xref: /openbmc/qemu/ui/vnc.c (revision dd8d6a2d)
1 /*
2  * QEMU VNC display driver
3  *
4  * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5  * Copyright (C) 2006 Fabrice Bellard
6  * Copyright (C) 2009 Red Hat, Inc
7  *
8  * Permission is hereby granted, free of charge, to any person obtaining a copy
9  * of this software and associated documentation files (the "Software"), to deal
10  * in the Software without restriction, including without limitation the rights
11  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12  * copies of the Software, and to permit persons to whom the Software is
13  * furnished to do so, subject to the following conditions:
14  *
15  * The above copyright notice and this permission notice shall be included in
16  * all copies or substantial portions of the Software.
17  *
18  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24  * THE SOFTWARE.
25  */
26 
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "sysemu/sysemu.h"
32 #include "qemu/error-report.h"
33 #include "qemu/option.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
36 #include "authz/list.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qapi-emit-events.h"
39 #include "qapi/qapi-events-ui.h"
40 #include "qapi/error.h"
41 #include "qapi/qapi-commands-ui.h"
42 #include "ui/input.h"
43 #include "crypto/hash.h"
44 #include "crypto/tlscredsanon.h"
45 #include "crypto/tlscredsx509.h"
46 #include "qom/object_interfaces.h"
47 #include "qemu/cutils.h"
48 #include "io/dns-resolver.h"
49 
50 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
51 #define VNC_REFRESH_INTERVAL_INC  50
52 #define VNC_REFRESH_INTERVAL_MAX  GUI_REFRESH_INTERVAL_IDLE
53 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
54 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
55 
56 #include "vnc_keysym.h"
57 #include "crypto/cipher.h"
58 
59 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
60     QTAILQ_HEAD_INITIALIZER(vnc_displays);
61 
62 static int vnc_cursor_define(VncState *vs);
63 static void vnc_update_throttle_offset(VncState *vs);
64 
65 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
66 {
67 #ifdef _VNC_DEBUG
68     static const char *mn[] = {
69         [0]                           = "undefined",
70         [VNC_SHARE_MODE_CONNECTING]   = "connecting",
71         [VNC_SHARE_MODE_SHARED]       = "shared",
72         [VNC_SHARE_MODE_EXCLUSIVE]    = "exclusive",
73         [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
74     };
75     fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
76             vs->ioc, mn[vs->share_mode], mn[mode]);
77 #endif
78 
79     switch (vs->share_mode) {
80     case VNC_SHARE_MODE_CONNECTING:
81         vs->vd->num_connecting--;
82         break;
83     case VNC_SHARE_MODE_SHARED:
84         vs->vd->num_shared--;
85         break;
86     case VNC_SHARE_MODE_EXCLUSIVE:
87         vs->vd->num_exclusive--;
88         break;
89     default:
90         break;
91     }
92 
93     vs->share_mode = mode;
94 
95     switch (vs->share_mode) {
96     case VNC_SHARE_MODE_CONNECTING:
97         vs->vd->num_connecting++;
98         break;
99     case VNC_SHARE_MODE_SHARED:
100         vs->vd->num_shared++;
101         break;
102     case VNC_SHARE_MODE_EXCLUSIVE:
103         vs->vd->num_exclusive++;
104         break;
105     default:
106         break;
107     }
108 }
109 
110 
111 static void vnc_init_basic_info(SocketAddress *addr,
112                                 VncBasicInfo *info,
113                                 Error **errp)
114 {
115     switch (addr->type) {
116     case SOCKET_ADDRESS_TYPE_INET:
117         info->host = g_strdup(addr->u.inet.host);
118         info->service = g_strdup(addr->u.inet.port);
119         if (addr->u.inet.ipv6) {
120             info->family = NETWORK_ADDRESS_FAMILY_IPV6;
121         } else {
122             info->family = NETWORK_ADDRESS_FAMILY_IPV4;
123         }
124         break;
125 
126     case SOCKET_ADDRESS_TYPE_UNIX:
127         info->host = g_strdup("");
128         info->service = g_strdup(addr->u.q_unix.path);
129         info->family = NETWORK_ADDRESS_FAMILY_UNIX;
130         break;
131 
132     case SOCKET_ADDRESS_TYPE_VSOCK:
133     case SOCKET_ADDRESS_TYPE_FD:
134         error_setg(errp, "Unsupported socket address type %s",
135                    SocketAddressType_str(addr->type));
136         break;
137     default:
138         abort();
139     }
140 
141     return;
142 }
143 
144 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
145                                                  VncBasicInfo *info,
146                                                  Error **errp)
147 {
148     SocketAddress *addr = NULL;
149 
150     if (!ioc) {
151         error_setg(errp, "No listener socket available");
152         return;
153     }
154 
155     addr = qio_channel_socket_get_local_address(ioc, errp);
156     if (!addr) {
157         return;
158     }
159 
160     vnc_init_basic_info(addr, info, errp);
161     qapi_free_SocketAddress(addr);
162 }
163 
164 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
165                                                  VncBasicInfo *info,
166                                                  Error **errp)
167 {
168     SocketAddress *addr = NULL;
169 
170     addr = qio_channel_socket_get_remote_address(ioc, errp);
171     if (!addr) {
172         return;
173     }
174 
175     vnc_init_basic_info(addr, info, errp);
176     qapi_free_SocketAddress(addr);
177 }
178 
179 static const char *vnc_auth_name(VncDisplay *vd) {
180     switch (vd->auth) {
181     case VNC_AUTH_INVALID:
182         return "invalid";
183     case VNC_AUTH_NONE:
184         return "none";
185     case VNC_AUTH_VNC:
186         return "vnc";
187     case VNC_AUTH_RA2:
188         return "ra2";
189     case VNC_AUTH_RA2NE:
190         return "ra2ne";
191     case VNC_AUTH_TIGHT:
192         return "tight";
193     case VNC_AUTH_ULTRA:
194         return "ultra";
195     case VNC_AUTH_TLS:
196         return "tls";
197     case VNC_AUTH_VENCRYPT:
198         switch (vd->subauth) {
199         case VNC_AUTH_VENCRYPT_PLAIN:
200             return "vencrypt+plain";
201         case VNC_AUTH_VENCRYPT_TLSNONE:
202             return "vencrypt+tls+none";
203         case VNC_AUTH_VENCRYPT_TLSVNC:
204             return "vencrypt+tls+vnc";
205         case VNC_AUTH_VENCRYPT_TLSPLAIN:
206             return "vencrypt+tls+plain";
207         case VNC_AUTH_VENCRYPT_X509NONE:
208             return "vencrypt+x509+none";
209         case VNC_AUTH_VENCRYPT_X509VNC:
210             return "vencrypt+x509+vnc";
211         case VNC_AUTH_VENCRYPT_X509PLAIN:
212             return "vencrypt+x509+plain";
213         case VNC_AUTH_VENCRYPT_TLSSASL:
214             return "vencrypt+tls+sasl";
215         case VNC_AUTH_VENCRYPT_X509SASL:
216             return "vencrypt+x509+sasl";
217         default:
218             return "vencrypt";
219         }
220     case VNC_AUTH_SASL:
221         return "sasl";
222     }
223     return "unknown";
224 }
225 
226 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
227 {
228     VncServerInfo *info;
229     Error *err = NULL;
230 
231     if (!vd->listener || !vd->listener->nsioc) {
232         return NULL;
233     }
234 
235     info = g_malloc0(sizeof(*info));
236     vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
237                                          qapi_VncServerInfo_base(info), &err);
238     info->has_auth = true;
239     info->auth = g_strdup(vnc_auth_name(vd));
240     if (err) {
241         qapi_free_VncServerInfo(info);
242         info = NULL;
243         error_free(err);
244     }
245     return info;
246 }
247 
248 static void vnc_client_cache_auth(VncState *client)
249 {
250     if (!client->info) {
251         return;
252     }
253 
254     if (client->tls) {
255         client->info->x509_dname =
256             qcrypto_tls_session_get_peer_name(client->tls);
257         client->info->has_x509_dname =
258             client->info->x509_dname != NULL;
259     }
260 #ifdef CONFIG_VNC_SASL
261     if (client->sasl.conn &&
262         client->sasl.username) {
263         client->info->has_sasl_username = true;
264         client->info->sasl_username = g_strdup(client->sasl.username);
265     }
266 #endif
267 }
268 
269 static void vnc_client_cache_addr(VncState *client)
270 {
271     Error *err = NULL;
272 
273     client->info = g_malloc0(sizeof(*client->info));
274     vnc_init_basic_info_from_remote_addr(client->sioc,
275                                          qapi_VncClientInfo_base(client->info),
276                                          &err);
277     if (err) {
278         qapi_free_VncClientInfo(client->info);
279         client->info = NULL;
280         error_free(err);
281     }
282 }
283 
284 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
285 {
286     VncServerInfo *si;
287 
288     if (!vs->info) {
289         return;
290     }
291 
292     si = vnc_server_info_get(vs->vd);
293     if (!si) {
294         return;
295     }
296 
297     switch (event) {
298     case QAPI_EVENT_VNC_CONNECTED:
299         qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
300         break;
301     case QAPI_EVENT_VNC_INITIALIZED:
302         qapi_event_send_vnc_initialized(si, vs->info);
303         break;
304     case QAPI_EVENT_VNC_DISCONNECTED:
305         qapi_event_send_vnc_disconnected(si, vs->info);
306         break;
307     default:
308         break;
309     }
310 
311     qapi_free_VncServerInfo(si);
312 }
313 
314 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
315 {
316     VncClientInfo *info;
317     Error *err = NULL;
318 
319     info = g_malloc0(sizeof(*info));
320 
321     vnc_init_basic_info_from_remote_addr(client->sioc,
322                                          qapi_VncClientInfo_base(info),
323                                          &err);
324     if (err) {
325         error_free(err);
326         qapi_free_VncClientInfo(info);
327         return NULL;
328     }
329 
330     info->websocket = client->websocket;
331 
332     if (client->tls) {
333         info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
334         info->has_x509_dname = info->x509_dname != NULL;
335     }
336 #ifdef CONFIG_VNC_SASL
337     if (client->sasl.conn && client->sasl.username) {
338         info->has_sasl_username = true;
339         info->sasl_username = g_strdup(client->sasl.username);
340     }
341 #endif
342 
343     return info;
344 }
345 
346 static VncDisplay *vnc_display_find(const char *id)
347 {
348     VncDisplay *vd;
349 
350     if (id == NULL) {
351         return QTAILQ_FIRST(&vnc_displays);
352     }
353     QTAILQ_FOREACH(vd, &vnc_displays, next) {
354         if (strcmp(id, vd->id) == 0) {
355             return vd;
356         }
357     }
358     return NULL;
359 }
360 
361 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
362 {
363     VncClientInfoList *cinfo, *prev = NULL;
364     VncState *client;
365 
366     QTAILQ_FOREACH(client, &vd->clients, next) {
367         cinfo = g_new0(VncClientInfoList, 1);
368         cinfo->value = qmp_query_vnc_client(client);
369         cinfo->next = prev;
370         prev = cinfo;
371     }
372     return prev;
373 }
374 
375 VncInfo *qmp_query_vnc(Error **errp)
376 {
377     VncInfo *info = g_malloc0(sizeof(*info));
378     VncDisplay *vd = vnc_display_find(NULL);
379     SocketAddress *addr = NULL;
380 
381     if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
382         info->enabled = false;
383     } else {
384         info->enabled = true;
385 
386         /* for compatibility with the original command */
387         info->has_clients = true;
388         info->clients = qmp_query_client_list(vd);
389 
390         addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
391                                                     errp);
392         if (!addr) {
393             goto out_error;
394         }
395 
396         switch (addr->type) {
397         case SOCKET_ADDRESS_TYPE_INET:
398             info->host = g_strdup(addr->u.inet.host);
399             info->service = g_strdup(addr->u.inet.port);
400             if (addr->u.inet.ipv6) {
401                 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
402             } else {
403                 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
404             }
405             break;
406 
407         case SOCKET_ADDRESS_TYPE_UNIX:
408             info->host = g_strdup("");
409             info->service = g_strdup(addr->u.q_unix.path);
410             info->family = NETWORK_ADDRESS_FAMILY_UNIX;
411             break;
412 
413         case SOCKET_ADDRESS_TYPE_VSOCK:
414         case SOCKET_ADDRESS_TYPE_FD:
415             error_setg(errp, "Unsupported socket address type %s",
416                        SocketAddressType_str(addr->type));
417             goto out_error;
418         default:
419             abort();
420         }
421 
422         info->has_host = true;
423         info->has_service = true;
424         info->has_family = true;
425 
426         info->has_auth = true;
427         info->auth = g_strdup(vnc_auth_name(vd));
428     }
429 
430     qapi_free_SocketAddress(addr);
431     return info;
432 
433 out_error:
434     qapi_free_SocketAddress(addr);
435     qapi_free_VncInfo(info);
436     return NULL;
437 }
438 
439 
440 static void qmp_query_auth(int auth, int subauth,
441                            VncPrimaryAuth *qmp_auth,
442                            VncVencryptSubAuth *qmp_vencrypt,
443                            bool *qmp_has_vencrypt);
444 
445 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
446                                                   bool websocket,
447                                                   int auth,
448                                                   int subauth,
449                                                   VncServerInfo2List *prev)
450 {
451     VncServerInfo2List *list;
452     VncServerInfo2 *info;
453     Error *err = NULL;
454     SocketAddress *addr;
455 
456     addr = qio_channel_socket_get_local_address(ioc, &err);
457     if (!addr) {
458         error_free(err);
459         return prev;
460     }
461 
462     info = g_new0(VncServerInfo2, 1);
463     vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
464     qapi_free_SocketAddress(addr);
465     if (err) {
466         qapi_free_VncServerInfo2(info);
467         error_free(err);
468         return prev;
469     }
470     info->websocket = websocket;
471 
472     qmp_query_auth(auth, subauth, &info->auth,
473                    &info->vencrypt, &info->has_vencrypt);
474 
475     list = g_new0(VncServerInfo2List, 1);
476     list->value = info;
477     list->next = prev;
478     return list;
479 }
480 
481 static void qmp_query_auth(int auth, int subauth,
482                            VncPrimaryAuth *qmp_auth,
483                            VncVencryptSubAuth *qmp_vencrypt,
484                            bool *qmp_has_vencrypt)
485 {
486     switch (auth) {
487     case VNC_AUTH_VNC:
488         *qmp_auth = VNC_PRIMARY_AUTH_VNC;
489         break;
490     case VNC_AUTH_RA2:
491         *qmp_auth = VNC_PRIMARY_AUTH_RA2;
492         break;
493     case VNC_AUTH_RA2NE:
494         *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
495         break;
496     case VNC_AUTH_TIGHT:
497         *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
498         break;
499     case VNC_AUTH_ULTRA:
500         *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
501         break;
502     case VNC_AUTH_TLS:
503         *qmp_auth = VNC_PRIMARY_AUTH_TLS;
504         break;
505     case VNC_AUTH_VENCRYPT:
506         *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
507         *qmp_has_vencrypt = true;
508         switch (subauth) {
509         case VNC_AUTH_VENCRYPT_PLAIN:
510             *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
511             break;
512         case VNC_AUTH_VENCRYPT_TLSNONE:
513             *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
514             break;
515         case VNC_AUTH_VENCRYPT_TLSVNC:
516             *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
517             break;
518         case VNC_AUTH_VENCRYPT_TLSPLAIN:
519             *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
520             break;
521         case VNC_AUTH_VENCRYPT_X509NONE:
522             *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
523             break;
524         case VNC_AUTH_VENCRYPT_X509VNC:
525             *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
526             break;
527         case VNC_AUTH_VENCRYPT_X509PLAIN:
528             *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
529             break;
530         case VNC_AUTH_VENCRYPT_TLSSASL:
531             *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
532             break;
533         case VNC_AUTH_VENCRYPT_X509SASL:
534             *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
535             break;
536         default:
537             *qmp_has_vencrypt = false;
538             break;
539         }
540         break;
541     case VNC_AUTH_SASL:
542         *qmp_auth = VNC_PRIMARY_AUTH_SASL;
543         break;
544     case VNC_AUTH_NONE:
545     default:
546         *qmp_auth = VNC_PRIMARY_AUTH_NONE;
547         break;
548     }
549 }
550 
551 VncInfo2List *qmp_query_vnc_servers(Error **errp)
552 {
553     VncInfo2List *item, *prev = NULL;
554     VncInfo2 *info;
555     VncDisplay *vd;
556     DeviceState *dev;
557     size_t i;
558 
559     QTAILQ_FOREACH(vd, &vnc_displays, next) {
560         info = g_new0(VncInfo2, 1);
561         info->id = g_strdup(vd->id);
562         info->clients = qmp_query_client_list(vd);
563         qmp_query_auth(vd->auth, vd->subauth, &info->auth,
564                        &info->vencrypt, &info->has_vencrypt);
565         if (vd->dcl.con) {
566             dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
567                                                   "device", NULL));
568             info->has_display = true;
569             info->display = g_strdup(dev->id);
570         }
571         for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
572             info->server = qmp_query_server_entry(
573                 vd->listener->sioc[i], false, vd->auth, vd->subauth,
574                 info->server);
575         }
576         for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
577             info->server = qmp_query_server_entry(
578                 vd->wslistener->sioc[i], true, vd->ws_auth,
579                 vd->ws_subauth, info->server);
580         }
581 
582         item = g_new0(VncInfo2List, 1);
583         item->value = info;
584         item->next = prev;
585         prev = item;
586     }
587     return prev;
588 }
589 
590 /* TODO
591    1) Get the queue working for IO.
592    2) there is some weirdness when using the -S option (the screen is grey
593       and not totally invalidated
594    3) resolutions > 1024
595 */
596 
597 static int vnc_update_client(VncState *vs, int has_dirty);
598 static void vnc_disconnect_start(VncState *vs);
599 
600 static void vnc_colordepth(VncState *vs);
601 static void framebuffer_update_request(VncState *vs, int incremental,
602                                        int x_position, int y_position,
603                                        int w, int h);
604 static void vnc_refresh(DisplayChangeListener *dcl);
605 static int vnc_refresh_server_surface(VncDisplay *vd);
606 
607 static int vnc_width(VncDisplay *vd)
608 {
609     return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
610                                        VNC_DIRTY_PIXELS_PER_BIT));
611 }
612 
613 static int vnc_height(VncDisplay *vd)
614 {
615     return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
616 }
617 
618 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
619                                VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
620                                VncDisplay *vd,
621                                int x, int y, int w, int h)
622 {
623     int width = vnc_width(vd);
624     int height = vnc_height(vd);
625 
626     /* this is needed this to ensure we updated all affected
627      * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
628     w += (x % VNC_DIRTY_PIXELS_PER_BIT);
629     x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
630 
631     x = MIN(x, width);
632     y = MIN(y, height);
633     w = MIN(x + w, width) - x;
634     h = MIN(y + h, height);
635 
636     for (; y < h; y++) {
637         bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
638                    DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
639     }
640 }
641 
642 static void vnc_dpy_update(DisplayChangeListener *dcl,
643                            int x, int y, int w, int h)
644 {
645     VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
646     struct VncSurface *s = &vd->guest;
647 
648     vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
649 }
650 
651 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
652                             int32_t encoding)
653 {
654     vnc_write_u16(vs, x);
655     vnc_write_u16(vs, y);
656     vnc_write_u16(vs, w);
657     vnc_write_u16(vs, h);
658 
659     vnc_write_s32(vs, encoding);
660 }
661 
662 
663 static void vnc_desktop_resize(VncState *vs)
664 {
665     if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
666         return;
667     }
668     if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
669         vs->client_height == pixman_image_get_height(vs->vd->server)) {
670         return;
671     }
672 
673     assert(pixman_image_get_width(vs->vd->server) < 65536 &&
674            pixman_image_get_width(vs->vd->server) >= 0);
675     assert(pixman_image_get_height(vs->vd->server) < 65536 &&
676            pixman_image_get_height(vs->vd->server) >= 0);
677     vs->client_width = pixman_image_get_width(vs->vd->server);
678     vs->client_height = pixman_image_get_height(vs->vd->server);
679     vnc_lock_output(vs);
680     vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
681     vnc_write_u8(vs, 0);
682     vnc_write_u16(vs, 1); /* number of rects */
683     vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
684                            VNC_ENCODING_DESKTOPRESIZE);
685     vnc_unlock_output(vs);
686     vnc_flush(vs);
687 }
688 
689 static void vnc_abort_display_jobs(VncDisplay *vd)
690 {
691     VncState *vs;
692 
693     QTAILQ_FOREACH(vs, &vd->clients, next) {
694         vnc_lock_output(vs);
695         vs->abort = true;
696         vnc_unlock_output(vs);
697     }
698     QTAILQ_FOREACH(vs, &vd->clients, next) {
699         vnc_jobs_join(vs);
700     }
701     QTAILQ_FOREACH(vs, &vd->clients, next) {
702         vnc_lock_output(vs);
703         vs->abort = false;
704         vnc_unlock_output(vs);
705     }
706 }
707 
708 int vnc_server_fb_stride(VncDisplay *vd)
709 {
710     return pixman_image_get_stride(vd->server);
711 }
712 
713 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
714 {
715     uint8_t *ptr;
716 
717     ptr  = (uint8_t *)pixman_image_get_data(vd->server);
718     ptr += y * vnc_server_fb_stride(vd);
719     ptr += x * VNC_SERVER_FB_BYTES;
720     return ptr;
721 }
722 
723 static void vnc_update_server_surface(VncDisplay *vd)
724 {
725     int width, height;
726 
727     qemu_pixman_image_unref(vd->server);
728     vd->server = NULL;
729 
730     if (QTAILQ_EMPTY(&vd->clients)) {
731         return;
732     }
733 
734     width = vnc_width(vd);
735     height = vnc_height(vd);
736     vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
737                                           width, height,
738                                           NULL, 0);
739 
740     memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
741     vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
742                        width, height);
743 }
744 
745 static bool vnc_check_pageflip(DisplaySurface *s1,
746                                DisplaySurface *s2)
747 {
748     return (s1 != NULL &&
749             s2 != NULL &&
750             surface_width(s1) == surface_width(s2) &&
751             surface_height(s1) == surface_height(s2) &&
752             surface_format(s1) == surface_format(s2));
753 
754 }
755 
756 static void vnc_dpy_switch(DisplayChangeListener *dcl,
757                            DisplaySurface *surface)
758 {
759     static const char placeholder_msg[] =
760         "Display output is not active.";
761     static DisplaySurface *placeholder;
762     VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
763     bool pageflip = vnc_check_pageflip(vd->ds, surface);
764     VncState *vs;
765 
766     if (surface == NULL) {
767         if (placeholder == NULL) {
768             placeholder = qemu_create_message_surface(640, 480, placeholder_msg);
769         }
770         surface = placeholder;
771     }
772 
773     vnc_abort_display_jobs(vd);
774     vd->ds = surface;
775 
776     /* guest surface */
777     qemu_pixman_image_unref(vd->guest.fb);
778     vd->guest.fb = pixman_image_ref(surface->image);
779     vd->guest.format = surface->format;
780 
781     if (pageflip) {
782         vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
783                            surface_width(surface),
784                            surface_height(surface));
785         return;
786     }
787 
788     /* server surface */
789     vnc_update_server_surface(vd);
790 
791     QTAILQ_FOREACH(vs, &vd->clients, next) {
792         vnc_colordepth(vs);
793         vnc_desktop_resize(vs);
794         if (vs->vd->cursor) {
795             vnc_cursor_define(vs);
796         }
797         memset(vs->dirty, 0x00, sizeof(vs->dirty));
798         vnc_set_area_dirty(vs->dirty, vd, 0, 0,
799                            vnc_width(vd),
800                            vnc_height(vd));
801         vnc_update_throttle_offset(vs);
802     }
803 }
804 
805 /* fastest code */
806 static void vnc_write_pixels_copy(VncState *vs,
807                                   void *pixels, int size)
808 {
809     vnc_write(vs, pixels, size);
810 }
811 
812 /* slowest but generic code. */
813 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
814 {
815     uint8_t r, g, b;
816 
817 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
818     r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
819     g = (((v & 0x0000ff00) >>  8) << vs->client_pf.gbits) >> 8;
820     b = (((v & 0x000000ff) >>  0) << vs->client_pf.bbits) >> 8;
821 #else
822 # error need some bits here if you change VNC_SERVER_FB_FORMAT
823 #endif
824     v = (r << vs->client_pf.rshift) |
825         (g << vs->client_pf.gshift) |
826         (b << vs->client_pf.bshift);
827     switch (vs->client_pf.bytes_per_pixel) {
828     case 1:
829         buf[0] = v;
830         break;
831     case 2:
832         if (vs->client_be) {
833             buf[0] = v >> 8;
834             buf[1] = v;
835         } else {
836             buf[1] = v >> 8;
837             buf[0] = v;
838         }
839         break;
840     default:
841     case 4:
842         if (vs->client_be) {
843             buf[0] = v >> 24;
844             buf[1] = v >> 16;
845             buf[2] = v >> 8;
846             buf[3] = v;
847         } else {
848             buf[3] = v >> 24;
849             buf[2] = v >> 16;
850             buf[1] = v >> 8;
851             buf[0] = v;
852         }
853         break;
854     }
855 }
856 
857 static void vnc_write_pixels_generic(VncState *vs,
858                                      void *pixels1, int size)
859 {
860     uint8_t buf[4];
861 
862     if (VNC_SERVER_FB_BYTES == 4) {
863         uint32_t *pixels = pixels1;
864         int n, i;
865         n = size >> 2;
866         for (i = 0; i < n; i++) {
867             vnc_convert_pixel(vs, buf, pixels[i]);
868             vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
869         }
870     }
871 }
872 
873 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
874 {
875     int i;
876     uint8_t *row;
877     VncDisplay *vd = vs->vd;
878 
879     row = vnc_server_fb_ptr(vd, x, y);
880     for (i = 0; i < h; i++) {
881         vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
882         row += vnc_server_fb_stride(vd);
883     }
884     return 1;
885 }
886 
887 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
888 {
889     int n = 0;
890     bool encode_raw = false;
891     size_t saved_offs = vs->output.offset;
892 
893     switch(vs->vnc_encoding) {
894         case VNC_ENCODING_ZLIB:
895             n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
896             break;
897         case VNC_ENCODING_HEXTILE:
898             vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
899             n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
900             break;
901         case VNC_ENCODING_TIGHT:
902             n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
903             break;
904         case VNC_ENCODING_TIGHT_PNG:
905             n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
906             break;
907         case VNC_ENCODING_ZRLE:
908             n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
909             break;
910         case VNC_ENCODING_ZYWRLE:
911             n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
912             break;
913         default:
914             encode_raw = true;
915             break;
916     }
917 
918     /* If the client has the same pixel format as our internal buffer and
919      * a RAW encoding would need less space fall back to RAW encoding to
920      * save bandwidth and processing power in the client. */
921     if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
922         12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
923         vs->output.offset = saved_offs;
924         encode_raw = true;
925     }
926 
927     if (encode_raw) {
928         vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
929         n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
930     }
931 
932     return n;
933 }
934 
935 static void vnc_mouse_set(DisplayChangeListener *dcl,
936                           int x, int y, int visible)
937 {
938     /* can we ask the client(s) to move the pointer ??? */
939 }
940 
941 static int vnc_cursor_define(VncState *vs)
942 {
943     QEMUCursor *c = vs->vd->cursor;
944     int isize;
945 
946     if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
947         vnc_lock_output(vs);
948         vnc_write_u8(vs,  VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
949         vnc_write_u8(vs,  0);  /*  padding     */
950         vnc_write_u16(vs, 1);  /*  # of rects  */
951         vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
952                                VNC_ENCODING_RICH_CURSOR);
953         isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
954         vnc_write_pixels_generic(vs, c->data, isize);
955         vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
956         vnc_unlock_output(vs);
957         return 0;
958     }
959     return -1;
960 }
961 
962 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
963                                   QEMUCursor *c)
964 {
965     VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
966     VncState *vs;
967 
968     cursor_put(vd->cursor);
969     g_free(vd->cursor_mask);
970 
971     vd->cursor = c;
972     cursor_get(vd->cursor);
973     vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
974     vd->cursor_mask = g_malloc0(vd->cursor_msize);
975     cursor_get_mono_mask(c, 0, vd->cursor_mask);
976 
977     QTAILQ_FOREACH(vs, &vd->clients, next) {
978         vnc_cursor_define(vs);
979     }
980 }
981 
982 static int find_and_clear_dirty_height(VncState *vs,
983                                        int y, int last_x, int x, int height)
984 {
985     int h;
986 
987     for (h = 1; h < (height - y); h++) {
988         if (!test_bit(last_x, vs->dirty[y + h])) {
989             break;
990         }
991         bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
992     }
993 
994     return h;
995 }
996 
997 /*
998  * Figure out how much pending data we should allow in the output
999  * buffer before we throttle incremental display updates, and/or
1000  * drop audio samples.
1001  *
1002  * We allow for equiv of 1 full display's worth of FB updates,
1003  * and 1 second of audio samples. If audio backlog was larger
1004  * than that the client would already suffering awful audio
1005  * glitches, so dropping samples is no worse really).
1006  */
1007 static void vnc_update_throttle_offset(VncState *vs)
1008 {
1009     size_t offset =
1010         vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1011 
1012     if (vs->audio_cap) {
1013         int bps;
1014         switch (vs->as.fmt) {
1015         default:
1016         case  AUD_FMT_U8:
1017         case  AUD_FMT_S8:
1018             bps = 1;
1019             break;
1020         case  AUD_FMT_U16:
1021         case  AUD_FMT_S16:
1022             bps = 2;
1023             break;
1024         case  AUD_FMT_U32:
1025         case  AUD_FMT_S32:
1026             bps = 4;
1027             break;
1028         }
1029         offset += vs->as.freq * bps * vs->as.nchannels;
1030     }
1031 
1032     /* Put a floor of 1MB on offset, so that if we have a large pending
1033      * buffer and the display is resized to a small size & back again
1034      * we don't suddenly apply a tiny send limit
1035      */
1036     offset = MAX(offset, 1024 * 1024);
1037 
1038     if (vs->throttle_output_offset != offset) {
1039         trace_vnc_client_throttle_threshold(
1040             vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1041             vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1042     }
1043 
1044     vs->throttle_output_offset = offset;
1045 }
1046 
1047 static bool vnc_should_update(VncState *vs)
1048 {
1049     switch (vs->update) {
1050     case VNC_STATE_UPDATE_NONE:
1051         break;
1052     case VNC_STATE_UPDATE_INCREMENTAL:
1053         /* Only allow incremental updates if the pending send queue
1054          * is less than the permitted threshold, and the job worker
1055          * is completely idle.
1056          */
1057         if (vs->output.offset < vs->throttle_output_offset &&
1058             vs->job_update == VNC_STATE_UPDATE_NONE) {
1059             return true;
1060         }
1061         trace_vnc_client_throttle_incremental(
1062             vs, vs->ioc, vs->job_update, vs->output.offset);
1063         break;
1064     case VNC_STATE_UPDATE_FORCE:
1065         /* Only allow forced updates if the pending send queue
1066          * does not contain a previous forced update, and the
1067          * job worker is completely idle.
1068          *
1069          * Note this means we'll queue a forced update, even if
1070          * the output buffer size is otherwise over the throttle
1071          * output limit.
1072          */
1073         if (vs->force_update_offset == 0 &&
1074             vs->job_update == VNC_STATE_UPDATE_NONE) {
1075             return true;
1076         }
1077         trace_vnc_client_throttle_forced(
1078             vs, vs->ioc, vs->job_update, vs->force_update_offset);
1079         break;
1080     }
1081     return false;
1082 }
1083 
1084 static int vnc_update_client(VncState *vs, int has_dirty)
1085 {
1086     VncDisplay *vd = vs->vd;
1087     VncJob *job;
1088     int y;
1089     int height, width;
1090     int n = 0;
1091 
1092     if (vs->disconnecting) {
1093         vnc_disconnect_finish(vs);
1094         return 0;
1095     }
1096 
1097     vs->has_dirty += has_dirty;
1098     if (!vnc_should_update(vs)) {
1099         return 0;
1100     }
1101 
1102     if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1103         return 0;
1104     }
1105 
1106     /*
1107      * Send screen updates to the vnc client using the server
1108      * surface and server dirty map.  guest surface updates
1109      * happening in parallel don't disturb us, the next pass will
1110      * send them to the client.
1111      */
1112     job = vnc_job_new(vs);
1113 
1114     height = pixman_image_get_height(vd->server);
1115     width = pixman_image_get_width(vd->server);
1116 
1117     y = 0;
1118     for (;;) {
1119         int x, h;
1120         unsigned long x2;
1121         unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1122                                              height * VNC_DIRTY_BPL(vs),
1123                                              y * VNC_DIRTY_BPL(vs));
1124         if (offset == height * VNC_DIRTY_BPL(vs)) {
1125             /* no more dirty bits */
1126             break;
1127         }
1128         y = offset / VNC_DIRTY_BPL(vs);
1129         x = offset % VNC_DIRTY_BPL(vs);
1130         x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1131                                 VNC_DIRTY_BPL(vs), x);
1132         bitmap_clear(vs->dirty[y], x, x2 - x);
1133         h = find_and_clear_dirty_height(vs, y, x, x2, height);
1134         x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1135         if (x2 > x) {
1136             n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1137                                   (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1138         }
1139         if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1140             y += h;
1141             if (y == height) {
1142                 break;
1143             }
1144         }
1145     }
1146 
1147     vs->job_update = vs->update;
1148     vs->update = VNC_STATE_UPDATE_NONE;
1149     vnc_job_push(job);
1150     vs->has_dirty = 0;
1151     return n;
1152 }
1153 
1154 /* audio */
1155 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1156 {
1157     VncState *vs = opaque;
1158 
1159     assert(vs->magic == VNC_MAGIC);
1160     switch (cmd) {
1161     case AUD_CNOTIFY_DISABLE:
1162         vnc_lock_output(vs);
1163         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1164         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1165         vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1166         vnc_unlock_output(vs);
1167         vnc_flush(vs);
1168         break;
1169 
1170     case AUD_CNOTIFY_ENABLE:
1171         vnc_lock_output(vs);
1172         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1173         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1174         vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1175         vnc_unlock_output(vs);
1176         vnc_flush(vs);
1177         break;
1178     }
1179 }
1180 
1181 static void audio_capture_destroy(void *opaque)
1182 {
1183 }
1184 
1185 static void audio_capture(void *opaque, void *buf, int size)
1186 {
1187     VncState *vs = opaque;
1188 
1189     assert(vs->magic == VNC_MAGIC);
1190     vnc_lock_output(vs);
1191     if (vs->output.offset < vs->throttle_output_offset) {
1192         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1193         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1194         vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1195         vnc_write_u32(vs, size);
1196         vnc_write(vs, buf, size);
1197     } else {
1198         trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1199     }
1200     vnc_unlock_output(vs);
1201     vnc_flush(vs);
1202 }
1203 
1204 static void audio_add(VncState *vs)
1205 {
1206     struct audio_capture_ops ops;
1207 
1208     if (vs->audio_cap) {
1209         error_report("audio already running");
1210         return;
1211     }
1212 
1213     ops.notify = audio_capture_notify;
1214     ops.destroy = audio_capture_destroy;
1215     ops.capture = audio_capture;
1216 
1217     vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1218     if (!vs->audio_cap) {
1219         error_report("Failed to add audio capture");
1220     }
1221 }
1222 
1223 static void audio_del(VncState *vs)
1224 {
1225     if (vs->audio_cap) {
1226         AUD_del_capture(vs->audio_cap, vs);
1227         vs->audio_cap = NULL;
1228     }
1229 }
1230 
1231 static void vnc_disconnect_start(VncState *vs)
1232 {
1233     if (vs->disconnecting) {
1234         return;
1235     }
1236     trace_vnc_client_disconnect_start(vs, vs->ioc);
1237     vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1238     if (vs->ioc_tag) {
1239         g_source_remove(vs->ioc_tag);
1240         vs->ioc_tag = 0;
1241     }
1242     qio_channel_close(vs->ioc, NULL);
1243     vs->disconnecting = TRUE;
1244 }
1245 
1246 void vnc_disconnect_finish(VncState *vs)
1247 {
1248     int i;
1249 
1250     trace_vnc_client_disconnect_finish(vs, vs->ioc);
1251 
1252     vnc_jobs_join(vs); /* Wait encoding jobs */
1253 
1254     vnc_lock_output(vs);
1255     vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1256 
1257     buffer_free(&vs->input);
1258     buffer_free(&vs->output);
1259 
1260     qapi_free_VncClientInfo(vs->info);
1261 
1262     vnc_zlib_clear(vs);
1263     vnc_tight_clear(vs);
1264     vnc_zrle_clear(vs);
1265 
1266 #ifdef CONFIG_VNC_SASL
1267     vnc_sasl_client_cleanup(vs);
1268 #endif /* CONFIG_VNC_SASL */
1269     audio_del(vs);
1270     qkbd_state_lift_all_keys(vs->vd->kbd);
1271 
1272     if (vs->mouse_mode_notifier.notify != NULL) {
1273         qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1274     }
1275     QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1276     if (QTAILQ_EMPTY(&vs->vd->clients)) {
1277         /* last client gone */
1278         vnc_update_server_surface(vs->vd);
1279     }
1280 
1281     vnc_unlock_output(vs);
1282 
1283     qemu_mutex_destroy(&vs->output_mutex);
1284     if (vs->bh != NULL) {
1285         qemu_bh_delete(vs->bh);
1286     }
1287     buffer_free(&vs->jobs_buffer);
1288 
1289     for (i = 0; i < VNC_STAT_ROWS; ++i) {
1290         g_free(vs->lossy_rect[i]);
1291     }
1292     g_free(vs->lossy_rect);
1293 
1294     object_unref(OBJECT(vs->ioc));
1295     vs->ioc = NULL;
1296     object_unref(OBJECT(vs->sioc));
1297     vs->sioc = NULL;
1298     vs->magic = 0;
1299     g_free(vs);
1300 }
1301 
1302 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1303 {
1304     if (ret <= 0) {
1305         if (ret == 0) {
1306             trace_vnc_client_eof(vs, vs->ioc);
1307             vnc_disconnect_start(vs);
1308         } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1309             trace_vnc_client_io_error(vs, vs->ioc,
1310                                       errp ? error_get_pretty(*errp) :
1311                                       "Unknown");
1312             vnc_disconnect_start(vs);
1313         }
1314 
1315         if (errp) {
1316             error_free(*errp);
1317             *errp = NULL;
1318         }
1319         return 0;
1320     }
1321     return ret;
1322 }
1323 
1324 
1325 void vnc_client_error(VncState *vs)
1326 {
1327     VNC_DEBUG("Closing down client sock: protocol error\n");
1328     vnc_disconnect_start(vs);
1329 }
1330 
1331 
1332 /*
1333  * Called to write a chunk of data to the client socket. The data may
1334  * be the raw data, or may have already been encoded by SASL.
1335  * The data will be written either straight onto the socket, or
1336  * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1337  *
1338  * NB, it is theoretically possible to have 2 layers of encryption,
1339  * both SASL, and this TLS layer. It is highly unlikely in practice
1340  * though, since SASL encryption will typically be a no-op if TLS
1341  * is active
1342  *
1343  * Returns the number of bytes written, which may be less than
1344  * the requested 'datalen' if the socket would block. Returns
1345  * 0 on I/O error, and disconnects the client socket.
1346  */
1347 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1348 {
1349     Error *err = NULL;
1350     ssize_t ret;
1351     ret = qio_channel_write(
1352         vs->ioc, (const char *)data, datalen, &err);
1353     VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1354     return vnc_client_io_error(vs, ret, &err);
1355 }
1356 
1357 
1358 /*
1359  * Called to write buffered data to the client socket, when not
1360  * using any SASL SSF encryption layers. Will write as much data
1361  * as possible without blocking. If all buffered data is written,
1362  * will switch the FD poll() handler back to read monitoring.
1363  *
1364  * Returns the number of bytes written, which may be less than
1365  * the buffered output data if the socket would block.  Returns
1366  * 0 on I/O error, and disconnects the client socket.
1367  */
1368 static size_t vnc_client_write_plain(VncState *vs)
1369 {
1370     size_t offset;
1371     size_t ret;
1372 
1373 #ifdef CONFIG_VNC_SASL
1374     VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1375               vs->output.buffer, vs->output.capacity, vs->output.offset,
1376               vs->sasl.waitWriteSSF);
1377 
1378     if (vs->sasl.conn &&
1379         vs->sasl.runSSF &&
1380         vs->sasl.waitWriteSSF) {
1381         ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1382         if (ret)
1383             vs->sasl.waitWriteSSF -= ret;
1384     } else
1385 #endif /* CONFIG_VNC_SASL */
1386         ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1387     if (!ret)
1388         return 0;
1389 
1390     if (ret >= vs->force_update_offset) {
1391         if (vs->force_update_offset != 0) {
1392             trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1393         }
1394         vs->force_update_offset = 0;
1395     } else {
1396         vs->force_update_offset -= ret;
1397     }
1398     offset = vs->output.offset;
1399     buffer_advance(&vs->output, ret);
1400     if (offset >= vs->throttle_output_offset &&
1401         vs->output.offset < vs->throttle_output_offset) {
1402         trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1403     }
1404 
1405     if (vs->output.offset == 0) {
1406         if (vs->ioc_tag) {
1407             g_source_remove(vs->ioc_tag);
1408         }
1409         vs->ioc_tag = qio_channel_add_watch(
1410             vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1411     }
1412 
1413     return ret;
1414 }
1415 
1416 
1417 /*
1418  * First function called whenever there is data to be written to
1419  * the client socket. Will delegate actual work according to whether
1420  * SASL SSF layers are enabled (thus requiring encryption calls)
1421  */
1422 static void vnc_client_write_locked(VncState *vs)
1423 {
1424 #ifdef CONFIG_VNC_SASL
1425     if (vs->sasl.conn &&
1426         vs->sasl.runSSF &&
1427         !vs->sasl.waitWriteSSF) {
1428         vnc_client_write_sasl(vs);
1429     } else
1430 #endif /* CONFIG_VNC_SASL */
1431     {
1432         vnc_client_write_plain(vs);
1433     }
1434 }
1435 
1436 static void vnc_client_write(VncState *vs)
1437 {
1438     assert(vs->magic == VNC_MAGIC);
1439     vnc_lock_output(vs);
1440     if (vs->output.offset) {
1441         vnc_client_write_locked(vs);
1442     } else if (vs->ioc != NULL) {
1443         if (vs->ioc_tag) {
1444             g_source_remove(vs->ioc_tag);
1445         }
1446         vs->ioc_tag = qio_channel_add_watch(
1447             vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1448     }
1449     vnc_unlock_output(vs);
1450 }
1451 
1452 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1453 {
1454     vs->read_handler = func;
1455     vs->read_handler_expect = expecting;
1456 }
1457 
1458 
1459 /*
1460  * Called to read a chunk of data from the client socket. The data may
1461  * be the raw data, or may need to be further decoded by SASL.
1462  * The data will be read either straight from to the socket, or
1463  * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1464  *
1465  * NB, it is theoretically possible to have 2 layers of encryption,
1466  * both SASL, and this TLS layer. It is highly unlikely in practice
1467  * though, since SASL encryption will typically be a no-op if TLS
1468  * is active
1469  *
1470  * Returns the number of bytes read, which may be less than
1471  * the requested 'datalen' if the socket would block. Returns
1472  * 0 on I/O error or EOF, and disconnects the client socket.
1473  */
1474 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1475 {
1476     ssize_t ret;
1477     Error *err = NULL;
1478     ret = qio_channel_read(
1479         vs->ioc, (char *)data, datalen, &err);
1480     VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1481     return vnc_client_io_error(vs, ret, &err);
1482 }
1483 
1484 
1485 /*
1486  * Called to read data from the client socket to the input buffer,
1487  * when not using any SASL SSF encryption layers. Will read as much
1488  * data as possible without blocking.
1489  *
1490  * Returns the number of bytes read, which may be less than
1491  * the requested 'datalen' if the socket would block. Returns
1492  * 0 on I/O error or EOF, and disconnects the client socket.
1493  */
1494 static size_t vnc_client_read_plain(VncState *vs)
1495 {
1496     size_t ret;
1497     VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1498               vs->input.buffer, vs->input.capacity, vs->input.offset);
1499     buffer_reserve(&vs->input, 4096);
1500     ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1501     if (!ret)
1502         return 0;
1503     vs->input.offset += ret;
1504     return ret;
1505 }
1506 
1507 static void vnc_jobs_bh(void *opaque)
1508 {
1509     VncState *vs = opaque;
1510 
1511     assert(vs->magic == VNC_MAGIC);
1512     vnc_jobs_consume_buffer(vs);
1513 }
1514 
1515 /*
1516  * First function called whenever there is more data to be read from
1517  * the client socket. Will delegate actual work according to whether
1518  * SASL SSF layers are enabled (thus requiring decryption calls)
1519  * Returns 0 on success, -1 if client disconnected
1520  */
1521 static int vnc_client_read(VncState *vs)
1522 {
1523     size_t ret;
1524 
1525 #ifdef CONFIG_VNC_SASL
1526     if (vs->sasl.conn && vs->sasl.runSSF)
1527         ret = vnc_client_read_sasl(vs);
1528     else
1529 #endif /* CONFIG_VNC_SASL */
1530         ret = vnc_client_read_plain(vs);
1531     if (!ret) {
1532         if (vs->disconnecting) {
1533             vnc_disconnect_finish(vs);
1534             return -1;
1535         }
1536         return 0;
1537     }
1538 
1539     while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1540         size_t len = vs->read_handler_expect;
1541         int ret;
1542 
1543         ret = vs->read_handler(vs, vs->input.buffer, len);
1544         if (vs->disconnecting) {
1545             vnc_disconnect_finish(vs);
1546             return -1;
1547         }
1548 
1549         if (!ret) {
1550             buffer_advance(&vs->input, len);
1551         } else {
1552             vs->read_handler_expect = ret;
1553         }
1554     }
1555     return 0;
1556 }
1557 
1558 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1559                        GIOCondition condition, void *opaque)
1560 {
1561     VncState *vs = opaque;
1562 
1563     assert(vs->magic == VNC_MAGIC);
1564     if (condition & G_IO_IN) {
1565         if (vnc_client_read(vs) < 0) {
1566             /* vs is free()ed here */
1567             return TRUE;
1568         }
1569     }
1570     if (condition & G_IO_OUT) {
1571         vnc_client_write(vs);
1572     }
1573 
1574     if (vs->disconnecting) {
1575         if (vs->ioc_tag != 0) {
1576             g_source_remove(vs->ioc_tag);
1577         }
1578         vs->ioc_tag = 0;
1579     }
1580     return TRUE;
1581 }
1582 
1583 
1584 /*
1585  * Scale factor to apply to vs->throttle_output_offset when checking for
1586  * hard limit. Worst case normal usage could be x2, if we have a complete
1587  * incremental update and complete forced update in the output buffer.
1588  * So x3 should be good enough, but we pick x5 to be conservative and thus
1589  * (hopefully) never trigger incorrectly.
1590  */
1591 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1592 
1593 void vnc_write(VncState *vs, const void *data, size_t len)
1594 {
1595     assert(vs->magic == VNC_MAGIC);
1596     if (vs->disconnecting) {
1597         return;
1598     }
1599     /* Protection against malicious client/guest to prevent our output
1600      * buffer growing without bound if client stops reading data. This
1601      * should rarely trigger, because we have earlier throttling code
1602      * which stops issuing framebuffer updates and drops audio data
1603      * if the throttle_output_offset value is exceeded. So we only reach
1604      * this higher level if a huge number of pseudo-encodings get
1605      * triggered while data can't be sent on the socket.
1606      *
1607      * NB throttle_output_offset can be zero during early protocol
1608      * handshake, or from the job thread's VncState clone
1609      */
1610     if (vs->throttle_output_offset != 0 &&
1611         (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1612         vs->throttle_output_offset) {
1613         trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1614                                       vs->throttle_output_offset);
1615         vnc_disconnect_start(vs);
1616         return;
1617     }
1618     buffer_reserve(&vs->output, len);
1619 
1620     if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1621         if (vs->ioc_tag) {
1622             g_source_remove(vs->ioc_tag);
1623         }
1624         vs->ioc_tag = qio_channel_add_watch(
1625             vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1626     }
1627 
1628     buffer_append(&vs->output, data, len);
1629 }
1630 
1631 void vnc_write_s32(VncState *vs, int32_t value)
1632 {
1633     vnc_write_u32(vs, *(uint32_t *)&value);
1634 }
1635 
1636 void vnc_write_u32(VncState *vs, uint32_t value)
1637 {
1638     uint8_t buf[4];
1639 
1640     buf[0] = (value >> 24) & 0xFF;
1641     buf[1] = (value >> 16) & 0xFF;
1642     buf[2] = (value >>  8) & 0xFF;
1643     buf[3] = value & 0xFF;
1644 
1645     vnc_write(vs, buf, 4);
1646 }
1647 
1648 void vnc_write_u16(VncState *vs, uint16_t value)
1649 {
1650     uint8_t buf[2];
1651 
1652     buf[0] = (value >> 8) & 0xFF;
1653     buf[1] = value & 0xFF;
1654 
1655     vnc_write(vs, buf, 2);
1656 }
1657 
1658 void vnc_write_u8(VncState *vs, uint8_t value)
1659 {
1660     vnc_write(vs, (char *)&value, 1);
1661 }
1662 
1663 void vnc_flush(VncState *vs)
1664 {
1665     vnc_lock_output(vs);
1666     if (vs->ioc != NULL && vs->output.offset) {
1667         vnc_client_write_locked(vs);
1668     }
1669     if (vs->disconnecting) {
1670         if (vs->ioc_tag != 0) {
1671             g_source_remove(vs->ioc_tag);
1672         }
1673         vs->ioc_tag = 0;
1674     }
1675     vnc_unlock_output(vs);
1676 }
1677 
1678 static uint8_t read_u8(uint8_t *data, size_t offset)
1679 {
1680     return data[offset];
1681 }
1682 
1683 static uint16_t read_u16(uint8_t *data, size_t offset)
1684 {
1685     return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1686 }
1687 
1688 static int32_t read_s32(uint8_t *data, size_t offset)
1689 {
1690     return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1691                      (data[offset + 2] << 8) | data[offset + 3]);
1692 }
1693 
1694 uint32_t read_u32(uint8_t *data, size_t offset)
1695 {
1696     return ((data[offset] << 24) | (data[offset + 1] << 16) |
1697             (data[offset + 2] << 8) | data[offset + 3]);
1698 }
1699 
1700 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1701 {
1702 }
1703 
1704 static void check_pointer_type_change(Notifier *notifier, void *data)
1705 {
1706     VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1707     int absolute = qemu_input_is_absolute();
1708 
1709     if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1710         vnc_lock_output(vs);
1711         vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1712         vnc_write_u8(vs, 0);
1713         vnc_write_u16(vs, 1);
1714         vnc_framebuffer_update(vs, absolute, 0,
1715                                pixman_image_get_width(vs->vd->server),
1716                                pixman_image_get_height(vs->vd->server),
1717                                VNC_ENCODING_POINTER_TYPE_CHANGE);
1718         vnc_unlock_output(vs);
1719         vnc_flush(vs);
1720     }
1721     vs->absolute = absolute;
1722 }
1723 
1724 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1725 {
1726     static uint32_t bmap[INPUT_BUTTON__MAX] = {
1727         [INPUT_BUTTON_LEFT]       = 0x01,
1728         [INPUT_BUTTON_MIDDLE]     = 0x02,
1729         [INPUT_BUTTON_RIGHT]      = 0x04,
1730         [INPUT_BUTTON_WHEEL_UP]   = 0x08,
1731         [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1732     };
1733     QemuConsole *con = vs->vd->dcl.con;
1734     int width = pixman_image_get_width(vs->vd->server);
1735     int height = pixman_image_get_height(vs->vd->server);
1736 
1737     if (vs->last_bmask != button_mask) {
1738         qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1739         vs->last_bmask = button_mask;
1740     }
1741 
1742     if (vs->absolute) {
1743         qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1744         qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1745     } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1746         qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1747         qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1748     } else {
1749         if (vs->last_x != -1) {
1750             qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1751             qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1752         }
1753         vs->last_x = x;
1754         vs->last_y = y;
1755     }
1756     qemu_input_event_sync();
1757 }
1758 
1759 static void press_key(VncState *vs, QKeyCode qcode)
1760 {
1761     qkbd_state_key_event(vs->vd->kbd, qcode, true);
1762     qkbd_state_key_event(vs->vd->kbd, qcode, false);
1763 }
1764 
1765 static void vnc_led_state_change(VncState *vs)
1766 {
1767     if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1768         return;
1769     }
1770 
1771     vnc_lock_output(vs);
1772     vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1773     vnc_write_u8(vs, 0);
1774     vnc_write_u16(vs, 1);
1775     vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1776     vnc_write_u8(vs, vs->vd->ledstate);
1777     vnc_unlock_output(vs);
1778     vnc_flush(vs);
1779 }
1780 
1781 static void kbd_leds(void *opaque, int ledstate)
1782 {
1783     VncDisplay *vd = opaque;
1784     VncState *client;
1785 
1786     trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1787                              (ledstate & QEMU_NUM_LOCK_LED),
1788                              (ledstate & QEMU_SCROLL_LOCK_LED));
1789 
1790     if (ledstate == vd->ledstate) {
1791         return;
1792     }
1793 
1794     vd->ledstate = ledstate;
1795 
1796     QTAILQ_FOREACH(client, &vd->clients, next) {
1797         vnc_led_state_change(client);
1798     }
1799 }
1800 
1801 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1802 {
1803     QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1804 
1805     /* QEMU console switch */
1806     switch (qcode) {
1807     case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */
1808         if (vs->vd->dcl.con == NULL && down &&
1809             qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1810             qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1811             /* Reset the modifiers sent to the current console */
1812             qkbd_state_lift_all_keys(vs->vd->kbd);
1813             console_select(qcode - Q_KEY_CODE_1);
1814             return;
1815         }
1816     default:
1817         break;
1818     }
1819 
1820     /* Turn off the lock state sync logic if the client support the led
1821        state extension.
1822     */
1823     if (down && vs->vd->lock_key_sync &&
1824         !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1825         keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1826         /* If the numlock state needs to change then simulate an additional
1827            keypress before sending this one.  This will happen if the user
1828            toggles numlock away from the VNC window.
1829         */
1830         if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1831             if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1832                 trace_vnc_key_sync_numlock(true);
1833                 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1834             }
1835         } else {
1836             if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1837                 trace_vnc_key_sync_numlock(false);
1838                 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1839             }
1840         }
1841     }
1842 
1843     if (down && vs->vd->lock_key_sync &&
1844         !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1845         ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1846         /* If the capslock state needs to change then simulate an additional
1847            keypress before sending this one.  This will happen if the user
1848            toggles capslock away from the VNC window.
1849         */
1850         int uppercase = !!(sym >= 'A' && sym <= 'Z');
1851         bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1852         bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1853         if (capslock) {
1854             if (uppercase == shift) {
1855                 trace_vnc_key_sync_capslock(false);
1856                 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1857             }
1858         } else {
1859             if (uppercase != shift) {
1860                 trace_vnc_key_sync_capslock(true);
1861                 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1862             }
1863         }
1864     }
1865 
1866     qkbd_state_key_event(vs->vd->kbd, qcode, down);
1867     if (!qemu_console_is_graphic(NULL)) {
1868         bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1869         bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1870         /* QEMU console emulation */
1871         if (down) {
1872             switch (keycode) {
1873             case 0x2a:                          /* Left Shift */
1874             case 0x36:                          /* Right Shift */
1875             case 0x1d:                          /* Left CTRL */
1876             case 0x9d:                          /* Right CTRL */
1877             case 0x38:                          /* Left ALT */
1878             case 0xb8:                          /* Right ALT */
1879                 break;
1880             case 0xc8:
1881                 kbd_put_keysym(QEMU_KEY_UP);
1882                 break;
1883             case 0xd0:
1884                 kbd_put_keysym(QEMU_KEY_DOWN);
1885                 break;
1886             case 0xcb:
1887                 kbd_put_keysym(QEMU_KEY_LEFT);
1888                 break;
1889             case 0xcd:
1890                 kbd_put_keysym(QEMU_KEY_RIGHT);
1891                 break;
1892             case 0xd3:
1893                 kbd_put_keysym(QEMU_KEY_DELETE);
1894                 break;
1895             case 0xc7:
1896                 kbd_put_keysym(QEMU_KEY_HOME);
1897                 break;
1898             case 0xcf:
1899                 kbd_put_keysym(QEMU_KEY_END);
1900                 break;
1901             case 0xc9:
1902                 kbd_put_keysym(QEMU_KEY_PAGEUP);
1903                 break;
1904             case 0xd1:
1905                 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1906                 break;
1907 
1908             case 0x47:
1909                 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1910                 break;
1911             case 0x48:
1912                 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1913                 break;
1914             case 0x49:
1915                 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1916                 break;
1917             case 0x4b:
1918                 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1919                 break;
1920             case 0x4c:
1921                 kbd_put_keysym('5');
1922                 break;
1923             case 0x4d:
1924                 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1925                 break;
1926             case 0x4f:
1927                 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1928                 break;
1929             case 0x50:
1930                 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1931                 break;
1932             case 0x51:
1933                 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1934                 break;
1935             case 0x52:
1936                 kbd_put_keysym('0');
1937                 break;
1938             case 0x53:
1939                 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1940                 break;
1941 
1942             case 0xb5:
1943                 kbd_put_keysym('/');
1944                 break;
1945             case 0x37:
1946                 kbd_put_keysym('*');
1947                 break;
1948             case 0x4a:
1949                 kbd_put_keysym('-');
1950                 break;
1951             case 0x4e:
1952                 kbd_put_keysym('+');
1953                 break;
1954             case 0x9c:
1955                 kbd_put_keysym('\n');
1956                 break;
1957 
1958             default:
1959                 if (control) {
1960                     kbd_put_keysym(sym & 0x1f);
1961                 } else {
1962                     kbd_put_keysym(sym);
1963                 }
1964                 break;
1965             }
1966         }
1967     }
1968 }
1969 
1970 static const char *code2name(int keycode)
1971 {
1972     return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
1973 }
1974 
1975 static void key_event(VncState *vs, int down, uint32_t sym)
1976 {
1977     int keycode;
1978     int lsym = sym;
1979 
1980     if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1981         lsym = lsym - 'A' + 'a';
1982     }
1983 
1984     keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
1985                               vs->vd->kbd, down) & SCANCODE_KEYMASK;
1986     trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1987     do_key_event(vs, down, keycode, sym);
1988 }
1989 
1990 static void ext_key_event(VncState *vs, int down,
1991                           uint32_t sym, uint16_t keycode)
1992 {
1993     /* if the user specifies a keyboard layout, always use it */
1994     if (keyboard_layout) {
1995         key_event(vs, down, sym);
1996     } else {
1997         trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1998         do_key_event(vs, down, keycode, sym);
1999     }
2000 }
2001 
2002 static void framebuffer_update_request(VncState *vs, int incremental,
2003                                        int x, int y, int w, int h)
2004 {
2005     if (incremental) {
2006         if (vs->update != VNC_STATE_UPDATE_FORCE) {
2007             vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2008         }
2009     } else {
2010         vs->update = VNC_STATE_UPDATE_FORCE;
2011         vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2012     }
2013 }
2014 
2015 static void send_ext_key_event_ack(VncState *vs)
2016 {
2017     vnc_lock_output(vs);
2018     vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2019     vnc_write_u8(vs, 0);
2020     vnc_write_u16(vs, 1);
2021     vnc_framebuffer_update(vs, 0, 0,
2022                            pixman_image_get_width(vs->vd->server),
2023                            pixman_image_get_height(vs->vd->server),
2024                            VNC_ENCODING_EXT_KEY_EVENT);
2025     vnc_unlock_output(vs);
2026     vnc_flush(vs);
2027 }
2028 
2029 static void send_ext_audio_ack(VncState *vs)
2030 {
2031     vnc_lock_output(vs);
2032     vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2033     vnc_write_u8(vs, 0);
2034     vnc_write_u16(vs, 1);
2035     vnc_framebuffer_update(vs, 0, 0,
2036                            pixman_image_get_width(vs->vd->server),
2037                            pixman_image_get_height(vs->vd->server),
2038                            VNC_ENCODING_AUDIO);
2039     vnc_unlock_output(vs);
2040     vnc_flush(vs);
2041 }
2042 
2043 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2044 {
2045     int i;
2046     unsigned int enc = 0;
2047 
2048     vs->features = 0;
2049     vs->vnc_encoding = 0;
2050     vs->tight.compression = 9;
2051     vs->tight.quality = -1; /* Lossless by default */
2052     vs->absolute = -1;
2053 
2054     /*
2055      * Start from the end because the encodings are sent in order of preference.
2056      * This way the preferred encoding (first encoding defined in the array)
2057      * will be set at the end of the loop.
2058      */
2059     for (i = n_encodings - 1; i >= 0; i--) {
2060         enc = encodings[i];
2061         switch (enc) {
2062         case VNC_ENCODING_RAW:
2063             vs->vnc_encoding = enc;
2064             break;
2065         case VNC_ENCODING_COPYRECT:
2066             vs->features |= VNC_FEATURE_COPYRECT_MASK;
2067             break;
2068         case VNC_ENCODING_HEXTILE:
2069             vs->features |= VNC_FEATURE_HEXTILE_MASK;
2070             vs->vnc_encoding = enc;
2071             break;
2072         case VNC_ENCODING_TIGHT:
2073             vs->features |= VNC_FEATURE_TIGHT_MASK;
2074             vs->vnc_encoding = enc;
2075             break;
2076 #ifdef CONFIG_VNC_PNG
2077         case VNC_ENCODING_TIGHT_PNG:
2078             vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2079             vs->vnc_encoding = enc;
2080             break;
2081 #endif
2082         case VNC_ENCODING_ZLIB:
2083             vs->features |= VNC_FEATURE_ZLIB_MASK;
2084             vs->vnc_encoding = enc;
2085             break;
2086         case VNC_ENCODING_ZRLE:
2087             vs->features |= VNC_FEATURE_ZRLE_MASK;
2088             vs->vnc_encoding = enc;
2089             break;
2090         case VNC_ENCODING_ZYWRLE:
2091             vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2092             vs->vnc_encoding = enc;
2093             break;
2094         case VNC_ENCODING_DESKTOPRESIZE:
2095             vs->features |= VNC_FEATURE_RESIZE_MASK;
2096             break;
2097         case VNC_ENCODING_POINTER_TYPE_CHANGE:
2098             vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2099             break;
2100         case VNC_ENCODING_RICH_CURSOR:
2101             vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2102             if (vs->vd->cursor) {
2103                 vnc_cursor_define(vs);
2104             }
2105             break;
2106         case VNC_ENCODING_EXT_KEY_EVENT:
2107             send_ext_key_event_ack(vs);
2108             break;
2109         case VNC_ENCODING_AUDIO:
2110             send_ext_audio_ack(vs);
2111             break;
2112         case VNC_ENCODING_WMVi:
2113             vs->features |= VNC_FEATURE_WMVI_MASK;
2114             break;
2115         case VNC_ENCODING_LED_STATE:
2116             vs->features |= VNC_FEATURE_LED_STATE_MASK;
2117             break;
2118         case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2119             vs->tight.compression = (enc & 0x0F);
2120             break;
2121         case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2122             if (vs->vd->lossy) {
2123                 vs->tight.quality = (enc & 0x0F);
2124             }
2125             break;
2126         default:
2127             VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2128             break;
2129         }
2130     }
2131     vnc_desktop_resize(vs);
2132     check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2133     vnc_led_state_change(vs);
2134 }
2135 
2136 static void set_pixel_conversion(VncState *vs)
2137 {
2138     pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2139 
2140     if (fmt == VNC_SERVER_FB_FORMAT) {
2141         vs->write_pixels = vnc_write_pixels_copy;
2142         vnc_hextile_set_pixel_conversion(vs, 0);
2143     } else {
2144         vs->write_pixels = vnc_write_pixels_generic;
2145         vnc_hextile_set_pixel_conversion(vs, 1);
2146     }
2147 }
2148 
2149 static void send_color_map(VncState *vs)
2150 {
2151     int i;
2152 
2153     vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2154     vnc_write_u8(vs,  0);    /* padding     */
2155     vnc_write_u16(vs, 0);    /* first color */
2156     vnc_write_u16(vs, 256);  /* # of colors */
2157 
2158     for (i = 0; i < 256; i++) {
2159         PixelFormat *pf = &vs->client_pf;
2160 
2161         vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2162         vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2163         vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2164     }
2165 }
2166 
2167 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2168                              int big_endian_flag, int true_color_flag,
2169                              int red_max, int green_max, int blue_max,
2170                              int red_shift, int green_shift, int blue_shift)
2171 {
2172     if (!true_color_flag) {
2173         /* Expose a reasonable default 256 color map */
2174         bits_per_pixel = 8;
2175         red_max = 7;
2176         green_max = 7;
2177         blue_max = 3;
2178         red_shift = 0;
2179         green_shift = 3;
2180         blue_shift = 6;
2181     }
2182 
2183     switch (bits_per_pixel) {
2184     case 8:
2185     case 16:
2186     case 32:
2187         break;
2188     default:
2189         vnc_client_error(vs);
2190         return;
2191     }
2192 
2193     vs->client_pf.rmax = red_max ? red_max : 0xFF;
2194     vs->client_pf.rbits = ctpopl(red_max);
2195     vs->client_pf.rshift = red_shift;
2196     vs->client_pf.rmask = red_max << red_shift;
2197     vs->client_pf.gmax = green_max ? green_max : 0xFF;
2198     vs->client_pf.gbits = ctpopl(green_max);
2199     vs->client_pf.gshift = green_shift;
2200     vs->client_pf.gmask = green_max << green_shift;
2201     vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2202     vs->client_pf.bbits = ctpopl(blue_max);
2203     vs->client_pf.bshift = blue_shift;
2204     vs->client_pf.bmask = blue_max << blue_shift;
2205     vs->client_pf.bits_per_pixel = bits_per_pixel;
2206     vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2207     vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2208     vs->client_be = big_endian_flag;
2209 
2210     if (!true_color_flag) {
2211         send_color_map(vs);
2212     }
2213 
2214     set_pixel_conversion(vs);
2215 
2216     graphic_hw_invalidate(vs->vd->dcl.con);
2217     graphic_hw_update(vs->vd->dcl.con);
2218 }
2219 
2220 static void pixel_format_message (VncState *vs) {
2221     char pad[3] = { 0, 0, 0 };
2222 
2223     vs->client_pf = qemu_default_pixelformat(32);
2224 
2225     vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2226     vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2227 
2228 #ifdef HOST_WORDS_BIGENDIAN
2229     vnc_write_u8(vs, 1);             /* big-endian-flag */
2230 #else
2231     vnc_write_u8(vs, 0);             /* big-endian-flag */
2232 #endif
2233     vnc_write_u8(vs, 1);             /* true-color-flag */
2234     vnc_write_u16(vs, vs->client_pf.rmax);     /* red-max */
2235     vnc_write_u16(vs, vs->client_pf.gmax);     /* green-max */
2236     vnc_write_u16(vs, vs->client_pf.bmax);     /* blue-max */
2237     vnc_write_u8(vs, vs->client_pf.rshift);    /* red-shift */
2238     vnc_write_u8(vs, vs->client_pf.gshift);    /* green-shift */
2239     vnc_write_u8(vs, vs->client_pf.bshift);    /* blue-shift */
2240     vnc_write(vs, pad, 3);           /* padding */
2241 
2242     vnc_hextile_set_pixel_conversion(vs, 0);
2243     vs->write_pixels = vnc_write_pixels_copy;
2244 }
2245 
2246 static void vnc_colordepth(VncState *vs)
2247 {
2248     if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2249         /* Sending a WMVi message to notify the client*/
2250         vnc_lock_output(vs);
2251         vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2252         vnc_write_u8(vs, 0);
2253         vnc_write_u16(vs, 1); /* number of rects */
2254         vnc_framebuffer_update(vs, 0, 0,
2255                                pixman_image_get_width(vs->vd->server),
2256                                pixman_image_get_height(vs->vd->server),
2257                                VNC_ENCODING_WMVi);
2258         pixel_format_message(vs);
2259         vnc_unlock_output(vs);
2260         vnc_flush(vs);
2261     } else {
2262         set_pixel_conversion(vs);
2263     }
2264 }
2265 
2266 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2267 {
2268     int i;
2269     uint16_t limit;
2270     uint32_t freq;
2271     VncDisplay *vd = vs->vd;
2272 
2273     if (data[0] > 3) {
2274         update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2275     }
2276 
2277     switch (data[0]) {
2278     case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2279         if (len == 1)
2280             return 20;
2281 
2282         set_pixel_format(vs, read_u8(data, 4),
2283                          read_u8(data, 6), read_u8(data, 7),
2284                          read_u16(data, 8), read_u16(data, 10),
2285                          read_u16(data, 12), read_u8(data, 14),
2286                          read_u8(data, 15), read_u8(data, 16));
2287         break;
2288     case VNC_MSG_CLIENT_SET_ENCODINGS:
2289         if (len == 1)
2290             return 4;
2291 
2292         if (len == 4) {
2293             limit = read_u16(data, 2);
2294             if (limit > 0)
2295                 return 4 + (limit * 4);
2296         } else
2297             limit = read_u16(data, 2);
2298 
2299         for (i = 0; i < limit; i++) {
2300             int32_t val = read_s32(data, 4 + (i * 4));
2301             memcpy(data + 4 + (i * 4), &val, sizeof(val));
2302         }
2303 
2304         set_encodings(vs, (int32_t *)(data + 4), limit);
2305         break;
2306     case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2307         if (len == 1)
2308             return 10;
2309 
2310         framebuffer_update_request(vs,
2311                                    read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2312                                    read_u16(data, 6), read_u16(data, 8));
2313         break;
2314     case VNC_MSG_CLIENT_KEY_EVENT:
2315         if (len == 1)
2316             return 8;
2317 
2318         key_event(vs, read_u8(data, 1), read_u32(data, 4));
2319         break;
2320     case VNC_MSG_CLIENT_POINTER_EVENT:
2321         if (len == 1)
2322             return 6;
2323 
2324         pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2325         break;
2326     case VNC_MSG_CLIENT_CUT_TEXT:
2327         if (len == 1) {
2328             return 8;
2329         }
2330         if (len == 8) {
2331             uint32_t dlen = read_u32(data, 4);
2332             if (dlen > (1 << 20)) {
2333                 error_report("vnc: client_cut_text msg payload has %u bytes"
2334                              " which exceeds our limit of 1MB.", dlen);
2335                 vnc_client_error(vs);
2336                 break;
2337             }
2338             if (dlen > 0) {
2339                 return 8 + dlen;
2340             }
2341         }
2342 
2343         client_cut_text(vs, read_u32(data, 4), data + 8);
2344         break;
2345     case VNC_MSG_CLIENT_QEMU:
2346         if (len == 1)
2347             return 2;
2348 
2349         switch (read_u8(data, 1)) {
2350         case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2351             if (len == 2)
2352                 return 12;
2353 
2354             ext_key_event(vs, read_u16(data, 2),
2355                           read_u32(data, 4), read_u32(data, 8));
2356             break;
2357         case VNC_MSG_CLIENT_QEMU_AUDIO:
2358             if (len == 2)
2359                 return 4;
2360 
2361             switch (read_u16 (data, 2)) {
2362             case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2363                 audio_add(vs);
2364                 break;
2365             case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2366                 audio_del(vs);
2367                 break;
2368             case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2369                 if (len == 4)
2370                     return 10;
2371                 switch (read_u8(data, 4)) {
2372                 case 0: vs->as.fmt = AUD_FMT_U8; break;
2373                 case 1: vs->as.fmt = AUD_FMT_S8; break;
2374                 case 2: vs->as.fmt = AUD_FMT_U16; break;
2375                 case 3: vs->as.fmt = AUD_FMT_S16; break;
2376                 case 4: vs->as.fmt = AUD_FMT_U32; break;
2377                 case 5: vs->as.fmt = AUD_FMT_S32; break;
2378                 default:
2379                     VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2380                     vnc_client_error(vs);
2381                     break;
2382                 }
2383                 vs->as.nchannels = read_u8(data, 5);
2384                 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2385                     VNC_DEBUG("Invalid audio channel count %d\n",
2386                               read_u8(data, 5));
2387                     vnc_client_error(vs);
2388                     break;
2389                 }
2390                 freq = read_u32(data, 6);
2391                 /* No official limit for protocol, but 48khz is a sensible
2392                  * upper bound for trustworthy clients, and this limit
2393                  * protects calculations involving 'vs->as.freq' later.
2394                  */
2395                 if (freq > 48000) {
2396                     VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2397                     vnc_client_error(vs);
2398                     break;
2399                 }
2400                 vs->as.freq = freq;
2401                 break;
2402             default:
2403                 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2404                 vnc_client_error(vs);
2405                 break;
2406             }
2407             break;
2408 
2409         default:
2410             VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2411             vnc_client_error(vs);
2412             break;
2413         }
2414         break;
2415     default:
2416         VNC_DEBUG("Msg: %d\n", data[0]);
2417         vnc_client_error(vs);
2418         break;
2419     }
2420 
2421     vnc_update_throttle_offset(vs);
2422     vnc_read_when(vs, protocol_client_msg, 1);
2423     return 0;
2424 }
2425 
2426 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2427 {
2428     char buf[1024];
2429     VncShareMode mode;
2430     int size;
2431 
2432     mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2433     switch (vs->vd->share_policy) {
2434     case VNC_SHARE_POLICY_IGNORE:
2435         /*
2436          * Ignore the shared flag.  Nothing to do here.
2437          *
2438          * Doesn't conform to the rfb spec but is traditional qemu
2439          * behavior, thus left here as option for compatibility
2440          * reasons.
2441          */
2442         break;
2443     case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2444         /*
2445          * Policy: Allow clients ask for exclusive access.
2446          *
2447          * Implementation: When a client asks for exclusive access,
2448          * disconnect all others. Shared connects are allowed as long
2449          * as no exclusive connection exists.
2450          *
2451          * This is how the rfb spec suggests to handle the shared flag.
2452          */
2453         if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2454             VncState *client;
2455             QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2456                 if (vs == client) {
2457                     continue;
2458                 }
2459                 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2460                     client->share_mode != VNC_SHARE_MODE_SHARED) {
2461                     continue;
2462                 }
2463                 vnc_disconnect_start(client);
2464             }
2465         }
2466         if (mode == VNC_SHARE_MODE_SHARED) {
2467             if (vs->vd->num_exclusive > 0) {
2468                 vnc_disconnect_start(vs);
2469                 return 0;
2470             }
2471         }
2472         break;
2473     case VNC_SHARE_POLICY_FORCE_SHARED:
2474         /*
2475          * Policy: Shared connects only.
2476          * Implementation: Disallow clients asking for exclusive access.
2477          *
2478          * Useful for shared desktop sessions where you don't want
2479          * someone forgetting to say -shared when running the vnc
2480          * client disconnect everybody else.
2481          */
2482         if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2483             vnc_disconnect_start(vs);
2484             return 0;
2485         }
2486         break;
2487     }
2488     vnc_set_share_mode(vs, mode);
2489 
2490     if (vs->vd->num_shared > vs->vd->connections_limit) {
2491         vnc_disconnect_start(vs);
2492         return 0;
2493     }
2494 
2495     assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2496            pixman_image_get_width(vs->vd->server) >= 0);
2497     assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2498            pixman_image_get_height(vs->vd->server) >= 0);
2499     vs->client_width = pixman_image_get_width(vs->vd->server);
2500     vs->client_height = pixman_image_get_height(vs->vd->server);
2501     vnc_write_u16(vs, vs->client_width);
2502     vnc_write_u16(vs, vs->client_height);
2503 
2504     pixel_format_message(vs);
2505 
2506     if (qemu_name) {
2507         size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2508         if (size > sizeof(buf)) {
2509             size = sizeof(buf);
2510         }
2511     } else {
2512         size = snprintf(buf, sizeof(buf), "QEMU");
2513     }
2514 
2515     vnc_write_u32(vs, size);
2516     vnc_write(vs, buf, size);
2517     vnc_flush(vs);
2518 
2519     vnc_client_cache_auth(vs);
2520     vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2521 
2522     vnc_read_when(vs, protocol_client_msg, 1);
2523 
2524     return 0;
2525 }
2526 
2527 void start_client_init(VncState *vs)
2528 {
2529     vnc_read_when(vs, protocol_client_init, 1);
2530 }
2531 
2532 static void make_challenge(VncState *vs)
2533 {
2534     int i;
2535 
2536     srand(time(NULL)+getpid()+getpid()*987654+rand());
2537 
2538     for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2539         vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2540 }
2541 
2542 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2543 {
2544     unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2545     size_t i, pwlen;
2546     unsigned char key[8];
2547     time_t now = time(NULL);
2548     QCryptoCipher *cipher = NULL;
2549     Error *err = NULL;
2550 
2551     if (!vs->vd->password) {
2552         trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2553         goto reject;
2554     }
2555     if (vs->vd->expires < now) {
2556         trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2557         goto reject;
2558     }
2559 
2560     memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2561 
2562     /* Calculate the expected challenge response */
2563     pwlen = strlen(vs->vd->password);
2564     for (i=0; i<sizeof(key); i++)
2565         key[i] = i<pwlen ? vs->vd->password[i] : 0;
2566 
2567     cipher = qcrypto_cipher_new(
2568         QCRYPTO_CIPHER_ALG_DES_RFB,
2569         QCRYPTO_CIPHER_MODE_ECB,
2570         key, G_N_ELEMENTS(key),
2571         &err);
2572     if (!cipher) {
2573         trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2574                             error_get_pretty(err));
2575         error_free(err);
2576         goto reject;
2577     }
2578 
2579     if (qcrypto_cipher_encrypt(cipher,
2580                                vs->challenge,
2581                                response,
2582                                VNC_AUTH_CHALLENGE_SIZE,
2583                                &err) < 0) {
2584         trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2585                             error_get_pretty(err));
2586         error_free(err);
2587         goto reject;
2588     }
2589 
2590     /* Compare expected vs actual challenge response */
2591     if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2592         trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2593         goto reject;
2594     } else {
2595         trace_vnc_auth_pass(vs, vs->auth);
2596         vnc_write_u32(vs, 0); /* Accept auth */
2597         vnc_flush(vs);
2598 
2599         start_client_init(vs);
2600     }
2601 
2602     qcrypto_cipher_free(cipher);
2603     return 0;
2604 
2605 reject:
2606     vnc_write_u32(vs, 1); /* Reject auth */
2607     if (vs->minor >= 8) {
2608         static const char err[] = "Authentication failed";
2609         vnc_write_u32(vs, sizeof(err));
2610         vnc_write(vs, err, sizeof(err));
2611     }
2612     vnc_flush(vs);
2613     vnc_client_error(vs);
2614     qcrypto_cipher_free(cipher);
2615     return 0;
2616 }
2617 
2618 void start_auth_vnc(VncState *vs)
2619 {
2620     make_challenge(vs);
2621     /* Send client a 'random' challenge */
2622     vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2623     vnc_flush(vs);
2624 
2625     vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2626 }
2627 
2628 
2629 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2630 {
2631     /* We only advertise 1 auth scheme at a time, so client
2632      * must pick the one we sent. Verify this */
2633     if (data[0] != vs->auth) { /* Reject auth */
2634        trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2635        vnc_write_u32(vs, 1);
2636        if (vs->minor >= 8) {
2637            static const char err[] = "Authentication failed";
2638            vnc_write_u32(vs, sizeof(err));
2639            vnc_write(vs, err, sizeof(err));
2640        }
2641        vnc_client_error(vs);
2642     } else { /* Accept requested auth */
2643        trace_vnc_auth_start(vs, vs->auth);
2644        switch (vs->auth) {
2645        case VNC_AUTH_NONE:
2646            if (vs->minor >= 8) {
2647                vnc_write_u32(vs, 0); /* Accept auth completion */
2648                vnc_flush(vs);
2649            }
2650            trace_vnc_auth_pass(vs, vs->auth);
2651            start_client_init(vs);
2652            break;
2653 
2654        case VNC_AUTH_VNC:
2655            start_auth_vnc(vs);
2656            break;
2657 
2658        case VNC_AUTH_VENCRYPT:
2659            start_auth_vencrypt(vs);
2660            break;
2661 
2662 #ifdef CONFIG_VNC_SASL
2663        case VNC_AUTH_SASL:
2664            start_auth_sasl(vs);
2665            break;
2666 #endif /* CONFIG_VNC_SASL */
2667 
2668        default: /* Should not be possible, but just in case */
2669            trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2670            vnc_write_u8(vs, 1);
2671            if (vs->minor >= 8) {
2672                static const char err[] = "Authentication failed";
2673                vnc_write_u32(vs, sizeof(err));
2674                vnc_write(vs, err, sizeof(err));
2675            }
2676            vnc_client_error(vs);
2677        }
2678     }
2679     return 0;
2680 }
2681 
2682 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2683 {
2684     char local[13];
2685 
2686     memcpy(local, version, 12);
2687     local[12] = 0;
2688 
2689     if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2690         VNC_DEBUG("Malformed protocol version %s\n", local);
2691         vnc_client_error(vs);
2692         return 0;
2693     }
2694     VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2695     if (vs->major != 3 ||
2696         (vs->minor != 3 &&
2697          vs->minor != 4 &&
2698          vs->minor != 5 &&
2699          vs->minor != 7 &&
2700          vs->minor != 8)) {
2701         VNC_DEBUG("Unsupported client version\n");
2702         vnc_write_u32(vs, VNC_AUTH_INVALID);
2703         vnc_flush(vs);
2704         vnc_client_error(vs);
2705         return 0;
2706     }
2707     /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2708      * as equivalent to v3.3 by servers
2709      */
2710     if (vs->minor == 4 || vs->minor == 5)
2711         vs->minor = 3;
2712 
2713     if (vs->minor == 3) {
2714         trace_vnc_auth_start(vs, vs->auth);
2715         if (vs->auth == VNC_AUTH_NONE) {
2716             vnc_write_u32(vs, vs->auth);
2717             vnc_flush(vs);
2718             trace_vnc_auth_pass(vs, vs->auth);
2719             start_client_init(vs);
2720        } else if (vs->auth == VNC_AUTH_VNC) {
2721             VNC_DEBUG("Tell client VNC auth\n");
2722             vnc_write_u32(vs, vs->auth);
2723             vnc_flush(vs);
2724             start_auth_vnc(vs);
2725        } else {
2726             trace_vnc_auth_fail(vs, vs->auth,
2727                                 "Unsupported auth method for v3.3", "");
2728             vnc_write_u32(vs, VNC_AUTH_INVALID);
2729             vnc_flush(vs);
2730             vnc_client_error(vs);
2731        }
2732     } else {
2733         vnc_write_u8(vs, 1); /* num auth */
2734         vnc_write_u8(vs, vs->auth);
2735         vnc_read_when(vs, protocol_client_auth, 1);
2736         vnc_flush(vs);
2737     }
2738 
2739     return 0;
2740 }
2741 
2742 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2743 {
2744     struct VncSurface *vs = &vd->guest;
2745 
2746     return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2747 }
2748 
2749 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2750 {
2751     int i, j;
2752 
2753     w = (x + w) / VNC_STAT_RECT;
2754     h = (y + h) / VNC_STAT_RECT;
2755     x /= VNC_STAT_RECT;
2756     y /= VNC_STAT_RECT;
2757 
2758     for (j = y; j <= h; j++) {
2759         for (i = x; i <= w; i++) {
2760             vs->lossy_rect[j][i] = 1;
2761         }
2762     }
2763 }
2764 
2765 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2766 {
2767     VncState *vs;
2768     int sty = y / VNC_STAT_RECT;
2769     int stx = x / VNC_STAT_RECT;
2770     int has_dirty = 0;
2771 
2772     y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2773     x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2774 
2775     QTAILQ_FOREACH(vs, &vd->clients, next) {
2776         int j;
2777 
2778         /* kernel send buffers are full -> refresh later */
2779         if (vs->output.offset) {
2780             continue;
2781         }
2782 
2783         if (!vs->lossy_rect[sty][stx]) {
2784             continue;
2785         }
2786 
2787         vs->lossy_rect[sty][stx] = 0;
2788         for (j = 0; j < VNC_STAT_RECT; ++j) {
2789             bitmap_set(vs->dirty[y + j],
2790                        x / VNC_DIRTY_PIXELS_PER_BIT,
2791                        VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2792         }
2793         has_dirty++;
2794     }
2795 
2796     return has_dirty;
2797 }
2798 
2799 static int vnc_update_stats(VncDisplay *vd,  struct timeval * tv)
2800 {
2801     int width = MIN(pixman_image_get_width(vd->guest.fb),
2802                     pixman_image_get_width(vd->server));
2803     int height = MIN(pixman_image_get_height(vd->guest.fb),
2804                      pixman_image_get_height(vd->server));
2805     int x, y;
2806     struct timeval res;
2807     int has_dirty = 0;
2808 
2809     for (y = 0; y < height; y += VNC_STAT_RECT) {
2810         for (x = 0; x < width; x += VNC_STAT_RECT) {
2811             VncRectStat *rect = vnc_stat_rect(vd, x, y);
2812 
2813             rect->updated = false;
2814         }
2815     }
2816 
2817     qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2818 
2819     if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2820         return has_dirty;
2821     }
2822     vd->guest.last_freq_check = *tv;
2823 
2824     for (y = 0; y < height; y += VNC_STAT_RECT) {
2825         for (x = 0; x < width; x += VNC_STAT_RECT) {
2826             VncRectStat *rect= vnc_stat_rect(vd, x, y);
2827             int count = ARRAY_SIZE(rect->times);
2828             struct timeval min, max;
2829 
2830             if (!timerisset(&rect->times[count - 1])) {
2831                 continue ;
2832             }
2833 
2834             max = rect->times[(rect->idx + count - 1) % count];
2835             qemu_timersub(tv, &max, &res);
2836 
2837             if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2838                 rect->freq = 0;
2839                 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2840                 memset(rect->times, 0, sizeof (rect->times));
2841                 continue ;
2842             }
2843 
2844             min = rect->times[rect->idx];
2845             max = rect->times[(rect->idx + count - 1) % count];
2846             qemu_timersub(&max, &min, &res);
2847 
2848             rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2849             rect->freq /= count;
2850             rect->freq = 1. / rect->freq;
2851         }
2852     }
2853     return has_dirty;
2854 }
2855 
2856 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2857 {
2858     int i, j;
2859     double total = 0;
2860     int num = 0;
2861 
2862     x =  QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2863     y =  QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2864 
2865     for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2866         for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2867             total += vnc_stat_rect(vs->vd, i, j)->freq;
2868             num++;
2869         }
2870     }
2871 
2872     if (num) {
2873         return total / num;
2874     } else {
2875         return 0;
2876     }
2877 }
2878 
2879 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2880 {
2881     VncRectStat *rect;
2882 
2883     rect = vnc_stat_rect(vd, x, y);
2884     if (rect->updated) {
2885         return ;
2886     }
2887     rect->times[rect->idx] = *tv;
2888     rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2889     rect->updated = true;
2890 }
2891 
2892 static int vnc_refresh_server_surface(VncDisplay *vd)
2893 {
2894     int width = MIN(pixman_image_get_width(vd->guest.fb),
2895                     pixman_image_get_width(vd->server));
2896     int height = MIN(pixman_image_get_height(vd->guest.fb),
2897                      pixman_image_get_height(vd->server));
2898     int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2899     uint8_t *guest_row0 = NULL, *server_row0;
2900     VncState *vs;
2901     int has_dirty = 0;
2902     pixman_image_t *tmpbuf = NULL;
2903 
2904     struct timeval tv = { 0, 0 };
2905 
2906     if (!vd->non_adaptive) {
2907         gettimeofday(&tv, NULL);
2908         has_dirty = vnc_update_stats(vd, &tv);
2909     }
2910 
2911     /*
2912      * Walk through the guest dirty map.
2913      * Check and copy modified bits from guest to server surface.
2914      * Update server dirty map.
2915      */
2916     server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2917     server_stride = guest_stride = guest_ll =
2918         pixman_image_get_stride(vd->server);
2919     cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2920                     server_stride);
2921     if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2922         int width = pixman_image_get_width(vd->server);
2923         tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2924     } else {
2925         int guest_bpp =
2926             PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2927         guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2928         guest_stride = pixman_image_get_stride(vd->guest.fb);
2929         guest_ll = pixman_image_get_width(vd->guest.fb)
2930                    * DIV_ROUND_UP(guest_bpp, 8);
2931     }
2932     line_bytes = MIN(server_stride, guest_ll);
2933 
2934     for (;;) {
2935         int x;
2936         uint8_t *guest_ptr, *server_ptr;
2937         unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2938                                              height * VNC_DIRTY_BPL(&vd->guest),
2939                                              y * VNC_DIRTY_BPL(&vd->guest));
2940         if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2941             /* no more dirty bits */
2942             break;
2943         }
2944         y = offset / VNC_DIRTY_BPL(&vd->guest);
2945         x = offset % VNC_DIRTY_BPL(&vd->guest);
2946 
2947         server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2948 
2949         if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2950             qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2951             guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2952         } else {
2953             guest_ptr = guest_row0 + y * guest_stride;
2954         }
2955         guest_ptr += x * cmp_bytes;
2956 
2957         for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2958              x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2959             int _cmp_bytes = cmp_bytes;
2960             if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2961                 continue;
2962             }
2963             if ((x + 1) * cmp_bytes > line_bytes) {
2964                 _cmp_bytes = line_bytes - x * cmp_bytes;
2965             }
2966             assert(_cmp_bytes >= 0);
2967             if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2968                 continue;
2969             }
2970             memcpy(server_ptr, guest_ptr, _cmp_bytes);
2971             if (!vd->non_adaptive) {
2972                 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2973                                  y, &tv);
2974             }
2975             QTAILQ_FOREACH(vs, &vd->clients, next) {
2976                 set_bit(x, vs->dirty[y]);
2977             }
2978             has_dirty++;
2979         }
2980 
2981         y++;
2982     }
2983     qemu_pixman_image_unref(tmpbuf);
2984     return has_dirty;
2985 }
2986 
2987 static void vnc_refresh(DisplayChangeListener *dcl)
2988 {
2989     VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2990     VncState *vs, *vn;
2991     int has_dirty, rects = 0;
2992 
2993     if (QTAILQ_EMPTY(&vd->clients)) {
2994         update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2995         return;
2996     }
2997 
2998     graphic_hw_update(vd->dcl.con);
2999 
3000     if (vnc_trylock_display(vd)) {
3001         update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3002         return;
3003     }
3004 
3005     has_dirty = vnc_refresh_server_surface(vd);
3006     vnc_unlock_display(vd);
3007 
3008     QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3009         rects += vnc_update_client(vs, has_dirty);
3010         /* vs might be free()ed here */
3011     }
3012 
3013     if (has_dirty && rects) {
3014         vd->dcl.update_interval /= 2;
3015         if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3016             vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3017         }
3018     } else {
3019         vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3020         if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3021             vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3022         }
3023     }
3024 }
3025 
3026 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3027                         bool skipauth, bool websocket)
3028 {
3029     VncState *vs = g_new0(VncState, 1);
3030     bool first_client = QTAILQ_EMPTY(&vd->clients);
3031     int i;
3032 
3033     trace_vnc_client_connect(vs, sioc);
3034     vs->magic = VNC_MAGIC;
3035     vs->sioc = sioc;
3036     object_ref(OBJECT(vs->sioc));
3037     vs->ioc = QIO_CHANNEL(sioc);
3038     object_ref(OBJECT(vs->ioc));
3039     vs->vd = vd;
3040 
3041     buffer_init(&vs->input,          "vnc-input/%p", sioc);
3042     buffer_init(&vs->output,         "vnc-output/%p", sioc);
3043     buffer_init(&vs->jobs_buffer,    "vnc-jobs_buffer/%p", sioc);
3044 
3045     buffer_init(&vs->tight.tight,    "vnc-tight/%p", sioc);
3046     buffer_init(&vs->tight.zlib,     "vnc-tight-zlib/%p", sioc);
3047     buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
3048 #ifdef CONFIG_VNC_JPEG
3049     buffer_init(&vs->tight.jpeg,     "vnc-tight-jpeg/%p", sioc);
3050 #endif
3051 #ifdef CONFIG_VNC_PNG
3052     buffer_init(&vs->tight.png,      "vnc-tight-png/%p", sioc);
3053 #endif
3054     buffer_init(&vs->zlib.zlib,      "vnc-zlib/%p", sioc);
3055     buffer_init(&vs->zrle.zrle,      "vnc-zrle/%p", sioc);
3056     buffer_init(&vs->zrle.fb,        "vnc-zrle-fb/%p", sioc);
3057     buffer_init(&vs->zrle.zlib,      "vnc-zrle-zlib/%p", sioc);
3058 
3059     if (skipauth) {
3060         vs->auth = VNC_AUTH_NONE;
3061         vs->subauth = VNC_AUTH_INVALID;
3062     } else {
3063         if (websocket) {
3064             vs->auth = vd->ws_auth;
3065             vs->subauth = VNC_AUTH_INVALID;
3066         } else {
3067             vs->auth = vd->auth;
3068             vs->subauth = vd->subauth;
3069         }
3070     }
3071     VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3072               sioc, websocket, vs->auth, vs->subauth);
3073 
3074     vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3075     for (i = 0; i < VNC_STAT_ROWS; ++i) {
3076         vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3077     }
3078 
3079     VNC_DEBUG("New client on socket %p\n", vs->sioc);
3080     update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3081     qio_channel_set_blocking(vs->ioc, false, NULL);
3082     if (vs->ioc_tag) {
3083         g_source_remove(vs->ioc_tag);
3084     }
3085     if (websocket) {
3086         vs->websocket = 1;
3087         if (vd->tlscreds) {
3088             vs->ioc_tag = qio_channel_add_watch(
3089                 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3090         } else {
3091             vs->ioc_tag = qio_channel_add_watch(
3092                 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3093         }
3094     } else {
3095         vs->ioc_tag = qio_channel_add_watch(
3096             vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3097     }
3098 
3099     vnc_client_cache_addr(vs);
3100     vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3101     vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3102 
3103     vs->last_x = -1;
3104     vs->last_y = -1;
3105 
3106     vs->as.freq = 44100;
3107     vs->as.nchannels = 2;
3108     vs->as.fmt = AUD_FMT_S16;
3109     vs->as.endianness = 0;
3110 
3111     qemu_mutex_init(&vs->output_mutex);
3112     vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3113 
3114     QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3115     if (first_client) {
3116         vnc_update_server_surface(vd);
3117     }
3118 
3119     graphic_hw_update(vd->dcl.con);
3120 
3121     if (!vs->websocket) {
3122         vnc_start_protocol(vs);
3123     }
3124 
3125     if (vd->num_connecting > vd->connections_limit) {
3126         QTAILQ_FOREACH(vs, &vd->clients, next) {
3127             if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3128                 vnc_disconnect_start(vs);
3129                 return;
3130             }
3131         }
3132     }
3133 }
3134 
3135 void vnc_start_protocol(VncState *vs)
3136 {
3137     vnc_write(vs, "RFB 003.008\n", 12);
3138     vnc_flush(vs);
3139     vnc_read_when(vs, protocol_version, 12);
3140 
3141     vs->mouse_mode_notifier.notify = check_pointer_type_change;
3142     qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3143 }
3144 
3145 static void vnc_listen_io(QIONetListener *listener,
3146                           QIOChannelSocket *cioc,
3147                           void *opaque)
3148 {
3149     VncDisplay *vd = opaque;
3150     bool isWebsock = listener == vd->wslistener;
3151 
3152     qio_channel_set_name(QIO_CHANNEL(cioc),
3153                          isWebsock ? "vnc-ws-server" : "vnc-server");
3154     qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3155     vnc_connect(vd, cioc, false, isWebsock);
3156 }
3157 
3158 static const DisplayChangeListenerOps dcl_ops = {
3159     .dpy_name             = "vnc",
3160     .dpy_refresh          = vnc_refresh,
3161     .dpy_gfx_update       = vnc_dpy_update,
3162     .dpy_gfx_switch       = vnc_dpy_switch,
3163     .dpy_gfx_check_format = qemu_pixman_check_format,
3164     .dpy_mouse_set        = vnc_mouse_set,
3165     .dpy_cursor_define    = vnc_dpy_cursor_define,
3166 };
3167 
3168 void vnc_display_init(const char *id, Error **errp)
3169 {
3170     VncDisplay *vd;
3171 
3172     if (vnc_display_find(id) != NULL) {
3173         return;
3174     }
3175     vd = g_malloc0(sizeof(*vd));
3176 
3177     vd->id = strdup(id);
3178     QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3179 
3180     QTAILQ_INIT(&vd->clients);
3181     vd->expires = TIME_MAX;
3182 
3183     if (keyboard_layout) {
3184         trace_vnc_key_map_init(keyboard_layout);
3185         vd->kbd_layout = init_keyboard_layout(name2keysym,
3186                                               keyboard_layout, errp);
3187     } else {
3188         vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3189     }
3190 
3191     if (!vd->kbd_layout) {
3192         return;
3193     }
3194 
3195     vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3196     vd->connections_limit = 32;
3197 
3198     qemu_mutex_init(&vd->mutex);
3199     vnc_start_worker_thread();
3200 
3201     vd->dcl.ops = &dcl_ops;
3202     register_displaychangelistener(&vd->dcl);
3203     vd->kbd = qkbd_state_init(vd->dcl.con);
3204 }
3205 
3206 
3207 static void vnc_display_close(VncDisplay *vd)
3208 {
3209     if (!vd) {
3210         return;
3211     }
3212     vd->is_unix = false;
3213 
3214     if (vd->listener) {
3215         qio_net_listener_disconnect(vd->listener);
3216         object_unref(OBJECT(vd->listener));
3217     }
3218     vd->listener = NULL;
3219 
3220     if (vd->wslistener) {
3221         qio_net_listener_disconnect(vd->wslistener);
3222         object_unref(OBJECT(vd->wslistener));
3223     }
3224     vd->wslistener = NULL;
3225 
3226     vd->auth = VNC_AUTH_INVALID;
3227     vd->subauth = VNC_AUTH_INVALID;
3228     if (vd->tlscreds) {
3229         object_unparent(OBJECT(vd->tlscreds));
3230         vd->tlscreds = NULL;
3231     }
3232     if (vd->tlsauthz) {
3233         object_unparent(OBJECT(vd->tlsauthz));
3234         vd->tlsauthz = NULL;
3235     }
3236     g_free(vd->tlsauthzid);
3237     vd->tlsauthzid = NULL;
3238     if (vd->lock_key_sync) {
3239         qemu_remove_led_event_handler(vd->led);
3240         vd->led = NULL;
3241     }
3242 #ifdef CONFIG_VNC_SASL
3243     if (vd->sasl.authz) {
3244         object_unparent(OBJECT(vd->sasl.authz));
3245         vd->sasl.authz = NULL;
3246     }
3247     g_free(vd->sasl.authzid);
3248     vd->sasl.authzid = NULL;
3249 #endif
3250 }
3251 
3252 int vnc_display_password(const char *id, const char *password)
3253 {
3254     VncDisplay *vd = vnc_display_find(id);
3255 
3256     if (!vd) {
3257         return -EINVAL;
3258     }
3259     if (vd->auth == VNC_AUTH_NONE) {
3260         error_printf_unless_qmp("If you want use passwords please enable "
3261                                 "password auth using '-vnc ${dpy},password'.\n");
3262         return -EINVAL;
3263     }
3264 
3265     g_free(vd->password);
3266     vd->password = g_strdup(password);
3267 
3268     return 0;
3269 }
3270 
3271 int vnc_display_pw_expire(const char *id, time_t expires)
3272 {
3273     VncDisplay *vd = vnc_display_find(id);
3274 
3275     if (!vd) {
3276         return -EINVAL;
3277     }
3278 
3279     vd->expires = expires;
3280     return 0;
3281 }
3282 
3283 static void vnc_display_print_local_addr(VncDisplay *vd)
3284 {
3285     SocketAddress *addr;
3286     Error *err = NULL;
3287 
3288     if (!vd->listener || !vd->listener->nsioc) {
3289         return;
3290     }
3291 
3292     addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], &err);
3293     if (!addr) {
3294         return;
3295     }
3296 
3297     if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3298         qapi_free_SocketAddress(addr);
3299         return;
3300     }
3301     error_printf_unless_qmp("VNC server running on %s:%s\n",
3302                             addr->u.inet.host,
3303                             addr->u.inet.port);
3304     qapi_free_SocketAddress(addr);
3305 }
3306 
3307 static QemuOptsList qemu_vnc_opts = {
3308     .name = "vnc",
3309     .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3310     .implied_opt_name = "vnc",
3311     .desc = {
3312         {
3313             .name = "vnc",
3314             .type = QEMU_OPT_STRING,
3315         },{
3316             .name = "websocket",
3317             .type = QEMU_OPT_STRING,
3318         },{
3319             .name = "tls-creds",
3320             .type = QEMU_OPT_STRING,
3321         },{
3322             .name = "share",
3323             .type = QEMU_OPT_STRING,
3324         },{
3325             .name = "display",
3326             .type = QEMU_OPT_STRING,
3327         },{
3328             .name = "head",
3329             .type = QEMU_OPT_NUMBER,
3330         },{
3331             .name = "connections",
3332             .type = QEMU_OPT_NUMBER,
3333         },{
3334             .name = "to",
3335             .type = QEMU_OPT_NUMBER,
3336         },{
3337             .name = "ipv4",
3338             .type = QEMU_OPT_BOOL,
3339         },{
3340             .name = "ipv6",
3341             .type = QEMU_OPT_BOOL,
3342         },{
3343             .name = "password",
3344             .type = QEMU_OPT_BOOL,
3345         },{
3346             .name = "reverse",
3347             .type = QEMU_OPT_BOOL,
3348         },{
3349             .name = "lock-key-sync",
3350             .type = QEMU_OPT_BOOL,
3351         },{
3352             .name = "key-delay-ms",
3353             .type = QEMU_OPT_NUMBER,
3354         },{
3355             .name = "sasl",
3356             .type = QEMU_OPT_BOOL,
3357         },{
3358             .name = "acl",
3359             .type = QEMU_OPT_BOOL,
3360         },{
3361             .name = "lossy",
3362             .type = QEMU_OPT_BOOL,
3363         },{
3364             .name = "non-adaptive",
3365             .type = QEMU_OPT_BOOL,
3366         },
3367         { /* end of list */ }
3368     },
3369 };
3370 
3371 
3372 static int
3373 vnc_display_setup_auth(int *auth,
3374                        int *subauth,
3375                        QCryptoTLSCreds *tlscreds,
3376                        bool password,
3377                        bool sasl,
3378                        bool websocket,
3379                        Error **errp)
3380 {
3381     /*
3382      * We have a choice of 3 authentication options
3383      *
3384      *   1. none
3385      *   2. vnc
3386      *   3. sasl
3387      *
3388      * The channel can be run in 2 modes
3389      *
3390      *   1. clear
3391      *   2. tls
3392      *
3393      * And TLS can use 2 types of credentials
3394      *
3395      *   1. anon
3396      *   2. x509
3397      *
3398      * We thus have 9 possible logical combinations
3399      *
3400      *   1. clear + none
3401      *   2. clear + vnc
3402      *   3. clear + sasl
3403      *   4. tls + anon + none
3404      *   5. tls + anon + vnc
3405      *   6. tls + anon + sasl
3406      *   7. tls + x509 + none
3407      *   8. tls + x509 + vnc
3408      *   9. tls + x509 + sasl
3409      *
3410      * These need to be mapped into the VNC auth schemes
3411      * in an appropriate manner. In regular VNC, all the
3412      * TLS options get mapped into VNC_AUTH_VENCRYPT
3413      * sub-auth types.
3414      *
3415      * In websockets, the https:// protocol already provides
3416      * TLS support, so there is no need to make use of the
3417      * VeNCrypt extension. Furthermore, websockets browser
3418      * clients could not use VeNCrypt even if they wanted to,
3419      * as they cannot control when the TLS handshake takes
3420      * place. Thus there is no option but to rely on https://,
3421      * meaning combinations 4->6 and 7->9 will be mapped to
3422      * VNC auth schemes in the same way as combos 1->3.
3423      *
3424      * Regardless of fact that we have a different mapping to
3425      * VNC auth mechs for plain VNC vs websockets VNC, the end
3426      * result has the same security characteristics.
3427      */
3428     if (websocket || !tlscreds) {
3429         if (password) {
3430             VNC_DEBUG("Initializing VNC server with password auth\n");
3431             *auth = VNC_AUTH_VNC;
3432         } else if (sasl) {
3433             VNC_DEBUG("Initializing VNC server with SASL auth\n");
3434             *auth = VNC_AUTH_SASL;
3435         } else {
3436             VNC_DEBUG("Initializing VNC server with no auth\n");
3437             *auth = VNC_AUTH_NONE;
3438         }
3439         *subauth = VNC_AUTH_INVALID;
3440     } else {
3441         bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3442                                            TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3443         bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3444                                            TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3445 
3446         if (!is_x509 && !is_anon) {
3447             error_setg(errp,
3448                        "Unsupported TLS cred type %s",
3449                        object_get_typename(OBJECT(tlscreds)));
3450             return -1;
3451         }
3452         *auth = VNC_AUTH_VENCRYPT;
3453         if (password) {
3454             if (is_x509) {
3455                 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3456                 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3457             } else {
3458                 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3459                 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3460             }
3461 
3462         } else if (sasl) {
3463             if (is_x509) {
3464                 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3465                 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3466             } else {
3467                 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3468                 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3469             }
3470         } else {
3471             if (is_x509) {
3472                 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3473                 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3474             } else {
3475                 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3476                 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3477             }
3478         }
3479     }
3480     return 0;
3481 }
3482 
3483 
3484 static int vnc_display_get_address(const char *addrstr,
3485                                    bool websocket,
3486                                    bool reverse,
3487                                    int displaynum,
3488                                    int to,
3489                                    bool has_ipv4,
3490                                    bool has_ipv6,
3491                                    bool ipv4,
3492                                    bool ipv6,
3493                                    SocketAddress **retaddr,
3494                                    Error **errp)
3495 {
3496     int ret = -1;
3497     SocketAddress *addr = NULL;
3498 
3499     addr = g_new0(SocketAddress, 1);
3500 
3501     if (strncmp(addrstr, "unix:", 5) == 0) {
3502         addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3503         addr->u.q_unix.path = g_strdup(addrstr + 5);
3504 
3505         if (websocket) {
3506             error_setg(errp, "UNIX sockets not supported with websock");
3507             goto cleanup;
3508         }
3509 
3510         if (to) {
3511             error_setg(errp, "Port range not support with UNIX socket");
3512             goto cleanup;
3513         }
3514         ret = 0;
3515     } else {
3516         const char *port;
3517         size_t hostlen;
3518         unsigned long long baseport = 0;
3519         InetSocketAddress *inet;
3520 
3521         port = strrchr(addrstr, ':');
3522         if (!port) {
3523             if (websocket) {
3524                 hostlen = 0;
3525                 port = addrstr;
3526             } else {
3527                 error_setg(errp, "no vnc port specified");
3528                 goto cleanup;
3529             }
3530         } else {
3531             hostlen = port - addrstr;
3532             port++;
3533             if (*port == '\0') {
3534                 error_setg(errp, "vnc port cannot be empty");
3535                 goto cleanup;
3536             }
3537         }
3538 
3539         addr->type = SOCKET_ADDRESS_TYPE_INET;
3540         inet = &addr->u.inet;
3541         if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3542             inet->host = g_strndup(addrstr + 1, hostlen - 2);
3543         } else {
3544             inet->host = g_strndup(addrstr, hostlen);
3545         }
3546         /* plain VNC port is just an offset, for websocket
3547          * port is absolute */
3548         if (websocket) {
3549             if (g_str_equal(addrstr, "") ||
3550                 g_str_equal(addrstr, "on")) {
3551                 if (displaynum == -1) {
3552                     error_setg(errp, "explicit websocket port is required");
3553                     goto cleanup;
3554                 }
3555                 inet->port = g_strdup_printf(
3556                     "%d", displaynum + 5700);
3557                 if (to) {
3558                     inet->has_to = true;
3559                     inet->to = to + 5700;
3560                 }
3561             } else {
3562                 inet->port = g_strdup(port);
3563             }
3564         } else {
3565             int offset = reverse ? 0 : 5900;
3566             if (parse_uint_full(port, &baseport, 10) < 0) {
3567                 error_setg(errp, "can't convert to a number: %s", port);
3568                 goto cleanup;
3569             }
3570             if (baseport > 65535 ||
3571                 baseport + offset > 65535) {
3572                 error_setg(errp, "port %s out of range", port);
3573                 goto cleanup;
3574             }
3575             inet->port = g_strdup_printf(
3576                 "%d", (int)baseport + offset);
3577 
3578             if (to) {
3579                 inet->has_to = true;
3580                 inet->to = to + offset;
3581             }
3582         }
3583 
3584         inet->ipv4 = ipv4;
3585         inet->has_ipv4 = has_ipv4;
3586         inet->ipv6 = ipv6;
3587         inet->has_ipv6 = has_ipv6;
3588 
3589         ret = baseport;
3590     }
3591 
3592     *retaddr = addr;
3593 
3594  cleanup:
3595     if (ret < 0) {
3596         qapi_free_SocketAddress(addr);
3597     }
3598     return ret;
3599 }
3600 
3601 static void vnc_free_addresses(SocketAddress ***retsaddr,
3602                                size_t *retnsaddr)
3603 {
3604     size_t i;
3605 
3606     for (i = 0; i < *retnsaddr; i++) {
3607         qapi_free_SocketAddress((*retsaddr)[i]);
3608     }
3609     g_free(*retsaddr);
3610 
3611     *retsaddr = NULL;
3612     *retnsaddr = 0;
3613 }
3614 
3615 static int vnc_display_get_addresses(QemuOpts *opts,
3616                                      bool reverse,
3617                                      SocketAddress ***retsaddr,
3618                                      size_t *retnsaddr,
3619                                      SocketAddress ***retwsaddr,
3620                                      size_t *retnwsaddr,
3621                                      Error **errp)
3622 {
3623     SocketAddress *saddr = NULL;
3624     SocketAddress *wsaddr = NULL;
3625     QemuOptsIter addriter;
3626     const char *addr;
3627     int to = qemu_opt_get_number(opts, "to", 0);
3628     bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3629     bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3630     bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3631     bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3632     int displaynum = -1;
3633     int ret = -1;
3634 
3635     *retsaddr = NULL;
3636     *retnsaddr = 0;
3637     *retwsaddr = NULL;
3638     *retnwsaddr = 0;
3639 
3640     addr = qemu_opt_get(opts, "vnc");
3641     if (addr == NULL || g_str_equal(addr, "none")) {
3642         ret = 0;
3643         goto cleanup;
3644     }
3645     if (qemu_opt_get(opts, "websocket") &&
3646         !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3647         error_setg(errp,
3648                    "SHA1 hash support is required for websockets");
3649         goto cleanup;
3650     }
3651 
3652     qemu_opt_iter_init(&addriter, opts, "vnc");
3653     while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3654         int rv;
3655         rv = vnc_display_get_address(addr, false, reverse, 0, to,
3656                                      has_ipv4, has_ipv6,
3657                                      ipv4, ipv6,
3658                                      &saddr, errp);
3659         if (rv < 0) {
3660             goto cleanup;
3661         }
3662         /* Historical compat - first listen address can be used
3663          * to set the default websocket port
3664          */
3665         if (displaynum == -1) {
3666             displaynum = rv;
3667         }
3668         *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3669         (*retsaddr)[(*retnsaddr)++] = saddr;
3670     }
3671 
3672     /* If we had multiple primary displays, we don't do defaults
3673      * for websocket, and require explicit config instead. */
3674     if (*retnsaddr > 1) {
3675         displaynum = -1;
3676     }
3677 
3678     qemu_opt_iter_init(&addriter, opts, "websocket");
3679     while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3680         if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3681                                     has_ipv4, has_ipv6,
3682                                     ipv4, ipv6,
3683                                     &wsaddr, errp) < 0) {
3684             goto cleanup;
3685         }
3686 
3687         /* Historical compat - if only a single listen address was
3688          * provided, then this is used to set the default listen
3689          * address for websocket too
3690          */
3691         if (*retnsaddr == 1 &&
3692             (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3693             wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3694             g_str_equal(wsaddr->u.inet.host, "") &&
3695             !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3696             g_free(wsaddr->u.inet.host);
3697             wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3698         }
3699 
3700         *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3701         (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3702     }
3703 
3704     ret = 0;
3705  cleanup:
3706     if (ret < 0) {
3707         vnc_free_addresses(retsaddr, retnsaddr);
3708         vnc_free_addresses(retwsaddr, retnwsaddr);
3709     }
3710     return ret;
3711 }
3712 
3713 static int vnc_display_connect(VncDisplay *vd,
3714                                SocketAddress **saddr,
3715                                size_t nsaddr,
3716                                SocketAddress **wsaddr,
3717                                size_t nwsaddr,
3718                                Error **errp)
3719 {
3720     /* connect to viewer */
3721     QIOChannelSocket *sioc = NULL;
3722     if (nwsaddr != 0) {
3723         error_setg(errp, "Cannot use websockets in reverse mode");
3724         return -1;
3725     }
3726     if (nsaddr != 1) {
3727         error_setg(errp, "Expected a single address in reverse mode");
3728         return -1;
3729     }
3730     /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3731     vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3732     sioc = qio_channel_socket_new();
3733     qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3734     if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3735         return -1;
3736     }
3737     vnc_connect(vd, sioc, false, false);
3738     object_unref(OBJECT(sioc));
3739     return 0;
3740 }
3741 
3742 
3743 static int vnc_display_listen(VncDisplay *vd,
3744                               SocketAddress **saddr,
3745                               size_t nsaddr,
3746                               SocketAddress **wsaddr,
3747                               size_t nwsaddr,
3748                               Error **errp)
3749 {
3750     size_t i;
3751 
3752     if (nsaddr) {
3753         vd->listener = qio_net_listener_new();
3754         qio_net_listener_set_name(vd->listener, "vnc-listen");
3755         for (i = 0; i < nsaddr; i++) {
3756             if (qio_net_listener_open_sync(vd->listener,
3757                                            saddr[i],
3758                                            errp) < 0)  {
3759                 return -1;
3760             }
3761         }
3762 
3763         qio_net_listener_set_client_func(vd->listener,
3764                                          vnc_listen_io, vd, NULL);
3765     }
3766 
3767     if (nwsaddr) {
3768         vd->wslistener = qio_net_listener_new();
3769         qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3770         for (i = 0; i < nwsaddr; i++) {
3771             if (qio_net_listener_open_sync(vd->wslistener,
3772                                            wsaddr[i],
3773                                            errp) < 0)  {
3774                 return -1;
3775             }
3776         }
3777 
3778         qio_net_listener_set_client_func(vd->wslistener,
3779                                          vnc_listen_io, vd, NULL);
3780     }
3781 
3782     return 0;
3783 }
3784 
3785 
3786 void vnc_display_open(const char *id, Error **errp)
3787 {
3788     VncDisplay *vd = vnc_display_find(id);
3789     QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3790     SocketAddress **saddr = NULL, **wsaddr = NULL;
3791     size_t nsaddr, nwsaddr;
3792     const char *share, *device_id;
3793     QemuConsole *con;
3794     bool password = false;
3795     bool reverse = false;
3796     const char *credid;
3797     bool sasl = false;
3798     int acl = 0;
3799     int lock_key_sync = 1;
3800     int key_delay_ms;
3801 
3802     if (!vd) {
3803         error_setg(errp, "VNC display not active");
3804         return;
3805     }
3806     vnc_display_close(vd);
3807 
3808     if (!opts) {
3809         return;
3810     }
3811 
3812     reverse = qemu_opt_get_bool(opts, "reverse", false);
3813     if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3814                                   &wsaddr, &nwsaddr, errp) < 0) {
3815         goto fail;
3816     }
3817 
3818     password = qemu_opt_get_bool(opts, "password", false);
3819     if (password) {
3820         if (fips_get_state()) {
3821             error_setg(errp,
3822                        "VNC password auth disabled due to FIPS mode, "
3823                        "consider using the VeNCrypt or SASL authentication "
3824                        "methods as an alternative");
3825             goto fail;
3826         }
3827         if (!qcrypto_cipher_supports(
3828                 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3829             error_setg(errp,
3830                        "Cipher backend does not support DES RFB algorithm");
3831             goto fail;
3832         }
3833     }
3834 
3835     lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3836     key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3837     sasl = qemu_opt_get_bool(opts, "sasl", false);
3838 #ifndef CONFIG_VNC_SASL
3839     if (sasl) {
3840         error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3841         goto fail;
3842     }
3843 #endif /* CONFIG_VNC_SASL */
3844     credid = qemu_opt_get(opts, "tls-creds");
3845     if (credid) {
3846         Object *creds;
3847         creds = object_resolve_path_component(
3848             object_get_objects_root(), credid);
3849         if (!creds) {
3850             error_setg(errp, "No TLS credentials with id '%s'",
3851                        credid);
3852             goto fail;
3853         }
3854         vd->tlscreds = (QCryptoTLSCreds *)
3855             object_dynamic_cast(creds,
3856                                 TYPE_QCRYPTO_TLS_CREDS);
3857         if (!vd->tlscreds) {
3858             error_setg(errp, "Object with id '%s' is not TLS credentials",
3859                        credid);
3860             goto fail;
3861         }
3862         object_ref(OBJECT(vd->tlscreds));
3863 
3864         if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3865             error_setg(errp,
3866                        "Expecting TLS credentials with a server endpoint");
3867             goto fail;
3868         }
3869     }
3870     acl = qemu_opt_get_bool(opts, "acl", false);
3871 
3872     share = qemu_opt_get(opts, "share");
3873     if (share) {
3874         if (strcmp(share, "ignore") == 0) {
3875             vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3876         } else if (strcmp(share, "allow-exclusive") == 0) {
3877             vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3878         } else if (strcmp(share, "force-shared") == 0) {
3879             vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3880         } else {
3881             error_setg(errp, "unknown vnc share= option");
3882             goto fail;
3883         }
3884     } else {
3885         vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3886     }
3887     vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3888 
3889 #ifdef CONFIG_VNC_JPEG
3890     vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3891 #endif
3892     vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3893     /* adaptive updates are only used with tight encoding and
3894      * if lossy updates are enabled so we can disable all the
3895      * calculations otherwise */
3896     if (!vd->lossy) {
3897         vd->non_adaptive = true;
3898     }
3899 
3900     if (acl) {
3901         if (strcmp(vd->id, "default") == 0) {
3902             vd->tlsauthzid = g_strdup("vnc.x509dname");
3903         } else {
3904             vd->tlsauthzid = g_strdup_printf("vnc.%s.x509dname", vd->id);
3905         }
3906         vd->tlsauthz = QAUTHZ(qauthz_list_new(vd->tlsauthzid,
3907                                               QAUTHZ_LIST_POLICY_DENY,
3908                                               &error_abort));
3909     }
3910 #ifdef CONFIG_VNC_SASL
3911     if (acl && sasl) {
3912         if (strcmp(vd->id, "default") == 0) {
3913             vd->sasl.authzid = g_strdup("vnc.username");
3914         } else {
3915             vd->sasl.authzid = g_strdup_printf("vnc.%s.username", vd->id);
3916         }
3917         vd->sasl.authz = QAUTHZ(qauthz_list_new(vd->sasl.authzid,
3918                                                 QAUTHZ_LIST_POLICY_DENY,
3919                                                 &error_abort));
3920     }
3921 #endif
3922 
3923     if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
3924                                vd->tlscreds, password,
3925                                sasl, false, errp) < 0) {
3926         goto fail;
3927     }
3928     trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
3929 
3930     if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
3931                                vd->tlscreds, password,
3932                                sasl, true, errp) < 0) {
3933         goto fail;
3934     }
3935     trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
3936 
3937 #ifdef CONFIG_VNC_SASL
3938     if (sasl) {
3939         int saslErr = sasl_server_init(NULL, "qemu");
3940 
3941         if (saslErr != SASL_OK) {
3942             error_setg(errp, "Failed to initialize SASL auth: %s",
3943                        sasl_errstring(saslErr, NULL, NULL));
3944             goto fail;
3945         }
3946     }
3947 #endif
3948     vd->lock_key_sync = lock_key_sync;
3949     if (lock_key_sync) {
3950         vd->led = qemu_add_led_event_handler(kbd_leds, vd);
3951     }
3952     vd->ledstate = 0;
3953 
3954     device_id = qemu_opt_get(opts, "display");
3955     if (device_id) {
3956         int head = qemu_opt_get_number(opts, "head", 0);
3957         Error *err = NULL;
3958 
3959         con = qemu_console_lookup_by_device_name(device_id, head, &err);
3960         if (err) {
3961             error_propagate(errp, err);
3962             goto fail;
3963         }
3964     } else {
3965         con = NULL;
3966     }
3967 
3968     if (con != vd->dcl.con) {
3969         qkbd_state_free(vd->kbd);
3970         unregister_displaychangelistener(&vd->dcl);
3971         vd->dcl.con = con;
3972         register_displaychangelistener(&vd->dcl);
3973         vd->kbd = qkbd_state_init(vd->dcl.con);
3974     }
3975     qkbd_state_set_delay(vd->kbd, key_delay_ms);
3976 
3977     if (saddr == NULL) {
3978         goto cleanup;
3979     }
3980 
3981     if (reverse) {
3982         if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
3983             goto fail;
3984         }
3985     } else {
3986         if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
3987             goto fail;
3988         }
3989     }
3990 
3991     if (qemu_opt_get(opts, "to")) {
3992         vnc_display_print_local_addr(vd);
3993     }
3994 
3995  cleanup:
3996     vnc_free_addresses(&saddr, &nsaddr);
3997     vnc_free_addresses(&wsaddr, &nwsaddr);
3998     return;
3999 
4000 fail:
4001     vnc_display_close(vd);
4002     goto cleanup;
4003 }
4004 
4005 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4006 {
4007     VncDisplay *vd = vnc_display_find(id);
4008     QIOChannelSocket *sioc;
4009 
4010     if (!vd) {
4011         return;
4012     }
4013 
4014     sioc = qio_channel_socket_new_fd(csock, NULL);
4015     if (sioc) {
4016         qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4017         vnc_connect(vd, sioc, skipauth, false);
4018         object_unref(OBJECT(sioc));
4019     }
4020 }
4021 
4022 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4023 {
4024     int i = 2;
4025     char *id;
4026 
4027     id = g_strdup("default");
4028     while (qemu_opts_find(olist, id)) {
4029         g_free(id);
4030         id = g_strdup_printf("vnc%d", i++);
4031     }
4032     qemu_opts_set_id(opts, id);
4033 }
4034 
4035 QemuOpts *vnc_parse(const char *str, Error **errp)
4036 {
4037     QemuOptsList *olist = qemu_find_opts("vnc");
4038     QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4039     const char *id;
4040 
4041     if (!opts) {
4042         return NULL;
4043     }
4044 
4045     id = qemu_opts_id(opts);
4046     if (!id) {
4047         /* auto-assign id if not present */
4048         vnc_auto_assign_id(olist, opts);
4049     }
4050     return opts;
4051 }
4052 
4053 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4054 {
4055     Error *local_err = NULL;
4056     char *id = (char *)qemu_opts_id(opts);
4057 
4058     assert(id);
4059     vnc_display_init(id, &local_err);
4060     if (local_err) {
4061         error_propagate(errp, local_err);
4062         return -1;
4063     }
4064     vnc_display_open(id, &local_err);
4065     if (local_err != NULL) {
4066         error_propagate(errp, local_err);
4067         return -1;
4068     }
4069     return 0;
4070 }
4071 
4072 static void vnc_register_config(void)
4073 {
4074     qemu_add_opts(&qemu_vnc_opts);
4075 }
4076 opts_init(vnc_register_config);
4077