1122 }
1123 trace_vnc_client_throttle_incremental(
1124 vs, vs->ioc, vs->job_update, vs->output.offset);
1125 break;
1126 case VNC_STATE_UPDATE_FORCE:
1127 /* Only allow forced updates if the pending send queue
1128 * does not contain a previous forced update, and the
1129 * job worker is completely idle.
1130 *
1131 * Note this means we'll queue a forced update, even if
1132 * the output buffer size is otherwise over the throttle
1133 * output limit.
1134 */
1135 if (vs->force_update_offset == 0 &&
1136 vs->job_update == VNC_STATE_UPDATE_NONE) {
1137 return true;
1138 }
1139 trace_vnc_client_throttle_forced(
1140 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1141 break;
1142 }
1143 return false;
1144 }
1145
vnc_update_client(VncState * vs,int has_dirty)1146 static int vnc_update_client(VncState *vs, int has_dirty)
1147 {
1148 VncDisplay *vd = vs->vd;
1149 VncJob *job;
1150 int y;
1151 int height, width;
1152 int n = 0;
1153
1154 if (vs->disconnecting) {
1155 vnc_disconnect_finish(vs);
1156 return 0;
1157 }
1158
1159 vs->has_dirty += has_dirty;
1160 if (!vnc_should_update(vs)) {
1161 return 0;
1162 }
1163
1164 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1165 return 0;
1166 }
1167
1168 /*
1169 * Send screen updates to the vnc client using the server
1170 * surface and server dirty map. guest surface updates
1171 * happening in parallel don't disturb us, the next pass will
1172 * send them to the client.
1173 */
1174 job = vnc_job_new(vs);
1175
1176 height = pixman_image_get_height(vd->server);
1177 width = pixman_image_get_width(vd->server);
1178
1179 y = 0;
1180 for (;;) {
1181 int x, h;
1182 unsigned long x2;
1183 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1184 height * VNC_DIRTY_BPL(vs),
1185 y * VNC_DIRTY_BPL(vs));
1186 if (offset == height * VNC_DIRTY_BPL(vs)) {
1187 /* no more dirty bits */
1188 break;
1189 }
1190 y = offset / VNC_DIRTY_BPL(vs);
1191 x = offset % VNC_DIRTY_BPL(vs);
1192 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1193 VNC_DIRTY_BPL(vs), x);
1194 bitmap_clear(vs->dirty[y], x, x2 - x);
1195 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1196 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1197 if (x2 > x) {
1198 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1199 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1200 }
1201 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1202 y += h;
1203 if (y == height) {
1204 break;
1205 }
1206 }
1207 }
1208
1209 vs->job_update = vs->update;
1210 vs->update = VNC_STATE_UPDATE_NONE;
1211 vnc_job_push(job);
1212 vs->has_dirty = 0;
1213 return n;
1214 }
1215
1216 /* audio */
audio_capture_notify(void * opaque,audcnotification_e cmd)1217 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1218 {
1219 VncState *vs = opaque;
1220
1221 assert(vs->magic == VNC_MAGIC);
1222 switch (cmd) {
1223 case AUD_CNOTIFY_DISABLE:
1224 trace_vnc_msg_server_audio_end(vs, vs->ioc);
1225 vnc_lock_output(vs);
1226 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1227 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1228 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1229 vnc_unlock_output(vs);
1230 vnc_flush(vs);
1231 break;
1232
1233 case AUD_CNOTIFY_ENABLE:
1234 trace_vnc_msg_server_audio_begin(vs, vs->ioc);
1235 vnc_lock_output(vs);
1236 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1237 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1238 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1239 vnc_unlock_output(vs);
1240 vnc_flush(vs);
1241 break;
1242 }
1243 }
1244
audio_capture_destroy(void * opaque)1245 static void audio_capture_destroy(void *opaque)
1246 {
1247 }
1248
audio_capture(void * opaque,const void * buf,int size)1249 static void audio_capture(void *opaque, const void *buf, int size)
1250 {
1251 VncState *vs = opaque;
1252
1253 assert(vs->magic == VNC_MAGIC);
1254 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size);
1255 vnc_lock_output(vs);
1256 if (vs->output.offset < vs->throttle_output_offset) {
1257 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1258 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1259 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1260 vnc_write_u32(vs, size);
1261 vnc_write(vs, buf, size);
1262 } else {
1263 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1264 }
1265 vnc_unlock_output(vs);
1266 vnc_flush(vs);
1267 }
1268
audio_add(VncState * vs)1269 static void audio_add(VncState *vs)
1270 {
1271 struct audio_capture_ops ops;
1272
1273 if (vs->audio_cap) {
1274 error_report("audio already running");
1275 return;
1276 }
1277
1278 ops.notify = audio_capture_notify;
1279 ops.destroy = audio_capture_destroy;
1280 ops.capture = audio_capture;
1281
1282 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1283 if (!vs->audio_cap) {
1284 error_report("Failed to add audio capture");
1285 }
1286 }
1287
audio_del(VncState * vs)1288 static void audio_del(VncState *vs)
1289 {
1290 if (vs->audio_cap) {
1291 AUD_del_capture(vs->audio_cap, vs);
1292 vs->audio_cap = NULL;
1293 }
1294 }
1295
vnc_disconnect_start(VncState * vs)1296 static void vnc_disconnect_start(VncState *vs)
1297 {
1298 if (vs->disconnecting) {
1299 return;
1300 }
1301 trace_vnc_client_disconnect_start(vs, vs->ioc);
1302 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1303 if (vs->ioc_tag) {
1304 g_source_remove(vs->ioc_tag);
1305 vs->ioc_tag = 0;
1306 }
1307 qio_channel_close(vs->ioc, NULL);
1308 vs->disconnecting = TRUE;
1309 }
1310
vnc_disconnect_finish(VncState * vs)1311 void vnc_disconnect_finish(VncState *vs)
1312 {
1313 VncConnection *vc = container_of(vs, VncConnection, vs);
1314
1315 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1316
1317 vnc_jobs_join(vs); /* Wait encoding jobs */
1318
1319 vnc_lock_output(vs);
1320 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1321
1322 buffer_free(&vs->input);
1323 buffer_free(&vs->output);
1324
1325 qapi_free_VncClientInfo(vs->info);
1326
1327 vnc_zlib_clear(&vc->worker);
1328 vnc_tight_clear(&vc->worker);
1329 vnc_zrle_clear(&vc->worker);
1330
1331 #ifdef CONFIG_VNC_SASL
1332 vnc_sasl_client_cleanup(vs);
1333 #endif /* CONFIG_VNC_SASL */
1334 audio_del(vs);
1335 qkbd_state_lift_all_keys(vs->vd->kbd);
1336
1337 if (vs->mouse_mode_notifier.notify != NULL) {
1338 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1339 }
1340 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1341 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1342 /* last client gone */
1343 vnc_update_server_surface(vs->vd);
1344 }
1345 vnc_unlock_output(vs);
1346
1347 if (vs->cbpeer.notifier.notify) {
1348 qemu_clipboard_peer_unregister(&vs->cbpeer);
1349 }
1350
1351 qemu_mutex_destroy(&vs->output_mutex);
1352 if (vs->bh != NULL) {
1353 qemu_bh_delete(vs->bh);
1354 }
1355 buffer_free(&vs->jobs_buffer);
1356
1357 object_unref(OBJECT(vs->ioc));
1358 vs->ioc = NULL;
1359 object_unref(OBJECT(vs->sioc));
1360 vs->sioc = NULL;
1361 vs->magic = 0;
1362 g_free(vc);
1363 }
1364
vnc_client_io_error(VncState * vs,ssize_t ret,Error * err)1365 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1366 {
1367 if (ret <= 0) {
1368 if (ret == 0) {
1369 trace_vnc_client_eof(vs, vs->ioc);
1370 vnc_disconnect_start(vs);
1371 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1372 trace_vnc_client_io_error(vs, vs->ioc,
1373 err ? error_get_pretty(err) : "Unknown");
1374 vnc_disconnect_start(vs);
1375 }
1376
1377 error_free(err);
1378 return 0;
1379 }
1380 return ret;
1381 }
1382
1383
vnc_client_error(VncState * vs)1384 void vnc_client_error(VncState *vs)
1385 {
1386 VNC_DEBUG("Closing down client sock: protocol error\n");
1387 vnc_disconnect_start(vs);
1388 }
1389
1390
1391 /*
1392 * Called to write a chunk of data to the client socket. The data may
1393 * be the raw data, or may have already been encoded by SASL.
1394 * The data will be written either straight onto the socket, or
1395 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1396 *
1397 * NB, it is theoretically possible to have 2 layers of encryption,
1398 * both SASL, and this TLS layer. It is highly unlikely in practice
1399 * though, since SASL encryption will typically be a no-op if TLS
1400 * is active
1401 *
1402 * Returns the number of bytes written, which may be less than
1403 * the requested 'datalen' if the socket would block. Returns
1404 * 0 on I/O error, and disconnects the client socket.
1405 */
vnc_client_write_buf(VncState * vs,const uint8_t * data,size_t datalen)1406 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1407 {
1408 Error *err = NULL;
1409 ssize_t ret;
1410 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1411 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1412 return vnc_client_io_error(vs, ret, err);
1413 }
1414
1415
1416 /*
1417 * Called to write buffered data to the client socket, when not
1418 * using any SASL SSF encryption layers. Will write as much data
1419 * as possible without blocking. If all buffered data is written,
1420 * will switch the FD poll() handler back to read monitoring.
1421 *
1422 * Returns the number of bytes written, which may be less than
1423 * the buffered output data if the socket would block. Returns
1424 * 0 on I/O error, and disconnects the client socket.
1425 */
vnc_client_write_plain(VncState * vs)1426 static size_t vnc_client_write_plain(VncState *vs)
1427 {
1428 size_t offset;
1429 size_t ret;
1430
1431 #ifdef CONFIG_VNC_SASL
1432 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1433 vs->output.buffer, vs->output.capacity, vs->output.offset,
1434 vs->sasl.waitWriteSSF);
1435
1436 if (vs->sasl.conn &&
1437 vs->sasl.runSSF &&
1438 vs->sasl.waitWriteSSF) {
1439 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1440 if (ret)
1441 vs->sasl.waitWriteSSF -= ret;
1442 } else
1443 #endif /* CONFIG_VNC_SASL */
1444 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1445 if (!ret)
1446 return 0;
1447
1448 if (ret >= vs->force_update_offset) {
1449 if (vs->force_update_offset != 0) {
1450 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1451 }
1452 vs->force_update_offset = 0;
1453 } else {
1454 vs->force_update_offset -= ret;
1455 }
1456 offset = vs->output.offset;
1457 buffer_advance(&vs->output, ret);
1458 if (offset >= vs->throttle_output_offset &&
1459 vs->output.offset < vs->throttle_output_offset) {
1460 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1461 }
1462
1463 if (vs->output.offset == 0) {
1464 if (vs->ioc_tag) {
1465 g_source_remove(vs->ioc_tag);
1466 }
1467 vs->ioc_tag = qio_channel_add_watch(
1468 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1469 vnc_client_io, vs, NULL);
1470 }
1471
1472 return ret;
1473 }
1474
1475
1476 /*
1477 * First function called whenever there is data to be written to
1478 * the client socket. Will delegate actual work according to whether
1479 * SASL SSF layers are enabled (thus requiring encryption calls)
1480 */
vnc_client_write_locked(VncState * vs)1481 static void vnc_client_write_locked(VncState *vs)
1482 {
1483 #ifdef CONFIG_VNC_SASL
1484 if (vs->sasl.conn &&
1485 vs->sasl.runSSF &&
1486 !vs->sasl.waitWriteSSF) {
1487 vnc_client_write_sasl(vs);
1488 } else
1489 #endif /* CONFIG_VNC_SASL */
1490 {
1491 vnc_client_write_plain(vs);
1492 }
1493 }
1494
vnc_client_write(VncState * vs)1495 static void vnc_client_write(VncState *vs)
1496 {
1497 assert(vs->magic == VNC_MAGIC);
1498 vnc_lock_output(vs);
1499 if (vs->output.offset) {
1500 vnc_client_write_locked(vs);
1501 } else if (vs->ioc != NULL) {
1502 if (vs->ioc_tag) {
1503 g_source_remove(vs->ioc_tag);
1504 }
1505 vs->ioc_tag = qio_channel_add_watch(
1506 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1507 vnc_client_io, vs, NULL);
1508 }
1509 vnc_unlock_output(vs);
1510 }
1511
vnc_read_when(VncState * vs,VncReadEvent * func,size_t expecting)1512 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1513 {
1514 vs->read_handler = func;
1515 vs->read_handler_expect = expecting;
1516 }
1517
1518
1519 /*
1520 * Called to read a chunk of data from the client socket. The data may
1521 * be the raw data, or may need to be further decoded by SASL.
1522 * The data will be read either straight from to the socket, or
1523 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1524 *
1525 * NB, it is theoretically possible to have 2 layers of encryption,
1526 * both SASL, and this TLS layer. It is highly unlikely in practice
1527 * though, since SASL encryption will typically be a no-op if TLS
1528 * is active
1529 *
1530 * Returns the number of bytes read, which may be less than
1531 * the requested 'datalen' if the socket would block. Returns
1532 * 0 on I/O error or EOF, and disconnects the client socket.
1533 */
vnc_client_read_buf(VncState * vs,uint8_t * data,size_t datalen)1534 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1535 {
1536 ssize_t ret;
1537 Error *err = NULL;
1538 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1539 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1540 return vnc_client_io_error(vs, ret, err);
1541 }
1542
1543
1544 /*
1545 * Called to read data from the client socket to the input buffer,
1546 * when not using any SASL SSF encryption layers. Will read as much
1547 * data as possible without blocking.
1548 *
1549 * Returns the number of bytes read, which may be less than
1550 * the requested 'datalen' if the socket would block. Returns
1551 * 0 on I/O error or EOF, and disconnects the client socket.
1552 */
vnc_client_read_plain(VncState * vs)1553 static size_t vnc_client_read_plain(VncState *vs)
1554 {
1555 size_t ret;
1556 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1557 vs->input.buffer, vs->input.capacity, vs->input.offset);
1558 buffer_reserve(&vs->input, 4096);
1559 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1560 if (!ret)
1561 return 0;
1562 vs->input.offset += ret;
1563 return ret;
1564 }
1565
vnc_jobs_bh(void * opaque)1566 static void vnc_jobs_bh(void *opaque)
1567 {
1568 VncState *vs = opaque;
1569
1570 assert(vs->magic == VNC_MAGIC);
1571 vnc_jobs_consume_buffer(vs);
1572 }
1573
1574 /*
1575 * First function called whenever there is more data to be read from
1576 * the client socket. Will delegate actual work according to whether
1577 * SASL SSF layers are enabled (thus requiring decryption calls)
1578 * Returns 0 on success, -1 if client disconnected
1579 */
vnc_client_read(VncState * vs)1580 static int vnc_client_read(VncState *vs)
1581 {
1582 size_t sz;
1583
1584 #ifdef CONFIG_VNC_SASL
1585 if (vs->sasl.conn && vs->sasl.runSSF)
1586 sz = vnc_client_read_sasl(vs);
1587 else
1588 #endif /* CONFIG_VNC_SASL */
1589 sz = vnc_client_read_plain(vs);
1590 if (!sz) {
1591 if (vs->disconnecting) {
1592 vnc_disconnect_finish(vs);
1593 return -1;
1594 }
1595 return 0;
1596 }
1597
1598 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1599 size_t len = vs->read_handler_expect;
1600 int ret;
1601
1602 ret = vs->read_handler(vs, vs->input.buffer, len);
1603 if (vs->disconnecting) {
1604 vnc_disconnect_finish(vs);
1605 return -1;
1606 }
1607
1608 if (!ret) {
1609 buffer_advance(&vs->input, len);
1610 } else {
1611 vs->read_handler_expect = ret;
1612 }
1613 }
1614 return 0;
1615 }
1616
vnc_client_io(QIOChannel * ioc G_GNUC_UNUSED,GIOCondition condition,void * opaque)1617 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1618 GIOCondition condition, void *opaque)
1619 {
1620 VncState *vs = opaque;
1621
1622 assert(vs->magic == VNC_MAGIC);
1623
1624 if (condition & (G_IO_HUP | G_IO_ERR)) {
1625 vnc_disconnect_start(vs);
1626 return TRUE;
1627 }
1628
1629 if (condition & G_IO_IN) {
1630 if (vnc_client_read(vs) < 0) {
1631 /* vs is free()ed here */
1632 return TRUE;
1633 }
1634 }
1635 if (condition & G_IO_OUT) {
1636 vnc_client_write(vs);
1637 }
1638
1639 if (vs->disconnecting) {
1640 if (vs->ioc_tag != 0) {
1641 g_source_remove(vs->ioc_tag);
1642 }
1643 vs->ioc_tag = 0;
1644 }
1645 return TRUE;
1646 }
1647
1648
1649 /*
1650 * Scale factor to apply to vs->throttle_output_offset when checking for
1651 * hard limit. Worst case normal usage could be x2, if we have a complete
1652 * incremental update and complete forced update in the output buffer.
1653 * So x3 should be good enough, but we pick x5 to be conservative and thus
1654 * (hopefully) never trigger incorrectly.
1655 */
1656 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1657
vnc_write(VncState * vs,const void * data,size_t len)1658 void vnc_write(VncState *vs, const void *data, size_t len)
1659 {
1660 assert(vs->magic == VNC_MAGIC);
1661 if (vs->disconnecting) {
1662 return;
1663 }
1664 /* Protection against malicious client/guest to prevent our output
1665 * buffer growing without bound if client stops reading data. This
1666 * should rarely trigger, because we have earlier throttling code
1667 * which stops issuing framebuffer updates and drops audio data
1668 * if the throttle_output_offset value is exceeded. So we only reach
1669 * this higher level if a huge number of pseudo-encodings get
1670 * triggered while data can't be sent on the socket.
1671 *
1672 * NB throttle_output_offset can be zero during early protocol
1673 * handshake, or from the job thread's VncState clone
1674 */
1675 if (vs->throttle_output_offset != 0 &&
1676 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1677 vs->throttle_output_offset) {
1678 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1679 vs->throttle_output_offset);
1680 vnc_disconnect_start(vs);
1681 return;
1682 }
1683 buffer_reserve(&vs->output, len);
1684
1685 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1686 if (vs->ioc_tag) {
1687 g_source_remove(vs->ioc_tag);
1688 }
1689 vs->ioc_tag = qio_channel_add_watch(
1690 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
1691 vnc_client_io, vs, NULL);
1692 }
1693
1694 buffer_append(&vs->output, data, len);
1695 }
1696
vnc_write_s32(VncState * vs,int32_t value)1697 void vnc_write_s32(VncState *vs, int32_t value)
1698 {
1699 vnc_write_u32(vs, *(uint32_t *)&value);
1700 }
1701
vnc_write_u32(VncState * vs,uint32_t value)1702 void vnc_write_u32(VncState *vs, uint32_t value)
1703 {
1704 uint8_t buf[4];
1705
1706 buf[0] = (value >> 24) & 0xFF;
1707 buf[1] = (value >> 16) & 0xFF;
1708 buf[2] = (value >> 8) & 0xFF;
1709 buf[3] = value & 0xFF;
1710
1711 vnc_write(vs, buf, 4);
1712 }
1713
vnc_write_u16(VncState * vs,uint16_t value)1714 void vnc_write_u16(VncState *vs, uint16_t value)
1715 {
1716 uint8_t buf[2];
1717
1718 buf[0] = (value >> 8) & 0xFF;
1719 buf[1] = value & 0xFF;
1720
1721 vnc_write(vs, buf, 2);
1722 }
1723
vnc_write_u8(VncState * vs,uint8_t value)1724 void vnc_write_u8(VncState *vs, uint8_t value)
1725 {
1726 vnc_write(vs, (char *)&value, 1);
1727 }
1728
vnc_flush(VncState * vs)1729 void vnc_flush(VncState *vs)
1730 {
1731 vnc_lock_output(vs);
1732 if (vs->ioc != NULL && vs->output.offset) {
1733 vnc_client_write_locked(vs);
1734 }
1735 if (vs->disconnecting) {
1736 if (vs->ioc_tag != 0) {
1737 g_source_remove(vs->ioc_tag);
1738 }
1739 vs->ioc_tag = 0;
1740 }
1741 vnc_unlock_output(vs);
1742 }
1743
read_u8(uint8_t * data,size_t offset)1744 static uint8_t read_u8(uint8_t *data, size_t offset)
1745 {
1746 return data[offset];
1747 }
1748
read_u16(uint8_t * data,size_t offset)1749 static uint16_t read_u16(uint8_t *data, size_t offset)
1750 {
1751 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1752 }
1753
read_s32(uint8_t * data,size_t offset)1754 static int32_t read_s32(uint8_t *data, size_t offset)
1755 {
1756 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1757 (data[offset + 2] << 8) | data[offset + 3]);
1758 }
1759
read_u32(uint8_t * data,size_t offset)1760 uint32_t read_u32(uint8_t *data, size_t offset)
1761 {
1762 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1763 (data[offset + 2] << 8) | data[offset + 3]);
1764 }
1765
check_pointer_type_change(Notifier * notifier,void * data)1766 static void check_pointer_type_change(Notifier *notifier, void *data)
1767 {
1768 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1769 int absolute = qemu_input_is_absolute(vs->vd->dcl.con);
1770
1771 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1772 vnc_lock_output(vs);
1773 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1774 vnc_write_u8(vs, 0);
1775 vnc_write_u16(vs, 1);
1776 vnc_framebuffer_update(vs, absolute, 0,
1777 pixman_image_get_width(vs->vd->server),
1778 pixman_image_get_height(vs->vd->server),
1779 VNC_ENCODING_POINTER_TYPE_CHANGE);
1780 vnc_unlock_output(vs);
1781 vnc_flush(vs);
1782 }
1783 vs->absolute = absolute;
1784 }
1785
pointer_event(VncState * vs,int button_mask,int x,int y)1786 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1787 {
1788 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1789 [INPUT_BUTTON_LEFT] = 0x01,
1790 [INPUT_BUTTON_MIDDLE] = 0x02,
1791 [INPUT_BUTTON_RIGHT] = 0x04,
1792 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1793 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1794 };
1795 QemuConsole *con = vs->vd->dcl.con;
1796 int width = pixman_image_get_width(vs->vd->server);
1797 int height = pixman_image_get_height(vs->vd->server);
1798
1799 if (vs->last_bmask != button_mask) {
1800 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1801 vs->last_bmask = button_mask;
1802 }
1803
1804 if (vs->absolute) {
1805 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1806 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1807 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1808 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1809 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1810 } else {
1811 if (vs->last_x != -1) {
1812 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1813 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1814 }
1815 vs->last_x = x;
1816 vs->last_y = y;
1817 }
1818 qemu_input_event_sync();
1819 }
1820
press_key(VncState * vs,QKeyCode qcode)1821 static void press_key(VncState *vs, QKeyCode qcode)
1822 {
1823 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1824 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1825 }
1826
vnc_led_state_change(VncState * vs)1827 static void vnc_led_state_change(VncState *vs)
1828 {
1829 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1830 return;
1831 }
1832
1833 vnc_lock_output(vs);
1834 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1835 vnc_write_u8(vs, 0);
1836 vnc_write_u16(vs, 1);
1837 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1838 vnc_write_u8(vs, vs->vd->ledstate);
1839 vnc_unlock_output(vs);
1840 vnc_flush(vs);
1841 }
1842
kbd_leds(void * opaque,int ledstate)1843 static void kbd_leds(void *opaque, int ledstate)
1844 {
1845 VncDisplay *vd = opaque;
1846 VncState *client;
1847
1848 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1849 (ledstate & QEMU_NUM_LOCK_LED),
1850 (ledstate & QEMU_SCROLL_LOCK_LED));
1851
1852 if (ledstate == vd->ledstate) {
1853 return;
1854 }
1855
1856 vd->ledstate = ledstate;
1857
1858 QTAILQ_FOREACH(client, &vd->clients, next) {
1859 vnc_led_state_change(client);
1860 }
1861 }
1862
do_key_event(VncState * vs,int down,int keycode,int sym)1863 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1864 {
1865 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1866
1867 /* QEMU console switch */
1868 switch (qcode) {
1869 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */
1870 if (down &&
1871 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1872 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1873 QemuConsole *con = qemu_console_lookup_by_index(qcode - Q_KEY_CODE_1);
1874 if (con) {
1875 unregister_displaychangelistener(&vs->vd->dcl);
1876 qkbd_state_switch_console(vs->vd->kbd, con);
1877 vs->vd->dcl.con = con;
1878 register_displaychangelistener(&vs->vd->dcl);
1879 }
1880 return;
1881 }
1882 default:
1883 break;
1884 }
1885
1886 /* Turn off the lock state sync logic if the client support the led
1887 state extension.
1888 */
1889 if (down && vs->vd->lock_key_sync &&
1890 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1891 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1892 /* If the numlock state needs to change then simulate an additional
1893 keypress before sending this one. This will happen if the user
1894 toggles numlock away from the VNC window.
1895 */
1896 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1897 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1898 trace_vnc_key_sync_numlock(true);
1899 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1900 }
1901 } else {
1902 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1903 trace_vnc_key_sync_numlock(false);
1904 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1905 }
1906 }
1907 }
1908
1909 if (down && vs->vd->lock_key_sync &&
1910 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1911 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1912 /* If the capslock state needs to change then simulate an additional
1913 keypress before sending this one. This will happen if the user
1914 toggles capslock away from the VNC window.
1915 */
1916 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1917 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1918 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1919 if (capslock) {
1920 if (uppercase == shift) {
1921 trace_vnc_key_sync_capslock(false);
1922 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1923 }
1924 } else {
1925 if (uppercase != shift) {
1926 trace_vnc_key_sync_capslock(true);
1927 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1928 }
1929 }
1930 }
1931
1932 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1933 if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) {
1934 QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con);
1935 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1936 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1937 /* QEMU console emulation */
1938 if (down) {
1939 switch (keycode) {
1940 case 0x2a: /* Left Shift */
1941 case 0x36: /* Right Shift */
1942 case 0x1d: /* Left CTRL */
1943 case 0x9d: /* Right CTRL */
1944 case 0x38: /* Left ALT */
1945 case 0xb8: /* Right ALT */
1946 break;
1947 case 0xc8:
1948 qemu_text_console_put_keysym(con, QEMU_KEY_UP);
1949 break;
1950 case 0xd0:
1951 qemu_text_console_put_keysym(con, QEMU_KEY_DOWN);
1952 break;
1953 case 0xcb:
1954 qemu_text_console_put_keysym(con, QEMU_KEY_LEFT);
1955 break;
1956 case 0xcd:
1957 qemu_text_console_put_keysym(con, QEMU_KEY_RIGHT);
1958 break;
1959 case 0xd3:
1960 qemu_text_console_put_keysym(con, QEMU_KEY_DELETE);
1961 break;
1962 case 0xc7:
1963 qemu_text_console_put_keysym(con, QEMU_KEY_HOME);
1964 break;
1965 case 0xcf:
1966 qemu_text_console_put_keysym(con, QEMU_KEY_END);
1967 break;
1968 case 0xc9:
1969 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEUP);
1970 break;
1971 case 0xd1:
1972 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEDOWN);
1973 break;
1974
1975 case 0x47:
1976 qemu_text_console_put_keysym(con, numlock ? '7' : QEMU_KEY_HOME);
1977 break;
1978 case 0x48:
1979 qemu_text_console_put_keysym(con, numlock ? '8' : QEMU_KEY_UP);
1980 break;
1981 case 0x49:
1982 qemu_text_console_put_keysym(con, numlock ? '9' : QEMU_KEY_PAGEUP);
1983 break;
1984 case 0x4b:
1985 qemu_text_console_put_keysym(con, numlock ? '4' : QEMU_KEY_LEFT);
1986 break;
1987 case 0x4c:
1988 qemu_text_console_put_keysym(con, '5');
1989 break;
1990 case 0x4d:
1991 qemu_text_console_put_keysym(con, numlock ? '6' : QEMU_KEY_RIGHT);
1992 break;
1993 case 0x4f:
1994 qemu_text_console_put_keysym(con, numlock ? '1' : QEMU_KEY_END);
1995 break;
1996 case 0x50:
1997 qemu_text_console_put_keysym(con, numlock ? '2' : QEMU_KEY_DOWN);
1998 break;
1999 case 0x51:
2000 qemu_text_console_put_keysym(con, numlock ? '3' : QEMU_KEY_PAGEDOWN);
2001 break;
2002 case 0x52:
2003 qemu_text_console_put_keysym(con, '0');
2004 break;
2005 case 0x53:
2006 qemu_text_console_put_keysym(con, numlock ? '.' : QEMU_KEY_DELETE);
2007 break;
2008
2009 case 0xb5:
2010 qemu_text_console_put_keysym(con, '/');
2011 break;
2012 case 0x37:
2013 qemu_text_console_put_keysym(con, '*');
2014 break;
2015 case 0x4a:
2016 qemu_text_console_put_keysym(con, '-');
2017 break;
2018 case 0x4e:
2019 qemu_text_console_put_keysym(con, '+');
2020 break;
2021 case 0x9c:
2022 qemu_text_console_put_keysym(con, '\n');
2023 break;
2024
2025 default:
2026 if (control) {
2027 qemu_text_console_put_keysym(con, sym & 0x1f);
2028 } else {
2029 qemu_text_console_put_keysym(con, sym);
2030 }
2031 break;
2032 }
2033 }
2034 }
2035 }
2036
code2name(int keycode)2037 static const char *code2name(int keycode)
2038 {
2039 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2040 }
2041
key_event(VncState * vs,int down,uint32_t sym)2042 static void key_event(VncState *vs, int down, uint32_t sym)
2043 {
2044 int keycode;
2045 int lsym = sym;
2046
2047 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(vs->vd->dcl.con)) {
2048 lsym = lsym - 'A' + 'a';
2049 }
2050
2051 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2052 vs->vd->kbd, down) & SCANCODE_KEYMASK;
2053 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2054 do_key_event(vs, down, keycode, sym);
2055 }
2056
ext_key_event(VncState * vs,int down,uint32_t sym,uint16_t keycode)2057 static void ext_key_event(VncState *vs, int down,
2058 uint32_t sym, uint16_t keycode)
2059 {
2060 /* if the user specifies a keyboard layout, always use it */
2061 if (keyboard_layout) {
2062 key_event(vs, down, sym);
2063 } else {
2064 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2065 do_key_event(vs, down, keycode, sym);
2066 }
2067 }
2068
framebuffer_update_request(VncState * vs,int incremental,int x,int y,int w,int h)2069 static void framebuffer_update_request(VncState *vs, int incremental,
2070 int x, int y, int w, int h)
2071 {
2072 if (incremental) {
2073 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2074 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2075 }
2076 } else {
2077 vs->update = VNC_STATE_UPDATE_FORCE;
2078 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2079 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
2080 vnc_desktop_resize_ext(vs, 0);
2081 }
2082 }
2083 }
2084
send_ext_key_event_ack(VncState * vs)2085 static void send_ext_key_event_ack(VncState *vs)
2086 {
2087 vnc_lock_output(vs);
2088 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2089 vnc_write_u8(vs, 0);
2090 vnc_write_u16(vs, 1);
2091 vnc_framebuffer_update(vs, 0, 0,
2092 pixman_image_get_width(vs->vd->server),
2093 pixman_image_get_height(vs->vd->server),
2094 VNC_ENCODING_EXT_KEY_EVENT);
2095 vnc_unlock_output(vs);
2096 vnc_flush(vs);
2097 }
2098
send_ext_audio_ack(VncState * vs)2099 static void send_ext_audio_ack(VncState *vs)
2100 {
2101 vnc_lock_output(vs);
2102 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2103 vnc_write_u8(vs, 0);
2104 vnc_write_u16(vs, 1);
2105 vnc_framebuffer_update(vs, 0, 0,
2106 pixman_image_get_width(vs->vd->server),
2107 pixman_image_get_height(vs->vd->server),
2108 VNC_ENCODING_AUDIO);
2109 vnc_unlock_output(vs);
2110 vnc_flush(vs);
2111 }
2112
send_xvp_message(VncState * vs,int code)2113 static void send_xvp_message(VncState *vs, int code)
2114 {
2115 vnc_lock_output(vs);
2116 vnc_write_u8(vs, VNC_MSG_SERVER_XVP);
2117 vnc_write_u8(vs, 0); /* pad */
2118 vnc_write_u8(vs, 1); /* version */
2119 vnc_write_u8(vs, code);
2120 vnc_unlock_output(vs);
2121 vnc_flush(vs);
2122 }
2123
set_encodings(VncState * vs,int32_t * encodings,size_t n_encodings)2124 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2125 {
2126 VncConnection *vc = container_of(vs, VncConnection, vs);
2127 int i;
2128 unsigned int enc = 0;
2129
2130 vs->features = 0;
2131 vs->vnc_encoding = 0;
2132 vc->worker.tight.compression = 9;
2133 vc->worker.tight.quality = -1; /* Lossless by default */
2134 vs->absolute = -1;
2135
2136 /*
2137 * Start from the end because the encodings are sent in order of preference.
2138 * This way the preferred encoding (first encoding defined in the array)
2139 * will be set at the end of the loop.
2140 */
2141 for (i = n_encodings - 1; i >= 0; i--) {
2142 enc = encodings[i];
2143 switch (enc) {
2144 case VNC_ENCODING_RAW:
2145 vs->vnc_encoding = enc;
2146 break;
2147 case VNC_ENCODING_HEXTILE:
2148 vnc_set_feature(vs, VNC_FEATURE_HEXTILE);
2149 vs->vnc_encoding = enc;
2150 break;
2151 case VNC_ENCODING_TIGHT:
2152 vnc_set_feature(vs, VNC_FEATURE_TIGHT);
2153 vs->vnc_encoding = enc;
2154 break;
2155 #ifdef CONFIG_PNG
2156 case VNC_ENCODING_TIGHT_PNG:
2157 vnc_set_feature(vs, VNC_FEATURE_TIGHT_PNG);
2158 vs->vnc_encoding = enc;
2159 break;
2160 #endif
2161 case VNC_ENCODING_ZLIB:
2162 /*
2163 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB.
2164 * So prioritize ZRLE, even if the client hints that it prefers
2165 * ZLIB.
2166 */
2167 if (!vnc_has_feature(vs, VNC_FEATURE_ZRLE)) {
2168 vnc_set_feature(vs, VNC_FEATURE_ZLIB);
2169 vs->vnc_encoding = enc;
2170 }
2171 break;
2172 case VNC_ENCODING_ZRLE:
2173 vnc_set_feature(vs, VNC_FEATURE_ZRLE);
2174 vs->vnc_encoding = enc;
2175 break;
2176 case VNC_ENCODING_ZYWRLE:
2177 vnc_set_feature(vs, VNC_FEATURE_ZYWRLE);
2178 vs->vnc_encoding = enc;
2179 break;
2180 case VNC_ENCODING_DESKTOPRESIZE:
2181 vnc_set_feature(vs, VNC_FEATURE_RESIZE);
2182 break;
2183 case VNC_ENCODING_DESKTOP_RESIZE_EXT:
2184 vnc_set_feature(vs, VNC_FEATURE_RESIZE_EXT);
2185 break;
2186 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2187 vnc_set_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE);
2188 break;
2189 case VNC_ENCODING_RICH_CURSOR:
2190 vnc_set_feature(vs, VNC_FEATURE_RICH_CURSOR);
2191 break;
2192 case VNC_ENCODING_ALPHA_CURSOR:
2193 vnc_set_feature(vs, VNC_FEATURE_ALPHA_CURSOR);
2194 break;
2195 case VNC_ENCODING_EXT_KEY_EVENT:
2196 send_ext_key_event_ack(vs);
2197 break;
2198 case VNC_ENCODING_AUDIO:
2199 if (vs->vd->audio_state) {
2200 vnc_set_feature(vs, VNC_FEATURE_AUDIO);
2201 send_ext_audio_ack(vs);
2202 }
2203 break;
2204 case VNC_ENCODING_WMVi:
2205 vnc_set_feature(vs, VNC_FEATURE_WMVI);
2206 break;
2207 case VNC_ENCODING_LED_STATE:
2208 vnc_set_feature(vs, VNC_FEATURE_LED_STATE);
2209 break;
2210 case VNC_ENCODING_XVP:
2211 if (vs->vd->power_control) {
2212 vnc_set_feature(vs, VNC_FEATURE_XVP);
2213 send_xvp_message(vs, VNC_XVP_CODE_INIT);
2214 }
2215 break;
2216 case VNC_ENCODING_CLIPBOARD_EXT:
2217 vnc_set_feature(vs, VNC_FEATURE_CLIPBOARD_EXT);
2218 vnc_server_cut_text_caps(vs);
2219 break;
2220 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2221 vc->worker.tight.compression = (enc & 0x0F);
2222 break;
2223 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2224 if (vs->vd->lossy) {
2225 vc->worker.tight.quality = (enc & 0x0F);
2226 }
2227 break;
2228 default:
2229 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2230 break;
2231 }
2232 }
2233 vnc_desktop_resize(vs);
2234 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2235 vnc_led_state_change(vs);
2236 vnc_cursor_define(vs);
2237 }
2238
set_pixel_conversion(VncState * vs)2239 static void set_pixel_conversion(VncState *vs)
2240 {
2241 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf,
2242 vs->client_endian);
2243
2244 if (fmt == VNC_SERVER_FB_FORMAT) {
2245 vs->write_pixels = vnc_write_pixels_copy;
2246 vnc_hextile_set_pixel_conversion(vs, 0);
2247 } else {
2248 vs->write_pixels = vnc_write_pixels_generic;
2249 vnc_hextile_set_pixel_conversion(vs, 1);
2250 }
2251 }
2252
send_color_map(VncState * vs)2253 static void send_color_map(VncState *vs)
2254 {
2255 int i;
2256
2257 vnc_lock_output(vs);
2258 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2259 vnc_write_u8(vs, 0); /* padding */
2260 vnc_write_u16(vs, 0); /* first color */
2261 vnc_write_u16(vs, 256); /* # of colors */
2262
2263 for (i = 0; i < 256; i++) {
2264 PixelFormat *pf = &vs->client_pf;
2265
2266 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2267 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2268 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2269 }
2270 vnc_unlock_output(vs);
2271 }
2272
set_pixel_format(VncState * vs,int bits_per_pixel,int big_endian_flag,int true_color_flag,int red_max,int green_max,int blue_max,int red_shift,int green_shift,int blue_shift)2273 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2274 int big_endian_flag, int true_color_flag,
2275 int red_max, int green_max, int blue_max,
2276 int red_shift, int green_shift, int blue_shift)
2277 {
2278 if (!true_color_flag) {
2279 /* Expose a reasonable default 256 color map */
2280 bits_per_pixel = 8;
2281 red_max = 7;
2282 green_max = 7;
2283 blue_max = 3;
2284 red_shift = 0;
2285 green_shift = 3;
2286 blue_shift = 6;
2287 }
2288
2289 switch (bits_per_pixel) {
2290 case 8:
2291 case 16:
2292 case 32:
2293 break;
2294 default:
2295 vnc_client_error(vs);
2296 return;
2297 }
2298
2299 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2300 vs->client_pf.rbits = ctpopl(red_max);
2301 vs->client_pf.rshift = red_shift;
2302 vs->client_pf.rmask = red_max << red_shift;
2303 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2304 vs->client_pf.gbits = ctpopl(green_max);
2305 vs->client_pf.gshift = green_shift;
2306 vs->client_pf.gmask = green_max << green_shift;
2307 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2308 vs->client_pf.bbits = ctpopl(blue_max);
2309 vs->client_pf.bshift = blue_shift;
2310 vs->client_pf.bmask = blue_max << blue_shift;
2311 vs->client_pf.bits_per_pixel = bits_per_pixel;
2312 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2313 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2314 vs->client_endian = big_endian_flag ? G_BIG_ENDIAN : G_LITTLE_ENDIAN;
2315 trace_vnc_client_pixel_format(vs, vs->ioc,
2316 vs->client_pf.bits_per_pixel,
2317 vs->client_pf.depth,
2318 vs->client_endian);
2319 trace_vnc_client_pixel_format_red(vs, vs->ioc,
2320 vs->client_pf.rmax,
2321 vs->client_pf.rbits,
2322 vs->client_pf.rshift,
2323 vs->client_pf.rmask);
2324 trace_vnc_client_pixel_format_green(vs, vs->ioc,
2325 vs->client_pf.gmax,
2326 vs->client_pf.gbits,
2327 vs->client_pf.gshift,
2328 vs->client_pf.gmask);
2329 trace_vnc_client_pixel_format_blue(vs, vs->ioc,
2330 vs->client_pf.bmax,
2331 vs->client_pf.bbits,
2332 vs->client_pf.bshift,
2333 vs->client_pf.bmask);
2334
2335 if (!true_color_flag) {
2336 send_color_map(vs);
2337 }
2338
2339 set_pixel_conversion(vs);
2340
2341 graphic_hw_invalidate(vs->vd->dcl.con);
2342 graphic_hw_update(vs->vd->dcl.con);
2343 }
2344
pixel_format_message(VncState * vs)2345 static void pixel_format_message (VncState *vs) {
2346 char pad[3] = { 0, 0, 0 };
2347
2348 vs->client_pf = qemu_default_pixelformat(32);
2349 vs->client_endian = G_BYTE_ORDER;
2350
2351 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2352 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2353
2354 #if HOST_BIG_ENDIAN
2355 vnc_write_u8(vs, 1); /* big-endian-flag */
2356 #else
2357 vnc_write_u8(vs, 0); /* big-endian-flag */
2358 #endif
2359 vnc_write_u8(vs, 1); /* true-color-flag */
2360 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2361 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2362 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2363 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2364 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2365 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2366 vnc_write(vs, pad, 3); /* padding */
2367
2368 vnc_hextile_set_pixel_conversion(vs, 0);
2369 vs->write_pixels = vnc_write_pixels_copy;
2370 }
2371
vnc_colordepth(VncState * vs)2372 static void vnc_colordepth(VncState *vs)
2373 {
2374 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2375 /* Sending a WMVi message to notify the client*/
2376 vnc_lock_output(vs);
2377 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2378 vnc_write_u8(vs, 0);
2379 vnc_write_u16(vs, 1); /* number of rects */
2380 vnc_framebuffer_update(vs, 0, 0,
2381 vs->client_width,
2382 vs->client_height,
2383 VNC_ENCODING_WMVi);
2384 pixel_format_message(vs);
2385 vnc_unlock_output(vs);
2386 vnc_flush(vs);
2387 } else {
2388 set_pixel_conversion(vs);
2389 }
2390 }
2391
protocol_client_msg(VncState * vs,uint8_t * data,size_t len)2392 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2393 {
2394 int i;
2395 uint16_t limit;
2396 uint32_t freq;
2397 VncDisplay *vd = vs->vd;
2398
2399 if (data[0] > 3) {
2400 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2401 }
2402
2403 switch (data[0]) {
2404 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2405 if (len == 1)
2406 return 20;
2407
2408 trace_vnc_msg_client_set_pixel_format(vs, vs->ioc,
2409 read_u8(data, 4),
2410 read_u8(data, 6),
2411 read_u8(data, 7));
2412 trace_vnc_msg_client_set_pixel_format_rgb(vs, vs->ioc,
2413 read_u16(data, 8),
2414 read_u16(data, 10),
2415 read_u16(data, 12),
2416 read_u8(data, 14),
2417 read_u8(data, 15),
2418 read_u8(data, 16));
2419 set_pixel_format(vs, read_u8(data, 4),
2420 read_u8(data, 6), read_u8(data, 7),
2421 read_u16(data, 8), read_u16(data, 10),
2422 read_u16(data, 12), read_u8(data, 14),
2423 read_u8(data, 15), read_u8(data, 16));
2424 break;
2425 case VNC_MSG_CLIENT_SET_ENCODINGS:
2426 if (len == 1)
2427 return 4;
2428
2429 if (len == 4) {
2430 limit = read_u16(data, 2);
2431 if (limit > 0)
2432 return 4 + (limit * 4);
2433 } else
2434 limit = read_u16(data, 2);
2435
2436 for (i = 0; i < limit; i++) {
2437 int32_t val = read_s32(data, 4 + (i * 4));
2438 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2439 }
2440
2441 trace_vnc_msg_client_set_encodings(vs, vs->ioc, limit);
2442 set_encodings(vs, (int32_t *)(data + 4), limit);
2443 break;
2444 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2445 if (len == 1)
2446 return 10;
2447
2448 trace_vnc_msg_client_framebuffer_update_request(vs, vs->ioc,
2449 read_u8(data, 1),
2450 read_u16(data, 2),
2451 read_u16(data, 4),
2452 read_u16(data, 6),
2453 read_u16(data, 8));
2454 framebuffer_update_request(vs,
2455 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2456 read_u16(data, 6), read_u16(data, 8));
2457 break;
2458 case VNC_MSG_CLIENT_KEY_EVENT:
2459 if (len == 1)
2460 return 8;
2461
2462 trace_vnc_msg_client_key_event(vs, vs->ioc,
2463 read_u8(data, 1),
2464 read_u32(data, 4));
2465 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2466 break;
2467 case VNC_MSG_CLIENT_POINTER_EVENT:
2468 if (len == 1)
2469 return 6;
2470
2471 trace_vnc_msg_client_pointer_event(vs, vs->ioc,
2472 read_u8(data, 1),
2473 read_u16(data, 2),
2474 read_u16(data, 4));
2475 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2476 break;
2477 case VNC_MSG_CLIENT_CUT_TEXT:
2478 if (len == 1) {
2479 return 8;
2480 }
2481 uint32_t dlen = abs(read_s32(data, 4));
2482 if (len == 8) {
2483 if (dlen > (1 << 20)) {
2484 error_report("vnc: client_cut_text msg payload has %u bytes"
2485 " which exceeds our limit of 1MB.", dlen);
2486 vnc_client_error(vs);
2487 break;
2488 }
2489 if (dlen > 0) {
2490 return 8 + dlen;
2491 }
2492 }
2493
2494 if (read_s32(data, 4) < 0) {
2495 if (!vnc_has_feature(vs, VNC_FEATURE_CLIPBOARD_EXT)) {
2496 error_report("vnc: extended clipboard message while disabled");
2497 vnc_client_error(vs);
2498 break;
2499 }
2500 if (dlen < 4) {
2501 error_report("vnc: malformed payload (header less than 4 bytes)"
2502 " in extended clipboard pseudo-encoding.");
2503 vnc_client_error(vs);
2504 break;
2505 }
2506 trace_vnc_msg_client_cut_text_ext(vs, vs->ioc,
2507 dlen, read_u32(data, 8));
2508 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
2509 break;
2510 }
2511 trace_vnc_msg_client_cut_text(vs, vs->ioc, read_u32(data, 4));
2512 vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
2513 break;
2514 case VNC_MSG_CLIENT_XVP:
2515 if (!vnc_has_feature(vs, VNC_FEATURE_XVP)) {
2516 error_report("vnc: xvp client message while disabled");
2517 vnc_client_error(vs);
2518 break;
2519 }
2520 if (len == 1) {
2521 return 4;
2522 }
2523 if (len == 4) {
2524 uint8_t version = read_u8(data, 2);
2525 uint8_t action = read_u8(data, 3);
2526 trace_vnc_msg_client_xvp(vs, vs->ioc, version, action);
2527
2528 if (version != 1) {
2529 error_report("vnc: xvp client message version %d != 1",
2530 version);
2531 vnc_client_error(vs);
2532 break;
2533 }
2534
2535 switch (action) {
2536 case VNC_XVP_ACTION_SHUTDOWN:
2537 qemu_system_powerdown_request();
2538 break;
2539 case VNC_XVP_ACTION_REBOOT:
2540 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2541 break;
2542 case VNC_XVP_ACTION_RESET:
2543 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET);
2544 break;
2545 default:
2546 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2547 break;
2548 }
2549 }
2550 break;
2551 case VNC_MSG_CLIENT_QEMU:
2552 if (len == 1)
2553 return 2;
2554
2555 switch (read_u8(data, 1)) {
2556 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2557 if (len == 2)
2558 return 12;
2559
2560 trace_vnc_msg_client_ext_key_event(vs, vs->ioc,
2561 read_u16(data, 2),
2562 read_u32(data, 4),
2563 read_u32(data, 8));
2564 ext_key_event(vs, read_u16(data, 2),
2565 read_u32(data, 4), read_u32(data, 8));
2566 break;
2567 case VNC_MSG_CLIENT_QEMU_AUDIO:
2568 if (!vnc_has_feature(vs, VNC_FEATURE_AUDIO)) {
2569 error_report("Audio message %d with audio disabled", read_u8(data, 2));
2570 vnc_client_error(vs);
2571 break;
2572 }
2573
2574 if (len == 2)
2575 return 4;
2576
2577 switch (read_u16 (data, 2)) {
2578 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2579 trace_vnc_msg_client_audio_enable(vs, vs->ioc);
2580 audio_add(vs);
2581 break;
2582 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2583 trace_vnc_msg_client_audio_disable(vs, vs->ioc);
2584 audio_del(vs);
2585 break;
2586 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2587 if (len == 4)
2588 return 10;
2589 switch (read_u8(data, 4)) {
2590 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2591 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2592 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2593 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2594 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2595 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2596 default:
2597 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2598 vnc_client_error(vs);
2599 break;
2600 }
2601 vs->as.nchannels = read_u8(data, 5);
2602 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2603 VNC_DEBUG("Invalid audio channel count %d\n",
2604 read_u8(data, 5));
2605 vnc_client_error(vs);
2606 break;
2607 }
2608 freq = read_u32(data, 6);
2609 /* No official limit for protocol, but 48khz is a sensible
2610 * upper bound for trustworthy clients, and this limit
2611 * protects calculations involving 'vs->as.freq' later.
2612 */
2613 if (freq > 48000) {
2614 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2615 vnc_client_error(vs);
2616 break;
2617 }
2618 vs->as.freq = freq;
2619 trace_vnc_msg_client_audio_format(
2620 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq);
2621 break;
2622 default:
2623 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 2));
2624 vnc_client_error(vs);
2625 break;
2626 }
2627 break;
2628
2629 default:
2630 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2631 vnc_client_error(vs);
2632 break;
2633 }
2634 break;
2635 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE:
2636 {
2637 size_t size;
2638 uint8_t screens;
2639 int w, h;
2640
2641 if (len < 8) {
2642 return 8;
2643 }
2644
2645 screens = read_u8(data, 6);
2646 size = 8 + screens * 16;
2647 if (len < size) {
2648 return size;
2649 }
2650 w = read_u16(data, 2);
2651 h = read_u16(data, 4);
2652
2653 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens);
2654 if (dpy_ui_info_supported(vs->vd->dcl.con)) {
2655 QemuUIInfo info;
2656 memset(&info, 0, sizeof(info));
2657 info.width = w;
2658 info.height = h;
2659 dpy_set_ui_info(vs->vd->dcl.con, &info, false);
2660 vnc_desktop_resize_ext(vs, 4 /* Request forwarded */);
2661 } else {
2662 vnc_desktop_resize_ext(vs, 3 /* Invalid screen layout */);
2663 }
2664
2665 break;
2666 }
2667 default:
2668 VNC_DEBUG("Msg: %d\n", data[0]);
2669 vnc_client_error(vs);
2670 break;
2671 }
2672
2673 vnc_update_throttle_offset(vs);
2674 vnc_read_when(vs, protocol_client_msg, 1);
2675 return 0;
2676 }
2677
protocol_client_init(VncState * vs,uint8_t * data,size_t len)2678 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2679 {
2680 char buf[1024];
2681 VncShareMode mode;
2682 int size;
2683
2684 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2685 switch (vs->vd->share_policy) {
2686 case VNC_SHARE_POLICY_IGNORE:
2687 /*
2688 * Ignore the shared flag. Nothing to do here.
2689 *
2690 * Doesn't conform to the rfb spec but is traditional qemu
2691 * behavior, thus left here as option for compatibility
2692 * reasons.
2693 */
2694 break;
2695 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2696 /*
2697 * Policy: Allow clients ask for exclusive access.
2698 *
2699 * Implementation: When a client asks for exclusive access,
2700 * disconnect all others. Shared connects are allowed as long
2701 * as no exclusive connection exists.
2702 *
2703 * This is how the rfb spec suggests to handle the shared flag.
2704 */
2705 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2706 VncState *client;
2707 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2708 if (vs == client) {
2709 continue;
2710 }
2711 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2712 client->share_mode != VNC_SHARE_MODE_SHARED) {
2713 continue;
2714 }
2715 vnc_disconnect_start(client);
2716 }
2717 }
2718 if (mode == VNC_SHARE_MODE_SHARED) {
2719 if (vs->vd->num_exclusive > 0) {
2720 vnc_disconnect_start(vs);
2721 return 0;
2722 }
2723 }
2724 break;
2725 case VNC_SHARE_POLICY_FORCE_SHARED:
2726 /*
2727 * Policy: Shared connects only.
2728 * Implementation: Disallow clients asking for exclusive access.
2729 *
2730 * Useful for shared desktop sessions where you don't want
2731 * someone forgetting to say -shared when running the vnc
2732 * client disconnect everybody else.
2733 */
2734 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2735 vnc_disconnect_start(vs);
2736 return 0;
2737 }
2738 break;
2739 }
2740 vnc_set_share_mode(vs, mode);
2741
2742 if (vs->vd->num_shared > vs->vd->connections_limit) {
2743 vnc_disconnect_start(vs);
2744 return 0;
2745 }
2746
2747 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2748 pixman_image_get_width(vs->vd->server) >= 0);
2749 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2750 pixman_image_get_height(vs->vd->server) >= 0);
2751 vs->client_width = pixman_image_get_width(vs->vd->server);
2752 vs->client_height = pixman_image_get_height(vs->vd->server);
2753 vnc_write_u16(vs, vs->client_width);
2754 vnc_write_u16(vs, vs->client_height);
2755
2756 pixel_format_message(vs);
2757
2758 if (qemu_name) {
2759 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2760 if (size > sizeof(buf)) {
2761 size = sizeof(buf);
2762 }
2763 } else {
2764 size = snprintf(buf, sizeof(buf), "QEMU");
2765 }
2766
2767 vnc_write_u32(vs, size);
2768 vnc_write(vs, buf, size);
2769 vnc_flush(vs);
2770
2771 vnc_client_cache_auth(vs);
2772 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2773
2774 vnc_read_when(vs, protocol_client_msg, 1);
2775
2776 return 0;
2777 }
2778
start_client_init(VncState * vs)2779 void start_client_init(VncState *vs)
2780 {
2781 vnc_read_when(vs, protocol_client_init, 1);
2782 }
2783
authentication_failed(VncState * vs)2784 static void authentication_failed(VncState *vs)
2785 {
2786 vnc_write_u32(vs, 1); /* Reject auth */
2787 if (vs->minor >= 8) {
2788 static const char err[] = "Authentication failed";
2789 vnc_write_u32(vs, sizeof(err));
2790 vnc_write(vs, err, sizeof(err));
2791 }
2792 vnc_flush(vs);
2793 vnc_client_error(vs);
2794 }
2795
2796 static void
vnc_munge_des_rfb_key(unsigned char * key,size_t nkey)2797 vnc_munge_des_rfb_key(unsigned char *key, size_t nkey)
2798 {
2799 size_t i;
2800 for (i = 0; i < nkey; i++) {
2801 uint8_t r = key[i];
2802 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4;
2803 r = (r & 0xcc) >> 2 | (r & 0x33) << 2;
2804 r = (r & 0xaa) >> 1 | (r & 0x55) << 1;
2805 key[i] = r;
2806 }
2807 }
2808
protocol_client_auth_vnc(VncState * vs,uint8_t * data,size_t len)2809 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2810 {
2811 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2812 size_t i, pwlen;
2813 unsigned char key[8];
2814 time_t now = time(NULL);
2815 QCryptoCipher *cipher = NULL;
2816 Error *err = NULL;
2817
2818 if (!vs->vd->password) {
2819 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2820 goto reject;
2821 }
2822 if (vs->vd->expires < now) {
2823 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2824 goto reject;
2825 }
2826
2827 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2828
2829 /* Calculate the expected challenge response */
2830 pwlen = strlen(vs->vd->password);
2831 for (i=0; i<sizeof(key); i++)
2832 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2833 vnc_munge_des_rfb_key(key, sizeof(key));
2834
2835 cipher = qcrypto_cipher_new(
2836 QCRYPTO_CIPHER_ALGO_DES,
2837 QCRYPTO_CIPHER_MODE_ECB,
2838 key, G_N_ELEMENTS(key),
2839 &err);
2840 if (!cipher) {
2841 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2842 error_get_pretty(err));
2843 error_free(err);
2844 goto reject;
2845 }
2846
2847 if (qcrypto_cipher_encrypt(cipher,
2848 vs->challenge,
2849 response,
2850 VNC_AUTH_CHALLENGE_SIZE,
2851 &err) < 0) {
2852 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2853 error_get_pretty(err));
2854 error_free(err);
2855 goto reject;
2856 }
2857
2858 /* Compare expected vs actual challenge response */
2859 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2860 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2861 goto reject;
2862 } else {
2863 trace_vnc_auth_pass(vs, vs->auth);
2864 vnc_write_u32(vs, 0); /* Accept auth */
2865 vnc_flush(vs);
2866
2867 start_client_init(vs);
2868 }
2869
2870 qcrypto_cipher_free(cipher);
2871 return 0;
2872
2873 reject:
2874 authentication_failed(vs);
2875 qcrypto_cipher_free(cipher);
2876 return 0;
2877 }
2878
start_auth_vnc(VncState * vs)2879 void start_auth_vnc(VncState *vs)
2880 {
2881 Error *err = NULL;
2882
2883 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2884 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2885 error_get_pretty(err));
2886 error_free(err);
2887 authentication_failed(vs);
2888 return;
2889 }
2890
2891 /* Send client a 'random' challenge */
2892 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2893 vnc_flush(vs);
2894
2895 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2896 }
2897
2898
protocol_client_auth(VncState * vs,uint8_t * data,size_t len)2899 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2900 {
2901 /* We only advertise 1 auth scheme at a time, so client
2902 * must pick the one we sent. Verify this */
2903 if (data[0] != vs->auth) { /* Reject auth */
2904 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2905 authentication_failed(vs);
2906 } else { /* Accept requested auth */
2907 trace_vnc_auth_start(vs, vs->auth);
2908 switch (vs->auth) {
2909 case VNC_AUTH_NONE:
2910 if (vs->minor >= 8) {
2911 vnc_write_u32(vs, 0); /* Accept auth completion */
2912 vnc_flush(vs);
2913 }
2914 trace_vnc_auth_pass(vs, vs->auth);
2915 start_client_init(vs);
2916 break;
2917
2918 case VNC_AUTH_VNC:
2919 start_auth_vnc(vs);
2920 break;
2921
2922 case VNC_AUTH_VENCRYPT:
2923 start_auth_vencrypt(vs);
2924 break;
2925
2926 #ifdef CONFIG_VNC_SASL
2927 case VNC_AUTH_SASL:
2928 start_auth_sasl(vs);
2929 break;
2930 #endif /* CONFIG_VNC_SASL */
2931
2932 default: /* Should not be possible, but just in case */
2933 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2934 authentication_failed(vs);
2935 }
2936 }
2937 return 0;
2938 }
2939
protocol_version(VncState * vs,uint8_t * version,size_t len)2940 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2941 {
2942 char local[13];
2943
2944 memcpy(local, version, 12);
2945 local[12] = 0;
2946
2947 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2948 VNC_DEBUG("Malformed protocol version %s\n", local);
2949 vnc_client_error(vs);
2950 return 0;
2951 }
2952 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2953 if (vs->major != 3 ||
2954 (vs->minor != 3 &&
2955 vs->minor != 4 &&
2956 vs->minor != 5 &&
2957 vs->minor != 7 &&
2958 vs->minor != 8)) {
2959 VNC_DEBUG("Unsupported client version\n");
2960 vnc_write_u32(vs, VNC_AUTH_INVALID);
2961 vnc_flush(vs);
2962 vnc_client_error(vs);
2963 return 0;
2964 }
2965 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2966 * as equivalent to v3.3 by servers
2967 */
2968 if (vs->minor == 4 || vs->minor == 5)
2969 vs->minor = 3;
2970
2971 if (vs->minor == 3) {
2972 trace_vnc_auth_start(vs, vs->auth);
2973 if (vs->auth == VNC_AUTH_NONE) {
2974 vnc_write_u32(vs, vs->auth);
2975 vnc_flush(vs);
2976 trace_vnc_auth_pass(vs, vs->auth);
2977 start_client_init(vs);
2978 } else if (vs->auth == VNC_AUTH_VNC) {
2979 VNC_DEBUG("Tell client VNC auth\n");
2980 vnc_write_u32(vs, vs->auth);
2981 vnc_flush(vs);
2982 start_auth_vnc(vs);
2983 } else {
2984 trace_vnc_auth_fail(vs, vs->auth,
2985 "Unsupported auth method for v3.3", "");
2986 vnc_write_u32(vs, VNC_AUTH_INVALID);
2987 vnc_flush(vs);
2988 vnc_client_error(vs);
2989 }
2990 } else {
2991 vnc_write_u8(vs, 1); /* num auth */
2992 vnc_write_u8(vs, vs->auth);
2993 vnc_read_when(vs, protocol_client_auth, 1);
2994 vnc_flush(vs);
2995 }
2996
2997 return 0;
2998 }
2999
vnc_stat_rect(VncDisplay * vd,int x,int y)3000 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
3001 {
3002 struct VncSurface *vs = &vd->guest;
3003
3004 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
3005 }
3006
vnc_sent_lossy_rect(VncWorker * worker,int x,int y,int w,int h)3007 void vnc_sent_lossy_rect(VncWorker *worker, int x, int y, int w, int h)
3008 {
3009 int i, j;
3010
3011 w = (x + w) / VNC_STAT_RECT;
3012 h = (y + h) / VNC_STAT_RECT;
3013 x /= VNC_STAT_RECT;
3014 y /= VNC_STAT_RECT;
3015
3016 for (j = y; j <= h; j++) {
3017 for (i = x; i <= w; i++) {
3018 worker->lossy_rect[j][i] = 1;
3019 }
3020 }
3021 }
3022
vnc_refresh_lossy_rect(VncDisplay * vd,int x,int y)3023 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
3024 {
3025 VncState *vs;
3026 int sty = y / VNC_STAT_RECT;
3027 int stx = x / VNC_STAT_RECT;
3028 int has_dirty = 0;
3029
3030 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3031 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3032
3033 QTAILQ_FOREACH(vs, &vd->clients, next) {
3034 VncConnection *vc = container_of(vs, VncConnection, vs);
3035 int j;
3036
3037 /* kernel send buffers are full -> refresh later */
3038 if (vs->output.offset) {
3039 continue;
3040 }
3041
3042 if (!vc->worker.lossy_rect[sty][stx]) {
3043 continue;
3044 }
3045
3046 vc->worker.lossy_rect[sty][stx] = 0;
3047 for (j = 0; j < VNC_STAT_RECT; ++j) {
3048 bitmap_set(vs->dirty[y + j],
3049 x / VNC_DIRTY_PIXELS_PER_BIT,
3050 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
3051 }
3052 has_dirty++;
3053 }
3054
3055 return has_dirty;
3056 }
3057
vnc_update_stats(VncDisplay * vd,struct timeval * tv)3058 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
3059 {
3060 int width = MIN(pixman_image_get_width(vd->guest.fb),
3061 pixman_image_get_width(vd->server));
3062 int height = MIN(pixman_image_get_height(vd->guest.fb),
3063 pixman_image_get_height(vd->server));
3064 int x, y;
3065 struct timeval res;
3066 int has_dirty = 0;
3067
3068 for (y = 0; y < height; y += VNC_STAT_RECT) {
3069 for (x = 0; x < width; x += VNC_STAT_RECT) {
3070 VncRectStat *rect = vnc_stat_rect(vd, x, y);
3071
3072 rect->updated = false;
3073 }
3074 }
3075
3076 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
3077
3078 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
3079 return has_dirty;
3080 }
3081 vd->guest.last_freq_check = *tv;
3082
3083 for (y = 0; y < height; y += VNC_STAT_RECT) {
3084 for (x = 0; x < width; x += VNC_STAT_RECT) {
3085 VncRectStat *rect= vnc_stat_rect(vd, x, y);
3086 int count = ARRAY_SIZE(rect->times);
3087 struct timeval min, max;
3088
3089 if (!timerisset(&rect->times[count - 1])) {
3090 continue ;
3091 }
3092
3093 max = rect->times[(rect->idx + count - 1) % count];
3094 qemu_timersub(tv, &max, &res);
3095
3096 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
3097 rect->freq = 0;
3098 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
3099 memset(rect->times, 0, sizeof (rect->times));
3100 continue ;
3101 }
3102
3103 min = rect->times[rect->idx];
3104 max = rect->times[(rect->idx + count - 1) % count];
3105 qemu_timersub(&max, &min, &res);
3106
3107 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
3108 rect->freq /= count;
3109 rect->freq = 1. / rect->freq;
3110 }
3111 }
3112 return has_dirty;
3113 }
3114
vnc_update_freq(VncState * vs,int x,int y,int w,int h)3115 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
3116 {
3117 int i, j;
3118 double total = 0;
3119 int num = 0;
3120
3121 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3122 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3123
3124 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
3125 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
3126 total += vnc_stat_rect(vs->vd, i, j)->freq;
3127 num++;
3128 }
3129 }
3130
3131 if (num) {
3132 return total / num;
3133 } else {
3134 return 0;
3135 }
3136 }
3137
vnc_rect_updated(VncDisplay * vd,int x,int y,struct timeval * tv)3138 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
3139 {
3140 VncRectStat *rect;
3141
3142 rect = vnc_stat_rect(vd, x, y);
3143 if (rect->updated) {
3144 return;
3145 }
3146 rect->times[rect->idx] = *tv;
3147 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
3148 rect->updated = true;
3149 }
3150
vnc_refresh_server_surface(VncDisplay * vd)3151 static int vnc_refresh_server_surface(VncDisplay *vd)
3152 {
3153 int width = MIN(pixman_image_get_width(vd->guest.fb),
3154 pixman_image_get_width(vd->server));
3155 int height = MIN(pixman_image_get_height(vd->guest.fb),
3156 pixman_image_get_height(vd->server));
3157 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
3158 uint8_t *guest_row0 = NULL, *server_row0;
3159 VncState *vs;
3160 int has_dirty = 0;
3161 pixman_image_t *tmpbuf = NULL;
3162 unsigned long offset;
3163 int x;
3164 uint8_t *guest_ptr, *server_ptr;
3165
3166 struct timeval tv = { 0, 0 };
3167
3168 if (!vd->non_adaptive) {
3169 gettimeofday(&tv, NULL);
3170 has_dirty = vnc_update_stats(vd, &tv);
3171 }
3172
3173 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3174 height * VNC_DIRTY_BPL(&vd->guest), 0);
3175 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3176 /* no dirty bits in guest surface */
3177 return has_dirty;
3178 }
3179
3180 /*
3181 * Walk through the guest dirty map.
3182 * Check and copy modified bits from guest to server surface.
3183 * Update server dirty map.
3184 */
3185 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
3186 server_stride = guest_stride = guest_ll =
3187 pixman_image_get_stride(vd->server);
3188 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
3189 server_stride);
3190 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3191 int w = pixman_image_get_width(vd->server);
3192 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, w);
3193 } else {
3194 int guest_bpp =
3195 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
3196 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
3197 guest_stride = pixman_image_get_stride(vd->guest.fb);
3198 guest_ll = pixman_image_get_width(vd->guest.fb)
3199 * DIV_ROUND_UP(guest_bpp, 8);
3200 }
3201 line_bytes = MIN(server_stride, guest_ll);
3202
3203 for (;;) {
3204 y = offset / VNC_DIRTY_BPL(&vd->guest);
3205 x = offset % VNC_DIRTY_BPL(&vd->guest);
3206
3207 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
3208
3209 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3210 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
3211 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
3212 } else {
3213 guest_ptr = guest_row0 + y * guest_stride;
3214 }
3215 guest_ptr += x * cmp_bytes;
3216
3217 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
3218 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
3219 int _cmp_bytes = cmp_bytes;
3220 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3221 continue;
3222 }
3223 if ((x + 1) * cmp_bytes > line_bytes) {
3224 _cmp_bytes = line_bytes - x * cmp_bytes;
3225 }
3226 assert(_cmp_bytes >= 0);
3227 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3228 continue;
3229 }
3230 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3231 if (!vd->non_adaptive) {
3232 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3233 y, &tv);
3234 }
3235 QTAILQ_FOREACH(vs, &vd->clients, next) {
3236 set_bit(x, vs->dirty[y]);
3237 }
3238 has_dirty++;
3239 }
3240
3241 y++;
3242 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3243 height * VNC_DIRTY_BPL(&vd->guest),
3244 y * VNC_DIRTY_BPL(&vd->guest));
3245 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3246 /* no more dirty bits */
3247 break;
3248 }
3249 }
3250 qemu_pixman_image_unref(tmpbuf);
3251 return has_dirty;
3252 }
3253
vnc_refresh(DisplayChangeListener * dcl)3254 static void vnc_refresh(DisplayChangeListener *dcl)
3255 {
3256 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3257 VncState *vs, *vn;
3258 int has_dirty, rects = 0;
3259
3260 if (QTAILQ_EMPTY(&vd->clients)) {
3261 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3262 return;
3263 }
3264
3265 graphic_hw_update(vd->dcl.con);
3266
3267 if (vnc_trylock_display(vd)) {
3268 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3269 return;
3270 }
3271
3272 has_dirty = vnc_refresh_server_surface(vd);
3273 vnc_unlock_display(vd);
3274
3275 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3276 rects += vnc_update_client(vs, has_dirty);
3277 /* vs might be free()ed here */
3278 }
3279
3280 if (has_dirty && rects) {
3281 vd->dcl.update_interval /= 2;
3282 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3283 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3284 }
3285 } else {
3286 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3287 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3288 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3289 }
3290 }
3291 }
3292
vnc_connect(VncDisplay * vd,QIOChannelSocket * sioc,bool skipauth,bool websocket)3293 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3294 bool skipauth, bool websocket)
3295 {
3296 VncConnection *vc = g_new0(VncConnection, 1);
3297 VncState *vs = &vc->vs;
3298 bool first_client = QTAILQ_EMPTY(&vd->clients);
3299
3300 trace_vnc_client_connect(vs, sioc);
3301 vs->magic = VNC_MAGIC;
3302 vs->sioc = sioc;
3303 object_ref(OBJECT(vs->sioc));
3304 vs->ioc = QIO_CHANNEL(sioc);
3305 object_ref(OBJECT(vs->ioc));
3306 vs->vd = vd;
3307
3308 buffer_init(&vs->input, "vnc-input/%p", sioc);
3309 buffer_init(&vs->output, "vnc-output/%p", sioc);
3310 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3311
3312 buffer_init(&vc->worker.tight.tight, "vnc-tight/%p", sioc);
3313 buffer_init(&vc->worker.tight.zlib, "vnc-tight-zlib/%p", sioc);
3314 buffer_init(&vc->worker.tight.gradient, "vnc-tight-gradient/%p", sioc);
3315 #ifdef CONFIG_VNC_JPEG
3316 buffer_init(&vc->worker.tight.jpeg, "vnc-tight-jpeg/%p", sioc);
3317 #endif
3318 #ifdef CONFIG_PNG
3319 buffer_init(&vc->worker.tight.png, "vnc-tight-png/%p", sioc);
3320 #endif
3321 buffer_init(&vc->worker.zlib.zlib, "vnc-zlib/%p", sioc);
3322 buffer_init(&vc->worker.zrle.zrle, "vnc-zrle/%p", sioc);
3323 buffer_init(&vc->worker.zrle.fb, "vnc-zrle-fb/%p", sioc);
3324 buffer_init(&vc->worker.zrle.zlib, "vnc-zrle-zlib/%p", sioc);
3325
3326 if (skipauth) {
3327 vs->auth = VNC_AUTH_NONE;
3328 vs->subauth = VNC_AUTH_INVALID;
3329 } else {
3330 if (websocket) {
3331 vs->auth = vd->ws_auth;
3332 vs->subauth = VNC_AUTH_INVALID;
3333 } else {
3334 vs->auth = vd->auth;
3335 vs->subauth = vd->subauth;
3336 }
3337 }
3338 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3339 sioc, websocket, vs->auth, vs->subauth);
3340
3341 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3342 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3343 qio_channel_set_blocking(vs->ioc, false, NULL);
3344 if (vs->ioc_tag) {
3345 g_source_remove(vs->ioc_tag);
3346 }
3347 if (websocket) {
3348 vs->websocket = 1;
3349 if (vd->tlscreds) {
3350 vs->ioc_tag = qio_channel_add_watch(
3351 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3352 vncws_tls_handshake_io, vs, NULL);
3353 } else {
3354 vs->ioc_tag = qio_channel_add_watch(
3355 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3356 vncws_handshake_io, vs, NULL);
3357 }
3358 } else {
3359 vs->ioc_tag = qio_channel_add_watch(
3360 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3361 vnc_client_io, vs, NULL);
3362 }
3363
3364 vnc_client_cache_addr(vs);
3365 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3366 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3367
3368 vs->last_x = -1;
3369 vs->last_y = -1;
3370
3371 vs->as.freq = 44100;
3372 vs->as.nchannels = 2;
3373 vs->as.fmt = AUDIO_FORMAT_S16;
3374 vs->as.endianness = 0;
3375
3376 qemu_mutex_init(&vs->output_mutex);
3377 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3378
3379 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3380 if (first_client) {
3381 vnc_update_server_surface(vd);
3382 }
3383
3384 graphic_hw_update(vd->dcl.con);
3385
3386 if (!vs->websocket) {
3387 vnc_start_protocol(vs);
3388 }
3389
3390 if (vd->num_connecting > vd->connections_limit) {
3391 QTAILQ_FOREACH(vs, &vd->clients, next) {
3392 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3393 vnc_disconnect_start(vs);
3394 return;
3395 }
3396 }
3397 }
3398 }
3399
vnc_start_protocol(VncState * vs)3400 void vnc_start_protocol(VncState *vs)
3401 {
3402 vnc_write(vs, "RFB 003.008\n", 12);
3403 vnc_flush(vs);
3404 vnc_read_when(vs, protocol_version, 12);
3405
3406 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3407 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3408 }
3409
vnc_listen_io(QIONetListener * listener,QIOChannelSocket * cioc,void * opaque)3410 static void vnc_listen_io(QIONetListener *listener,
3411 QIOChannelSocket *cioc,
3412 void *opaque)
3413 {
3414 VncDisplay *vd = opaque;
3415 bool isWebsock = listener == vd->wslistener;
3416
3417 qio_channel_set_name(QIO_CHANNEL(cioc),
3418 isWebsock ? "vnc-ws-server" : "vnc-server");
3419 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3420 vnc_connect(vd, cioc, false, isWebsock);
3421 }
3422
3423 static const DisplayChangeListenerOps dcl_ops = {
3424 .dpy_name = "vnc",
3425 .dpy_refresh = vnc_refresh,
3426 .dpy_gfx_update = vnc_dpy_update,
3427 .dpy_gfx_switch = vnc_dpy_switch,
3428 .dpy_gfx_check_format = qemu_pixman_check_format,
3429 .dpy_mouse_set = vnc_mouse_set,
3430 .dpy_cursor_define = vnc_dpy_cursor_define,
3431 };
3432
vmstate_change_handler(void * opaque,bool running,RunState state)3433 static void vmstate_change_handler(void *opaque, bool running, RunState state)
3434 {
3435 VncDisplay *vd = opaque;
3436
3437 if (state != RUN_STATE_RUNNING) {
3438 return;
3439 }
3440 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3441 }
3442
vnc_display_init(const char * id,Error ** errp)3443 void vnc_display_init(const char *id, Error **errp)
3444 {
3445 VncDisplay *vd;
3446
3447 if (vnc_display_find(id) != NULL) {
3448 return;
3449 }
3450 vd = g_malloc0(sizeof(*vd));
3451
3452 vd->id = strdup(id);
3453 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3454
3455 QTAILQ_INIT(&vd->clients);
3456 vd->expires = TIME_MAX;
3457
3458 if (keyboard_layout) {
3459 trace_vnc_key_map_init(keyboard_layout);
3460 vd->kbd_layout = init_keyboard_layout(name2keysym,
3461 keyboard_layout, errp);
3462 } else {
3463 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3464 }
3465
3466 if (!vd->kbd_layout) {
3467 return;
3468 }
3469
3470 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3471 vd->connections_limit = 32;
3472
3473 qemu_mutex_init(&vd->mutex);
3474 vnc_start_worker_thread();
3475
3476 vd->dcl.ops = &dcl_ops;
3477 register_displaychangelistener(&vd->dcl);
3478 vd->kbd = qkbd_state_init(vd->dcl.con);
3479 vd->vmstate_handler_entry = qemu_add_vm_change_state_handler(
3480 &vmstate_change_handler, vd);
3481 }
3482
3483
vnc_display_close(VncDisplay * vd)3484 static void vnc_display_close(VncDisplay *vd)
3485 {
3486 if (!vd) {
3487 return;
3488 }
3489
3490 if (vd->listener) {
3491 qio_net_listener_disconnect(vd->listener);
3492 object_unref(OBJECT(vd->listener));
3493 }
3494 vd->listener = NULL;
3495
3496 if (vd->wslistener) {
3497 qio_net_listener_disconnect(vd->wslistener);
3498 object_unref(OBJECT(vd->wslistener));
3499 }
3500 vd->wslistener = NULL;
3501
3502 vd->auth = VNC_AUTH_INVALID;
3503 vd->subauth = VNC_AUTH_INVALID;
3504 if (vd->tlscreds) {
3505 object_unref(OBJECT(vd->tlscreds));
3506 vd->tlscreds = NULL;
3507 }
3508 if (vd->tlsauthz) {
3509 object_unparent(OBJECT(vd->tlsauthz));
3510 vd->tlsauthz = NULL;
3511 }
3512 g_free(vd->tlsauthzid);
3513 vd->tlsauthzid = NULL;
3514 if (vd->lock_key_sync) {
3515 qemu_remove_led_event_handler(vd->led);
3516 vd->led = NULL;
3517 }
3518 #ifdef CONFIG_VNC_SASL
3519 if (vd->sasl.authz) {
3520 object_unparent(OBJECT(vd->sasl.authz));
3521 vd->sasl.authz = NULL;
3522 }
3523 g_free(vd->sasl.authzid);
3524 vd->sasl.authzid = NULL;
3525 #endif
3526 }
3527
vnc_display_password(const char * id,const char * password)3528 int vnc_display_password(const char *id, const char *password)
3529 {
3530 VncDisplay *vd = vnc_display_find(id);
3531
3532 if (!vd) {
3533 return -EINVAL;
3534 }
3535 if (vd->auth == VNC_AUTH_NONE) {
3536 error_printf_unless_qmp("If you want use passwords please enable "
3537 "password auth using '-vnc ${dpy},password'.\n");
3538 return -EINVAL;
3539 }
3540
3541 g_free(vd->password);
3542 vd->password = g_strdup(password);
3543
3544 return 0;
3545 }
3546
vnc_display_pw_expire(const char * id,time_t expires)3547 int vnc_display_pw_expire(const char *id, time_t expires)
3548 {
3549 VncDisplay *vd = vnc_display_find(id);
3550
3551 if (!vd) {
3552 return -EINVAL;
3553 }
3554
3555 vd->expires = expires;
3556 return 0;
3557 }
3558
vnc_display_print_local_addr(VncDisplay * vd)3559 static void vnc_display_print_local_addr(VncDisplay *vd)
3560 {
3561 SocketAddress *addr;
3562
3563 if (!vd->listener || !vd->listener->nsioc) {
3564 return;
3565 }
3566
3567 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3568 if (!addr) {
3569 return;
3570 }
3571
3572 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3573 qapi_free_SocketAddress(addr);
3574 return;
3575 }
3576 error_printf_unless_qmp("VNC server running on %s:%s\n",
3577 addr->u.inet.host,
3578 addr->u.inet.port);
3579 qapi_free_SocketAddress(addr);
3580 }
3581
3582 static QemuOptsList qemu_vnc_opts = {
3583 .name = "vnc",
3584 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3585 .implied_opt_name = "vnc",
3586 .desc = {
3587 {
3588 .name = "vnc",
3589 .type = QEMU_OPT_STRING,
3590 },{
3591 .name = "websocket",
3592 .type = QEMU_OPT_STRING,
3593 },{
3594 .name = "tls-creds",
3595 .type = QEMU_OPT_STRING,
3596 },{
3597 .name = "share",
3598 .type = QEMU_OPT_STRING,
3599 },{
3600 .name = "display",
3601 .type = QEMU_OPT_STRING,
3602 },{
3603 .name = "head",
3604 .type = QEMU_OPT_NUMBER,
3605 },{
3606 .name = "connections",
3607 .type = QEMU_OPT_NUMBER,
3608 },{
3609 .name = "to",
3610 .type = QEMU_OPT_NUMBER,
3611 },{
3612 .name = "ipv4",
3613 .type = QEMU_OPT_BOOL,
3614 },{
3615 .name = "ipv6",
3616 .type = QEMU_OPT_BOOL,
3617 },{
3618 .name = "password",
3619 .type = QEMU_OPT_BOOL,
3620 },{
3621 .name = "password-secret",
3622 .type = QEMU_OPT_STRING,
3623 },{
3624 .name = "reverse",
3625 .type = QEMU_OPT_BOOL,
3626 },{
3627 .name = "lock-key-sync",
3628 .type = QEMU_OPT_BOOL,
3629 },{
3630 .name = "key-delay-ms",
3631 .type = QEMU_OPT_NUMBER,
3632 },{
3633 .name = "sasl",
3634 .type = QEMU_OPT_BOOL,
3635 },{
3636 .name = "tls-authz",
3637 .type = QEMU_OPT_STRING,
3638 },{
3639 .name = "sasl-authz",
3640 .type = QEMU_OPT_STRING,
3641 },{
3642 .name = "lossy",
3643 .type = QEMU_OPT_BOOL,
3644 },{
3645 .name = "non-adaptive",
3646 .type = QEMU_OPT_BOOL,
3647 },{
3648 .name = "audiodev",
3649 .type = QEMU_OPT_STRING,
3650 },{
3651 .name = "power-control",
3652 .type = QEMU_OPT_BOOL,
3653 },
3654 { /* end of list */ }
3655 },
3656 };
3657
3658
3659 static int
vnc_display_setup_auth(int * auth,int * subauth,QCryptoTLSCreds * tlscreds,bool password,bool sasl,bool websocket,Error ** errp)3660 vnc_display_setup_auth(int *auth,
3661 int *subauth,
3662 QCryptoTLSCreds *tlscreds,
3663 bool password,
3664 bool sasl,
3665 bool websocket,
3666 Error **errp)
3667 {
3668 /*
3669 * We have a choice of 3 authentication options
3670 *
3671 * 1. none
3672 * 2. vnc
3673 * 3. sasl
3674 *
3675 * The channel can be run in 2 modes
3676 *
3677 * 1. clear
3678 * 2. tls
3679 *
3680 * And TLS can use 2 types of credentials
3681 *
3682 * 1. anon
3683 * 2. x509
3684 *
3685 * We thus have 9 possible logical combinations
3686 *
3687 * 1. clear + none
3688 * 2. clear + vnc
3689 * 3. clear + sasl
3690 * 4. tls + anon + none
3691 * 5. tls + anon + vnc
3692 * 6. tls + anon + sasl
3693 * 7. tls + x509 + none
3694 * 8. tls + x509 + vnc
3695 * 9. tls + x509 + sasl
3696 *
3697 * These need to be mapped into the VNC auth schemes
3698 * in an appropriate manner. In regular VNC, all the
3699 * TLS options get mapped into VNC_AUTH_VENCRYPT
3700 * sub-auth types.
3701 *
3702 * In websockets, the https:// protocol already provides
3703 * TLS support, so there is no need to make use of the
3704 * VeNCrypt extension. Furthermore, websockets browser
3705 * clients could not use VeNCrypt even if they wanted to,
3706 * as they cannot control when the TLS handshake takes
3707 * place. Thus there is no option but to rely on https://,
3708 * meaning combinations 4->6 and 7->9 will be mapped to
3709 * VNC auth schemes in the same way as combos 1->3.
3710 *
3711 * Regardless of fact that we have a different mapping to
3712 * VNC auth mechs for plain VNC vs websockets VNC, the end
3713 * result has the same security characteristics.
3714 */
3715 if (websocket || !tlscreds) {
3716 if (password) {
3717 VNC_DEBUG("Initializing VNC server with password auth\n");
3718 *auth = VNC_AUTH_VNC;
3719 } else if (sasl) {
3720 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3721 *auth = VNC_AUTH_SASL;
3722 } else {
3723 VNC_DEBUG("Initializing VNC server with no auth\n");
3724 *auth = VNC_AUTH_NONE;
3725 }
3726 *subauth = VNC_AUTH_INVALID;
3727 } else {
3728 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3729 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3730 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3731 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3732
3733 if (!is_x509 && !is_anon) {
3734 error_setg(errp,
3735 "Unsupported TLS cred type %s",
3736 object_get_typename(OBJECT(tlscreds)));
3737 return -1;
3738 }
3739 *auth = VNC_AUTH_VENCRYPT;
3740 if (password) {
3741 if (is_x509) {
3742 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3743 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3744 } else {
3745 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3746 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3747 }
3748
3749 } else if (sasl) {
3750 if (is_x509) {
3751 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3752 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3753 } else {
3754 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3755 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3756 }
3757 } else {
3758 if (is_x509) {
3759 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3760 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3761 } else {
3762 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3763 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3764 }
3765 }
3766 }
3767 return 0;
3768 }
3769
3770
vnc_display_get_address(const char * addrstr,bool websocket,bool reverse,int displaynum,int to,bool has_ipv4,bool has_ipv6,bool ipv4,bool ipv6,SocketAddress ** retaddr,Error ** errp)3771 static int vnc_display_get_address(const char *addrstr,
3772 bool websocket,
3773 bool reverse,
3774 int displaynum,
3775 int to,
3776 bool has_ipv4,
3777 bool has_ipv6,
3778 bool ipv4,
3779 bool ipv6,
3780 SocketAddress **retaddr,
3781 Error **errp)
3782 {
3783 int ret = -1;
3784 SocketAddress *addr = NULL;
3785
3786 addr = g_new0(SocketAddress, 1);
3787
3788 if (strncmp(addrstr, "unix:", 5) == 0) {
3789 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3790 addr->u.q_unix.path = g_strdup(addrstr + 5);
3791
3792 if (to) {
3793 error_setg(errp, "Port range not support with UNIX socket");
3794 goto cleanup;
3795 }
3796 ret = 0;
3797 } else {
3798 const char *port;
3799 size_t hostlen;
3800 uint64_t baseport = 0;
3801 InetSocketAddress *inet;
3802
3803 port = strrchr(addrstr, ':');
3804 if (!port) {
3805 if (websocket) {
3806 hostlen = 0;
3807 port = addrstr;
3808 } else {
3809 error_setg(errp, "no vnc port specified");
3810 goto cleanup;
3811 }
3812 } else {
3813 hostlen = port - addrstr;
3814 port++;
3815 if (*port == '\0') {
3816 error_setg(errp, "vnc port cannot be empty");
3817 goto cleanup;
3818 }
3819 }
3820
3821 addr->type = SOCKET_ADDRESS_TYPE_INET;
3822 inet = &addr->u.inet;
3823 if (hostlen && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3824 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3825 } else {
3826 inet->host = g_strndup(addrstr, hostlen);
3827 }
3828 /* plain VNC port is just an offset, for websocket
3829 * port is absolute */
3830 if (websocket) {
3831 if (g_str_equal(addrstr, "") ||
3832 g_str_equal(addrstr, "on")) {
3833 if (displaynum == -1) {
3834 error_setg(errp, "explicit websocket port is required");
3835 goto cleanup;
3836 }
3837 inet->port = g_strdup_printf(
3838 "%d", displaynum + 5700);
3839 if (to) {
3840 inet->has_to = true;
3841 inet->to = to + 5700;
3842 }
3843 } else {
3844 inet->port = g_strdup(port);
3845 }
3846 } else {
3847 int offset = reverse ? 0 : 5900;
3848 if (parse_uint_full(port, 10, &baseport) < 0) {
3849 error_setg(errp, "can't convert to a number: %s", port);
3850 goto cleanup;
3851 }
3852 if (baseport > 65535 ||
3853 baseport + offset > 65535) {
3854 error_setg(errp, "port %s out of range", port);
3855 goto cleanup;
3856 }
3857 inet->port = g_strdup_printf(
3858 "%d", (int)baseport + offset);
3859
3860 if (to) {
3861 inet->has_to = true;
3862 inet->to = to + offset;
3863 }
3864 }
3865
3866 inet->ipv4 = ipv4;
3867 inet->has_ipv4 = has_ipv4;
3868 inet->ipv6 = ipv6;
3869 inet->has_ipv6 = has_ipv6;
3870
3871 ret = baseport;
3872 }
3873
3874 *retaddr = addr;
3875
3876 cleanup:
3877 if (ret < 0) {
3878 qapi_free_SocketAddress(addr);
3879 }
3880 return ret;
3881 }
3882
vnc_display_get_addresses(QemuOpts * opts,bool reverse,SocketAddressList ** saddr_list_ret,SocketAddressList ** wsaddr_list_ret,Error ** errp)3883 static int vnc_display_get_addresses(QemuOpts *opts,
3884 bool reverse,
3885 SocketAddressList **saddr_list_ret,
3886 SocketAddressList **wsaddr_list_ret,
3887 Error **errp)
3888 {
3889 SocketAddress *saddr = NULL;
3890 SocketAddress *wsaddr = NULL;
3891 g_autoptr(SocketAddressList) saddr_list = NULL;
3892 SocketAddressList **saddr_tail = &saddr_list;
3893 SocketAddress *single_saddr = NULL;
3894 g_autoptr(SocketAddressList) wsaddr_list = NULL;
3895 SocketAddressList **wsaddr_tail = &wsaddr_list;
3896 QemuOptsIter addriter;
3897 const char *addr;
3898 int to = qemu_opt_get_number(opts, "to", 0);
3899 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3900 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3901 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3902 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3903 int displaynum = -1;
3904
3905 addr = qemu_opt_get(opts, "vnc");
3906 if (addr == NULL || g_str_equal(addr, "none")) {
3907 return 0;
3908 }
3909 if (qemu_opt_get(opts, "websocket") &&
3910 !qcrypto_hash_supports(QCRYPTO_HASH_ALGO_SHA1)) {
3911 error_setg(errp,
3912 "SHA1 hash support is required for websockets");
3913 return -1;
3914 }
3915
3916 qemu_opt_iter_init(&addriter, opts, "vnc");
3917 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3918 int rv;
3919 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3920 has_ipv4, has_ipv6,
3921 ipv4, ipv6,
3922 &saddr, errp);
3923 if (rv < 0) {
3924 return -1;
3925 }
3926 /* Historical compat - first listen address can be used
3927 * to set the default websocket port
3928 */
3929 if (displaynum == -1) {
3930 displaynum = rv;
3931 }
3932 QAPI_LIST_APPEND(saddr_tail, saddr);
3933 }
3934
3935 if (saddr_list && !saddr_list->next) {
3936 single_saddr = saddr_list->value;
3937 } else {
3938 /*
3939 * If we had multiple primary displays, we don't do defaults
3940 * for websocket, and require explicit config instead.
3941 */
3942 displaynum = -1;
3943 }
3944
3945 qemu_opt_iter_init(&addriter, opts, "websocket");
3946 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3947 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3948 has_ipv4, has_ipv6,
3949 ipv4, ipv6,
3950 &wsaddr, errp) < 0) {
3951 return -1;
3952 }
3953
3954 /* Historical compat - if only a single listen address was
3955 * provided, then this is used to set the default listen
3956 * address for websocket too
3957 */
3958 if (single_saddr &&
3959 single_saddr->type == SOCKET_ADDRESS_TYPE_INET &&
3960 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3961 g_str_equal(wsaddr->u.inet.host, "") &&
3962 !g_str_equal(single_saddr->u.inet.host, "")) {
3963 g_free(wsaddr->u.inet.host);
3964 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host);
3965 }
3966
3967 QAPI_LIST_APPEND(wsaddr_tail, wsaddr);
3968 }
3969
3970 *saddr_list_ret = g_steal_pointer(&saddr_list);
3971 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list);
3972 return 0;
3973 }
3974
vnc_display_connect(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)3975 static int vnc_display_connect(VncDisplay *vd,
3976 SocketAddressList *saddr_list,
3977 SocketAddressList *wsaddr_list,
3978 Error **errp)
3979 {
3980 /* connect to viewer */
3981 QIOChannelSocket *sioc = NULL;
3982 if (wsaddr_list) {
3983 error_setg(errp, "Cannot use websockets in reverse mode");
3984 return -1;
3985 }
3986 if (!saddr_list || saddr_list->next) {
3987 error_setg(errp, "Expected a single address in reverse mode");
3988 return -1;
3989 }
3990 sioc = qio_channel_socket_new();
3991 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3992 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) {
3993 object_unref(OBJECT(sioc));
3994 return -1;
3995 }
3996 vnc_connect(vd, sioc, false, false);
3997 object_unref(OBJECT(sioc));
3998 return 0;
3999 }
4000
4001
vnc_display_listen(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)4002 static int vnc_display_listen(VncDisplay *vd,
4003 SocketAddressList *saddr_list,
4004 SocketAddressList *wsaddr_list,
4005 Error **errp)
4006 {
4007 SocketAddressList *el;
4008
4009 if (saddr_list) {
4010 vd->listener = qio_net_listener_new();
4011 qio_net_listener_set_name(vd->listener, "vnc-listen");
4012 for (el = saddr_list; el; el = el->next) {
4013 if (qio_net_listener_open_sync(vd->listener,
4014 el->value, 1,
4015 errp) < 0) {
4016 return -1;
4017 }
4018 }
4019
4020 qio_net_listener_set_client_func(vd->listener,
4021 vnc_listen_io, vd, NULL);
4022 }
4023
4024 if (wsaddr_list) {
4025 vd->wslistener = qio_net_listener_new();
4026 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
4027 for (el = wsaddr_list; el; el = el->next) {
4028 if (qio_net_listener_open_sync(vd->wslistener,
4029 el->value, 1,
4030 errp) < 0) {
4031 return -1;
4032 }
4033 }
4034
4035 qio_net_listener_set_client_func(vd->wslistener,
4036 vnc_listen_io, vd, NULL);
4037 }
4038
4039 return 0;
4040 }
4041
vnc_display_update(DisplayUpdateOptionsVNC * arg,Error ** errp)4042 bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp)
4043 {
4044 VncDisplay *vd = vnc_display_find(NULL);
4045
4046 if (!vd) {
4047 error_setg(errp, "Can not find vnc display");
4048 return false;
4049 }
4050
4051 if (arg->has_addresses) {
4052 if (vd->listener) {
4053 qio_net_listener_disconnect(vd->listener);
4054 object_unref(OBJECT(vd->listener));
4055 vd->listener = NULL;
4056 }
4057
4058 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) {
4059 return false;
4060 }
4061 }
4062
4063 return true;
4064 }
4065
vnc_display_open(const char * id,Error ** errp)4066 void vnc_display_open(const char *id, Error **errp)
4067 {
4068 VncDisplay *vd = vnc_display_find(id);
4069 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
4070 g_autoptr(SocketAddressList) saddr_list = NULL;
4071 g_autoptr(SocketAddressList) wsaddr_list = NULL;
4072 const char *share, *device_id;
4073 QemuConsole *con;
4074 bool password = false;
4075 bool reverse = false;
4076 const char *credid;
4077 bool sasl = false;
4078 const char *tlsauthz;
4079 const char *saslauthz;
4080 int lock_key_sync = 1;
4081 int key_delay_ms;
4082 const char *audiodev;
4083 const char *passwordSecret;
4084
4085 if (!vd) {
4086 error_setg(errp, "VNC display not active");
4087 return;
4088 }
4089 vnc_display_close(vd);
4090
4091 if (!opts) {
4092 return;
4093 }
4094
4095 reverse = qemu_opt_get_bool(opts, "reverse", false);
4096 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list,
4097 errp) < 0) {
4098 goto fail;
4099 }
4100
4101
4102 passwordSecret = qemu_opt_get(opts, "password-secret");
4103 if (passwordSecret) {
4104 if (qemu_opt_get(opts, "password")) {
4105 error_setg(errp,
4106 "'password' flag is redundant with 'password-secret'");
4107 goto fail;
4108 }
4109 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret,
4110 errp);
4111 if (!vd->password) {
4112 goto fail;
4113 }
4114 password = true;
4115 } else {
4116 password = qemu_opt_get_bool(opts, "password", false);
4117 }
4118 if (password) {
4119 if (!qcrypto_cipher_supports(
4120 QCRYPTO_CIPHER_ALGO_DES, QCRYPTO_CIPHER_MODE_ECB)) {
4121 error_setg(errp,
4122 "Cipher backend does not support DES algorithm");
4123 goto fail;
4124 }
4125 }
4126
4127 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
4128 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
4129 sasl = qemu_opt_get_bool(opts, "sasl", false);
4130 #ifndef CONFIG_VNC_SASL
4131 if (sasl) {
4132 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4133 goto fail;
4134 }
4135 #endif /* CONFIG_VNC_SASL */
4136 credid = qemu_opt_get(opts, "tls-creds");
4137 if (credid) {
4138 Object *creds;
4139 creds = object_resolve_path_component(
4140 object_get_objects_root(), credid);
4141 if (!creds) {
4142 error_setg(errp, "No TLS credentials with id '%s'",
4143 credid);
4144 goto fail;
4145 }
4146 vd->tlscreds = (QCryptoTLSCreds *)
4147 object_dynamic_cast(creds,
4148 TYPE_QCRYPTO_TLS_CREDS);
4149 if (!vd->tlscreds) {
4150 error_setg(errp, "Object with id '%s' is not TLS credentials",
4151 credid);
4152 goto fail;
4153 }
4154 object_ref(OBJECT(vd->tlscreds));
4155
4156 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds,
4157 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
4158 errp)) {
4159 goto fail;
4160 }
4161 }
4162 tlsauthz = qemu_opt_get(opts, "tls-authz");
4163 if (tlsauthz && !vd->tlscreds) {
4164 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
4165 goto fail;
4166 }
4167
4168 saslauthz = qemu_opt_get(opts, "sasl-authz");
4169 if (saslauthz && !sasl) {
4170 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4171 goto fail;
4172 }
4173
4174 share = qemu_opt_get(opts, "share");
4175 if (share) {
4176 if (strcmp(share, "ignore") == 0) {
4177 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
4178 } else if (strcmp(share, "allow-exclusive") == 0) {
4179 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4180 } else if (strcmp(share, "force-shared") == 0) {
4181 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4182 } else {
4183 error_setg(errp, "unknown vnc share= option");
4184 goto fail;
4185 }
4186 } else {
4187 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4188 }
4189 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4190
4191 #ifdef CONFIG_VNC_JPEG
4192 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4193 #endif
4194 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4195 /* adaptive updates are only used with tight encoding and
4196 * if lossy updates are enabled so we can disable all the
4197 * calculations otherwise */
4198 if (!vd->lossy) {
4199 vd->non_adaptive = true;
4200 }
4201
4202 vd->power_control = qemu_opt_get_bool(opts, "power-control", false);
4203
4204 if (tlsauthz) {
4205 vd->tlsauthzid = g_strdup(tlsauthz);
4206 }
4207 #ifdef CONFIG_VNC_SASL
4208 if (sasl) {
4209 if (saslauthz) {
4210 vd->sasl.authzid = g_strdup(saslauthz);
4211 }
4212 }
4213 #endif
4214
4215 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4216 vd->tlscreds, password,
4217 sasl, false, errp) < 0) {
4218 goto fail;
4219 }
4220 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4221
4222 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4223 vd->tlscreds, password,
4224 sasl, true, errp) < 0) {
4225 goto fail;
4226 }
4227 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4228
4229 #ifdef CONFIG_VNC_SASL
4230 if (sasl && !vnc_sasl_server_init(errp)) {
4231 goto fail;
4232 }
4233 #endif
4234 vd->lock_key_sync = lock_key_sync;
4235 if (lock_key_sync) {
4236 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4237 }
4238 vd->ledstate = 0;
4239
4240 audiodev = qemu_opt_get(opts, "audiodev");
4241 if (audiodev) {
4242 vd->audio_state = audio_state_by_name(audiodev, errp);
4243 if (!vd->audio_state) {
4244 goto fail;
4245 }
4246 } else {
4247 vd->audio_state = audio_get_default_audio_state(NULL);
4248 }
4249
4250 device_id = qemu_opt_get(opts, "display");
4251 if (device_id) {
4252 int head = qemu_opt_get_number(opts, "head", 0);
4253 Error *err = NULL;
4254
4255 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4256 if (err) {
4257 error_propagate(errp, err);
4258 goto fail;
4259 }
4260 } else {
4261 con = qemu_console_lookup_default();
4262 }
4263
4264 if (con != vd->dcl.con) {
4265 qkbd_state_free(vd->kbd);
4266 unregister_displaychangelistener(&vd->dcl);
4267 vd->dcl.con = con;
4268 register_displaychangelistener(&vd->dcl);
4269 vd->kbd = qkbd_state_init(vd->dcl.con);
4270 }
4271 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4272
4273 if (saddr_list == NULL) {
4274 return;
4275 }
4276
4277 if (reverse) {
4278 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) {
4279 goto fail;
4280 }
4281 } else {
4282 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) {
4283 goto fail;
4284 }
4285 }
4286
4287 if (qemu_opt_get(opts, "to")) {
4288 vnc_display_print_local_addr(vd);
4289 }
4290
4291 /* Success */
4292 return;
4293
4294 fail:
4295 vnc_display_close(vd);
4296 }
4297
vnc_display_add_client(const char * id,int csock,bool skipauth)4298 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4299 {
4300 VncDisplay *vd = vnc_display_find(id);
4301 QIOChannelSocket *sioc;
4302
4303 if (!vd) {
4304 return;
4305 }
4306
4307 sioc = qio_channel_socket_new_fd(csock, NULL);
4308 if (sioc) {
4309 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4310 vnc_connect(vd, sioc, skipauth, false);
4311 object_unref(OBJECT(sioc));
4312 }
4313 }
4314
vnc_auto_assign_id(QemuOpts * opts)4315 static char *vnc_auto_assign_id(QemuOpts *opts)
4316 {
4317 QemuOptsList *olist = qemu_find_opts("vnc");
4318 int i = 2;
4319 char *id;
4320
4321 id = g_strdup("default");
4322 while (qemu_opts_find(olist, id)) {
4323 g_free(id);
4324 id = g_strdup_printf("vnc%d", i++);
4325 }
4326 qemu_opts_set_id(opts, id);
4327
4328 return id;
4329 }
4330
vnc_parse(const char * str)4331 void vnc_parse(const char *str)
4332 {
4333 QemuOptsList *olist = qemu_find_opts("vnc");
4334 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str));
4335
4336 if (!opts) {
4337 exit(1);
4338 }
4339 }
4340
vnc_init_func(void * opaque,QemuOpts * opts,Error ** errp)4341 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4342 {
4343 Error *local_err = NULL;
4344 char *id = (char *)qemu_opts_id(opts);
4345
4346 if (!id) {
4347 /* auto-assign id if not present */
4348 id = vnc_auto_assign_id(opts);
4349 }
4350
4351 vnc_display_init(id, &local_err);
4352 if (local_err) {
4353 error_propagate(errp, local_err);
4354 return -1;
4355 }
4356 vnc_display_open(id, &local_err);
4357 if (local_err != NULL) {
4358 error_propagate(errp, local_err);
4359 return -1;
4360 }
4361 return 0;
4362 }
4363
vnc_register_config(void)4364 static void vnc_register_config(void)
4365 {
4366 qemu_add_opts(&qemu_vnc_opts);
4367 }
4368 opts_init(vnc_register_config);
4369